diff --git a/docs/deployment/sso.md b/docs/deployment/sso.md
index 292b92b6e..bf97e165b 100644
--- a/docs/deployment/sso.md
+++ b/docs/deployment/sso.md
@@ -30,21 +30,12 @@ Semgrep AppSec Platform does not support using OpenID with Microsoft Entra ID. F
To set up SSO in Semgrep AppSec Platform:
-1. Sign in to Semgrep AppSec Platform.
-2. Navigate to **[Settings > Access > Login methods](https://semgrep.dev/orgs/-/settings/access/loginMethods)**.
-3. Click **Add SSO configuration** and select **OpenID SSO**.
-4. Provide a **Display name** and the **Email domain**.
-5. Copy the **Redirect URL**, and provide it to your authentication provider.
- 
-6. Generate a **Client ID** and **Client Secret** through your authentication provider and paste these values into Semgrep.
- 
-7. From your authentication provider, copy the **Base URL** value, and provide it to Semgrep. For example, if you're using Okta SSO, the base URL is the **Okta domain**.
-8. Optional: provide the following values from your authentication provider if necessary:
- - **Well Known URL**
- - **Authorize URI**
- - **Token URI**
- - **Userinfo URI**
-9. Click **Save** to proceed.
+1. Sign in to [ Semgrep AppSec Platform](https://semgrep.dev/login).
+1. Go to [**Settings > Access > Login methods**](https://semgrep.dev/orgs/-/settings/access/loginMethods).
+1. In the **Single sign-on (SSO)** section, provide a valid **Email domain**, then click **Initialize**.
+1. The **Configure Single Sign-On** dialog appears. Begin by selecting your identity provider, or choose **Custom OIDC**.
+1. Follow the instructions provided on the subsequent **Configure Single Sign-On** dialog pages to complete this process. When you've completed the required steps, verify that the **Connection details** shown on the **Connection activated** screen are correct, and use **Test sign-in** to test the connection.
+1. To use the new connection, log out of Semgrep, then log back in using SSO.
If you encounter issues during the setup process, please [reach out to support](/support) for assistance.
@@ -57,26 +48,18 @@ If you're using Google Workspace SAML, see [SAML Single Sign-on with Google Work
SAML2.0 is configured through **Semgrep AppSec Platform**. To set up SSO:
1. Create a SAML app with your authentication provider.
- 
-2. With your authentication provider, add in two attribute statements: `name` and `email`.
- 
-3. Sign in to Semgrep AppSec Platform.
-4. Navigate to **[Settings > Access > Login methods](https://semgrep.dev/orgs/-/settings/access/loginMethods)**.
-5. Click **Add SSO configuration** and select **SAML2 SSO**.
-6. Provide a **Display name** and the **Email domain**.
-7. Copy the **SSO URL** and **Audience URL (SP Entity ID)**, and provide it to your authentication provider.
- 
-8. From your authentication provider, copy your **IdP SSO URL** and **IdP Issuer ID** values, and download the **X509 Certificate**.
- 
-9. Return to Semgrep AppSec Platform, and paste the **IdP SSO URL** and **IdP Issuer ID** values, and upload your **X509 Certificate**.
- 
-10. Select the box next to **This SSO supports non-password authentication mechanisms (e.g. MFA, X509, PasswordLessPhoneSignin)** if applicable.
-11. Click **Save** to proceed.
-
-If you encounter issues during the setup process, [reach out to support](/docs/support) for assistance.
+1. With your authentication provider, add in two attribute statements: `name` and `email`.
+1. Sign in to [ Semgrep AppSec Platform](https://semgrep.dev/login).
+1. Go to [**Settings > Access > Login methods**](https://semgrep.dev/orgs/-/settings/access/loginMethods).
+1. In the **Single sign-on (SSO)** section, provide a valid **Email domain**, then click **Initialize**.
+1. The **Configure Single Sign-On** dialog appears to guide you through the remaining configuration steps. Begin by selecting your identity provider, or choose **Custom SAML**.
+1. Follow the instructions provided on the subsequent **Configure Single Sign-On** dialog pages to complete this process. When you've completed the required steps, verify that the **Connection details** shown on the **Connection activated** screen are correct, and use **Test sign-in** to test the connection.
+1. To use the new connection, log out of Semgrep, then log back in using SSO.
+
+If you encounter issues during the setup process, [reach out to support](/support) for assistance.
:::note Admin and org owner accounts
-By default, Semgrep creates new SSO accounts with the **Member** role assigned. You can change the default role assigned to a new user by going to [Settings > Access](https://semgrep.dev/orgs/-/settings/access/defaults).
+By default, Semgrep creates new SSO accounts with the **Member** role assigned. You can change the default role assigned to a new user by going to **[Settings > Access > Defaults](https://semgrep.dev/orgs/-/settings/access/defaults)**.
If you're an admin setting up SSO, and Semgrep creates an SSO account for you with the role of **Member**, you can elevate the permissions granted to your SSO account. To do so, log in to Semgrep with your admin account using the original login method, then [change the role](https://semgrep.dev/orgs/-/settings/access/members) of your newly created SSO account to **Admin**.
:::
diff --git a/docs/kb/semgrep-appsec-platform/saml-google-workspace.md b/docs/kb/semgrep-appsec-platform/saml-google-workspace.md
index 698cc7b3d..c4dbaf371 100644
--- a/docs/kb/semgrep-appsec-platform/saml-google-workspace.md
+++ b/docs/kb/semgrep-appsec-platform/saml-google-workspace.md
@@ -9,18 +9,19 @@ tags:
This article describes how to set up SAML Single Sign-on for Semgrep AppSec Platform with Google Workspace, including how to set up the necessary attribute mappings.
-Follow these steps:
+## Google Workspace configuration
1. [Set up a custom SAML app](https://support.google.com/a/answer/6087519?hl=en#zippy=%2Cstep-add-the-custom-saml-app) in Google Workspace. The default **Name ID** is the primary email, and this value is optimal for use with Semgrep AppSec Platform.
-2. When you reach the **Add mapping** step of the instructions to set up a custom SAML app, add the two attribute statements that Semgrep AppSec Platform requires: `name` and `email`.
+1. When you reach the **Add mapping** step of the instructions to set up a custom SAML app, add the two attribute statements that Semgrep AppSec Platform requires: `name` and `email`.
* The attribute mapped to `email` should be the primary email.
* The attribute mapped to `name` should be some form of the user's name. You can use a default attribute like the user's first name, or create a custom attribute for their full name.
-3. Sign in to Semgrep AppSec Platform.
-4. Navigate to **[Settings > Access > Login methods](https://semgrep.dev/orgs/-/settings/access/loginMethods)**.
-5. Click **Add SSO configuration** and select **SAML2 SSO**.
-6. Provide a **Display name** and your **Email domain**.
-7. Copy the **SSO URL** and **Audience URL (SP Entity ID)**, and provide them to Google Workspace as the **ACS URL** and **Entity ID**, respectively.
-8. Copy your IDP metadata, including the SSO URL and Entity ID and the x509 certificate, from the custom SAML app in Google Workspace.
-9. Enter these in Semgrep AppSec Platform as the **IdP SSO URL** and **IdP Issuer ID** values respectively, and upload or paste the X509 Certificate.
-10. Click **Save** to proceed.
+
+## Semgrep configuration
+
+1. Sign in to [ Semgrep AppSec Platform](https://semgrep.dev/login).
+1. Go to **[Settings > Access > Login methods](https://semgrep.dev/orgs/-/settings/access/loginMethods)**.
+In the **Single sign-on (SSO)** section, provide a valid **Email domain**, then click **Initialize**.
+1. The **Configure Single Sign-On** dialog appears to guide you through the remaining configuration steps. Begin by selecting **Custom SAML**.
+1. Follow the instructions provided on the subsequent **Configure Single Sign-On** dialog pages to complete this process. When you've completed the required steps, verify that the **Connection details** shown on the **Connection activated** screen are correct, and use **Test sign-in** to test the connection.
+1. To use the new connection, log out of Semgrep, then log back in using SSO.
diff --git a/docs/kb/semgrep-appsec-platform/saml-microsoft-entra-id.md b/docs/kb/semgrep-appsec-platform/saml-microsoft-entra-id.md
index a26abf2b8..50f80602b 100644
--- a/docs/kb/semgrep-appsec-platform/saml-microsoft-entra-id.md
+++ b/docs/kb/semgrep-appsec-platform/saml-microsoft-entra-id.md
@@ -68,15 +68,15 @@ You have now created a custom enterprise app for Semgrep to integrate with Micro
3. From the **Source attribute** drop-down box, select `user.mail`.
4. Click **Save**.
7. Close out of **Attributes & Claims**.
-8. Navigate to Semgrep AppSec Platform, and provide the values required by the SAML2 form:
- 1. Provide the **Display name** and the **Email domain** you are using for the integration.
- 2. Copy the **Login URL** value from Microsoft Entra ID and paste it in into Semgrep AppSec Platform's **IDP SSO URL** field.
- 3. Copy and paste the **Microsoft Entra ID Identifier** value into Semgrep AppSec Platform's **IdP Issuer ID** field.
- 4. In Entra ID's **SAML-based Sign-on** page, click **Download** to obtain the **Certificate (Base64)**.
- 5. In Semgrep AppSec Platform, under **Upload/Paste certificate**, click **Browse** and then select the certificate you downloaded.
- 
-9. Select the box next to **This SSO supports non-password authentication mechanisms (e.g. MFA, X509, PasswordLessPhoneSignin)** if applicable.
-10. Click **Save** to proceed.
+
+## Configure Semgrep
+
+1. Sign in to [ Semgrep AppSec Platform](https://semgrep.dev/login).
+1. Go to [**Settings > Access > Login methods**](https://semgrep.dev/orgs/-/settings/access/loginMethods).
+1. In the **Single sign-on (SSO)** section, provide a valid **Email domain**, then click **Initialize**.
+1. The **Configure Single Sign-On** dialog appears to guide you through the remaining configuration steps. Begin by selecting your identity provider, or choose **Custom SAML**.
+1. Follow the instructions provided on the subsequent **Configure Single Sign-On** dialog pages to complete this process. When you've completed the required steps, verify that the **Connection details** shown on the **Connection activated** screen are correct, and use **Test sign-in** to test the connection.
+1. To use the new connection, log out of Semgrep, then log back in using SSO.
## Add users to your new enterprise app
diff --git a/static/img/saml-attribute-statements.png b/static/img/saml-attribute-statements.png
deleted file mode 100644
index deca4f18c..000000000
Binary files a/static/img/saml-attribute-statements.png and /dev/null differ
diff --git a/static/img/saml-copy-IdPSSO-IdPID-and-X509.png b/static/img/saml-copy-IdPSSO-IdPID-and-X509.png
deleted file mode 100644
index 4fc3e61ab..000000000
Binary files a/static/img/saml-copy-IdPSSO-IdPID-and-X509.png and /dev/null differ
diff --git a/static/img/saml-copy-urls.png b/static/img/saml-copy-urls.png
deleted file mode 100644
index c937459a5..000000000
Binary files a/static/img/saml-copy-urls.png and /dev/null differ
diff --git a/static/img/saml-creating-app.png b/static/img/saml-creating-app.png
deleted file mode 100644
index 81c2f61bb..000000000
Binary files a/static/img/saml-creating-app.png and /dev/null differ
diff --git a/static/img/saml-filling-IdpSSO-IdpID-X509.png b/static/img/saml-filling-IdpSSO-IdpID-X509.png
deleted file mode 100644
index ee2802d34..000000000
Binary files a/static/img/saml-filling-IdpSSO-IdpID-X509.png and /dev/null differ
diff --git a/static/img/sso-clientID-clientSecret.png b/static/img/sso-clientID-clientSecret.png
deleted file mode 100644
index 5838e01c3..000000000
Binary files a/static/img/sso-clientID-clientSecret.png and /dev/null differ
diff --git a/static/img/sso-redirect-url.png b/static/img/sso-redirect-url.png
deleted file mode 100644
index ec4bddc5a..000000000
Binary files a/static/img/sso-redirect-url.png and /dev/null differ