PR changes

andrewpai · andrewpai · commit 8557b5e7b424 · 2025-07-18T17:30:26.000-06:00
diff --git a/astro/src/content/docs/get-started/core-concepts/applications.mdx b/astro/src/content/docs/get-started/core-concepts/applications.mdx
@@ -47,24 +47,27 @@ Below is a visual reminder of the relationships between FusionAuth's primary cor
 <img src="/img/docs/get-started/core-concepts/core-concepts-relationships-applications.png" alt="Diagram showing Applications used within FusionAuth" />
 
 ## Universal Applications
-A typical FusionAuth application is tied to a single tenant, which works well if you want to expose that application to only the users in a single tenant.
+A universal application is an application that exists for all tenants, rather than belonging to a single tenant. Universal applications are useful when you need to make the same application available to users across many or all tenants.
 
-In cases where you want to expose the same application to users in more than one tenant, a universal application is often a better solution. A universal application is tied to all tenants, and uses the same application configuration across all tenants, including its client Id, client credentials, and more. This makes configuration management simpler, allowing you to share configuration across all uses of the application.
+A universal application uses the same application configuration across all tenants, including its client Id, client credentials, and more. This makes configuration management simpler, allowing you to share configuration across all uses of the application.
 
 ### Universal Application Registrations
 Users from any tenant can have a registration to a universal application, and registrations work as they would for normal applications.
 
 ### Universal Applications and Tenants
-Becuase a universal application does not belong to a single tenant, when interacting with a universal application, such as during an OAuth authentication workflow, a tenantId will have to be supplied. This tells FusionAuth which tenant to look up a user in, and to retrieve other information from.
+Becuase a universal application does not belong to a single tenant, you will generally have to supply a tenant Id when interacting with a universal application. This is true during authentication and other user-specific workflows.  The supplied tenant Id tells FusionAuth which tenant to look a user up in, to retrieve theme information from, and more.
 
 The tenant Id is typically provided on a `tenantId` query parameter, unless otherwise specified.
 
-A universal application will "inherit" settings from the tenant it is being associated with at runtime. This means that you can customize the behavior of a universal application, per tenant, by using different configuration per tenant.
+A universal application "inherits" settings from the tenant it is being associated with at runtime. This means that you can customize the behavior of a universal application per tenant by using different tenant configuration.
 
 Note that for tenant configuration settings that can be overridden at the application level, if you supply an application-level override, that setting will be used for all tenants. If this is not what you want, do not set a value in the universal application's configuration and let the application fall back to what is defined in the tenant.
 
 ### Universal Applications and Tenant-scoped API Keys
-A tenant-scoped API key is prevented from making changes that could be seen or otherwise affect other tenants than the one it is scoped to. Because universal applications span all tenants, you cannot use a tenant-scoped API key with a universal application via the [Application API](/docs/apis/applications). You can, however, use a tenant-scoped API key to interact with things like registrations and refresh tokens, as these are confined to a user within a tenant.
+A tenant-scoped API key cannot make changes that could be seen or otherwise affect other tenants than the one it is scoped to. Because universal applications span all tenants, you cannot use a tenant-scoped API key with a universal application via the [Application API](/docs/apis/applications). You can, however, use a tenant-scoped API key to interact with things like registrations and refresh tokens, as these are confined to a user within a tenant.
+
+### Configure an Application as Universal
+You can only set an application as universal when it is created. Do this by setting `application.universalConfiguration.universal` to `true` when using the API, or select the `Universal` toggle on the Add Application view in the admin app.
 
 ## Admin UI
 
diff --git a/astro/src/content/docs/lifecycle/manage-users/tenant-manager/index.mdx b/astro/src/content/docs/lifecycle/manage-users/tenant-manager/index.mdx
@@ -25,32 +25,49 @@ Available since 1.58.0
 </Aside>
 
 ## Overview
-The Tenant Manager application is an app delivered with FusionAuth that is used for managing users within a FusionAuth tenant. The core FusionAuth application provides Tenant Manager and User Manager roles, however these roles allow for the management of _all_ tenants and users, and access cannot be restricted to a _single_ tenant. The Tenant Manager app restricts access to a single tenant.
+The Tenant Manager application is used for managing users within a single FusionAuth tenant. While the app can be used with any setup, it is designed for a setup where each of your customers is assigned to a tenant. Using the Tenant Manager app, your customers can self-manage their own users.
 
-While this app can be used with any setup, the Tenant Manager app is perhaps most useful in a B2B context where you have customers mapped to tenants. In this case, the app makes it easy for a customer to have one or more administrative users that can manage other user accounts within their organization, but not see users from any other tenants.
+Note that the core FusionAuth application provides roles for managing tenants and users, however these grant access to _all_ tenants and users. The Tenant Manager app restricts access to just the logged-in user's tenant, preventing a user from seeing users from other tenants.
 
-## Granting Users Access to the Tenant Manager App
-The Tenant Manager app is a standard application, delivered with FusionAuth. It is a Universal Application, so it is available in any tenant. To grant a user access to it, you only need to register the user to the Tenant Manager application.
+## Accessing Tenant Manager
 
-Find the user in the <Breadcrumb>Users</Breadcrumb> area, select <InlineUIElement>Manage</InlineUIElement> from the <InlineUIElement>Action</InlineUIElement> menu, and add the Tenant Manager application on the `Registrations` tab.
+### Granting Users Access to Tenant Manager
+The Tenant Manager app ships with FusionAuth, and is available in all tenants.  Register a user to the Tenant Manager app to allow them to use it.
+1. Find the user in the <Breadcrumb>Users</Breadcrumb> area
+2. Select <InlineUIElement>Manage</InlineUIElement> from the <InlineUIElement>Action</InlineUIElement> menu
+3. Add the Tenant Manager application on the `Registrations` tab.
 
-The Tenant Manager app has one available role, `admin`. Assigning a user this role will give them full user administration privileges. If you do not assign a role in the user's registration, the user will be granted read-only access.
+The Tenant Manager app has one available role, `admin`. Assigning a user this role gives them full user administration privileges. A user without the `admin` role has read-only access.
 
 Note that self-service registration is not available for the Tenant Manager app.
 
+## Accessing the Tenant Manager App
+The Tenant Manager app is hosted on your FusionAuth instance at 
+
+`/tenant-manager/MANAGED_TENANT_ID`
+
+Because the Tenant Manager app is a universal application, a tenant Id must be specified so that it knows which tenant to operate on.
+
+The Tenant Manager app participates in SSO, just as any other application. This means that if SSO is enabled, a user that is logged into any application in the tenant can SSO into the Tenant Manager app and vice versa. This makes linking to the Tenant Manager app from another application, such as your own SaaS app, seamless to a user.
+
 ## Managing Users
 
-### Users View
+### The Users View
 ![Users View](/img/docs/lifecycle/manage-users/tenant-manager/users-view.png)
 
-The Users view shows you a list of users, limited to those from the logged-in user's tenant. The view is paginated, showing pages of 25 users, and you can use the various page buttons to navigate between pages.
+The Users view displays a list of users from the same tenant as the logged-in user. The view is paginated, showing 25 users at one time. Navigation buttons enable moving between pages of users.
 
-Using the `Columns` button, you can select which user data columns are shown in the users list. This setting is persistent in your browser, and the app will remember your selection across sessions.
+Configure the data columns shown in the Users view using the Columns button. The chosen setting persists across sessions in the same browser.
 
 ### Creating Users
-From the Users view, clicking the `Create` button will take you to the New User view, where you can create a user account. 
+To create a user, navigate to the Users view and click `Create`. Enter the new user account details on the New User view that opens.
 
-The `Basic information` section contains a form for setting user properties.  To customize this form you'll need to go to <Breadcrumb>Customizations > Forms</Breadcrumb> in the FusionAuth Admin application and create a new `Admin Registration` form. Then to assign the new form, select your new form in the <Breadcrumb>Application > Edit > Registration > Admin Registration</Breadcrumb> setting for the Tenant Managerapplication, which is found in the <Breadcrumb>Applications</Breadcrumb> area.
+The `Basic information` section contains a form for setting user properties.  To customize the properties in the Basic information section:
+* Open the FusionAuth Admin application
+* Open <Breadcrumb>Customizations > Forms</Breadcrumb> 
+* Create a new `Admin Registration` form
+* Open the `Tenant manager` application
+* Select your new form in the <Breadcrumb>Registration > Admin Registration</Breadcrumb> setting
 
 ### Editing Users
 From the Users view, clicking on a user takes you to the Edit User view. From here, you can edit the user's information, change their avatar, or take actions against their account.
@@ -90,12 +107,3 @@ You can assign roles to a user by managing their registration to the Tenant Mana
 
 ## Customization
 At this time, the Tenant Manager app is not themable. 
-
-## Accessing the Tenant Manager App
-The Tenant Manager app is hosted on your FusionAuth instance at 
-
-`/tenant-manager/MANAGED_TENANT_ID`
-
-Because the Tenant Manager app is a universal application, a tenant Id must be specified so that it knows which tenant to operate on.
-
-The Tenant Manager app participates in SSO, just as any other application. This means that if SSO is enabled, a user that is logged into any application in the tenant can SSO into the Tenant Manager app and vice versa. This makes linking to the Tenant Manager app from another application, such as your own SaaS app, seamless to a user.
