diff --git a/docs/manage/security/scim/provision-with-microsoft-entra-id.md b/docs/manage/security/scim/provision-with-microsoft-entra-id.md
index 835f6c6e3e..845869f88a 100644
--- a/docs/manage/security/scim/provision-with-microsoft-entra-id.md
+++ b/docs/manage/security/scim/provision-with-microsoft-entra-id.md
@@ -76,8 +76,8 @@ Create roles that the users will have in Sumo Logic (for example, `Analyst` and
    1. At the bottom of the **Attribute Mapping** dialog, select **Add New Mapping**.
    1. Fill out the **Edit Attribute** dialog:
       1. For **Mapping type** select **Expression**.
-      1. For **Expression** enter `AppRoleAssignments([appRoleAssignments])`.
-      1. For **Target attribute** select `roles[primary eq "True"].value`.
+      1. For **Expression** enter `AppRoleAssignmentsComplex([appRoleAssignments])`.
+      1. For **Target attribute** select `roles`.
       1. Click **OK**.<br/><img src={useBaseUrl('img/security/provision-azure-role-attribute.png')} alt="Edit attribute" style={{border: '1px solid gray'}} width="600" />
    1. On the **Attribute Mapping** dialog, delete all the attributes except:
       * userName
@@ -85,8 +85,10 @@ Create roles that the users will have in Sumo Logic (for example, `Analyst` and
       * emails[type eq "work"].value
       * name.givenName
       * name.familyName
-      * roles[primary eq "True"].value
-   1. Click **Save**.<br/><img src={useBaseUrl('img/security/provision-azure-attribute-mappings.png')} alt="Attribute mappings" style={{border: '1px solid gray'}} width="600" />
+      * roles<br/><img src={useBaseUrl('img/security/provision-azure-attribute-mappings.png')} alt="Attribute mappings" style={{border: '1px solid gray'}} width="600" />
+   1. Select **Show Advanced Options**.
+   1. For the **roles** attribute select **string** for the **Type**, and select the **Multi-Value?** checkbox to allow users to have multiple roles.<br/><img src={useBaseUrl('img/security/roles-advanced-options.png')} alt="Advanced options for the roles attribute" style={{border: '1px solid gray'}} width="600" />
+   1. Click **Save**.
 1. Click the **Home > `<app name>` | Provisioning** link in the top left corner of the screen. This returns you to the **Provisioning** tab.
 1. Test provisioning:
    1. In the app, select **Manage > Provisioning**.
diff --git a/static/img/security/provision-azure-attribute-mappings.png b/static/img/security/provision-azure-attribute-mappings.png
index 6564add3b9..3f2f693d56 100644
Binary files a/static/img/security/provision-azure-attribute-mappings.png and b/static/img/security/provision-azure-attribute-mappings.png differ
diff --git a/static/img/security/provision-azure-role-attribute.png b/static/img/security/provision-azure-role-attribute.png
index 16b3cdafd6..db930d784e 100644
Binary files a/static/img/security/provision-azure-role-attribute.png and b/static/img/security/provision-azure-role-attribute.png differ
diff --git a/static/img/security/roles-advanced-options.png b/static/img/security/roles-advanced-options.png
new file mode 100644
index 0000000000..a1d4bee159
Binary files /dev/null and b/static/img/security/roles-advanced-options.png differ