DOCS-2107: Updates to Entra ID rbac

calico-cloud_versioned_docs/version-19-1/users/create-custom-role-for-entra-id-group.mdx

@@ -1,50 +1,29 @@
 ---
-description: Create custom roles for Entra ID groups.
+description: Create custom roles for Entra ID groups.
+title: Assign roles to Entra ID groups
 ---
 
 import IconUser from '/img/icons/user-icon.svg';
 
-# Create a custom role for an Entra ID group
+# Give role-based access to an Entra ID group
 
-If you have Microsoft Entra ID configured as your identity provider, you can assign custom roles to Entra ID (formerly Azure AD) security group.
-This lets you manage role-based access to Calico Cloud directly from your identity provider portal.
 
-## Prerequisites
-
-* You have owner or administrator permissions to the Calico Cloud Manager UI.
-* You have administrator permissions for your organization in the Azure Portal.
-
-## Create and configure an Azure web app
-
-You need to create an Azure web app to securely connect Calico Cloud to your Entra ID security group data.
-
-***Procedure***
-
-1. From the Azure portal, search for `app registrations`. Under **Services**, select **App registration**.
-1. Select **New registration** and complete the form:
-   * Enter a **Name**.
-   * Under **Supported account types**, select **Accounts on this organization directory only**.
-   * Under **Redirect URI**, add a URI with the type **Web** and the value `https://auth.calicocloud.io/login/callback`.
-1. From the Azure portal, search for app registrations and select the app you created.
-1. Under **Manage**, select **Token configuration** and then click **Add groups claim**.
-1. On the **Edit groups claim** panel, select the **security groups** checkbox.
-1. Under **Manage**, select **Authentication**.
-   Under **Implicit grant and hybrid flows** select the **ID tokens** checkbox.
-
-## Create a custom role for your Entra ID group
-
-After you prepare your Entra ID app in the Azure portal, you can create a custom role in Calico Cloud and link it to your Entra ID group.
+If you have Microsoft Entra ID configured as your identity provider, you can define role-based access in Calico Cloud and assign that role to an Entra ID (formerly Azure AD) security group.
+By managing membership in that security group, you can manage role-based access to Calico Cloud directly from your identity provider portal.
 
 ***Prerequisites***
 
-* You have the Object ID for an Entra ID security group.
-* You have added a value for the **Email** property for all users in the security group.
+* You have owner or administrator permissions to the Calico Cloud Manager UI.
+* You set up Entra ID as your [identity provider](user-management.mdx#add-your-own-identity-provider).
+* You have administrator permissions for your organization in the Azure Portal.
+* You have the Object ID for an Entra ID security group.
+* The **Email** property for all users in the security group has a valid email address.
 
 ***Procedure***
 
-1. Click the user icon <IconUser width="20"/> > **Manage Team**.
+1. In Manager UI, click the user icon <IconUser width="20"/> > **Manage Team**.
 1. Under the **Roles** tab, click **Add Role** and enter a name and description for the custom role.
-   Under **IDP Group Identifier**, enter your Entra ID security group's Object ID and click **Save**.
+   Under **IDP Group Identifier**, enter your Entra&nbsp;ID security group's Object ID and click **Save**.
 1. To add permissions, locate your new role under the **Roles** tab, select **Action** > **Manage permissions** > **Edit**, and then click **Add Permission**.
 1. Under **Permission**, choose a permission type from the list.
    Depending on the permission, you may also need to choose a namespace or policy tier.