diff --git a/.changeset/orange-pandas-shake.md b/.changeset/orange-pandas-shake.md
new file mode 100644
index 00000000000..c9f0dd92ce3
--- /dev/null
+++ b/.changeset/orange-pandas-shake.md
@@ -0,0 +1,7 @@
+---
+'@clerk/localizations': patch
+'@clerk/shared': patch
+'@clerk/ui': patch
+---
+
+Add an overview to the organization profile Security page. The page now lands on a summary of the SSO connection — a status badge (Unconfigured, In Progress, Active, Inactive), the configuration details framed in a card (provider, domain, sign-on URL, issuer, certificate), and an actions menu with Edit, Activate / Deactivate, and Remove — and switches into the existing configuration flow on Start, Continue, or Edit.
diff --git a/packages/localizations/src/en-US.ts b/packages/localizations/src/en-US.ts
index b6d14fad930..c4823368473 100644
--- a/packages/localizations/src/en-US.ts
+++ b/packages/localizations/src/en-US.ts
@@ -1066,6 +1066,38 @@ export const enUS: LocalizationResource = {
       successMessage: '{{domain}} has been removed.',
       title: 'Remove domain',
     },
+    securityPage: {
+      removeDialog: {
+        confirmButton: 'Remove connection',
+        subtitle:
+          'Are you sure you want to remove the connection? This action is irreversible and deletes the connection and all of its configuration.',
+        title: 'Remove SSO connection',
+      },
+      ssoSection: {
+        badge__active: 'Active',
+        badge__inactive: 'Inactive',
+        badge__inProgress: 'In Progress',
+        badge__unconfigured: 'Unconfigured',
+        certificateLabel: 'Certificate',
+        descriptionLine1:
+          'Require members to sign in through your identity provider using their domain email. Members without a matching domain are unaffected.',
+        descriptionLine2:
+          'Anyone who signs in will be automatically added to this organization. New members will be assigned to {{role}}.',
+        descriptionLine2__noRole: 'Anyone who signs in will be automatically added to this organization.',
+        domainLabel: 'Domain',
+        issuerLabel: 'Issuer',
+        menuAction__activate: 'Activate',
+        menuAction__deactivate: 'Deactivate',
+        menuAction__edit: 'Edit',
+        menuAction__remove: 'Remove',
+        primaryButton__continueConfiguration: 'Continue configuration',
+        primaryButton__startConfiguration: 'Start configuration',
+        providerLabel: 'Provider',
+        signOnUrlLabel: 'Sign on URL',
+        title: 'SSO',
+      },
+      title: 'Security',
+    },
     start: {
       headerTitle__general: 'General',
       headerTitle__members: 'Members',
diff --git a/packages/shared/src/types/elementIds.ts b/packages/shared/src/types/elementIds.ts
index 336279a9a07..bc03eced10d 100644
--- a/packages/shared/src/types/elementIds.ts
+++ b/packages/shared/src/types/elementIds.ts
@@ -53,6 +53,7 @@ export type ProfileSectionId =
   | 'manageVerifiedDomains'
   | 'subscriptionsList'
   | 'paymentMethods'
+  | 'sso'
   | 'ssoStatus'
   | 'enableSso'
   | 'ssoDomain'
@@ -61,7 +62,13 @@ export type ProfileSectionId =
   | 'resetSso'
   | 'testSsoUrl'
   | 'testResults';
-export type ProfilePageId = 'account' | 'security' | 'organizationGeneral' | 'organizationMembers' | 'billing';
+export type ProfilePageId =
+  | 'account'
+  | 'security'
+  | 'organizationGeneral'
+  | 'organizationMembers'
+  | 'organizationSecurity'
+  | 'billing';
 
 export type UserPreviewId = 'userButton' | 'personalWorkspace';
 export type OrganizationPreviewId =
diff --git a/packages/shared/src/types/localization.ts b/packages/shared/src/types/localization.ts
index 5b4feb90948..421a63c5efd 100644
--- a/packages/shared/src/types/localization.ts
+++ b/packages/shared/src/types/localization.ts
@@ -1130,6 +1130,35 @@ export type __internal_LocalizationResource = {
       messageLine2: LocalizationValue;
       successMessage: LocalizationValue;
     };
+    securityPage: {
+      title: LocalizationValue;
+      removeDialog: {
+        title: LocalizationValue;
+        subtitle: LocalizationValue;
+        confirmButton: LocalizationValue;
+      };
+      ssoSection: {
+        title: LocalizationValue;
+        badge__unconfigured: LocalizationValue;
+        badge__inProgress: LocalizationValue;
+        badge__active: LocalizationValue;
+        badge__inactive: LocalizationValue;
+        descriptionLine1: LocalizationValue;
+        descriptionLine2: LocalizationValue<'role'>;
+        descriptionLine2__noRole: LocalizationValue;
+        primaryButton__startConfiguration: LocalizationValue;
+        primaryButton__continueConfiguration: LocalizationValue;
+        providerLabel: LocalizationValue;
+        domainLabel: LocalizationValue;
+        signOnUrlLabel: LocalizationValue;
+        issuerLabel: LocalizationValue;
+        certificateLabel: LocalizationValue;
+        menuAction__edit: LocalizationValue;
+        menuAction__activate: LocalizationValue;
+        menuAction__deactivate: LocalizationValue;
+        menuAction__remove: LocalizationValue;
+      };
+    };
     membersPage: {
       detailsTitle__emptyRow: LocalizationValue;
       action__invite: LocalizationValue;
diff --git a/packages/ui/src/components/ConfigureSSO/ResetConnectionDialog.tsx b/packages/ui/src/components/ConfigureSSO/ResetConnectionDialog.tsx
index c35bbf9bb46..2f25c627ac2 100644
--- a/packages/ui/src/components/ConfigureSSO/ResetConnectionDialog.tsx
+++ b/packages/ui/src/components/ConfigureSSO/ResetConnectionDialog.tsx
@@ -1,3 +1,4 @@
+import type { LocalizationKey } from '@/customizables';
 import { Col, descriptors, localizationKeys } from '@/customizables';
 import { Card } from '@/elements/Card';
 import { useCardState, withCardStateProvider } from '@/elements/contexts';
@@ -8,17 +9,19 @@ import { Modal } from '@/elements/Modal';
 import { useFormControl } from '@/ui/utils/useFormControl';
 import { handleError } from '@/utils/errorHandler';
 
-import { useConfigureSSO } from './ConfigureSSOContext';
-
 type ResetConnectionDialogProps = {
   isOpen: boolean;
   onClose: () => void;
   confirmationValue: string;
+  onDelete: () => Promise<unknown>;
+  contentRef: React.RefObject<HTMLDivElement>;
+  /** Defaults to the Reset copy; overridden when the dialog is reused for the Remove action. */
+  title?: LocalizationKey;
+  subtitle?: LocalizationKey;
+  confirmButtonLabel?: LocalizationKey;
 };
 
 export const ResetConnectionDialog = (props: ResetConnectionDialogProps): JSX.Element | null => {
-  const { contentRef } = useConfigureSSO();
-
   if (!props.isOpen) {
     return null;
   }
@@ -27,7 +30,7 @@ export const ResetConnectionDialog = (props: ResetConnectionDialogProps): JSX.El
     <Modal
       handleClose={props.onClose}
       canCloseModal={false}
-      portalRoot={contentRef}
+      portalRoot={props.contentRef}
       containerSx={t => ({
         alignItems: 'center',
         position: 'absolute',
@@ -44,9 +47,12 @@ export const ResetConnectionDialog = (props: ResetConnectionDialogProps): JSX.El
 };
 
 const ResetConnectionDialogContent = withCardStateProvider((props: ResetConnectionDialogProps) => {
-  const { onClose, confirmationValue } = props;
+  const { onClose, onDelete, confirmationValue } = props;
+  const title = props.title ?? localizationKeys('configureSSO.resetConnectionDialog.title');
+  const subtitle = props.subtitle ?? localizationKeys('configureSSO.resetConnectionDialog.subtitle');
+  const confirmButtonLabel =
+    props.confirmButtonLabel ?? localizationKeys('configureSSO.resetConnectionDialog.resetButton');
   const card = useCardState();
-  const { enterpriseConnection, mutations } = useConfigureSSO();
 
   const confirmationField = useFormControl('deleteConfirmation', '', {
     type: 'text',
@@ -60,18 +66,12 @@ const ResetConnectionDialogContent = withCardStateProvider((props: ResetConnecti
   const canSubmit = Boolean(confirmationValue && confirmationField.value === confirmationValue);
 
   const onSubmit = async () => {
-    if (!enterpriseConnection || !canSubmit) {
+    if (!canSubmit) {
       return;
     }
 
     try {
-      // Reset is a pure delete — no navigation. Dropping `hasConnection` breaks
-      // the active step's entry guard, so the wizard self-corrects to the
-      // furthest-reachable step. The mutation is already reverification-wrapped.
-      // No `useWizard()` here — that lets this dialog be triggered from ANY
-      // footer (including the nested SAML configure footers) without binding to
-      // a nested wizard.
-      await mutations.deleteConnection(enterpriseConnection.id);
+      await onDelete();
       onClose();
     } catch (err) {
       handleError(err as Error, [confirmationField], card.setError);
@@ -85,8 +85,8 @@ const ResetConnectionDialogContent = withCardStateProvider((props: ResetConnecti
     >
       <Card.Content sx={t => ({ textAlign: 'start', padding: t.sizes.$5 })}>
         <FormContainer
-          headerTitle={localizationKeys('configureSSO.resetConnectionDialog.title')}
-          headerSubtitle={localizationKeys('configureSSO.resetConnectionDialog.subtitle')}
+          headerTitle={title}
+          headerSubtitle={subtitle}
           sx={t => ({ gap: t.space.$4 })}
         >
           <Form.Root onSubmit={onSubmit}>
@@ -104,7 +104,7 @@ const ResetConnectionDialogContent = withCardStateProvider((props: ResetConnecti
                   block={false}
                   colorScheme='danger'
                   isDisabled={!canSubmit}
-                  localizationKey={localizationKeys('configureSSO.resetConnectionDialog.resetButton')}
+                  localizationKey={confirmButtonLabel}
                 />
                 <Form.ResetButton
                   elementDescriptor={descriptors.configureSSOResetConnectionDialogCancelButton}
diff --git a/packages/ui/src/components/ConfigureSSO/__tests__/ResetConnectionDialog.test.tsx b/packages/ui/src/components/ConfigureSSO/__tests__/ResetConnectionDialog.test.tsx
index d16271cd6fe..40aa39a9314 100644
--- a/packages/ui/src/components/ConfigureSSO/__tests__/ResetConnectionDialog.test.tsx
+++ b/packages/ui/src/components/ConfigureSSO/__tests__/ResetConnectionDialog.test.tsx
@@ -1,39 +1,26 @@
-import type { EnterpriseConnectionResource } from '@clerk/shared/types';
 import { describe, expect, it, vi } from 'vitest';
 
+import { localizationKeys } from '@/customizables';
 import { bindCreateFixtures } from '@/test/create-fixtures';
 import { render, screen, waitFor } from '@/test/utils';
 import { CardStateProvider } from '@/ui/elements/contexts';
 
-// The dialog no longer touches the wizard. On confirm it calls the
-// reverification-wrapped `mutations.deleteConnection(id)` directly — a pure
-// delete, no navigation — and the wizard self-corrects to the
-// furthest-reachable step once the active step's guard breaks. That lets the
-// dialog be triggered from ANY footer (including nested SAML configure footers)
-// without binding to a nested wizard.
-const deleteConnection = vi.fn();
-
-const connectionMockState = vi.hoisted(() => ({
-  current: { id: 'idn_connection_1' } as Partial<EnterpriseConnectionResource> | null,
-}));
-
-vi.mock('../ConfigureSSOContext', () => ({
-  useConfigureSSO: () => ({
-    enterpriseConnection: connectionMockState.current,
-    contentRef: { current: null },
-    // The dialog's confirm calls the reverification-wrapped `deleteConnection`
-    // mutation directly. No navigation — the wizard self-corrects.
-    mutations: { deleteConnection },
-  }),
-}));
-
 import { ResetConnectionDialog } from '../ResetConnectionDialog';
 
+const deleteConnection = vi.fn();
+
 const { createFixtures } = bindCreateFixtures('ConfigureSSO');
 
 const renderDialog = (
   wrapper: React.ComponentType<{ children?: React.ReactNode }>,
-  props: { isOpen?: boolean; onClose?: () => void; confirmationValue?: string } = {},
+  props: {
+    isOpen?: boolean;
+    onClose?: () => void;
+    confirmationValue?: string;
+    title?: ReturnType<typeof localizationKeys>;
+    subtitle?: ReturnType<typeof localizationKeys>;
+    confirmButtonLabel?: ReturnType<typeof localizationKeys>;
+  } = {},
 ) => {
   const onClose = props.onClose ?? vi.fn();
   const utils = render(
@@ -42,6 +29,11 @@ const renderDialog = (
         isOpen={props.isOpen ?? true}
         onClose={onClose}
         confirmationValue={props.confirmationValue ?? 'Acme Inc'}
+        onDelete={() => deleteConnection('idn_connection_1')}
+        contentRef={{ current: null }}
+        title={props.title}
+        subtitle={props.subtitle}
+        confirmButtonLabel={props.confirmButtonLabel}
       />
     </CardStateProvider>,
     { wrapper },
@@ -52,7 +44,6 @@ const renderDialog = (
 const resetMocks = () => {
   deleteConnection.mockReset();
   deleteConnection.mockResolvedValue(undefined);
-  connectionMockState.current = { id: 'idn_connection_1' };
 };
 
 describe('ResetConnectionDialog', () => {
@@ -81,6 +72,25 @@ describe('ResetConnectionDialog', () => {
     expect(screen.getByRole('button', { name: 'Cancel' })).toBeInTheDocument();
   });
 
+  it('renders override copy when title, subtitle, and confirm label props are supplied', async () => {
+    resetMocks();
+    const { wrapper } = await createFixtures();
+    renderDialog(wrapper, {
+      confirmationValue: 'Acme Inc',
+      title: localizationKeys('organizationProfile.securityPage.removeDialog.title'),
+      subtitle: localizationKeys('organizationProfile.securityPage.removeDialog.subtitle'),
+      confirmButtonLabel: localizationKeys('organizationProfile.securityPage.removeDialog.confirmButton'),
+    });
+
+    expect(screen.getByRole('heading', { name: 'Remove SSO connection' })).toBeInTheDocument();
+    expect(screen.queryByRole('heading', { name: 'Reset connection' })).not.toBeInTheDocument();
+    expect(screen.getByText(/Are you sure you want to remove the connection\?/i)).toBeInTheDocument();
+    expect(screen.getByRole('button', { name: 'Remove connection' })).toBeInTheDocument();
+    expect(screen.queryByRole('button', { name: 'Reset connection' })).not.toBeInTheDocument();
+    // Type-to-confirm is unchanged by the override.
+    expect(screen.getByRole('button', { name: 'Cancel' })).toBeInTheDocument();
+  });
+
   it('keeps Reset disabled while the input is empty', async () => {
     resetMocks();
     const { wrapper } = await createFixtures();
diff --git a/packages/ui/src/components/ConfigureSSO/elements/Step.tsx b/packages/ui/src/components/ConfigureSSO/elements/Step.tsx
index 96c70eaadd8..e8ec6275839 100644
--- a/packages/ui/src/components/ConfigureSSO/elements/Step.tsx
+++ b/packages/ui/src/components/ConfigureSSO/elements/Step.tsx
@@ -206,11 +206,11 @@ FooterContinue.displayName = 'Step.Footer.Continue';
  * footer row, matching the prior destructive affordance.
  */
 const FooterReset = (): JSX.Element | null => {
-  const { organizationEnterpriseConnection: c } = useConfigureSSO();
+  const { enterpriseConnection, mutations, contentRef } = useConfigureSSO();
   const organization = __internal_useOrganizationBase();
   const [isOpen, setIsOpen] = useState(false);
 
-  if (!c.hasConnection) {
+  if (!enterpriseConnection) {
     return null;
   }
 
@@ -229,6 +229,8 @@ const FooterReset = (): JSX.Element | null => {
         isOpen={isOpen}
         onClose={() => setIsOpen(false)}
         confirmationValue={organization?.name ?? ''}
+        onDelete={() => mutations.deleteConnection(enterpriseConnection.id)}
+        contentRef={contentRef}
       />
     </>
   );
diff --git a/packages/ui/src/components/ConfigureSSO/steps/ConfirmationStep.tsx b/packages/ui/src/components/ConfigureSSO/steps/ConfirmationStep.tsx
index 6e1a29d3fea..2f0a10385b3 100644
--- a/packages/ui/src/components/ConfigureSSO/steps/ConfirmationStep.tsx
+++ b/packages/ui/src/components/ConfigureSSO/steps/ConfirmationStep.tsx
@@ -254,6 +254,7 @@ const ConfigurationDetailsSection = (): JSX.Element => {
 };
 
 const ResetConnectionSection = (): JSX.Element => {
+  const { enterpriseConnection, mutations, contentRef } = useConfigureSSO();
   const { organization } = useOrganization();
   const [isOpen, setIsOpen] = useState(false);
 
@@ -277,6 +278,10 @@ const ResetConnectionSection = (): JSX.Element => {
         isOpen={isOpen}
         onClose={() => setIsOpen(false)}
         confirmationValue={organization?.name ?? ''}
+        // The confirmation step is only reachable with a connection, so the resource is set.
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        onDelete={() => mutations.deleteConnection(enterpriseConnection!.id)}
+        contentRef={contentRef}
       />
     </ProfileSection.Root>
   );
diff --git a/packages/ui/src/components/OrganizationProfile/OrganizationSecurityPage.tsx b/packages/ui/src/components/OrganizationProfile/OrganizationSecurityPage.tsx
index 87ff924593d..98ee5378068 100644
--- a/packages/ui/src/components/OrganizationProfile/OrganizationSecurityPage.tsx
+++ b/packages/ui/src/components/OrganizationProfile/OrganizationSecurityPage.tsx
@@ -1,9 +1,15 @@
 import { useOrganization } from '@clerk/shared/react';
+import { useState } from 'react';
 
+import { Header } from '@/ui/elements/Header';
+import { ProfileCard } from '@/ui/elements/ProfileCard';
+
+import { Col, descriptors, localizationKeys } from '../../customizables';
 import { ConfigureSSOProtect } from '../ConfigureSSO/ConfigureSSO';
 import { ConfigureSSOSkeleton } from '../ConfigureSSO/ConfigureSSOSkeleton';
 import { ConfigureSSOWizard } from '../ConfigureSSO/ConfigureSSOWizard';
 import { useOrganizationEnterpriseConnection } from '../ConfigureSSO/hooks/useOrganizationEnterpriseConnection';
+import { SecuritySsoSection } from './SecuritySsoSection';
 
 type OrganizationSecurityPageProps = {
   contentRef: React.RefObject<HTMLDivElement>;
@@ -24,6 +30,7 @@ export const OrganizationSecurityPage = ({ contentRef }: OrganizationSecurityPag
 const OrganizationSecurityPageContent = ({ contentRef }: OrganizationSecurityPageProps) => {
   const {
     isLoading,
+    organization,
     enterpriseConnection,
     organizationEnterpriseConnection,
     testRuns,
@@ -31,6 +38,8 @@ const OrganizationSecurityPageContent = ({ contentRef }: OrganizationSecurityPag
     primaryEmailAddress,
   } = useOrganizationEnterpriseConnection();
 
+  const [view, setView] = useState<'overview' | 'wizard'>('overview');
+
   // Gate loading above the provider so the context never observes a loading state.
   if (isLoading) {
     return <ConfigureSSOSkeleton />;
@@ -38,14 +47,45 @@ const OrganizationSecurityPageContent = ({ contentRef }: OrganizationSecurityPag
 
   return (
     <ConfigureSSOProtect>
-      <ConfigureSSOWizard
-        organizationEnterpriseConnection={organizationEnterpriseConnection}
-        testRuns={testRuns}
-        enterpriseConnection={enterpriseConnection}
-        contentRef={contentRef}
-        mutations={mutations}
-        primaryEmailAddress={primaryEmailAddress}
-      />
+      {view === 'overview' ? (
+        <ProfileCard.Page>
+          <Col
+            elementDescriptor={descriptors.page}
+            sx={t => ({ gap: t.space.$8 })}
+          >
+            <Col
+              elementDescriptor={descriptors.profilePage}
+              elementId={descriptors.profilePage.setId('organizationSecurity')}
+            >
+              <Header.Root>
+                <Header.Title
+                  localizationKey={localizationKeys('organizationProfile.securityPage.title')}
+                  sx={t => ({ marginBottom: t.space.$4 })}
+                  textVariant='h2'
+                />
+              </Header.Root>
+              <SecuritySsoSection
+                connection={organizationEnterpriseConnection}
+                enterpriseConnection={enterpriseConnection}
+                setConnectionActive={mutations.setConnectionActive}
+                deleteConnection={mutations.deleteConnection}
+                organizationName={organization?.name ?? ''}
+                contentRef={contentRef}
+                onConfigure={() => setView('wizard')}
+              />
+            </Col>
+          </Col>
+        </ProfileCard.Page>
+      ) : (
+        <ConfigureSSOWizard
+          organizationEnterpriseConnection={organizationEnterpriseConnection}
+          testRuns={testRuns}
+          enterpriseConnection={enterpriseConnection}
+          contentRef={contentRef}
+          mutations={mutations}
+          primaryEmailAddress={primaryEmailAddress}
+        />
+      )}
     </ConfigureSSOProtect>
   );
 };
diff --git a/packages/ui/src/components/OrganizationProfile/SecuritySsoSection.tsx b/packages/ui/src/components/OrganizationProfile/SecuritySsoSection.tsx
new file mode 100644
index 00000000000..1a1ac78a0ef
--- /dev/null
+++ b/packages/ui/src/components/OrganizationProfile/SecuritySsoSection.tsx
@@ -0,0 +1,504 @@
+import { iconImageUrl } from '@clerk/shared/constants';
+import type { EnterpriseConnectionResource } from '@clerk/shared/types';
+import type { PropsWithChildren } from 'react';
+import { useState } from 'react';
+
+import { Card } from '@/ui/elements/Card';
+import { CardStateProvider, useCardState } from '@/ui/elements/contexts';
+import { ProfileSection } from '@/ui/elements/Section';
+import { ThreeDotsMenu } from '@/ui/elements/ThreeDotsMenu';
+import { handleError } from '@/utils/errorHandler';
+
+import { useEnvironment } from '../../contexts';
+import type { LocalizationKey } from '../../customizables';
+import { Badge, Button, Col, descriptors, Flex, Link, localizationKeys, Span, Text } from '../../customizables';
+import { useFetchRoles, useLocalizeCustomRoles } from '../../hooks/useFetchRoles';
+import type {
+  OrganizationEnterpriseConnection,
+  OrganizationEnterpriseConnectionStatus,
+} from '../ConfigureSSO/domain/organizationEnterpriseConnection';
+import type { EnterpriseConnectionMutations } from '../ConfigureSSO/hooks/useOrganizationEnterpriseConnection';
+import { ResetConnectionDialog } from '../ConfigureSSO/ResetConnectionDialog';
+import type { ProviderType } from '../ConfigureSSO/types';
+
+type SecuritySsoSectionProps = {
+  connection: OrganizationEnterpriseConnection;
+  enterpriseConnection: EnterpriseConnectionResource | undefined;
+  setConnectionActive: EnterpriseConnectionMutations['setConnectionActive'];
+  deleteConnection: EnterpriseConnectionMutations['deleteConnection'];
+  organizationName: string;
+  contentRef: React.RefObject<HTMLDivElement>;
+  onConfigure: () => void;
+};
+
+const STATUS_BADGES: Record<
+  OrganizationEnterpriseConnectionStatus,
+  { id: string; colorScheme: 'danger' | 'warning' | 'success'; label: LocalizationKey }
+> = {
+  unconfigured: {
+    id: 'unconfigured',
+    colorScheme: 'danger',
+    label: localizationKeys('organizationProfile.securityPage.ssoSection.badge__unconfigured'),
+  },
+  in_progress: {
+    id: 'inProgress',
+    colorScheme: 'warning',
+    label: localizationKeys('organizationProfile.securityPage.ssoSection.badge__inProgress'),
+  },
+  active: {
+    id: 'active',
+    colorScheme: 'success',
+    label: localizationKeys('organizationProfile.securityPage.ssoSection.badge__active'),
+  },
+  inactive: {
+    id: 'inactive',
+    colorScheme: 'danger',
+    label: localizationKeys('organizationProfile.securityPage.ssoSection.badge__inactive'),
+  },
+};
+
+const MONOCHROMATIC_PROVIDER_ICONS: ReadonlySet<string> = new Set(['okta']);
+
+const PROVIDER_PRESENTATION: Record<ProviderType, { label: LocalizationKey; iconId: string }> = {
+  saml_okta: { label: localizationKeys('configureSSO.selectProviderStep.saml.okta'), iconId: 'okta' },
+  saml_microsoft: { label: localizationKeys('configureSSO.selectProviderStep.saml.microsoft'), iconId: 'microsoft' },
+  saml_google: { label: localizationKeys('configureSSO.selectProviderStep.saml.google'), iconId: 'google' },
+  saml_custom: { label: localizationKeys('configureSSO.selectProviderStep.saml.customSaml'), iconId: 'saml' },
+};
+
+export const SecuritySsoSection = (props: SecuritySsoSectionProps): JSX.Element => {
+  const { connection, onConfigure } = props;
+
+  const isConfigured = connection.status === 'active' || connection.status === 'inactive';
+
+  // The badge and menu read straight from the entity; revalidation drives the settled state.
+  const status: OrganizationEnterpriseConnectionStatus = connection.status;
+  const badge = STATUS_BADGES[status];
+
+  return (
+    <ProfileSection.Root
+      title={localizationKeys('organizationProfile.securityPage.ssoSection.title')}
+      id='sso'
+      centered={false}
+      badge={
+        <Badge
+          elementDescriptor={descriptors.organizationProfileSecuritySsoBadge}
+          elementId={descriptors.organizationProfileSecuritySsoBadge.setId(badge.id)}
+          colorScheme={badge.colorScheme}
+          localizationKey={badge.label}
+        />
+      }
+    >
+      {status === 'unconfigured' && (
+        <NotConfiguredContent
+          primaryButtonKey={localizationKeys(
+            'organizationProfile.securityPage.ssoSection.primaryButton__startConfiguration',
+          )}
+          primaryButtonId='start'
+          onConfigure={onConfigure}
+        />
+      )}
+
+      {status === 'in_progress' && (
+        <NotConfiguredContent
+          primaryButtonKey={localizationKeys(
+            'organizationProfile.securityPage.ssoSection.primaryButton__continueConfiguration',
+          )}
+          primaryButtonId='continue'
+          onConfigure={onConfigure}
+        />
+      )}
+
+      {isConfigured && (
+        <CardStateProvider>
+          <ConfiguredContent
+            {...props}
+            isActive={status === 'active'}
+          />
+        </CardStateProvider>
+      )}
+    </ProfileSection.Root>
+  );
+};
+
+type NotConfiguredContentProps = {
+  primaryButtonKey: LocalizationKey;
+  primaryButtonId: string;
+  onConfigure: () => void;
+};
+
+const NotConfiguredContent = ({
+  primaryButtonKey,
+  primaryButtonId,
+  onConfigure,
+}: NotConfiguredContentProps): JSX.Element => (
+  <Col
+    align='start'
+    gap={4}
+  >
+    <SsoDescription />
+
+    <Button
+      elementDescriptor={descriptors.organizationProfileSecuritySsoConfigureButton}
+      elementId={descriptors.organizationProfileSecuritySsoConfigureButton.setId(primaryButtonId)}
+      variant='outline'
+      size='sm'
+      onClick={onConfigure}
+      localizationKey={primaryButtonKey}
+    />
+  </Col>
+);
+
+type ConfiguredContentProps = SecuritySsoSectionProps & {
+  isActive: boolean;
+};
+
+const ConfiguredContent = (props: ConfiguredContentProps): JSX.Element => {
+  const {
+    connection,
+    enterpriseConnection,
+    setConnectionActive,
+    deleteConnection,
+    organizationName,
+    contentRef,
+    onConfigure,
+    isActive,
+  } = props;
+  const card = useCardState();
+  const [isResetDialogOpen, setIsResetDialogOpen] = useState(false);
+
+  const provider = connection.provider ? PROVIDER_PRESENTATION[connection.provider] : undefined;
+  const domains = enterpriseConnection?.domains ?? [];
+  const samlConnection = enterpriseConnection?.samlConnection;
+
+  const onSetActive = async (active: boolean) => {
+    if (card.isLoading) {
+      return;
+    }
+
+    card.setError(undefined);
+    card.setLoading();
+
+    try {
+      // A configured (active / inactive) connection guarantees the resource is set.
+      // The mutation revalidates before resolving, so the refreshed entity drives the settled UI.
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      await setConnectionActive(enterpriseConnection!.id, active);
+    } catch (err) {
+      handleError(err as Error, [], card.setError);
+    } finally {
+      card.setIdle();
+    }
+  };
+
+  return (
+    <Col gap={4}>
+      <Flex
+        align='start'
+        justify='between'
+        gap={3}
+      >
+        <SsoDescription />
+
+        <ThreeDotsMenu
+          elementId='sso'
+          actions={[
+            {
+              label: localizationKeys('organizationProfile.securityPage.ssoSection.menuAction__edit'),
+              onClick: onConfigure,
+            },
+            isActive
+              ? {
+                  label: localizationKeys('organizationProfile.securityPage.ssoSection.menuAction__deactivate'),
+                  isDisabled: card.isLoading,
+                  onClick: () => void onSetActive(false),
+                }
+              : {
+                  label: localizationKeys('organizationProfile.securityPage.ssoSection.menuAction__activate'),
+                  isDisabled: card.isLoading,
+                  onClick: () => void onSetActive(true),
+                },
+            {
+              label: localizationKeys('organizationProfile.securityPage.ssoSection.menuAction__remove'),
+              isDestructive: true,
+              onClick: () => setIsResetDialogOpen(true),
+            },
+          ]}
+        />
+      </Flex>
+
+      <Card.Alert>{card.error}</Card.Alert>
+
+      <Col
+        elementDescriptor={descriptors.organizationProfileSecuritySsoDetailRows}
+        gap={2}
+        sx={t => ({
+          padding: `${t.space.$3} ${t.space.$4}`,
+          backgroundColor: t.colors.$colorBackground,
+          borderWidth: t.borderWidths.$normal,
+          borderStyle: t.borderStyles.$solid,
+          borderColor: t.colors.$borderAlpha150,
+          borderRadius: t.radii.$lg,
+        })}
+      >
+        {provider && (
+          <DetailRow
+            id='provider'
+            label={localizationKeys('organizationProfile.securityPage.ssoSection.providerLabel')}
+          >
+            <Flex
+              align='center'
+              gap={2}
+              sx={{ minWidth: 0 }}
+            >
+              <ProviderIcon iconId={provider.iconId} />
+              <Text
+                localizationKey={provider.label}
+                truncate
+              />
+            </Flex>
+          </DetailRow>
+        )}
+
+        {domains.length > 0 && (
+          <DetailRow
+            id='domain'
+            label={localizationKeys('organizationProfile.securityPage.ssoSection.domainLabel')}
+          >
+            <Flex
+              justify='end'
+              align='start'
+              wrap='wrap'
+              gap={1}
+              sx={{ minWidth: 0 }}
+            >
+              {domains.map(domain => (
+                <ValueChip
+                  key={domain}
+                  id='domain'
+                >
+                  {domain}
+                </ValueChip>
+              ))}
+            </Flex>
+          </DetailRow>
+        )}
+
+        {samlConnection?.idpSsoUrl && (
+          <DetailRow
+            id='signOnUrl'
+            label={localizationKeys('organizationProfile.securityPage.ssoSection.signOnUrlLabel')}
+          >
+            <LinkChip
+              id='signOnUrl'
+              href={samlConnection.idpSsoUrl}
+            />
+          </DetailRow>
+        )}
+
+        {samlConnection?.idpEntityId && (
+          <DetailRow
+            id='issuer'
+            label={localizationKeys('organizationProfile.securityPage.ssoSection.issuerLabel')}
+          >
+            <LinkChip
+              id='issuer'
+              href={samlConnection.idpEntityId}
+            />
+          </DetailRow>
+        )}
+
+        {samlConnection?.idpCertificate && (
+          <DetailRow
+            id='certificate'
+            label={localizationKeys('organizationProfile.securityPage.ssoSection.certificateLabel')}
+          >
+            <ValueChip id='certificate'>{samlConnection.idpCertificate}</ValueChip>
+          </DetailRow>
+        )}
+      </Col>
+
+      <ResetConnectionDialog
+        isOpen={isResetDialogOpen}
+        onClose={() => setIsResetDialogOpen(false)}
+        confirmationValue={organizationName}
+        title={localizationKeys('organizationProfile.securityPage.removeDialog.title')}
+        subtitle={localizationKeys('organizationProfile.securityPage.removeDialog.subtitle')}
+        confirmButtonLabel={localizationKeys('organizationProfile.securityPage.removeDialog.confirmButton')}
+        // A configured (active / inactive) connection guarantees the resource is set.
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        onDelete={() => deleteConnection(enterpriseConnection!.id)}
+        contentRef={contentRef}
+      />
+    </Col>
+  );
+};
+
+const SsoDescription = (): JSX.Element => {
+  const roleName = useEnrollmentRoleName();
+
+  return (
+    <Col
+      gap={4}
+      sx={{ minWidth: 0 }}
+    >
+      <Text
+        elementDescriptor={descriptors.organizationProfileSecuritySsoDescription}
+        colorScheme='secondary'
+        localizationKey={localizationKeys('organizationProfile.securityPage.ssoSection.descriptionLine1')}
+      />
+      <Text
+        elementDescriptor={descriptors.organizationProfileSecuritySsoDescription}
+        colorScheme='secondary'
+        localizationKey={
+          roleName
+            ? localizationKeys('organizationProfile.securityPage.ssoSection.descriptionLine2', { role: roleName })
+            : localizationKeys('organizationProfile.securityPage.ssoSection.descriptionLine2__noRole')
+        }
+      />
+    </Col>
+  );
+};
+
+/**
+ * The display name of the role SSO-enrolled members are assigned — the environment's
+ * default member role, name-mapped when the roles list is readable.
+ */
+const useEnrollmentRoleName = (): string | undefined => {
+  const { organizationSettings } = useEnvironment();
+  const { options } = useFetchRoles();
+  const { localizeCustomRole } = useLocalizeCustomRoles();
+
+  // Mirrors the invite form's default-role resolution.
+  let roleKey = organizationSettings.domains.defaultRole ?? undefined;
+  if (!roleKey && options?.length === 1) {
+    roleKey = options[0].value;
+  }
+
+  if (!roleKey) {
+    return undefined;
+  }
+
+  return (
+    localizeCustomRole(roleKey) || options?.find(option => option.value === roleKey)?.label || humanizeRoleKey(roleKey)
+  );
+};
+
+/** `org:billing_admin` → `billing admin`. */
+const humanizeRoleKey = (roleKey: string): string => {
+  const lastSegment = roleKey.split(':').pop() ?? roleKey;
+  return lastSegment.replace(/[_-]+/g, ' ').trim() || roleKey;
+};
+
+type DetailRowProps = PropsWithChildren<{
+  id: string;
+  label: LocalizationKey;
+}>;
+
+const DetailRow = ({ id, label, children }: DetailRowProps): JSX.Element => (
+  <Flex
+    elementDescriptor={descriptors.organizationProfileSecuritySsoDetailRow}
+    elementId={descriptors.organizationProfileSecuritySsoDetailRow.setId(id)}
+    align='center'
+    justify='between'
+    gap={3}
+  >
+    <Text
+      elementDescriptor={descriptors.organizationProfileSecuritySsoDetailRowLabel}
+      elementId={descriptors.organizationProfileSecuritySsoDetailRowLabel.setId(id)}
+      colorScheme='secondary'
+      localizationKey={label}
+      sx={{ flexShrink: 0, whiteSpace: 'nowrap' }}
+    />
+    <Flex
+      justify='end'
+      // Bounds the value side to the remaining row width so chips truncate instead of overflowing the card.
+      sx={{ flex: '1 1 0', minWidth: 0 }}
+    >
+      {children}
+    </Flex>
+  </Flex>
+);
+
+type ValueChipProps = {
+  id: string;
+  children: string;
+};
+
+const ValueChip = ({ id, children }: ValueChipProps): JSX.Element => (
+  <Badge
+    elementDescriptor={descriptors.organizationProfileSecuritySsoDetailRowChip}
+    elementId={descriptors.organizationProfileSecuritySsoDetailRowChip.setId(id)}
+    sx={{ maxWidth: '100%', minWidth: 0 }}
+  >
+    <Text
+      as='p'
+      variant='caption'
+      truncate
+      title={children}
+      sx={{ color: 'inherit' }}
+    >
+      {children}
+    </Text>
+  </Badge>
+);
+
+type LinkChipProps = {
+  id: string;
+  href: string;
+};
+
+const LinkChip = ({ id, href }: LinkChipProps): JSX.Element => (
+  <Badge
+    elementDescriptor={descriptors.organizationProfileSecuritySsoDetailRowChip}
+    elementId={descriptors.organizationProfileSecuritySsoDetailRowChip.setId(id)}
+    sx={{ maxWidth: '100%', minWidth: 0 }}
+  >
+    <Link
+      variant='caption'
+      elementDescriptor={descriptors.organizationProfileSecuritySsoDetailRowLink}
+      elementId={descriptors.organizationProfileSecuritySsoDetailRowLink.setId(id)}
+      href={href}
+      isExternal
+      title={href}
+      sx={{
+        color: 'inherit',
+        display: 'block',
+        overflow: 'hidden',
+        whiteSpace: 'nowrap',
+        textOverflow: 'ellipsis',
+        textDecoration: 'underline',
+        minWidth: 0,
+      }}
+    >
+      {href}
+    </Link>
+  </Badge>
+);
+
+const ProviderIcon = ({ iconId }: { iconId: string }): JSX.Element => (
+  <Span
+    elementDescriptor={descriptors.organizationProfileSecuritySsoProviderIcon}
+    aria-hidden
+    sx={theme => {
+      const baseSize = { width: theme.sizes.$4, height: theme.sizes.$4, flexShrink: 0 };
+      if (MONOCHROMATIC_PROVIDER_ICONS.has(iconId)) {
+        return {
+          ...baseSize,
+          backgroundColor: theme.colors.$colorForeground,
+          maskImage: `url(${iconImageUrl(iconId)})`,
+          maskSize: 'contain',
+          maskPosition: 'center',
+          maskRepeat: 'no-repeat',
+        };
+      }
+      return {
+        ...baseSize,
+        backgroundImage: `url(${iconImageUrl(iconId)})`,
+        backgroundSize: 'contain',
+        backgroundPosition: 'center',
+        backgroundRepeat: 'no-repeat',
+      };
+    }}
+  />
+);
diff --git a/packages/ui/src/components/OrganizationProfile/__tests__/OrganizationSecurityPage.test.tsx b/packages/ui/src/components/OrganizationProfile/__tests__/OrganizationSecurityPage.test.tsx
new file mode 100644
index 00000000000..a7700ccb9dc
--- /dev/null
+++ b/packages/ui/src/components/OrganizationProfile/__tests__/OrganizationSecurityPage.test.tsx
@@ -0,0 +1,489 @@
+import { ClerkAPIResponseError } from '@clerk/shared/error';
+import { describe, expect, it } from 'vitest';
+
+import { bindCreateFixtures } from '@/test/create-fixtures';
+import { render, screen, waitFor } from '@/test/utils';
+
+import { OrganizationSecurityPage } from '../OrganizationSecurityPage';
+
+const { createFixtures } = bindCreateFixtures('OrganizationProfile');
+
+const withSecurityPageFixtures = (f: Parameters<Parameters<typeof createFixtures>[0]>[0]) => {
+  f.withEnterpriseSso({ selfServeSSO: true });
+  f.withEmailAddress();
+  f.withOrganizations();
+  f.withOrganizationDomains(undefined, 'org:member');
+  f.withUser({
+    email_addresses: ['test@clerk.com'],
+    organization_memberships: [{ name: 'Org1', permissions: ['org:sys_entconns:manage'] }],
+  });
+};
+
+const DESCRIPTION_LINE_1 =
+  'Require members to sign in through your identity provider using their domain email. Members without a matching domain are unaffected.';
+// `org:member` renders through the humanized fallback — the fixture user cannot read the roles list.
+const DESCRIPTION_LINE_2 =
+  'Anyone who signs in will be automatically added to this organization. New members will be assigned to member.';
+
+const configuredConnection = (overrides: Record<string, unknown> = {}) =>
+  ({
+    id: 'ent_1',
+    name: 'clerk.com',
+    provider: 'saml_okta',
+    active: false,
+    organizationId: 'Org1',
+    domains: ['clerk.com'],
+    samlConnection: {
+      idpSsoUrl: 'https://idp.example.com/sso',
+      idpEntityId: 'https://idp.example.com/entity',
+      idpCertificate: 'CERT',
+    },
+    ...overrides,
+  }) as any;
+
+const renderPage = (wrapper: React.ComponentType<{ children?: React.ReactNode }>) =>
+  render(<OrganizationSecurityPage contentRef={{ current: null }} />, { wrapper });
+
+describe('OrganizationSecurityPage', () => {
+  describe('overview states', () => {
+    it('renders the unconfigured state with a Start configuration action', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([]);
+
+      renderPage(wrapper);
+
+      expect(await screen.findByRole('heading', { name: 'Security' })).toBeInTheDocument();
+      expect(screen.getByText('SSO')).toBeInTheDocument();
+      expect(screen.getByText('Unconfigured')).toBeInTheDocument();
+      expect(screen.getByText(DESCRIPTION_LINE_1)).toBeInTheDocument();
+      expect(screen.getByText(DESCRIPTION_LINE_2)).toBeInTheDocument();
+      expect(screen.getByRole('button', { name: 'Start configuration' })).toBeInTheDocument();
+
+      expect(screen.queryByRole('switch')).not.toBeInTheDocument();
+      expect(screen.queryByRole('button', { name: /open menu/i })).not.toBeInTheDocument();
+      expect(screen.queryByText(/select your identity provider/i)).not.toBeInTheDocument();
+    });
+
+    it('renders the in-progress state with a Continue configuration action', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      // A connection without SAML configuration is mid-setup.
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([
+        configuredConnection({ samlConnection: null }),
+      ]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [],
+        total_count: 0,
+      } as any);
+
+      renderPage(wrapper);
+
+      expect(await screen.findByText('In Progress')).toBeInTheDocument();
+      expect(screen.getByText(DESCRIPTION_LINE_1)).toBeInTheDocument();
+      expect(screen.getByText(DESCRIPTION_LINE_2)).toBeInTheDocument();
+      expect(screen.queryByText(/you have started a configuration/i)).not.toBeInTheDocument();
+      expect(screen.getByRole('button', { name: 'Continue configuration' })).toBeInTheDocument();
+
+      expect(screen.queryByRole('switch')).not.toBeInTheDocument();
+      expect(screen.queryByRole('button', { name: /open menu/i })).not.toBeInTheDocument();
+    });
+
+    it('renders the active state with the connection details', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([configuredConnection({ active: true })]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [{ id: 'run_1', status: 'success' }],
+        total_count: 1,
+      } as any);
+
+      renderPage(wrapper);
+
+      expect(await screen.findByText('Active')).toBeInTheDocument();
+      expect(screen.getByText(DESCRIPTION_LINE_1)).toBeInTheDocument();
+      expect(screen.getByText(DESCRIPTION_LINE_2)).toBeInTheDocument();
+
+      expect(screen.queryByRole('switch')).not.toBeInTheDocument();
+
+      expect(screen.getByText('Provider')).toBeInTheDocument();
+      expect(screen.getByText('Okta Workforce')).toBeInTheDocument();
+      expect(screen.getByText('Domain')).toBeInTheDocument();
+      expect(screen.getByText('clerk.com')).toBeInTheDocument();
+      expect(screen.getByText('Sign on URL')).toBeInTheDocument();
+      expect(screen.getByRole('link', { name: 'https://idp.example.com/sso' })).toHaveAttribute(
+        'href',
+        'https://idp.example.com/sso',
+      );
+      expect(screen.getByText('Issuer')).toBeInTheDocument();
+      expect(screen.getByRole('link', { name: 'https://idp.example.com/entity' })).toHaveAttribute(
+        'href',
+        'https://idp.example.com/entity',
+      );
+      expect(screen.getByText('Certificate')).toBeInTheDocument();
+      expect(screen.getByText('CERT')).toBeInTheDocument();
+
+      expect(screen.getByRole('button', { name: /open menu/i })).toBeInTheDocument();
+      expect(screen.queryByRole('button', { name: 'Start configuration' })).not.toBeInTheDocument();
+      expect(screen.queryByRole('button', { name: 'Continue configuration' })).not.toBeInTheDocument();
+      expect(screen.queryByText(/configuration details/i)).not.toBeInTheDocument();
+    });
+
+    it('renders the inactive state with a chip per domain', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([
+        configuredConnection({ domains: ['github.com', 'gmail.com', 'maps.com', 'another.com'] }),
+      ]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [{ id: 'run_1', status: 'success' }],
+        total_count: 1,
+      } as any);
+
+      renderPage(wrapper);
+
+      expect(await screen.findByText('Inactive')).toBeInTheDocument();
+
+      expect(screen.queryByRole('switch')).not.toBeInTheDocument();
+      expect(screen.getByRole('button', { name: /open menu/i })).toBeInTheDocument();
+
+      for (const domain of ['github.com', 'gmail.com', 'maps.com', 'another.com']) {
+        expect(screen.getByText(domain)).toBeInTheDocument();
+      }
+    });
+
+    it('renders long SAML values as truncating chips with full-value tooltips', async () => {
+      const longSsoUrl = `https://idp.example.com/sso/${'a'.repeat(280)}`;
+      const longCertificate = 'MIIC'.repeat(75);
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([
+        configuredConnection({
+          active: true,
+          samlConnection: {
+            idpSsoUrl: longSsoUrl,
+            idpEntityId: 'https://idp.example.com/entity',
+            idpCertificate: longCertificate,
+          },
+        }),
+      ]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [{ id: 'run_1', status: 'success' }],
+        total_count: 1,
+      } as any);
+
+      renderPage(wrapper);
+
+      const ssoLink = await screen.findByRole('link', { name: longSsoUrl });
+      expect(ssoLink).toHaveAttribute('href', longSsoUrl);
+      // The full value stays reachable via the tooltip once the chip truncates visually.
+      expect(ssoLink).toHaveAttribute('title', longSsoUrl);
+      expect(ssoLink).toHaveStyle({ overflow: 'hidden', textOverflow: 'ellipsis', whiteSpace: 'nowrap' });
+
+      const certificate = screen.getByText(longCertificate);
+      expect(certificate).toHaveAttribute('title', longCertificate);
+      expect(certificate).toHaveStyle({ overflow: 'hidden', textOverflow: 'ellipsis', whiteSpace: 'nowrap' });
+    });
+  });
+
+  describe('view switching', () => {
+    it('switches to the wizard when Start configuration is clicked', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([]);
+
+      const { userEvent } = renderPage(wrapper);
+
+      await userEvent.click(await screen.findByRole('button', { name: 'Start configuration' }));
+
+      expect(await screen.findByText(/select your identity provider/i)).toBeInTheDocument();
+      expect(screen.queryByRole('button', { name: 'Start configuration' })).not.toBeInTheDocument();
+    });
+
+    it('switches to the wizard when Edit is selected from the actions menu', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([configuredConnection({ active: true })]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [{ id: 'run_1', status: 'success' }],
+        total_count: 1,
+      } as any);
+
+      const { userEvent } = renderPage(wrapper);
+
+      await userEvent.click(await screen.findByRole('button', { name: /open menu/i }));
+      await userEvent.click(screen.getByRole('menuitem', { name: 'Edit' }));
+
+      // An active connection short-circuits the wizard to the confirmation step.
+      expect(await screen.findByText(/configuration details/i)).toBeInTheDocument();
+      expect(screen.queryByText(DESCRIPTION_LINE_1)).not.toBeInTheDocument();
+    });
+  });
+
+  describe('actions menu', () => {
+    it('lists Edit, Deactivate, and Remove for an active connection', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([configuredConnection({ active: true })]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [],
+        total_count: 0,
+      } as any);
+
+      const { userEvent } = renderPage(wrapper);
+
+      await userEvent.click(await screen.findByRole('button', { name: /open menu/i }));
+
+      expect(screen.getByRole('menuitem', { name: 'Edit' })).toBeInTheDocument();
+      expect(screen.getByRole('menuitem', { name: 'Deactivate' })).toBeInTheDocument();
+      expect(screen.getByRole('menuitem', { name: 'Remove' })).toBeInTheDocument();
+      expect(screen.queryByRole('menuitem', { name: 'Activate' })).not.toBeInTheDocument();
+      expect(screen.queryByRole('menuitem', { name: 'Delete' })).not.toBeInTheDocument();
+    });
+
+    it('lists Edit, Activate, and Remove for an inactive connection', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([configuredConnection()]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [{ id: 'run_1', status: 'success' }],
+        total_count: 1,
+      } as any);
+
+      const { userEvent } = renderPage(wrapper);
+
+      await userEvent.click(await screen.findByRole('button', { name: /open menu/i }));
+
+      expect(screen.getByRole('menuitem', { name: 'Edit' })).toBeInTheDocument();
+      expect(screen.getByRole('menuitem', { name: 'Activate' })).toBeInTheDocument();
+      expect(screen.getByRole('menuitem', { name: 'Remove' })).toBeInTheDocument();
+      expect(screen.queryByRole('menuitem', { name: 'Deactivate' })).not.toBeInTheDocument();
+    });
+
+    it('opens the type-to-confirm removal dialog with Remove-oriented copy from Remove', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([configuredConnection({ active: true })]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [],
+        total_count: 0,
+      } as any);
+      fixtures.clerk.organization?.deleteEnterpriseConnection.mockResolvedValue({} as any);
+
+      const { userEvent } = renderPage(wrapper);
+
+      await userEvent.click(await screen.findByRole('button', { name: /open menu/i }));
+      await userEvent.click(screen.getByRole('menuitem', { name: 'Remove' }));
+
+      // The shared dialog renders the Remove copy here, not the wizard's Reset copy.
+      expect(await screen.findByRole('heading', { name: 'Remove SSO connection' })).toBeInTheDocument();
+      expect(screen.queryByRole('heading', { name: 'Reset connection' })).not.toBeInTheDocument();
+      expect(screen.getByText(/Are you sure you want to remove the connection\?/i)).toBeInTheDocument();
+
+      // Type-to-confirm uses the organization name.
+      await userEvent.type(screen.getByLabelText(/below to continue/i), 'Org1');
+      await waitFor(() => expect(screen.getByRole('button', { name: 'Remove connection' })).toBeEnabled());
+      await userEvent.click(screen.getByRole('button', { name: 'Remove connection' }));
+
+      await waitFor(() => {
+        expect(fixtures.clerk.organization?.deleteEnterpriseConnection).toHaveBeenCalledWith('ent_1');
+      });
+    });
+
+    it('deactivates directly from the menu, settling on the revalidated connection', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      // The revalidation that follows the update returns the deactivated connection.
+      fixtures.clerk.organization?.getEnterpriseConnections
+        .mockResolvedValueOnce([configuredConnection({ active: true })])
+        .mockResolvedValue([configuredConnection()]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [{ id: 'run_1', status: 'success' }],
+        total_count: 1,
+      } as any);
+      fixtures.clerk.organization?.updateEnterpriseConnection.mockResolvedValue({ active: false } as any);
+
+      const { userEvent } = renderPage(wrapper);
+
+      expect(await screen.findByText('Active')).toBeInTheDocument();
+
+      await userEvent.click(screen.getByRole('button', { name: /open menu/i }));
+      await userEvent.click(screen.getByRole('menuitem', { name: 'Deactivate' }));
+
+      expect(fixtures.clerk.organization?.updateEnterpriseConnection).toHaveBeenCalledWith('ent_1', {
+        active: false,
+      });
+
+      // The badge follows the revalidated entity, not an optimistic flip.
+      await waitFor(() => expect(screen.getByText('Inactive')).toBeInTheDocument());
+      expect(screen.queryByText('Active')).not.toBeInTheDocument();
+    });
+
+    it('activates directly from the menu, settling on the revalidated connection', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections
+        .mockResolvedValueOnce([configuredConnection()])
+        .mockResolvedValue([configuredConnection({ active: true })]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [{ id: 'run_1', status: 'success' }],
+        total_count: 1,
+      } as any);
+      fixtures.clerk.organization?.updateEnterpriseConnection.mockResolvedValue({ active: true } as any);
+
+      const { userEvent } = renderPage(wrapper);
+
+      expect(await screen.findByText('Inactive')).toBeInTheDocument();
+
+      await userEvent.click(screen.getByRole('button', { name: /open menu/i }));
+      await userEvent.click(screen.getByRole('menuitem', { name: 'Activate' }));
+
+      expect(fixtures.clerk.organization?.updateEnterpriseConnection).toHaveBeenCalledWith('ent_1', {
+        active: true,
+      });
+
+      await waitFor(() => expect(screen.getByText('Active')).toBeInTheDocument());
+      expect(screen.queryByText('Inactive')).not.toBeInTheDocument();
+    });
+
+    it('disables the activation action while the update is in flight', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([configuredConnection({ active: true })]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [{ id: 'run_1', status: 'success' }],
+        total_count: 1,
+      } as any);
+
+      let resolveUpdate!: (value: unknown) => void;
+      fixtures.clerk.organization?.updateEnterpriseConnection.mockImplementation(
+        () => new Promise(resolve => (resolveUpdate = resolve)) as any,
+      );
+
+      const { userEvent } = renderPage(wrapper);
+
+      expect(await screen.findByText('Active')).toBeInTheDocument();
+
+      await userEvent.click(screen.getByRole('button', { name: /open menu/i }));
+      await userEvent.click(screen.getByRole('menuitem', { name: 'Deactivate' }));
+
+      // The update is still pending; the acting item is disabled when the menu is reopened.
+      await userEvent.click(screen.getByRole('button', { name: /open menu/i }));
+      await waitFor(() => expect(screen.getByRole('menuitem', { name: 'Deactivate' })).toBeDisabled());
+
+      resolveUpdate({ active: true });
+    });
+
+    it('surfaces the error and keeps the entity state when the update fails', async () => {
+      const { wrapper, fixtures } = await createFixtures(withSecurityPageFixtures);
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([configuredConnection({ active: true })]);
+      fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+        data: [],
+        total_count: 0,
+      } as any);
+      fixtures.clerk.organization?.updateEnterpriseConnection.mockRejectedValue(
+        new ClerkAPIResponseError('Error', {
+          data: [
+            {
+              code: 'connection_update_failed',
+              long_message: 'The connection could not be updated',
+              message: 'update failed',
+            },
+          ],
+          status: 400,
+        }),
+      );
+
+      const { userEvent } = renderPage(wrapper);
+
+      expect(await screen.findByText('Active')).toBeInTheDocument();
+
+      await userEvent.click(screen.getByRole('button', { name: /open menu/i }));
+      await userEvent.click(screen.getByRole('menuitem', { name: 'Deactivate' }));
+
+      expect(await screen.findByText('The connection could not be updated')).toBeInTheDocument();
+      // The badge reads from the (unchanged) entity — no optimistic flip to roll back.
+      expect(screen.getByText('Active')).toBeInTheDocument();
+      expect(screen.queryByText('Inactive')).not.toBeInTheDocument();
+    });
+  });
+
+  describe('enrollment role', () => {
+    it("renders the default role's display name when the roles list is readable", async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withEnterpriseSso({ selfServeSSO: true });
+        f.withEmailAddress();
+        f.withOrganizations();
+        f.withOrganizationDomains(undefined, 'org:member');
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          organization_memberships: [
+            { name: 'Org1', permissions: ['org:sys_entconns:manage', 'org:sys_memberships:read'] },
+          ],
+        });
+      });
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([]);
+      fixtures.clerk.organization?.getRoles.mockResolvedValue({
+        total_count: 2,
+        data: [
+          { id: 'org:admin', key: 'org:admin', name: 'Admin' },
+          { id: 'org:member', key: 'org:member', name: 'Member' },
+        ],
+      } as any);
+
+      renderPage(wrapper);
+
+      expect(
+        await screen.findByText(
+          'Anyone who signs in will be automatically added to this organization. New members will be assigned to Member.',
+        ),
+      ).toBeInTheDocument();
+    });
+
+    it('falls back to a humanized role key when the roles list is not readable', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withEnterpriseSso({ selfServeSSO: true });
+        f.withEmailAddress();
+        f.withOrganizations();
+        f.withOrganizationDomains(undefined, 'org:billing_admin');
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          organization_memberships: [{ name: 'Org1', permissions: ['org:sys_entconns:manage'] }],
+        });
+      });
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([]);
+
+      renderPage(wrapper);
+
+      expect(
+        await screen.findByText(
+          'Anyone who signs in will be automatically added to this organization. New members will be assigned to billing admin.',
+        ),
+      ).toBeInTheDocument();
+    });
+
+    it('omits the role sentence when no default role is configured', async () => {
+      const { wrapper, fixtures } = await createFixtures(f => {
+        f.withEnterpriseSso({ selfServeSSO: true });
+        f.withEmailAddress();
+        f.withOrganizations();
+        f.withUser({
+          email_addresses: ['test@clerk.com'],
+          organization_memberships: [{ name: 'Org1', permissions: ['org:sys_entconns:manage'] }],
+        });
+      });
+
+      fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([]);
+
+      renderPage(wrapper);
+
+      expect(
+        await screen.findByText('Anyone who signs in will be automatically added to this organization.'),
+      ).toBeInTheDocument();
+      expect(screen.queryByText(/new members will be assigned to/i)).not.toBeInTheDocument();
+    });
+  });
+});
diff --git a/packages/ui/src/customizables/elementDescriptors.ts b/packages/ui/src/customizables/elementDescriptors.ts
index adb4644e66e..068c83138a3 100644
--- a/packages/ui/src/customizables/elementDescriptors.ts
+++ b/packages/ui/src/customizables/elementDescriptors.ts
@@ -223,6 +223,16 @@ export const APPEARANCE_KEYS = containsAllElementsConfigKeys([
   'organizationProfileMembersSearchInputIcon',
   'organizationProfileMembersSearchInput',
 
+  'organizationProfileSecuritySsoBadge',
+  'organizationProfileSecuritySsoDescription',
+  'organizationProfileSecuritySsoConfigureButton',
+  'organizationProfileSecuritySsoDetailRows',
+  'organizationProfileSecuritySsoDetailRow',
+  'organizationProfileSecuritySsoDetailRowLabel',
+  'organizationProfileSecuritySsoDetailRowChip',
+  'organizationProfileSecuritySsoDetailRowLink',
+  'organizationProfileSecuritySsoProviderIcon',
+
   'organizationListPreviewItems',
   'organizationListPreviewItem',
   'organizationListPreviewButton',
diff --git a/packages/ui/src/elements/Section.tsx b/packages/ui/src/elements/Section.tsx
index ce6ae5a5372..157a0236ae1 100644
--- a/packages/ui/src/elements/Section.tsx
+++ b/packages/ui/src/elements/Section.tsx
@@ -1,4 +1,5 @@
 import type { ProfileSectionId } from '@clerk/shared/types';
+import type { ReactNode } from 'react';
 import { forwardRef, isValidElement, useLayoutEffect, useRef, useState } from 'react';
 
 import type { LocalizationKey } from '../customizables';
@@ -16,10 +17,11 @@ type ProfileSectionProps = Omit<PropsOfComponent<typeof Flex>, 'title'> & {
   titleId?: string;
   centered?: boolean;
   id: ProfileSectionId;
+  badge?: ReactNode;
 };
 
 const ProfileSectionRoot = (props: ProfileSectionProps) => {
-  const { title, titleId, centered = true, children, id, sx, ...rest } = props;
+  const { title, titleId, centered = true, children, id, sx, badge, ...rest } = props;
   const ref = useRef<HTMLDivElement | null>(null);
   const [height, setHeight] = useState(0);
 
@@ -93,7 +95,10 @@ const ProfileSectionRoot = (props: ProfileSectionProps) => {
           elementId={descriptors.profileSectionTitle.setId(id)}
           textElementDescriptor={descriptors.profileSectionTitleText}
           textElementId={descriptors.profileSectionTitleText.setId(id)}
-        />
+          sx={badge ? t => ({ alignItems: 'center', gap: t.space.$2 }) : undefined}
+        >
+          {badge}
+        </SectionHeader>
       </Col>
     </Flex>
   );
@@ -353,7 +358,7 @@ type SectionHeaderProps = PropsOfComponent<typeof Flex> & {
 };
 
 export const SectionHeader = (props: SectionHeaderProps) => {
-  const { textElementDescriptor, textElementId, textId, localizationKey, ...rest } = props;
+  const { textElementDescriptor, textElementId, textId, localizationKey, children, ...rest } = props;
   return (
     <Flex {...rest}>
       <Text
@@ -363,6 +368,7 @@ export const SectionHeader = (props: SectionHeaderProps) => {
         elementDescriptor={textElementDescriptor}
         elementId={textElementId}
       />
+      {children}
     </Flex>
   );
 };
diff --git a/packages/ui/src/internal/appearance.ts b/packages/ui/src/internal/appearance.ts
index 512d0dd8e5c..855919fc377 100644
--- a/packages/ui/src/internal/appearance.ts
+++ b/packages/ui/src/internal/appearance.ts
@@ -363,6 +363,16 @@ export type ElementsConfig = {
   organizationProfileMembersSearchInputIcon: WithOptions;
   organizationProfileMembersSearchInput: WithOptions;
 
+  organizationProfileSecuritySsoBadge: WithOptions<string>;
+  organizationProfileSecuritySsoDescription: WithOptions;
+  organizationProfileSecuritySsoConfigureButton: WithOptions<string>;
+  organizationProfileSecuritySsoDetailRows: WithOptions;
+  organizationProfileSecuritySsoDetailRow: WithOptions<string>;
+  organizationProfileSecuritySsoDetailRowLabel: WithOptions<string>;
+  organizationProfileSecuritySsoDetailRowChip: WithOptions<string>;
+  organizationProfileSecuritySsoDetailRowLink: WithOptions<string>;
+  organizationProfileSecuritySsoProviderIcon: WithOptions;
+
   organizationListPreviewItems: WithOptions;
   organizationListPreviewItem: WithOptions;
   organizationListPreviewButton: WithOptions;