Updates to content

boruszak · boruszak · commit 2b87d2335a69 · 2025-10-23T15:10:18.000-07:00
diff --git a/content/hcp-docs/content/docs/hcp/iam/sso/manage.mdx b/content/hcp-docs/content/docs/hcp/iam/sso/manage.mdx
@@ -17,7 +17,8 @@ Organization owners and admins can configure SSO. The **Single Sign-On** page in
 When you enable SSO for an organization, the user invitations feature is no longer offered. You must provision new users through the external identity provider.
 
 User accounts that join through SSO are limited to that one organization, cannot be associated with an existing personal account such as GitHub or email, and cannot be invited to other organizations within HCP.
-After you provision a new user, HCP grants them the default [role](/hcp/docs/hcp/iam/users#user-permissions) you selected when configuring SSO for your organization.
+
+After you provision a new user, HCP grants them [the default role you selected when configuring SSO for your organization](/hcp/docs/hcp/iam/users#user-permissions).
 An HCP administrator can then manually update and increase their user permissions on the [HCP Access Control](https://portal.cloud.hashicorp.com/access/users) page.
 
 Existing personal user accounts can still access the organization unless an administrator removes them. Existing SAML user accounts with emails matching the configured SSO domain must log in with the SSO URL link. This link is available on the **Single Sign-On** page in **Settings**.
@@ -26,9 +27,7 @@ It is important to delete SSO accounts for users that were removed from your ide
 
 ### Admins and owners
 
-The administrator who owns the organization and enabled SSO can still use their original, non-SSO account to sign in to the HCP web portal and access the SSO-enabled organization. If they previously signed in through GitHub, they can continue doing so. If they signed in with an email and password, they can use a special [force email + password sign-in](https://portal.cloud.hashicorp.com/sign-in?with=email) link. This is because the login page defaults to SSO and hides the password when an email matches the configured SSO domain.
-
-The organization owner can also sign up with a new SSO user principal and promote themselves to **Admin** if appropriate. However, they cannot remove their old user account or transfer ownership. They can use them as a recovery option if the SSO configuration requires troubleshooting.
+The administrator who owns the organization and enabled SSO can still use their original, non-SSO account to sign in to the HCP web portal and access the SSO-enabled organization. If they previously signed in through GitHub, they can continue to access the organization through GitHub as well.
 
 ## Update SSO
 
