feat(scim): okta update user attribute docs (#6447)

Author: cathteng

src/docs/product/accounts/sso/okta-sso/okta-edit-sentryOrgRole-attribute.png

@@ -23,6 +23,7 @@ If you change your organization slug, you'll also need to update it in the "Auth
 - Push groups
 - Import groups
 - Configure organization-level roles
+- Update user attributes (organization-level roles only)
 
 ### Requirements
 
@@ -131,6 +132,13 @@ Users who've had their roles assigned via Okta will only be able to make members
 
 ![Okta Role Restricted Role Select](./okta-role-restricted-sentry-role-select.png)
 
+### Updating User Attributes
+Currently, Sentry only supports the ability to update user attributes for organization-level roles. You'll be able to edit the attribute for users assigned to your application once you've added the `sentryOrgRole` attribute to your Okta application profile.
+
+![Okta Edit Attribute](okta-edit-sentryOrgRole-attribute.png)
+
+The user's role in Sentry will reflect their organization role in your Auth settings. This means that if you change a user's attribute to blank, their organization-level role will be removed from Sentry. 
+
 ## Troubleshooting
 
 ### I get a "Matching user not found" error in Okta when provisioning a user.
@@ -160,9 +168,7 @@ Make sure that `Deactivate User` is enabled in the "Provisioning" tab of your Se
 
 ### How do I remove the organization-level role for a user that I set via Okta?
 
-If the user is part of a group with an organization-level role assigned, remove the group from the Sentry application. Then remove the user from the group and re-provision them separately. Finally, re-provision the group with its original role. If the user is the only member of a group, re-provision the group with a blank role.
-
-If the user is not part of a group with an organization-level role assigned, re-provision them with a blank role.
+Change the user's role attribute to blank.
 
 ## Known Issues