rework this a bit to make it less confusing (#3146)

* rework this a bit to make it less confusing * wordsmithing
FusionAuth · Jul 10, 2024 · 0ede471 · 0ede471
1 parent e660cea
commit 0ede471
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/astro/src/content/docs/lifecycle/authenticate-users/identity-providers/index.mdx b/astro/src/content/docs/lifecycle/authenticate-users/identity-providers/index.mdx
@@ -9,6 +9,7 @@ topOfNav: true
 ---
 import Aside from 'src/components/Aside.astro';
 import InlineField from 'src/components/InlineField.astro';
+import InlineUIElement from 'src/components/InlineUIElement.astro';
 import ScrollRef from 'src/components/ScrollRef.astro';
 import { YouTube } from '@astro-community/astro-embed-youtube';
 import IdentityProviderLimitations from 'src/content/docs/_shared/_identity-provider-limits.mdx';
@@ -79,13 +80,21 @@ When you enable an identity provider you're indicating that this external provid
 
 ## Overrides
 
-For each application, you can provide different identity provider configurations. You might do this if you had two different applications that were both using Apple as an identity provider, but with different Apple configuration settings. You can override none, some or all of the configuration values by expanding the "Overrides" link for the given application assignment or modifying the <InlineField>identityProvider.applicationConfiguration</InlineField> values using the API.
+You can have different identity provider configurations for different applications. Suppose you had two different applications that were both using the Apple Identity Provider. But for one, you wanted to request the `email name` scope and for the other you wanted to request the `email` scope only. To make this work, create the Apple Identity provider with the scope `email name` and assign it to the first application. Then, for the second, override the <InlineField>Scope</InlineField> field with the `email` value.
+
+You can override none, some or all of the available configuration values by expanding the <InlineUIElement>Overrides</InlineUIElement> element for the application's identity provider setting. You may also modify the <InlineField>identityProvider.applicationConfiguration</InlineField> values using the API.
 
 <img src="/img/docs/lifecycle/authenticate-users/identity-providers/override-identity-provider-settings.png" alt="Overriding Identity Provider settings" width="1200" role="top-cropped" />
 
-However, you cannot have two different Identity Providers for the same application. Use two different applications instead.
+For certain Identity Providers, there are no override settings since you can create more than one. You can have multiple configurations for these Identity Provider types:
+
+* External JWT
+* SAMLv2
+* OpenID Connect/OIDC
+
+For other Identity Providers, such as Apple, Google or Facebook, you cannot have two different Identity Providers of the same type assigned to the same Application. Use overrides as documented above.
 
-Additionally, override settings are not available in the External JWT, SAMLv2, or OpenID Connect Identity Providers. You can create multiple instances of these providers; that is the correct way to have multiple configurations for these providers
+In some cases, you need to use two different Applications to achieve your desired configuration. For example, if you need two sets of attributes for an Identity Provider, but the attributes don't exist in the <InlineUIElement>Overrides</InlineUIElement> options. An example of such an attribute is <InlineField>Linking Strategy</InlineField>.
 
 ## Hints