diff --git a/content/cloud-docs/api-docs/teams.mdx b/content/cloud-docs/api-docs/teams.mdx
index 995cb7e841..b9f66e3152 100644
--- a/content/cloud-docs/api-docs/teams.mdx
+++ b/content/cloud-docs/api-docs/teams.mdx
@@ -77,7 +77,7 @@ $ curl \
 
 ### Sample Response
 
-_The `sso-team-id` attribute is only returned if this team's organization is in the Terraform Cloud Business tier._
+The `sso-team-id` attribute is only returned if this team's organization is in the Terraform Cloud Business tier.
 
 ```json
 {
@@ -180,7 +180,7 @@ $ curl \
 
 ### Sample Response
 
-_The `sso-team-id` attribute is only returned if this team's organization is in the Terraform Cloud Business tier._
+The `sso-team-id` attribute is only returned if this team's organization is in the Terraform Cloud Business tier.
 
 ```json
 {
@@ -243,7 +243,7 @@ $ curl \
 
 ### Sample Response
 
-_The `sso-team-id` attribute is only returned if this team's organization is in the Terraform Cloud Business tier._
+The `sso-team-id` attribute is only returned if this team's organization is in the Terraform Cloud Business tier.
 
 ```json
 {
@@ -312,7 +312,7 @@ Properties without a default value are required.
 | --------------------------------------- | ------ | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | `data.type`                             | string |                  | Must be `"teams"`.                                                                                                                                                                                                                   |
 | `data.attributes.name`                  | string | (previous value) | The name of the team, which can only include letters, numbers, `-`, and `_`. This will be used as an identifier and must be unique in the organization.                                                                              |
-| `data.attributes.sso-team-id`           | string | (previous value) | The unique identifier of the team from the SAML `MemberOf` attribute.  Only available if the team belongs to an organization in the paid Terraform Cloud Business Tier.                                                                                                                                                   |
+| `data.attributes.sso-team-id`           | string | (previous value) | The unique identifier of the team from the SAML `MemberOf` attribute. Only available if the team belongs to an organization in the paid Terraform Cloud Business tier.                                                                                                                                                   |
 | `data.attributes.organization-access`   | object | (previous value) | Settings for the team's organization access. This object can include `manage-policies`, `manage-policy-overrides`, `manage-workspaces`, `manage-vcs-settings`, `manage-providers`, and `manage-modules` properties with boolean values. All properties default to `false`. |
 | `data.attributes.visibility` **(beta)** | string | (previous value) | The team's visibility. Must be `"secret"` or `"organization"` (visible).                                                                                                                                                             |
 
@@ -345,7 +345,7 @@ $ curl \
 
 ### Sample Response
 
-_The `sso-team-id` attribute is only returned if this team's organization is in the Terraform Cloud Business tier._
+The `sso-team-id` attribute is only returned if this team's organization is in the Terraform Cloud Business tier.
 
 ```json
 {
diff --git a/content/cloud-docs/users-teams-organizations/single-sign-on/index.mdx b/content/cloud-docs/users-teams-organizations/single-sign-on/index.mdx
index 2eca57617d..c9c18950ad 100644
--- a/content/cloud-docs/users-teams-organizations/single-sign-on/index.mdx
+++ b/content/cloud-docs/users-teams-organizations/single-sign-on/index.mdx
@@ -63,13 +63,26 @@ If an organization's owners disable SSO (or downgrade the organization's account
 
 ## Managing Team Membership Through SSO
 
-Terraform Cloud can automatically add users to teams based on their SAML assertion, so you can manage team membership in your directory service. To do this, you must specify the `MemberOf` SAML attribute, and make sure the AttributeStatement in the SAMLResponse contains a list of AttributeValue items in the correct format (i.e., comma-separated list of team names or SSO team IDs).
+Terraform Cloud can automatically add users to teams based on their SAML assertion, so you can manage team membership in your directory service.
 
-If the SAML assertion includes a `MemberOf` attribute, users logging in via SSO are automatically added to the teams included in their assertion and removed from any teams that _aren't_ included in their assertion. This overrides any manually set team memberships; whenever the user logs in, their team membership is adjusted to match their SAML assertion.
+Team membership mapping is controlled with the "Enable team management" toggle on the SSO configuration page of your Organization settings.
 
-Any team names that don't match existing teams are ignored; Terraform Cloud will not automatically create new teams. Terraform Cloud expects the team names in the `MemberOf` SAML attribute to exactly match its own team names or SSO team IDs. This match is case sensitive. It is not possible to assign users to the `owners` team through this attribute.
+![Screenshot: the Terraform Cloud SAML team membership toggle](/img/docs/saml-team-membership-cloud.png)
 
-If the `MemberOf` attribute is not provided, users are assigned to a default team named `sso` and are not removed from any existing teams.
+When enabled, you may configure which SAML attribute in the SAMLResponse will control team membership. This defaults to the `MemberOf` attribute. The expected format of the corresponding AttributeValue in the SAMLResponse is a either a string containing a comma-separated list of teams, or separate AttributeValue items specifying teams.
+
+When team membership management is enabled, users logging in via SAML are automatically added to the teams included in their assertion, and automatically removed from any teams that _aren't_ included in their assertion. This overrides any manually set team memberships; whenever the user logs in, their team membership is adjusted to match their SAML assertion.
+
+Any team names that don't match existing teams are ignored; Terraform Cloud will not automatically create new teams. If the chosen SAML attribute is not provided in the SAMLResponse, users are assigned to a default team named `sso` and are not removed from any existing teams.
+
+It is not possible to assign users to the `owners` team through this attribute.
+
+
+## Team Names and SSO Team IDs
+
+Terraform Cloud expects the team names in the team membership SAML attribute to exactly match its own team names, or its configured SSO Team IDs. This match is case sensitive.
+
+You can configure SSO Team IDs in the organization's **Teams** page. If an SSO Team ID is configured, Terraform Cloud will attempt to match the chosen SAML attribute against both the team name and the SSO Team ID when mapping users to teams. You may want to create an SSO Team ID if the team membership SAML attribute is not human readable and is not used as the team's name in Terraform Cloud.
 
 ## NameID Format
 
diff --git a/public/img/docs/saml-team-membership-cloud.png b/public/img/docs/saml-team-membership-cloud.png
new file mode 100644
index 0000000000..65df695e0c
Binary files /dev/null and b/public/img/docs/saml-team-membership-cloud.png differ