From 365cc7f638eb870860bc6a9d2038a1c852c1566f Mon Sep 17 00:00:00 2001
From: Tristan Williams <2390023-tristan@users.noreply.gitlab.com>
Date: Mon, 19 Aug 2019 01:05:11 +0000
Subject: Docs: Improve clarity of SCIM workflow

---
 doc/user/group/saml_sso/scim_setup.md | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

(limited to 'doc')

diff --git a/doc/user/group/saml_sso/scim_setup.md b/doc/user/group/saml_sso/scim_setup.md
index f8bef8b8a6a..5d136ad62da 100644
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -59,15 +59,14 @@ Once [Single sign-on](index.md) has been configured, we can:
 
 ### Azure
 
-First, double check the [Single sign-on](index.md) configuration for your group and ensure that **Name identifier value** (NameID) points to `user.objectid` or another unique identifier. This will match the `extern_uid` used on GitLab.
+The SAML application that was created during [Single sign-on](index.md) setup now needs to be set up for SCIM.
 
-![Name identifier value mapping](img/scim_name_identifier_mapping.png)
+1. Check the configuration for your GitLab SAML app and ensure that **Name identifier value** (NameID) points to `user.objectid` or another unique identifier. This will match the `extern_uid` used on GitLab.
 
-#### Set up admin credentials
+   ![Name identifier value mapping](img/scim_name_identifier_mapping.png)
 
-Next, configure your GitLab application in Azure by following the
-[Provisioning users and groups to applications that support SCIM](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups#provisioning-users-and-groups-to-applications-that-support-scim) 
-section in Azure's SCIM setup documentation.
+1. Set up automatic provisioning and administrative credentials by following the
+   [Provisioning users and groups to applications that support SCIM](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups#provisioning-users-and-groups-to-applications-that-support-scim) section in Azure's SCIM setup documentation.
 
 During this configuration, note the following:
 
@@ -97,6 +96,7 @@ You can then test the connection by clicking on **Test Connection**. If the conn
    NOTE: **Note:** If you used a unique identifier **other than** `objectId`, be sure to map it instead to both `id` and `externalId`.
 
 1. Below the mapping list click on **Show advanced options > Edit attribute list for AppName**.
+
 1. Leave the `id` as the primary and only required field.
 
    NOTE: **Note:**
@@ -129,8 +129,7 @@ When testing the connection, you may encounter an error: **You appear to have en
 When checking the Audit Logs for the Provisioning, you can sometimes see the
 error `Namespace can't be blank, Name can't be blank, and User can't be blank.`
 
-This is likely caused because not all required fields (such as first name and 
-last name) are present for all users being mapped.
+This is likely caused because not all required fields (such as first name and last name) are present for all users being mapped.
 
 As a workaround, try an alternate mapping:
 
-- 
cgit v1.2.1