From a0db5ea8b41a9a1705d4fbd17f38c07a426d709f Mon Sep 17 00:00:00 2001
From: Karan Raina <karanraina1996@gmail.com>
Date: Mon, 22 Jun 2026 13:15:20 +0530
Subject: [PATCH] docs: complete account linking guidance in enterprise-managed
 authorization docs

---
 docs/extensions/auth/enterprise-managed-authorization.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/extensions/auth/enterprise-managed-authorization.mdx b/docs/extensions/auth/enterprise-managed-authorization.mdx
index 1c9e762be..6315fdf75 100644
--- a/docs/extensions/auth/enterprise-managed-authorization.mdx
+++ b/docs/extensions/auth/enterprise-managed-authorization.mdx
@@ -123,7 +123,7 @@ To require enterprise-managed authorization:
 
 2. **Map IdP claims to permissions** — ID-JAG tokens carry claims (scope and resource information) that your server uses to determine who the employee is and what the employee can access. Define your authorization logic based on these claims.
 
-3. **Handle Account Linking** - ID-JAG tokens will always contain a subject claim and may additionally contain an email claim that can be used to
+3. **Handle Account Linking** - ID-JAG tokens will always contain a subject claim and may additionally contain an email claim that can be used to link the enterprise identity to an existing account in your system. Use the subject claim as the primary stable identifier for the user, and fall back to the email claim for matching against pre-existing accounts that were created before enterprise-managed authorization was configured.
 
 ## Client support