diff --git a/website/docs/interfaces/_global/customcss.mdx b/website/docs/interfaces/_global/customcss.mdx
new file mode 100644
index 000000000..9ff468514
--- /dev/null
+++ b/website/docs/interfaces/_global/customcss.mdx
@@ -0,0 +1,59 @@
+### Custom CSS
+
+To further modify the look of authentik, a custom CSS file can be created. Creating such a file is outside the scope of this document.
+
+import Tabs from "@theme/Tabs";
+import TabItem from "@theme/TabItem";
+
+
+
+Create a `docker-compose.override.yml` file and add this block to mount the custom CSS file:
+
+```yaml
+version: "3.2"
+
+services:
+ server:
+ volumes:
+ - ./my-css-file.css:/web/dist/custom.css
+```
+
+Afterwards, run the upgrade commands from the latest release notes.
+
+
+
+Create a ConfigMap with your css file:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: authentik-custom-css
+ namespace: authentik
+data:
+ custom.css: |
+ ...
+```
+
+Then, in the helm chart add this to your `values.yaml` file:
+
+```yaml
+volumes:
+ - name: custom-css
+ configMap:
+ name: authentik-custom-css
+volumeMounts:
+ - name: custom-css
+ mountPath: /web/dist/custom.css
+ subPath: custom.css
+```
+
+Afterwards, run the upgrade commands from the latest release notes.
+
+
+
diff --git a/website/docs/interfaces/_global/global.mdx b/website/docs/interfaces/_global/global.mdx
new file mode 100644
index 000000000..ba0839951
--- /dev/null
+++ b/website/docs/interfaces/_global/global.mdx
@@ -0,0 +1,5 @@
+## Global customization
+
+import CustomCSS from "./customcss.mdx";
+
+
diff --git a/website/docs/interfaces/admin/customization.md b/website/docs/interfaces/admin/customization.mdx
similarity index 85%
rename from website/docs/interfaces/admin/customization.md
rename to website/docs/interfaces/admin/customization.mdx
index d1532b9b1..7415e0334 100644
--- a/website/docs/interfaces/admin/customization.md
+++ b/website/docs/interfaces/admin/customization.mdx
@@ -7,3 +7,7 @@ How many items should be retrieved per page. Defaults to 20.
### `settings.theme.base`
Configure the base color scheme. Defaults to `automatic`, which switches between dark and light mode based on the users' browsers' preference. Choices: `automatic`, `dark`, `light`.
+
+import Global from "../_global/global.mdx";
+
+
diff --git a/website/docs/interfaces/flow/customization.md b/website/docs/interfaces/flow/customization.mdx
similarity index 85%
rename from website/docs/interfaces/flow/customization.md
rename to website/docs/interfaces/flow/customization.mdx
index ce684f299..f6e2aacaf 100644
--- a/website/docs/interfaces/flow/customization.md
+++ b/website/docs/interfaces/flow/customization.mdx
@@ -5,3 +5,7 @@ Since flows can be executed authenticated or unauthenticated, the default settin
### `settings.theme.base`
Configure the base color scheme. Defaults to `automatic`, which switches between dark and light mode based on the users' browsers' preference. Choices: `automatic`, `dark`, `light`.
+
+import Global from "../_global/global.mdx";
+
+
diff --git a/website/docs/interfaces/user/customization.md b/website/docs/interfaces/user/customization.mdx
similarity index 96%
rename from website/docs/interfaces/user/customization.md
rename to website/docs/interfaces/user/customization.mdx
index a44dc38f2..61c8bcfc5 100644
--- a/website/docs/interfaces/user/customization.md
+++ b/website/docs/interfaces/user/customization.mdx
@@ -58,3 +58,7 @@ Which layout to use for the Library view. Defaults to `row`. Choices: `row`, `2-
### `settings.locale`
The locale which can be configured in the user settings by default. This can be used to preset locales for groups of users, but still let them choose their own preferred locale
+
+import Global from "../_global/global.mdx";
+
+
diff --git a/website/docs/releases/2023/v2023.3.md b/website/docs/releases/2023/v2023.3.md
new file mode 100644
index 000000000..faec4e172
--- /dev/null
+++ b/website/docs/releases/2023/v2023.3.md
@@ -0,0 +1,1307 @@
+---
+title: Release 2023.3 - SCIM support
+slug: "/releases/2023.3"
+---
+
+## New features
+
+- SCIM support
+
+:::info
+This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues).
+:::
+
+ authentik can now provision users from other IT systems via the SCIM (System for Cross-domain Identity Management) protocol. The provider synchronizes Users, Groups and the user membership. Objects are synced both when they are saved and based on a pre-defined schedule in the background.
+
+- Theming improvements
+
+ - The custom.css file is now loaded in ShadowDOMs, allowing for much greater customization, as previously it was only possible to style elements outside of the ShadowDOM. See docs for [Flow](../../interfaces/flow/customization.mdx), [User](../../interfaces/user/customization.mdx) and [Admin](../../interfaces/admin/customization.mdx) interfaces.
+ - Previously, authentik would automatically switch between dark and light theme based on the users' browsers' settings. This can now be overridden to either force the light or dark theme, per user/group/tenant. See docs for [Flow](../../interfaces/flow/customization.mdx), [User](../../interfaces/user/customization.mdx) and [Admin](../../interfaces/admin/customization.mdx) interfaces.
+
+## Upgrading
+
+This release does not introduce any new requirements.
+
+### docker-compose
+
+Download the `docker-compose.yml` file for 2023.3 from [here](https://goauthentik.io/version/2023.3/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
+
+### Kubernetes
+
+Update your values to use the new images:
+
+```yaml
+image:
+ repository: ghcr.io/goauthentik/server
+ tag: 2023.3.0
+```
+
+## Minor changes/fixes included in release 2023.3
+
+- \*: add additional Prometheus metrics, remove unusable high entropy metrics
+- blueprints: improve error handling in example flow
+- core: Add `resolve_dns` and `reverse_dns` functions to evaluator (#4769)
+- core: bootstrap email (#4788)
+- core: enforce unique on names where it makes sense (#4866)
+- core: fix bug causing whitespace-only names to raise exception when generating avatars (#4746)
+- core: fix error when creating token without request in context
+- core: improve service account creation (#4751)
+- events: fix m2m_change events not being logged
+- flows: change default flow stage binding settings (#4784)
+- flows: planner error handling (#4812)
+- internal: fix crash when port 9000 is in use (#4863)
+- providers: SCIM (#4835)
+- providers/ldap: improve compatibility with LDAP clients (#4750)
+- providers/ldap: making LDAP compatible with Synology (#4694)
+- providers/oauth2: fix missing information for revoked token access events
+- providers/oauth2: OpenID conformance (#4758)
+- providers/proxy: ensure issuer is correct when browser URL override is set
+- providers/proxy: strip scheme when comparing redirect URL
+- providers/scim: add option to filter out service accounts, parent group (#4862)
+- providers/scim: customizable externalId, document behavior (#4868)
+- sources/ldap: improve error handling for password complexity (#4780)
+- sources/oauth: fix not all token errors being logged with response
+- sources/plex: fix check_token error unusable if token is empty (#4834)
+- stages/authenticator_sms: fix twilio sending (#4829)
+- stages/user_login: add option to terminate other sessions (#4754)
+- tests/e2e: use example blueprints for testing (#4805)
+- web: fetch custom.css via fetch and add stylesheet (#4804)
+- web: toggle dark/light theme manually (#4876)
+- web/admin: fix chart display with no sources (#4782)
+- web/admin: fix issue with wizard's Next button incorrectly disabled when radio button is already selected (#4821)
+- web/admin: workaround for tenant certificate selection being cut off (#4820)
+- web/elements: add loading spinner for charts, render middle text with CSS
+- web/elements: fix center text not scrolling with container (#4853)
+- web/flows: fix fa:// icons in sources not shown correctly
+- web/user: fix source connections not being filtered (#4778)
+
+## API Changes
+
+#### What's New
+
+---
+
+##### `GET` /propertymappings/scim/
+
+##### `POST` /propertymappings/scim/
+
+##### `GET` /propertymappings/scim/{pm_uuid}/
+
+##### `PUT` /propertymappings/scim/{pm_uuid}/
+
+##### `DELETE` /propertymappings/scim/{pm_uuid}/
+
+##### `PATCH` /propertymappings/scim/{pm_uuid}/
+
+##### `GET` /propertymappings/scim/{pm_uuid}/used_by/
+
+##### `GET` /providers/scim/
+
+##### `POST` /providers/scim/
+
+##### `GET` /providers/scim/{id}/
+
+##### `PUT` /providers/scim/{id}/
+
+##### `DELETE` /providers/scim/{id}/
+
+##### `PATCH` /providers/scim/{id}/
+
+##### `GET` /providers/scim/{id}/sync_status/
+
+##### `GET` /providers/scim/{id}/used_by/
+
+#### What's Changed
+
+---
+
+##### `POST` /core/users/service_account/
+
+###### Request:
+
+Changed content type : `application/json`
+
+- Added property `expiring` (boolean)
+
+- Added property `expires` (string)
+ > If not provided, valid for 360 days
+
+##### `GET` /policies/event_matcher/{policy_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `app` (string)
+
+ > Match events created by selected application. When left empty, all applications are matched.
+
+ Added enum value:
+
+ - `authentik.providers.scim`
+
+##### `PUT` /policies/event_matcher/{policy_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+- Changed property `app` (string)
+
+ > Match events created by selected application. When left empty, all applications are matched.
+
+ Added enum value:
+
+ - `authentik.providers.scim`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `app` (string)
+
+ > Match events created by selected application. When left empty, all applications are matched.
+
+ Added enum value:
+
+ - `authentik.providers.scim`
+
+##### `PATCH` /policies/event_matcher/{policy_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+- Changed property `app` (string)
+
+ > Match events created by selected application. When left empty, all applications are matched.
+
+ Added enum value:
+
+ - `authentik.providers.scim`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `app` (string)
+
+ > Match events created by selected application. When left empty, all applications are matched.
+
+ Added enum value:
+
+ - `authentik.providers.scim`
+
+##### `GET` /providers/oauth2/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `PUT` /providers/oauth2/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+New optional properties:
+
+- `authorization_flow`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `PATCH` /providers/oauth2/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /providers/proxy/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `PUT` /providers/proxy/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+New optional properties:
+
+- `authorization_flow`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `PATCH` /providers/proxy/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /core/groups/{group_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `PUT` /core/groups/{group_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `PATCH` /core/groups/{group_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `GET` /core/tenants/current/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New required properties:
+
+ - `ui_theme`
+
+ * Added property `ui_theme` (object)
+
+ Enum values:
+
+ - `automatic`
+ - `light`
+ - `dark`
+
+##### `GET` /events/rules/{pbm_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `group_obj` (object)
+
+ > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `PUT` /events/rules/{pbm_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `group_obj` (object)
+
+ > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `PATCH` /events/rules/{pbm_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `group_obj` (object)
+
+ > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `GET` /policies/bindings/{policy_binding_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `group_obj` (object)
+
+ > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `PUT` /policies/bindings/{policy_binding_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `group_obj` (object)
+
+ > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `PATCH` /policies/bindings/{policy_binding_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `group_obj` (object)
+
+ > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `POST` /policies/event_matcher/
+
+###### Request:
+
+Changed content type : `application/json`
+
+- Changed property `app` (string)
+
+ > Match events created by selected application. When left empty, all applications are matched.
+
+ Added enum value:
+
+ - `authentik.providers.scim`
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ - Changed property `app` (string)
+
+ > Match events created by selected application. When left empty, all applications are matched.
+
+ Added enum value:
+
+ - `authentik.providers.scim`
+
+##### `GET` /policies/event_matcher/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > Event Matcher Policy Serializer
+
+ - Changed property `app` (string)
+
+ > Match events created by selected application. When left empty, all applications are matched.
+
+ Added enum value:
+
+ - `authentik.providers.scim`
+
+##### `GET` /providers/ldap/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `PUT` /providers/ldap/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+New optional properties:
+
+- `authorization_flow`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `PATCH` /providers/ldap/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `POST` /providers/oauth2/
+
+###### Request:
+
+Changed content type : `application/json`
+
+New optional properties:
+
+- `authorization_flow`
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /providers/oauth2/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > OAuth2Provider Serializer
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `POST` /providers/proxy/
+
+###### Request:
+
+Changed content type : `application/json`
+
+New optional properties:
+
+- `authorization_flow`
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /providers/proxy/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > ProxyProvider Serializer
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /providers/saml/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `PUT` /providers/saml/{id}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+New optional properties:
+
+- `authorization_flow`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `PATCH` /providers/saml/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /stages/invitation/invitations/{invite_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `created_by` (object)
+
+ > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `PUT` /stages/invitation/invitations/{invite_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `created_by` (object)
+
+ > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `PATCH` /stages/invitation/invitations/{invite_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `created_by` (object)
+
+ > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `POST` /core/groups/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `GET` /core/groups/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `POST` /events/rules/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ - Changed property `group_obj` (object)
+
+ > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `GET` /events/rules/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > NotificationRule Serializer
+
+ - Changed property `group_obj` (object)
+
+ > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `GET` /flows/bindings/{fsb_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `evaluate_on_plan` (boolean)
+ > Evaluate policies during the Flow planning process.
+
+##### `PUT` /flows/bindings/{fsb_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+- Changed property `evaluate_on_plan` (boolean)
+ > Evaluate policies during the Flow planning process.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `evaluate_on_plan` (boolean)
+ > Evaluate policies during the Flow planning process.
+
+##### `PATCH` /flows/bindings/{fsb_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+- Changed property `evaluate_on_plan` (boolean)
+ > Evaluate policies during the Flow planning process.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `evaluate_on_plan` (boolean)
+ > Evaluate policies during the Flow planning process.
+
+##### `GET` /oauth2/access_tokens/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `provider` (object)
+
+ > OAuth2Provider Serializer
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /oauth2/authorization_codes/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `provider` (object)
+
+ > OAuth2Provider Serializer
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /oauth2/refresh_tokens/{id}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `provider` (object)
+
+ > OAuth2Provider Serializer
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `POST` /policies/bindings/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ - Changed property `group_obj` (object)
+
+ > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `GET` /policies/bindings/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > PolicyBinding Serializer
+
+ - Changed property `group_obj` (object)
+
+ > Group Serializer
+
+ - Changed property `users_obj` (array)
+
+ Changed items (object): > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `POST` /providers/ldap/
+
+###### Request:
+
+Changed content type : `application/json`
+
+New optional properties:
+
+- `authorization_flow`
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /providers/ldap/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > LDAPProvider Serializer
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `POST` /providers/saml/
+
+###### Request:
+
+Changed content type : `application/json`
+
+New optional properties:
+
+- `authorization_flow`
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /providers/saml/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > SAMLProvider Serializer
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /sources/user_connections/all/
+
+###### Parameters:
+
+Added: `user` in `query`
+
+##### `POST` /stages/invitation/invitations/
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ - Changed property `created_by` (object)
+
+ > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `GET` /stages/invitation/invitations/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > Invitation Serializer
+
+ - Changed property `created_by` (object)
+
+ > Stripped down user serializer to show relevant users for groups
+
+ New optional properties:
+
+ - `avatar`
+
+ * Deleted property `avatar` (string)
+
+##### `GET` /stages/user_login/{stage_uuid}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Added property `terminate_other_sessions` (boolean)
+ > Terminate all other sessions of the user logging in.
+
+##### `PUT` /stages/user_login/{stage_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+- Added property `terminate_other_sessions` (boolean)
+ > Terminate all other sessions of the user logging in.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Added property `terminate_other_sessions` (boolean)
+ > Terminate all other sessions of the user logging in.
+
+##### `PATCH` /stages/user_login/{stage_uuid}/
+
+###### Request:
+
+Changed content type : `application/json`
+
+- Added property `terminate_other_sessions` (boolean)
+ > Terminate all other sessions of the user logging in.
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Added property `terminate_other_sessions` (boolean)
+ > Terminate all other sessions of the user logging in.
+
+##### `POST` /flows/bindings/
+
+###### Request:
+
+Changed content type : `application/json`
+
+- Changed property `evaluate_on_plan` (boolean)
+ > Evaluate policies during the Flow planning process.
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ - Changed property `evaluate_on_plan` (boolean)
+ > Evaluate policies during the Flow planning process.
+
+##### `GET` /flows/bindings/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > FlowStageBinding Serializer
+
+ - Changed property `evaluate_on_plan` (boolean)
+ > Evaluate policies during the Flow planning process.
+
+##### `GET` /flows/inspector/{flow_slug}/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `plans` (array)
+
+ Changed items (object): > Serializer for an active FlowPlan
+
+ - Changed property `next_planned_stage` (object)
+
+ > FlowStageBinding Serializer
+
+ - Changed property `evaluate_on_plan` (boolean)
+ > Evaluate policies during the Flow planning process.
+
+ - Changed property `current_stage` (object)
+
+ > FlowStageBinding Serializer
+
+ - Changed property `evaluate_on_plan` (boolean)
+ > Evaluate policies during the Flow planning process.
+
+##### `GET` /oauth2/access_tokens/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > Serializer for BaseGrantModel and RefreshToken
+
+ - Changed property `provider` (object)
+
+ > OAuth2Provider Serializer
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /oauth2/authorization_codes/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
+
+ - Changed property `provider` (object)
+
+ > OAuth2Provider Serializer
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `GET` /oauth2/refresh_tokens/
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > Serializer for BaseGrantModel and RefreshToken
+
+ - Changed property `provider` (object)
+
+ > OAuth2Provider Serializer
+
+ New optional properties:
+
+ - `authorization_flow`
+
+##### `POST` /stages/user_login/
+
+###### Request:
+
+Changed content type : `application/json`
+
+- Added property `terminate_other_sessions` (boolean)
+ > Terminate all other sessions of the user logging in.
+
+###### Return Type:
+
+Changed response : **201 Created**
+
+- Changed content type : `application/json`
+
+ - Added property `terminate_other_sessions` (boolean)
+ > Terminate all other sessions of the user logging in.
+
+##### `GET` /stages/user_login/
+
+###### Parameters:
+
+Added: `terminate_other_sessions` in `query`
+
+###### Return Type:
+
+Changed response : **200 OK**
+
+- Changed content type : `application/json`
+
+ - Changed property `results` (array)
+
+ Changed items (object): > UserLoginStage Serializer
+
+ - Added property `terminate_other_sessions` (boolean)
+ > Terminate all other sessions of the user logging in.