fix(user migration): improve SCIM instructions

src/content/docs/accounts/original-accounts-billing/original-users-roles/user-migration.mdx

@@ -144,15 +144,15 @@ Here's more detail about the two authentication domain sections:
 
 For how users are added and managed, you can select **Manually** or **Identity provider** (SCIM). The option to use your identity provider to provision users via SCIM is available only if your organization has [Pro or Enterprise edition](https://newrelic.com/pricing).
 
-If you choose **Identity provider**, you must follow the [steps for automated user management](/docs/accounts/accounts/automated-user-management/automated-user-provisioning-single-sign#how-to). Once you complete those steps return to the user migration wizard and docs. Once you complete this step, we highly recommend completing the user migration process as quickly as you can. If you don't complete the later steps of migrating assets and deleting the original user record, your users may have two user records associated with the same login (see [login screenshot from Step 1](#page1)) or else may be missing assets they expect to see (like dashboards).
+If you choose **Identity provider**, you must follow the [steps for automated user management](/docs/accounts/accounts/automated-user-management/automated-user-provisioning-single-sign#how-to), but skip steps related to setting up access grants, which you'll do later in this process. Once you complete the automated user management steps, return to the migration wizard and these docs. 
+
+Once you complete this step, we highly recommend completing the user migration process as quickly as you can. After completing this step, and until you finish the wizard procedure, your users will have two user records associated with the same login (see [login screenshot from Step 1](#page1)) or else may be missing assets they expect to see (like dashboards).
 
 Some tips for syncing your identity provider with New Relic and setting up access grants:
 
 * If you're already using a New Relic app for either Okta, Azure, or OneLogin, you're likely using an out-of-date version. The out-of-date app is titled "New Relic by account" while the newer, required app is titled "New Relic by organization."
-* Once you complete those steps, new user records are created on the new user model and synced in New Relic based on your identity provider configuration. After you complete provisioning users, confirm that you see those user records in the new [**User management** UI](#manage-users). Later, at step #6, you'll migrate your existing users' assets (dashboards, favorites, etc.) to the newly created user records.
+* Once you complete those steps, new user records are created on the new user model and synced in New Relic based on your identity provider configuration. After you complete provisioning users, confirm that you see those user records in the new [**User management** UI](#manage-users). 
 * To access the new New Relic user management UI, you must be logged in via your new user record: this may require logging out, logging back in, and verifying your email to see all the logins associated with your email.
-* When your identity provider is synced with New Relic and your users and groups are in New Relic, you must set up access grants. For some basics of how access grants work, see [Access grants](/docs/accounts/accounts-billing/new-relic-one-user-management/user-management-concepts/#understand-concepts). For a tutorial, see the [user management tutorial](/docs/accounts/accounts-billing/new-relic-one-user-management/tutorial-add-new-user-groups-roles-new-relic-one-user-model/#group-access).
-* Note that you won't be able to edit users or groups in New Relic: all user and group changes must be done from your identity provider.
 
 ### Login methods (manual vs. SSO) [#login-methods]
 
@@ -165,7 +165,7 @@ Some tips for setting up SAML SSO:
 * If you're already using a New Relic app for either Okta, Azure, or OneLogin, you're likely using an out-of-date version. The out-of-date app is titled "New Relic by account" while the newer, required app is titled "New Relic by organization."
 * To access the new New Relic user management UI, you'll have to ensure you're logged in via your new user record. This may require logging out, logging back in, and verifying your email to see all logins associated with that email.
 * You can complete the procedure for setting up SSO, and then come back to the migration wizard to continue the migration process.
-* If you select more than one authentication method, note that you’ll need to add a new [authentication domain](/docs/accounts/accounts-billing/new-relic-one-user-management/authentication-domains-saml-sso-scim-more/#auth-domain-definition).
+* If you select more than one authentication method, note that you'll need to add a new [authentication domain](/docs/accounts/accounts-billing/new-relic-one-user-management/authentication-domains-saml-sso-scim-more/#auth-domain-definition).
 
 ## Step 5: Import existing users [#import-users]
 
@@ -215,9 +215,11 @@ There are two methods for adding and managing your New Relic users. Select the m
   src={userMigrationPage6}
 />
 
-This step is about setting what roles and what accounts your user groups have access to. If you need to map user access to specific accounts and roles, then you'll want to set up groups and access grants at this stage. (If you've previously set up access grants as part of your SCIM setup in step #4, you can skip this step.)
+This step is about setting what roles and what accounts your user groups have access to. If you need to map user access to specific accounts and roles, then you'll want to set up groups and access grants at this stage. 
+
+Note that if you're using SCIM provisioning to import users and groups from your identity provider, you won't be able to edit users or groups in New Relic: all user and group changes are handled from the identity-provider-side.
 
-You'll need to create an access grant for each account and role that you want a group to have access to. Resources to help you understand access grants:
+You'll need to create an access grant for each account and role that you want a group to have access to. Resources to help you understand access grants: 
 
 * For basics of how access grants work, see [Access grants](/docs/accounts/accounts-billing/new-relic-one-user-management/user-management-concepts/#understand-concepts). 
 * For a tutorial on how to create access grants, see the [user management tutorial](/docs/accounts/accounts-billing/new-relic-one-user-management/tutorial-add-new-user-groups-roles-new-relic-one-user-model/#group-access).