coder · khorne3 · Feb 9, 2022 · Feb 4, 2022 · Feb 7, 2022 · Feb 7, 2022
diff --git a/admin/access-control/index.md b/admin/access-control/index.md
@@ -7,7 +7,7 @@ The **Authentication** tab allows you to choose how your users log in and gain
 access to Coder. Currently, you can choose between **Built-In Authentication**
 and **OpenID Connect**.
 
-## Built-In authentication
+## Built-in authentication
 
 Built-in authentication, which is the default method, allows you (or any admin)
 to manually create users who log in with their email address and temporary

diff --git a/admin/access-control/manage.md b/admin/access-control/manage.md
@@ -23,7 +23,7 @@ domain name for the OIDC token callback; use
 
 Once you've registered a Coder application with your OIDC provider, you'll need
 to return to Coder and complete the setup process. Under **Admin** > **Manage** >
-**Authentication**, make sure that you've selected **OpenID Connect** as the
+**Authentication**, ensure that you've selected **OpenID Connect** as the
 authentication type. Then, provide the following parameters:
 
 - **Client ID**: The client ID for the Coder application you registered with the
@@ -42,7 +42,10 @@ you:
 - **Enable Access Tokens:** Toggle **On** if you'd like to allow users to fetch
   tokens from `https://<yourDomain>/api/v0/users/me/oidc-access-token`
 - **Additional Scopes:** Specify any scopes (beyond the default) that you would
-  like Coder to request during the login process
+  like Coder to request from the authentication provider. By default, Coder
+requests the scopes `openid`, `email`, and `profile`. Consult your
+authentication provider's documentation for information on which scopes they
+support.
 - **Disable built-in authentication:** Choose whether Coder removes the ability
   to log in with an email/password option when you've enabled OIDC
   authentication
@@ -55,6 +58,9 @@ have OIDC configured.
 ![Login page with built-in authentication
 disabled](../../assets/admin/disable-built-in-auth.png)
 
+To do so, navigate to **Manage** > **Admin** > **Authentication**. Then, toggle
+**Disable built-in authentication** to **On** and click **Save preferences**.
+
 [Site managers](users/user-roles#site-manager-permissions) can still use
 built-in authentication. To view this option on the login page, add the
 following query parameter to the URL you use to access your Coder deployment:

diff --git a/guides/admin/oidc-azuread.md b/guides/admin/oidc-azuread.md
@@ -103,7 +103,7 @@ the Coder UI.
 1. Log in to Coder, and go to **Manage** > **Admin** > **Authentication**.
 1. In the top-most drop-down box, select **OpenID Connect**.
 1. Provide the requested values for **Client ID**, **Client Secret**, and
-   **Issuer**.
+   **Issuer**. Optionally, you can specify **Additional Scopes**.
 
 When done, click **Save Preferences**.
 

diff --git a/guides/admin/oidc-google.md b/guides/admin/oidc-google.md
@@ -66,6 +66,8 @@ Now that you've registered an app, you can provide the relevant **Client ID**,
 
 1. For the **Issuer**, provide `accounts.google.com`.
 
+1. For **Additional Scopes**, you can leave this value blank.
+
 1. Click **Save preferences**.
 
 You can now use Google as an SSO provider with Coder.

diff --git a/guides/admin/oidc-okta.md b/guides/admin/oidc-okta.md
@@ -5,9 +5,9 @@ description: Learn how to use Okta SSO with Coder.
 
 This article walks you through setting up single sign-on to Coder using Okta.
 
-Configuring [Coder's OpenID
-Connect](../../admin/access-control/index.md#openid-connect) feature requires
-you to provide three pieces of information from Okta:
+Configuring
+[Coder's OpenID Connect](../../admin/access-control/index.md#openid-connect)
+feature requires you to provide three pieces of information from Okta:
 
 - Client ID
 - Client Secret
@@ -33,14 +33,14 @@ you need to provide to Coder.
 1. Select **OpenID Connect** and click **Create**
 
    ![Okta Create Application
-   Modal](../../assets/guides/admin/okta-custom-app-creation.jpg)
+Modal](../../assets/guides/admin/okta-custom-app-creation.jpg)
 
 1. Provide an **Application name** (i.e., `Coder`), (optionally) add a logo, and
    add the **Login redirect URIs** for Coder (it will be formatted similarly to
    `https://coder.my-company.com/oidc/callback`).
 
    ![Okta Create OpenID
-   Application](../../assets/guides/admin/okta-create-openid-integration.jpg)
+Application](../../assets/guides/admin/okta-create-openid-integration.jpg)
 
 1. Click **Save** to proceed.
 
@@ -85,7 +85,7 @@ the Coder UI.
 1. Log in to Coder, and go to **Manage** > **Admin** > **Authentication**.
 1. In the top-most drop-down box, select **OpenID Connect**.
 1. Provide the requested values for **Client ID**, **Client Secret**, and
-   **Issuer**.
+   **Issuer**. Optionally, you can specify **Additional Scopes**.
 
 When done, click **Save Preferences**.