cockroachdb · mdlinville · Jun 17, 2024 · Jun 12, 2024 · Jun 14, 2024 · Jun 14, 2024
diff --git a/src/current/_data/cloud_releases.csv b/src/current/_data/cloud_releases.csv
@@ -87,3 +87,4 @@ date
 2024-05-12
 2024-05-20
 2024-06-12
+2024-06-196
diff --git a/src/current/_includes/releases/cloud/2024-06-19.md b/src/current/_includes/releases/cloud/2024-06-19.md
@@ -0,0 +1,5 @@
+# June 19, 2024
+
+<h3 id="2024-06-19-security-updates"> Security updates </h3>
+
+- The [IdP-initiated SAML flow]({% link cockroachcloud/cloud-org-sso.md %}#cloud-organization-sso) is now enabled by default. When you configure a [Cloud Organization SSO SAML connection]({% link cockroachcloud/configure-cloud-org-sso.md %}#saml), your users can optionally sign in to CockroachDB {{ site.data.products.cloud }} directly from your IdP, such as by using a tile in Okta.
diff --git a/src/current/cockroachcloud/cloud-org-sso.md b/src/current/cockroachcloud/cloud-org-sso.md
@@ -110,10 +110,10 @@ Yes. When Cloud Organization SSO is enabled for your CockroachDB {{ site.data.pr
 
 #### Which SAML-based authentication flows are supported with Cloud Organization SSO?
 
-The following flows are supported:
+After SAML is configured, your users can sign in to the CockroachDB {{ site.data.products.cloud }} Console two different ways:
 
-- The _service provider-initiated flow_, where you initiate configuration of Cloud Organization SSO through the CockroachDB {{ site.data.products.cloud }} Console.
-- The _identity provider-initiated flow_, where you initiate configuration through an IdP such as Okta.
+- **Service provider-initiated flow**: Users sign in to the CockroachDB {{ site.data.products.cloud }} Console directly, using your custom sign-in URL.
+- **Identity provider-initiated flow**: Users sign in to the CockroachDB {{ site.data.products.cloud }} Console from within your IdP (for example, by accessing its tile in Okta).
 
 #### What default role is assigned to users when autoprovisioning is enabled in a CockroachDB {{ site.data.products.cloud }} organization?
 

diff --git a/src/current/cockroachcloud/configure-cloud-org-sso.md b/src/current/cockroachcloud/configure-cloud-org-sso.md
@@ -181,7 +181,7 @@ To configure a custom OIDC authentication method:
 
 ### SAML
 
-To configure a custom SAML authentication method using the service provider-initiated flow, follow these steps. If you need to use the identity provider-initiated flow instead, contact [Cockroach Labs support](https://support.cockroachlabs.com/hc).
+To configure a custom SAML authentication method:
 
 1. Log in to your IdP and gather the following information, which you will use to configure CockroachDB {{ site.data.products.cloud }} SSO:<ul><li>Sign-in URL</li><li>Signing certificate</li></ul>
 1. In a separate browser, log in to [CockroachDB {{ site.data.products.cloud }} Console](https://cockroachlabs.cloud) as a user with the [Org Administrator]({% link cockroachcloud/authorization.md %}#org-administrator) role.
@@ -206,6 +206,11 @@ To configure a custom SAML authentication method using the service provider-init
     In Okta, the SAML assertion does not include the `email` field by default, and it must be added. For detailed instructions, refer to [How to Send Attributes via the SAML Assertion](https://support.okta.com/help/s/article/Skipping-assertion-attributes-because-of-schema-mismatch) in the Okta documentation.
 1. (Optional) To configure SCIM provisioning, refer to [Configure SCIM autoprovisioning]({% link cockroachcloud/configure-scim-provisioning.md %}).
 
+After SAML is configured, your users can sign in to the CockroachDB {{ site.data.products.cloud }} Console two different ways:
+
+- **Service provider-initiated flow**: Users sign in to the CockroachDB {{ site.data.products.cloud }} Console directly, using your custom sign-in URL.
+- **Identity provider-initiated flow**: Users sign in to the CockroachDB {{ site.data.products.cloud }} Console from within your IdP (for example, by accessing its tile in Okta).
+
 ## Require SSO
 
 To begin enforcing a requirement to sign in using SSO: