diff --git a/_data/toc.yaml b/_data/toc.yaml
index 83621b755b..c1900dafc0 100644
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@@ -1560,6 +1560,8 @@ manuals:
           title: Add labels to cluster nodes
         - path: /ee/ucp/admin/configure/add-sans-to-cluster/
           title: Add SANs to cluster certificates
+        - path: /ee/ucp/admin/configure/enable-saml-authentication
+          title: Enable SAML authentication
         - path: /ee/ucp/admin/configure/external-auth/
           title: Integrate with LDAP
         - path: /ee/ucp/admin/configure/external-auth/enable-ldap-config-file/
diff --git a/ee/ucp/admin/configure/enable-saml-authentication.md b/ee/ucp/admin/configure/enable-saml-authentication.md
index ff1a1b07fb..7b04496d67 100644
--- a/ee/ucp/admin/configure/enable-saml-authentication.md
+++ b/ee/ucp/admin/configure/enable-saml-authentication.md
@@ -86,8 +86,10 @@ You can download a client bundle to access UCP. A client bundle is a group of ce
 
 ![Downloading UCP Client Profile](../../images/client-bundle.png)
 
-To ensure that access from the client bundle is synced with the identity provider, we recommend the following steps. Otherwise, a previously-authorized user could get access to UCP through their existing client bundle.
-
-- Remove the user account from UCP granting client bundle access if access is removed from the identity provider.
-- If group membership in the identity provider changes, replicate this change in UCP.
-- Continue to use LDAP to sync group membership.
+> Caution
+>
+>To ensure that access from the client bundle is synced with the identity provider, we recommend the following steps. Otherwise, a previously-authorized user could get access to UCP through their existing client bundle.
+>
+> - Remove the user account from UCP granting client bundle access if access is removed from the identity provider.
+> - If group membership in the identity provider changes, replicate this change in UCP.
+> - Continue to use LDAP to sync group membership.