diff --git a/docs/pages/product/workspace/sso/microsoft-entra-id.mdx b/docs/pages/product/workspace/sso/microsoft-entra-id.mdx
index 6097507752365..c9f2906af741b 100644
--- a/docs/pages/product/workspace/sso/microsoft-entra-id.mdx
+++ b/docs/pages/product/workspace/sso/microsoft-entra-id.mdx
@@ -79,7 +79,7 @@ Download Federation Metadata XML:
## Complete configuration in Cube Cloud
-Upload it to Cube Cloud through Advanced Settings tab on the [SAML
+Upload the manifest file through the Advanced Settings tab on the [SAML
configuration page](#enable-saml-in-cube-cloud) in Cube Cloud:
@@ -88,11 +88,20 @@ Select SHA-256 as Signature Algorithm:
-Enter “[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name)”
-or a preferred attribute to lookup email address in Attributes → Email:
+Enter the claim URI that corresponds to the user email address in Attributes → Email. This will vary based on your SAML configuration.
+
+Examples:
+
+`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
+
+`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`
+To map a role attribute from Entra ID to an identically-named role defined in Cube, add the claim URI corresponding to role to the Role field in Cube Cloud, similar to above. Note that Admin status cannot be set via SSO.
+
+You can map the user's display name from Entra ID to Cube in the same manner.
+
Save settings on the Cube Cloud side.
## Final steps
@@ -108,4 +117,4 @@ and verify that the SAML integration now works for your Cube Cloud account:
Done! 🎉
-[ext-ms-entra-id]: https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id
\ No newline at end of file
+[ext-ms-entra-id]: https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id