ENGDOCS-1332 (#17245)

* ENGDOCS-1332

* remove from toc

_data/toc.yaml

@@ -1913,8 +1913,6 @@ manuals:
     section:
       -  path: /single-sign-on/
          title: Overview
-      -  path: /single-sign-on/requirements/
-         title: Requirements
       -  path: /single-sign-on/configure/
          title: Configure
       -  path: /single-sign-on/manage/

single-sign-on/configure/index.md

@@ -68,15 +68,22 @@ Follow the steps on this page to configure SSO for your organization or company.
 
 7. Review your summary and select **Create Connection**.
 
-The SSO connection is now created. You can continue to set up [SSO Group Mapping and SCIM](../../docker-hub/scim.md) without enforcing SSO log-in.
-
-## Optional step three: Test your SSO configuration
+## Step three: Test your SSO configuration
 
 After you’ve completed the SSO configuration process in Docker Hub, you can test the configuration when you sign in to Docker Hub using an incognito browser. Sign in to Docker Hub using your domain email address. You are then redirected to your IdP's login page to authenticate.
 
 1. Authenticate through email instead of using your Docker ID, and test the login process.
 2. To authenticate through CLI, your users must have a PAT before you enforce SSO for CLI users.
 
+>**Important**
+>
+> SSO has Just-In-Time (JIT) Provisioning enabled by default, but this can be changed on a per-app basis. To prevent auto-provisioning users, you can create a security group in your IdP and configure the SSO app to authenticate and authorize only those users that are in the security group. Follow the instructions provided by your IdP:
+> - [Okta](https://help.okta.com/en-us/Content/Topics/Security/policies/configure-app-signon-policies.htm)
+> - [AzureAD](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users)
+{: .important}
+
+The SSO connection is now created. You can continue to set up [SCIM](../../docker-hub/scim.md) without enforcing SSO log-in.
+
 ## Optional step four: Enforce SSO 
 
 1. In the **Single Sign-On Connections** table, select the **Action** icon and then **Enforce Single Sign-on**.
@@ -90,3 +97,9 @@ Your users must now sign in to Docker with SSO.
 >
 >If SSO isn't enforced, users can choose to sign in with either their Docker ID or SSO.
 {: .important}
+
+## What's next?
+
+- [Manage you SSO connections](../manage/index.md)
+- [Set up SCIM](../../docker-hub/scim.md)
+- [Enable Group mapping](../../docker-hub/group-mapping.md)

single-sign-on/index.md

@@ -24,8 +24,16 @@ When you enable SSO for your organization or company, a first-time user can sign
 
 Administrators can then choose to enforce SSO login and effortlessly manage SSO connections for their individual organization or company. 
 
+## Prerequisites
+
+* You must first notify your company about the new SSO login procedures.
+* Verify that your org members have Docker Desktop version 4.4.2, or later, installed on their machines.
+* If your organization uses the Docker Hub CLI, new org members must [create a Personal Access Token (PAT)](../docker-hub/access-tokens.md) to sign in to the CLI.There is a grace period for existing users, which will expire in the near future. Before the grace period ends, your users can sign in from Docker Desktop CLI using their previous credentials until PATs are mandatory.
+In addition, you should add all email addresses to your IdP.
+* Confirm that all CI/CD pipelines have replaced their passwords with PATs.
+* For your service accounts, add your additional domains or enable it in your IdP.
+
 ## What's next?
 
-- Check [the prerequisites](requirements/index.md)
+- Start [configuring SSO](configure/index.md) for your organization or company
 - Explore [the FAQs](faqs.md)
-- Start [configuring SSO](configure/index.md) for your organization or company

single-sign-on/manage/index.md

@@ -84,3 +84,7 @@ To remove a user from an organization:
 2. From the **Members** tab, select the **x** next to a member’s name to remove them from all the teams in the organization.
 3. Select **Remove** to confirm. The member receives an email notification confirming the removal.
 
+## What's next?
+
+- [Set up SCIM](../../docker-hub/scim.md)
+- [Enable Group mapping](../../docker-hub/group-mapping.md)

single-sign-on/requirements/index.md

@@ -1,19 +0,0 @@
----
-description: Single Sign-on requirements
-keywords: Single Sign-on, SSO, sign-on, requirements
-title: Requirements
----
-
-## Prerequisites
-
-* You must first notify your company about the new SSO login procedures
-* Verify that your org members have Docker Desktop version 4.4.2, or later, installed on their machines
-* New org members must create a Personal Access Token (PAT) to sign in to the CLI, however existing users can use their username and password during the grace period as specified below
-* Confirm that all CI/CD pipelines have replaced their passwords with PATs
-* For your service accounts, add your additional domains or enable it in your IdP
-* Test SSO using your domain email address and IdP password to successfully sign in and log out of Docker Hub
-
-## Create a Personal Access Token (PAT)
-
-Before you configure SSO for your organization, new members of your organization must [create an access token](../../docker-hub/access-tokens.md) to sign in to the CLI. There is a grace period for existing users, which will expire in the near future. Before the grace period ends, your users will be able to sign in from Docker Desktop CLI using their previous credentials until PATs are mandatory.
-In addition, you should add all email addresses to your IdP.