@workos/mcp-docs-server 0.1.0 → 0.2.0

package/.docs/organized/docs/integrations/cas-saml.mdx

@@ -1,6 +1,6 @@
 ---
 title: CAS SAML
-description: "Learn how to configure a connection to\_CAS via SAML."
+description: Learn how to configure a connection to CAS via SAML.
 icon: cas
 breadcrumb:
   title: Integrations
@@ -62,4 +62,4 @@ At minimum, the Attribute Statement in the SAML Response should include `id`, `e
 
 With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named `groups`.
 
-Once your SAML app is configured to return groups, navigate to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+Once your SAML app is configured to return groups, navigate to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.

package/.docs/organized/docs/integrations/classlink-saml.mdx

@@ -1,6 +1,6 @@
 ---
 title: ClassLink
-description: "Learn how to configure a\_connection to\_ClassLink via SAML."
+description: Learn how to configure a connection to ClassLink via SAML.
 icon: classlink
 breadcrumb:
   title: Integrations
@@ -81,7 +81,7 @@ Under the “Attribute Mapping” section of the SAML app, map the following fou
 
 With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named `groups`.
 
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 
 ## (4) Upload Metadata URL
 

package/.docs/organized/docs/integrations/clever-oidc.mdx

@@ -0,0 +1,94 @@
+---
+title: Clever OIDC
+description: Learn how to configure a connection to Clever via OIDC.
+icon: clever
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/clever-oidc.mdx
+---
+
+## Introduction
+
+Each SSO identity provider requires specific information to create and configure a new [SSO connection](/glossary/connection). Often, the information required to create an SSO connection will differ by identity provider.
+
+To create a Clever OIDC SSO connection, you'll need three pieces of information: a [redirect URI](/glossary/redirect-uri), [client ID](/glossary/client-id), and [client secret](/glossary/client-secret).
+
+Start by logging into your WorkOS dashboard and navigate to the **Organizations** page from the left-hand navigation bar.
+
+Select the organization you'd like to configure a Clever OIDC SSO connection for, and select **Configure manually** under **Single Sign-On**.
+
+![WorkOS Dashboard Organizations tab with "Configure manually" button highlighted](https://images.workoscdn.com/images/d577cfbe-028b-48cf-8cc0-4cd5d3adf853.png?auto=format&fit=clip&q=50)
+
+Select **Clever OIDC** from the identity provider dropdown. Click **Create Connection**.
+
+![Create Connection form with Clever OIDC selected as Identity Provider](https://images.workoscdn.com/images/2a5545f1-70ea-4347-8d99-a39c5850085c.png?auto=format&fit=clip&q=50)
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the Redirect URI, which can be found in the **Service Provider Details** section on the SSO connection page in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+- [Redirect URI](/glossary/redirect-uri): The endpoint where identity providers send authentication responses after successful login
+
+![The Redirect URI of a OIDC connection in the WorkOS Dashboard.](https://images.workoscdn.com/images/062a78e9-1d87-4643-890f-ebd1221e645b.png?auto=format&fit=clip&q=50)
+
+The Redirect URI is the location an identity provider redirects its authentication response to. In Clever’s case, it needs to be added to the OAuth settings in the Clever admin as outlined in [step 1](/integrations/clever-oidc/1-configure-the-redirect-uri).
+
+---
+
+## What you'll need
+
+You will need to obtain two pieces of information from the organization:
+
+- [Client ID](/glossary/client-id): Application identifier from the OIDC provider
+- [Client secret](/glossary/client-secret): Authentication secret for the application
+
+Typically, this information comes from the organization's IT team when they set up your application's OIDC configuration in their Clever admin dashboard. However, if that’s not the case during your setup, the next steps will show you how to obtain it.
+
+---
+
+## (1) Configure the Redirect URI
+
+Sign in to [Clever](https://apps.clever.com/).
+
+In the left navigation bar, select the **Settings** tab. In the horizontal menu, select the **Integration** tab.
+
+Locate the **OAuth Settings** section and click **Edit**.
+
+![Setting the redirect URI in the Clever admin dashboard](https://images.workoscdn.com/images/0f7a4169-8cf1-4239-9d03-9f2022fb6a88.png?auto=format&fit=clip&q=50)
+
+The **Update OAuth Settings** dialog will open. Copy the [Redirect URI](/integrations/clever-oidc/what-workos-provides) from the SSO connection page in the WorkOS Dashboard into the **REDIRECT URIS** field. Click **Save**.
+
+---
+
+## (2) Obtain configuration details
+
+While on the **Settings** tab in Clever, select the **General** tab in the horizontal menu.
+
+After creating an application, a client ID and client secret are provisioned. Locate the **CLIENT ID** and **CLIENT SECRET** fields and copy the values.
+
+![Copying the client id and secret from the Clever admin dashboard](https://images.workoscdn.com/images/b4c527e1-0335-428e-a658-ef3ecfd820a3.png?auto=format&fit=clip&q=50)
+
+Back in the [WorkOS Dashboard](https://dashboard.workos.com/) on the SSO connection page, enter the client ID and client secret you obtained from Clever into the respective fields in the **Settings** section.
+
+![WorkOS Dashboard Settings with Client ID and Client Secret fields](https://images.workoscdn.com/images/d7ebf399-4cc9-4588-9961-6160d6bbd9bf.png?auto=format&fit=clip&q=50)
+
+Click **Update connection** to save.
+
+---
+
+## (3) Test Single Sign-On
+
+Test signing in to verify that the single sign-on connection was configured correctly.
+
+From the SSO connection page in the WorkOS Dashboard, click **Test SSO** to initiate a test authentication flow.
+
+---
+
+## Next steps
+
+Your Clever OIDC connection is now configured and ready to use. Users assigned to the application in Clever will be able to authenticate through WorkOS using their Clever credentials.
+
+To start using this connection in your application, refer to the [SSO guide](/sso) for implementation details.

package/.docs/organized/docs/integrations/cloudflare-saml.mdx

@@ -1,6 +1,6 @@
 ---
 title: Cloudflare
-description: "Learn how to configure a connection to\_Cloudflare via SAML."
+description: Learn how to configure a connection to Cloudflare via SAML.
 icon: cloudflare
 breadcrumb:
   title: Integrations
@@ -96,7 +96,40 @@ With [identity provider role assignment](/sso/identity-provider-role-assignment)
 
 ![A screenshot showing how to configure a groups attribute in Cloudflare.](https://images.workoscdn.com/images/659df99d-79b9-4fd4-bcec-69b337504cfe.png?auto=format&fit=clip&q=50)
 
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+#### Resolving groups attribute issues
+
+If you're having issues getting the `groups` attribute to come through, it's possible that Cloudflare is sending it as a nested structure, specifically an array of group objects rather than plain strings.
+
+WorkOS expects `groups` to be a top-level attribute where each value is a simple string, such as the group name or ID.
+
+To resolve this, go to the **Advanced Settings** section of your Cloudflare Access application and define a [JSONata transformation](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/saas-apps/generic-saml-saas/#jsonata-transforms) to map the structured `groups` attribute into the expected format.
+
+For example, to extract the `name` from each group object, use the following transformation: `$ ~> | $ | { "groups": groups.name } |`
+
+![A screenshot showing JSONata transform applied to the groups attribute](https://images.workoscdn.com/images/3be403b4-26a1-40b6-a64e-3503f6f69a21.png?auto=format&fit=clip&q=50)
+
+This will transform an input like:
+
+```json
+{
+  "groups": [
+    { "name": "Engineering", "id": "abc123" },
+    { "name": "Finance", "id": "def456" }
+  ]
+}
+```
+
+Into the expected format:
+
+```json
+{
+  "groups": ["Engineering", "Finance"]
+}
+```
+
+You may also use groups.id if you prefer to map group IDs instead.
+
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 
 ---
 

package/.docs/organized/docs/integrations/cyberark-saml.mdx

@@ -1,6 +1,6 @@
 ---
 title: CyberArk SAML
-description: "Learn how to configure a connection to\_CyberArk via SAML."
+description: Learn how to configure a connection to CyberArk via SAML.
 icon: cyberark
 breadcrumb:
   title: Integrations
@@ -105,7 +105,7 @@ With [identity provider role assignment](/sso/identity-provider-role-assignment)
 
 ![A screenshot showing the groups attribute successfully configured in CyberArk.](https://images.workoscdn.com/images/e5b30513-3915-46a3-b876-650898f8f288.png?auto=format&fit=clip&q=50)
 
-Once your SAML app is configured to return groups, navigate to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+Once your SAML app is configured to return groups, navigate to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 
 ---
 

package/.docs/organized/docs/integrations/cyberark-scim.mdx

@@ -1,6 +1,6 @@
 ---
 title: CyberArk SCIM
-description: "Learn about syncing your user list with\_CyberArk SCIM."
+description: Learn about syncing your user list with CyberArk SCIM.
 icon: cyberark
 breadcrumb:
   title: Integrations

package/.docs/organized/docs/integrations/duo-saml.mdx

@@ -1,6 +1,6 @@
 ---
 title: Duo
-description: "Learn how to configure a connection to\_Duo via SAML."
+description: Learn how to configure a connection to Duo via SAML.
 icon: duo
 breadcrumb:
   title: Integrations
@@ -110,7 +110,7 @@ In the "Role Attributes" section, enter `groups` as the "Attribute name". Then m
 
 ![A screenshot showing how to configure a groups attribute in Duo.](https://images.workoscdn.com/images/a13b9af3-65fc-4595-acd6-ecc3bc026fc3.png?auto=format&fit=clip&q=50)
 
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 
 ### Save your changes
 

package/.docs/organized/docs/integrations/entra-id-oidc.mdx

@@ -0,0 +1,198 @@
+---
+title: Entra ID OIDC (formerly Azure AD)
+description: Learn how to configure a connection to Entra ID via OIDC.
+icon: microsoft
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/entra-id-oidc.mdx
+---
+
+## Introduction
+
+Each SSO identity provider requires specific information to create and configure a new [SSO connection](/glossary/connection). Often, the information required to create an SSO connection will differ by identity provider.
+
+To create an Entra ID OIDC SSO connection, you'll need four pieces of information: a [redirect URI](/glossary/redirect-uri), [application (client) ID](/glossary/client-id), [client secret](/glossary/client-secret) and [discovery endpoint](/glossary/discovery-endpoint).
+
+Start by logging in to your WorkOS dashboard and navigate to the **Organizations** page from the left-hand navigation bar.
+
+Select the organization you'd like to configure an Entra ID OIDC SSO connection for, and select **Configure manually** under **Single Sign-On**.
+
+![WorkOS Dashboard Organizations tab with "Configure manually" button highlighted](https://images.workoscdn.com/images/d577cfbe-028b-48cf-8cc0-4cd5d3adf853.png?auto=format&fit=clip&q=50)
+
+Select **Entra ID (Azure AD) OIDC** from the identity provider dropdown, enter a descriptive name for the connection, click **Create Connection**.
+
+![Create Connection form with Entra ID (Azure AD) OIDC selected as Identity Provider](https://images.workoscdn.com/images/90fe747d-88e3-40da-a028-161132401a5c.png?auto=format&fit=clip&q=50)
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the Redirect URI, which can be found in the **Service Provider Details** section on the SSO connection page in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+- [Redirect URI](/glossary/redirect-uri): The endpoint where identity providers send authentication responses after successful login
+
+![The Redirect URI of a OIDC connection in the WorkOS Dashboard.](https://images.workoscdn.com/images/99a7c7d5-50a9-4bff-a3f3-22dc1cfeca58.png?auto=format&fit=clip&q=50)
+
+The Redirect URI is the location an identity provider redirects its authentication response to. In Entra ID’s case, it needs to be set during application registration when configuring your OIDC application, which is outlined in [step 1](/integrations/entra-id-oidc/1-register-an-application) below.
+
+---
+
+## What you’ll need
+
+You will need to obtain three pieces of information from the organization:
+
+- [Application (Client) ID](/glossary/client-id): Application identifier from the OIDC provider
+- [Client Secret](/glossary/client-secret): Authentication secret for the application
+- [Discovery endpoint](/glossary/discovery-endpoint): Configuration URL containing OIDC metadata
+
+Normally, this information will come from the organization’s IT Management team when they set up your application’s OIDC configuration in their Entra ID admin center. But, should that not be the case during your setup, the next steps will show you how to obtain it.
+
+---
+
+## (1) Register an application
+
+Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/).
+
+In the left navigation menu, expand the **Identity** section. Expand the **Applications** sub-section. Select the **App registrations** tab. Click **New registration**.
+
+![Microsoft Entra admin center navigation showing Identity > Applications > App registrations](https://images.workoscdn.com/images/67c07f6f-f60d-48da-b950-eac73d094dfb.png?auto=format&fit=clip&q=50)
+
+Enter an appropriate app name, such as your organization or application name.
+
+Select one of these **Supported account types**:
+
+- Accounts in this organizational directory only (Default Directory only - Single tenant) (Default)
+- Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)
+
+In the **Redirect URI** field, select the **Web** option from the dropdown menu. Copy the [Redirect URI](/integrations/entra-id-oidc/what-workos-provides) from the SSO connection page in the WorkOS Dashboard and paste it into the input field.
+
+![App registration form with name, supported account types, and redirect URI fields](https://images.workoscdn.com/images/d09699ac-00d4-4a8f-9ff7-9090c79d805b.png?auto=format&fit=clip&q=50)
+
+Click **Register**.
+
+---
+
+## (2) Obtain required configuration details
+
+Now you'll need to gather three pieces of information from your Entra ID application that will be configured in your WorkOS dashboard: the client ID, client secret, and discovery endpoint. Keep these values handy to input into the WorkOS Dashboard.
+
+### Get the client ID
+
+From the application **Overview** page, copy the **Application (client) ID**.
+
+![Entra ID application Overview page showing Application (client) ID field](https://images.workoscdn.com/images/70506649-66e4-490a-82b0-69175d0f3381.png?auto=format&fit=clip&q=50)
+
+### Create and retrieve the client secret
+
+Navigate to the **Certificates & secrets** page. Click **New client secret**.
+
+![Certificates & secrets page with "New client secret" button](https://images.workoscdn.com/images/28afb31c-3e94-4263-aedb-9924e0a4678d.png?auto=format&fit=clip&q=50)
+
+Enter an appropriate secret description and select an expiration period. Click **Add**.
+
+![Add a client secret panel with the description, expires at fields highlighted](https://images.workoscdn.com/images/6d72665b-7ad0-4837-ac58-b9acbe2d7fee.png?auto=format&fit=clip&q=50)
+
+Copy the newly created client secret **Value** immediately as it will not be shown again after you navigate away from this page.
+
+![Client secret creation form with description field and generated secret value](https://images.workoscdn.com/images/7e1604a5-1bdb-4a0c-80d5-8b4401c4269e.png?auto=format&fit=clip&q=50)
+
+### Get the discovery endpoint
+
+From the application **Overview** page, click the **Endpoints** tab.
+
+![Entra ID application Overview page with Endpoints tab highlighted](https://images.workoscdn.com/images/70fee14e-bb7d-43ab-8bb8-70150af299b6.png?auto=format&fit=clip&q=50)
+
+Scroll down to find and copy the **OpenID Connect metadata document** URL. This is your Discovery Endpoint.
+
+![Endpoints list showing OpenID Connect metadata document URL](https://images.workoscdn.com/images/aca9c724-2a6f-4449-b435-f63bd538d60f.png?auto=format&fit=clip&q=50)
+
+### Update the SSO connection settings
+
+Back in the WorkOS Dashboard on the SSO connection page, enter the client ID, client secret, and discovery endpoint you obtained from Entra ID into the respective fields in the **\{SSO connection name\} Settings** section.
+
+![WorkOS Dashboard Identity Provider Configuration with Client ID, Client Secret, and Discovery Endpoint fields](https://images.workoscdn.com/images/714cb015-94db-4080-ad53-942da1804c01.png?auto=format&fit=clip&q=50)
+
+Click **Update connection** to save.
+
+---
+
+## (3) Configure token claims
+
+Navigate to the **Token configuration** page. Click **Add optional claim**.
+
+![Token configuration page with "Add optional claim" button](https://images.workoscdn.com/images/c71dc730-995d-48d3-a5eb-3b28166fa6c0.png?auto=format&fit=clip&q=50)
+
+Select **ID** token type, and then select the following claims:
+
+- `email`
+- `family_name`
+- `given_name`
+
+![Optional claims dialog with ID token type selected and email, family_name, given_name claims](https://images.workoscdn.com/images/0cfa531a-de60-4ead-9655-0a473dbd5658.png?auto=format&fit=clip&q=50)
+
+Click **Add**. In the pop-up, select **Turn on the Microsoft Graph email, profile permission**, then click **Add**.
+
+![Add optional claim panel with turn on Microsoft Graph checkbox highlighted](https://images.workoscdn.com/images/644ac9db-6bb6-4ca5-bd65-af23ceec5b6a.png?auto=format&fit=clip&q=50)
+
+---
+
+## (4) Assign users and groups
+
+In the left navigation menu, expand the **Identity** section. Expand the **Applications** sub-section. Select the **Enterprise applications** tab.
+
+Search for your application by name and select it.
+
+![Enterprise applications search interface with application list](https://images.workoscdn.com/images/7ca10480-3bc6-4d1e-99cd-7de8543e374d.png?auto=format&fit=clip&q=50)
+
+From the Enterprise application page, select the **Users and groups** tab. Click **Add user/group**.
+
+![Enterprise application Users and groups tab with "Add user/group" button](https://images.workoscdn.com/images/15448828-6288-4350-9ac3-27c9997f04e4.png?auto=format&fit=clip&q=50)
+
+Select appropriate users and groups to add to the OIDC application.
+
+![User and group assignment interface with selection options and Assign button](https://images.workoscdn.com/images/e3964bfc-92b2-497d-b291-098cbe1ee94f.png?auto=format&fit=clip&q=50)
+
+When finished, click **Assign** to add the selected users to your OIDC application.
+
+![Add assignment page with Assign button highlighted](https://images.workoscdn.com/images/80e136c6-6e9f-41f4-aed9-85421746906b.png?auto=format&fit=clip&q=50)
+
+---
+
+## (5) Role assignment (optional)
+
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. Users will automatically be granted the assigned roles within your application when they authenticate. To enable this functionality:
+
+### Configure groups claim in Entra ID
+
+From the app registration, navigate to the **Token configuration** page. Click **Add groups claim**.
+
+![Token configuration page with "Add groups claim" button](https://images.workoscdn.com/images/d6342c8f-1f32-43c3-a91e-16cacdd62b31.png?auto=format&fit=clip&q=50)
+
+In the **Group Claims** panel, select appropriate groups. For example, you could select **Groups assigned to the application** to only send groups assigned to the OIDC app in Entra ID. Click **Add**.
+
+![Group Claims configuration panel with group selection options](https://images.workoscdn.com/images/5cf70ad4-6eb3-4f6e-87c6-16b15c1c781f.png?auto=format&fit=clip&q=50)
+
+### Configure role assignment in WorkOS
+
+From the SSO connection page in the [WorkOS Dashboard](https://dashboard.workos.com/), scroll to the **Groups and role assignments** section.
+
+![WorkOS dashboard highlighting create group button](https://images.workoscdn.com/images/c29ef1a7-d873-49f6-ad43-8c945245a033.png?auto=format&fit=clip&q=50)
+
+For each group you want to assign a role, click the **Create group** button and enter the following:
+
+1. Copy the group id from Entra ID into the **IdP Group ID** field.
+2. Optionally, enter a group name into the **Name** field.
+3. Assign the appropriate role to the group.
+
+![WorkOS dashboard with open create group dialog and idp_id, name, and role assignment inputs](https://images.workoscdn.com/images/d542c8c3-e032-41a6-ae72-c8dc586ec88d.png?auto=format&fit=clip&q=50)
+
+> Group members without an explicit role will receive the default role.
+
+---
+
+## Next steps
+
+Your Entra ID OIDC connection is now configured and ready to use. Users assigned to the application in Entra ID will be able to authenticate through WorkOS using their Microsoft credentials.
+
+To start using this connection in your application, refer to the [SSO guide](/sso) for implementation details.

package/.docs/organized/docs/integrations/entra-id-saml.mdx

@@ -1,6 +1,6 @@
 ---
 title: Entra ID SAML (formerly Azure AD)
-description: Learn how to configure a connection Entra ID via SAML.
+description: Learn how to configure a connection to Entra ID via SAML.
 icon: microsoft
 breadcrumb:
   title: Integrations
@@ -12,7 +12,7 @@ originalPath: .tmp-workos-clone/packages/docs/content/integrations/entra-id-saml
 
 Each SSO Identity Provider requires specific information to create and configure a new [Connection](/glossary/connection). And often, the information required to create a Connection will differ by Identity Provider.
 
-To create a Entra ID SAML Connection, you’ll need the Identity Provider Metadata URL that is available from the organization's Entra ID instance.
+To create an Entra ID SAML Connection, you’ll need the Identity Provider Metadata URL that is available from the organization's Entra ID instance.
 
 ---
 
@@ -115,7 +115,7 @@ Select "Add a group claim" from the top menu. Next, select which groups you'd li
 
 ![A screenshot showing how to add a groups claim to your SAML app in the Azure dashboard.](https://images.workoscdn.com/images/4e33755c-945f-4164-873f-33482e3a2c43.png?auto=format&fit=clip&q=50)
 
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 
 ---
 

package/.docs/organized/docs/integrations/entra-id-scim.mdx

@@ -1,6 +1,6 @@
 ---
 title: Entra ID SCIM (formerly Azure AD)
-description: "Learn about syncing your user list with\_Entra ID SCIM."
+description: Learn about syncing your user list with Entra ID SCIM.
 icon: microsoft
 breadcrumb:
   title: Integrations
@@ -216,3 +216,7 @@ Entra ID sends a newly provisioned user over to WorkOS in two separate actions.
 By default, Entra ID SCIM 2.0 directories sync changes on a scheduled time interval, typically every 40 minutes. For more details, please refer to Entra ID's [official documentation](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user#how-long-will-it-take-to-provision-users).
 
 [Provisioning on demand](/integrations/entra-id-scim/provisioning-on-demand) is also available, which can sync select users, groups, or group memberships in real-time.
+
+### What is the `idp_id` for directory groups from Entra ID?
+
+Entra ID provides a unique object identifier for each group through the SCIM `externalId` field. This is persisted as the `idp_id` for [directory groups](/reference/directory-sync/directory-group) in WorkOS.

package/.docs/organized/docs/integrations/fourth.mdx

@@ -1,6 +1,6 @@
 ---
 title: Fourth
-description: "Learn about syncing your user list with\_Fourth."
+description: Learn about syncing your user list with Fourth.
 icon: fourth
 breadcrumb:
   title: Integrations
@@ -39,7 +39,7 @@ You will now see your Fourth directory sync has been created successfully with a
 
 ## (2) Obtain and update directory details
 
-Retrieve the Fourth Organization ID from the organization's IT Admin, as well as the username and password that will be used for authentication.
+Retrieve the Fourth Organization ID from the organization's IT admin, as well as the username and password that will be used for authentication.
 
 Click “Update Directory” in the WorkOS Dashboard.