diff --git a/.changeset/moody-carrots-make.md b/.changeset/moody-carrots-make.md
new file mode 100644
index 00000000000..a01603de3c8
--- /dev/null
+++ b/.changeset/moody-carrots-make.md
@@ -0,0 +1,7 @@
+---
+'@clerk/localizations': patch
+'@clerk/shared': patch
+'@clerk/ui': patch
+---
+
+The SSO setup flow now ends on an explicit Activate step: after configuring and testing a connection you confirm activation with an Activate SSO action (or skip and activate later) instead of a static confirmation summary.
diff --git a/packages/localizations/src/en-US.ts b/packages/localizations/src/en-US.ts
index 8d8f6e68a3f..2bcd237dcff 100644
--- a/packages/localizations/src/en-US.ts
+++ b/packages/localizations/src/en-US.ts
@@ -211,6 +211,16 @@ export const enUS: LocalizationResource = {
     yearPerUnit: 'Year per {{unitName}}',
   },
   configureSSO: {
+    activate: {
+      activateButton: 'Activate SSO',
+      activeSubtitle: 'Anyone signing in with {{domain}} must use your identity provider.',
+      activeTitle: 'SSO connection is active',
+      doneButton: 'Done',
+      skipButton: 'Skip for now',
+      subtitle:
+        'Your SSO connection is ready. Once activated, anyone signing in with {{domain}} must use your identity provider.',
+      title: 'SSO connection configured',
+    },
     configureStep: {
       attributeMappingTable: {
         badges: {
@@ -635,35 +645,6 @@ export const enUS: LocalizationResource = {
         mainHeaderTitle: 'Configure Okta Workforce',
       },
     },
-    confirmation: {
-      configurationSection: {
-        configureAgainLink: 'Configure again',
-        issuerLabel: 'Issuer',
-        ssoUrlLabel: 'Sign on URL',
-        title: 'Configuration details',
-      },
-      domainSection: {
-        title: 'Domain',
-      },
-      enableSection: {
-        title: 'Enable SSO',
-      },
-      inactiveBanner: {
-        title: 'SSO is inactive and you need to enable it to authenticate',
-      },
-      resetSection: {
-        confirmationFieldLabel: 'Type "{{name}}" to confirm',
-        submitButton: 'Reset connection',
-        title: 'Reset connection',
-        warning:
-          'This will permanently remove the SSO configuration. Members will no longer be able to sign in with SSO.',
-      },
-      statusSection: {
-        activeBadge: 'Active',
-        inactiveBadge: 'Inactive',
-        title: 'SSO Successfully configured',
-      },
-    },
     missingManageEnterpriseConnectionsPermission: {
       subtitle: "Contact your organization's administrator to upgrade your permissions.",
       title: 'You do not have permission to manage Single Sign-on (SSO)',
diff --git a/packages/shared/src/types/localization.ts b/packages/shared/src/types/localization.ts
index ca7e8e8a3d5..cef53127261 100644
--- a/packages/shared/src/types/localization.ts
+++ b/packages/shared/src/types/localization.ts
@@ -1830,33 +1830,14 @@ export type __internal_LocalizationResource = {
         };
       };
     };
-    confirmation: {
-      statusSection: {
-        title: LocalizationValue;
-        activeBadge: LocalizationValue;
-        inactiveBadge: LocalizationValue;
-      };
-      enableSection: {
-        title: LocalizationValue;
-      };
-      domainSection: {
-        title: LocalizationValue;
-      };
-      configurationSection: {
-        title: LocalizationValue;
-        ssoUrlLabel: LocalizationValue;
-        issuerLabel: LocalizationValue;
-        configureAgainLink: LocalizationValue;
-      };
-      resetSection: {
-        title: LocalizationValue;
-        warning: LocalizationValue;
-        confirmationFieldLabel: LocalizationValue<'name'>;
-        submitButton: LocalizationValue;
-      };
-      inactiveBanner: {
-        title: LocalizationValue;
-      };
+    activate: {
+      title: LocalizationValue;
+      subtitle: LocalizationValue<'domain'>;
+      activateButton: LocalizationValue;
+      skipButton: LocalizationValue;
+      activeTitle: LocalizationValue;
+      activeSubtitle: LocalizationValue<'domain'>;
+      doneButton: LocalizationValue;
     };
   };
   apiKeys: {
diff --git a/packages/ui/src/components/ConfigureSSO/ConfigureSSOWizard.tsx b/packages/ui/src/components/ConfigureSSO/ConfigureSSOWizard.tsx
index 837af856821..f4a4d1aeba3 100644
--- a/packages/ui/src/components/ConfigureSSO/ConfigureSSOWizard.tsx
+++ b/packages/ui/src/components/ConfigureSSO/ConfigureSSOWizard.tsx
@@ -7,8 +7,8 @@ import { ConfigureSSOHeader } from './ConfigureSSOHeader';
 import { areAllOrganizationDomainsVerified } from './domain/organizationEnterpriseConnection';
 import { Wizard, type WizardStepConfig } from './elements/Wizard';
 import {
+  ActivateStep,
   ConfigureStep,
-  ConfirmationStep,
   OrganizationDomainsStep,
   SelectProviderStep,
   TestConfigurationStep,
@@ -26,11 +26,11 @@ export const ConfigureSSOWizard = ({ title, forceInitialStep, ...props }: Config
 
   const steps = React.useMemo<WizardStepConfig[]>(
     () => [
-      { id: 'verify-domain', label: 'Verify domain' },
+      { id: 'verify-domain', label: 'Domains' },
       { id: 'select-provider', guard: () => allDomainsVerified },
-      { id: 'configure', label: 'Configure', guard: () => c.hasConnection },
+      { id: 'configure', label: 'Connection', guard: () => c.hasConnection },
       { id: 'test', label: 'Test', guard: () => c.hasMinimumConfiguration || c.isActive },
-      { id: 'confirmation', label: 'Confirmation', guard: () => c.hasSuccessfulTestRun || c.isActive },
+      { id: 'activate', label: 'Activate', guard: () => c.hasSuccessfulTestRun || c.isActive },
     ],
     [c, allDomainsVerified],
   );
@@ -69,9 +69,9 @@ export const ConfigureSSOWizard = ({ title, forceInitialStep, ...props }: Config
           </CardStateProvider>
         </Wizard.Match>
 
-        <Wizard.Match id='confirmation'>
+        <Wizard.Match id='activate'>
           <CardStateProvider>
-            <ConfirmationStep />
+            <ActivateStep />
           </CardStateProvider>
         </Wizard.Match>
       </Wizard>
diff --git a/packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.navigation.test.tsx b/packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.navigation.test.tsx
index 5c97120aaf5..6551e5f195f 100644
--- a/packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.navigation.test.tsx
+++ b/packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.navigation.test.tsx
@@ -225,4 +225,30 @@ describe('ConfigureSSO wizard navigation (integration)', () => {
       expect(queryByText(/at least one successful test run/i)).not.toBeInTheDocument();
     });
   });
+
+  // The labelled steps surface in the stepper under their renamed labels, and an
+  // active connection short-circuits to the (reachable) activate step.
+  it('renders the renamed stepper labels and reaches the activate step', async () => {
+    const { wrapper, fixtures } = await createFixtures(withAdminOrgUser);
+
+    fixtures.clerk.organization?.getEnterpriseConnections.mockResolvedValue([
+      { ...configuredConnection, id: 'ent_active', active: true } as any,
+    ]);
+    fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
+      data: [],
+      total_count: 0,
+    } as any);
+    mockVerifiedDomains(fixtures);
+
+    const { findByText, getByText } = render(<ConfigureSSO />, { wrapper });
+
+    // The activate step body renders (active connection short-circuits to the already-active variant).
+    await findByText(/sso connection is active/i);
+
+    // The stepper carries the renamed labels (select-provider stays unlabelled).
+    expect(getByText('Domains')).toBeInTheDocument();
+    expect(getByText('Connection')).toBeInTheDocument();
+    expect(getByText('Test')).toBeInTheDocument();
+    expect(getByText('Activate')).toBeInTheDocument();
+  });
 });
diff --git a/packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx b/packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx
index 454f4a15de9..b5309a864c5 100644
--- a/packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx
+++ b/packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx
@@ -158,7 +158,7 @@ describe('ConfigureSSO', () => {
       expect(queryByText(/select your identity provider/i)).not.toBeInTheDocument();
     });
 
-    it('short-circuits to the confirmation step for an active connection', async () => {
+    it('short-circuits to the activate step for an active connection', async () => {
       const { wrapper, fixtures } = await createFixtures(f => {
         f.withEnterpriseSso({ selfServeSSO: true });
         f.withEmailAddress();
@@ -177,7 +177,7 @@ describe('ConfigureSSO', () => {
           active: true,
           // Owned by the active organization (matches the membership above), so
           // the domain is not "taken by another org" and the machine can
-          // short-circuit to confirmation.
+          // short-circuit to activate.
           organizationId: 'Org1',
           domains: ['clerk.com'],
           samlConnection: {
@@ -195,8 +195,8 @@ describe('ConfigureSSO', () => {
 
       const { findByText, queryByText } = render(<ConfigureSSO />, { wrapper });
 
-      // An active connection lands on confirmation even if never tested.
-      await findByText(/configuration/i);
+      // An active connection lands on the activate-step's already-active variant.
+      await findByText(/sso connection is active/i);
       expect(queryByText(/select your identity provider/i)).not.toBeInTheDocument();
     });
 
@@ -229,7 +229,7 @@ describe('ConfigureSSO', () => {
         } as any,
       ]);
       mockOrganizationDomains(fixtures, [verifiedDomain]);
-      // No successful run yet, so the confirmation guard fails and the
+      // No successful run yet, so the activate guard fails and the
       // furthest-reachable step is `test`.
       fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
         data: [],
@@ -239,12 +239,12 @@ describe('ConfigureSSO', () => {
       const { findByText, queryByText } = render(<ConfigureSSO />, { wrapper });
 
       // Configured + inactive + no successful run ⇒ lands on the test step, not
-      // confirmation.
+      // activate.
       await findByText(/test your sso connection/i);
-      expect(queryByText(/configuration details/i)).not.toBeInTheDocument();
+      expect(queryByText(/sso connection configured/i)).not.toBeInTheDocument();
     });
 
-    it('mounts on confirmation for a configured-but-inactive connection that has a successful test run', async () => {
+    it('mounts on activate for a configured-but-inactive connection that has a successful test run', async () => {
       const { wrapper, fixtures } = await createFixtures(f => {
         f.withEnterpriseSso({ selfServeSSO: true });
         f.withEmailAddress();
@@ -272,10 +272,10 @@ describe('ConfigureSSO', () => {
         } as any,
       ]);
       mockOrganizationDomains(fixtures, [verifiedDomain]);
-      // A successful run satisfies the confirmation guard (`hasSuccessfulTestRun`)
+      // A successful run satisfies the activate guard (`hasSuccessfulTestRun`)
       // even though the connection is still inactive — the success-filtered probe
       // returns a row, so the furthest-reachable step clears `test` and lands on
-      // confirmation. Distinct from the active short-circuit above (here
+      // activate. Distinct from the active short-circuit above (here
       // `active: false`, so it is the test run — not activation — that carries the
       // wizard past the test step).
       fixtures.clerk.organization?.getEnterpriseConnectionTestRuns.mockResolvedValue({
@@ -285,9 +285,8 @@ describe('ConfigureSSO', () => {
 
       const { findByText, queryByText } = render(<ConfigureSSO />, { wrapper });
 
-      // Lands on confirmation (the inactive badge + configuration details render),
-      // not the test step.
-      await findByText(/configuration details/i);
+      // Lands on the activate step (not-active variant: "SSO connection configured" renders).
+      await findByText(/sso connection configured/i);
       expect(queryByText(/test your sso connection/i)).not.toBeInTheDocument();
     });
   });
diff --git a/packages/ui/src/components/ConfigureSSO/elements/Step.tsx b/packages/ui/src/components/ConfigureSSO/elements/Step.tsx
index e1b5ef32aa5..a26ac3c5b23 100644
--- a/packages/ui/src/components/ConfigureSSO/elements/Step.tsx
+++ b/packages/ui/src/components/ConfigureSSO/elements/Step.tsx
@@ -222,7 +222,7 @@ const FooterReset = (): JSX.Element | null => {
         size='sm'
         colorScheme='danger'
         onClick={() => setIsOpen(true)}
-        localizationKey={localizationKeys('configureSSO.confirmation.resetSection.title')}
+        localizationKey={localizationKeys('configureSSO.resetConnectionDialog.resetButton')}
         sx={{ marginInlineEnd: 'auto' }}
       />
       <ResetConnectionDialog
diff --git a/packages/ui/src/components/ConfigureSSO/steps/ActivateStep.tsx b/packages/ui/src/components/ConfigureSSO/steps/ActivateStep.tsx
new file mode 100644
index 00000000000..5be4c8606d9
--- /dev/null
+++ b/packages/ui/src/components/ConfigureSSO/steps/ActivateStep.tsx
@@ -0,0 +1,144 @@
+import { Button, Col, descriptors, Flex, Flow, Heading, Icon, localizationKeys, Text } from '@/customizables';
+import { useCardState } from '@/elements/contexts';
+import { ChevronRight, DuotoneShieldCheck } from '@/icons';
+import { Alert } from '@/ui/elements/Alert';
+import { handleError } from '@/utils/errorHandler';
+
+import { useConfigureSSO } from '../ConfigureSSOContext';
+import { Step } from '../elements/Step';
+
+export const ActivateStep = (): JSX.Element => {
+  const {
+    enterpriseConnection,
+    organizationEnterpriseConnection,
+    enterpriseConnectionMutations: { setConnectionActive },
+    onExit,
+  } = useConfigureSSO();
+  const card = useCardState();
+
+  // The activate step is only reachable with a configured connection, so the
+  // domains are set; join multiples for the subtitle copy.
+  const domain = (enterpriseConnection?.domains ?? []).join(', ');
+  const isActive = organizationEnterpriseConnection.isActive;
+
+  const handleActivate = async (): Promise<void> => {
+    if (!enterpriseConnection || card.isLoading) {
+      return;
+    }
+
+    card.setError(undefined);
+    card.setLoading();
+
+    try {
+      await setConnectionActive(enterpriseConnection.id, true);
+      onExit?.();
+    } catch (err) {
+      handleError(err as Error, [], card.setError);
+    } finally {
+      card.setIdle();
+    }
+  };
+
+  return (
+    <Flow.Part part='ssoActivate'>
+      <Step
+        elementDescriptor={descriptors.configureSSOStep}
+        elementId={descriptors.configureSSOStep.setId('activate')}
+      >
+        <Step.Body>
+          <Step.Section
+            elementDescriptor={descriptors.configureSSOActivate}
+            fill
+            gap={5}
+            sx={{ alignItems: 'center', justifyContent: 'center' }}
+          >
+            <Col
+              align='center'
+              sx={t => ({ textAlign: 'center', maxWidth: '20.75rem', gap: t.space.$3x5 })}
+            >
+              <Icon
+                elementDescriptor={descriptors.configureSSOActivateIcon}
+                icon={DuotoneShieldCheck}
+                colorScheme='neutral'
+                sx={t => ({ width: t.sizes.$8, height: t.sizes.$8 })}
+              />
+
+              <Col
+                align='center'
+                gap={2}
+              >
+                <Heading
+                  elementDescriptor={descriptors.configureSSOActivateTitle}
+                  textVariant='h2'
+                  localizationKey={localizationKeys(
+                    isActive ? 'configureSSO.activate.activeTitle' : 'configureSSO.activate.title',
+                  )}
+                />
+                <Text
+                  elementDescriptor={descriptors.configureSSOActivateSubtitle}
+                  as='p'
+                  colorScheme='secondary'
+                  localizationKey={localizationKeys(
+                    isActive ? 'configureSSO.activate.activeSubtitle' : 'configureSSO.activate.subtitle',
+                    { domain },
+                  )}
+                />
+              </Col>
+
+              {card.error && (
+                <Alert
+                  variant='danger'
+                  sx={{ width: '100%' }}
+                  title={card.error}
+                />
+              )}
+            </Col>
+
+            {isActive ? (
+              <Button
+                elementDescriptor={descriptors.configureSSOActivateButton}
+                variant='bordered'
+                colorScheme='secondary'
+                size='sm'
+                onClick={() => onExit?.()}
+                localizationKey={localizationKeys('configureSSO.activate.doneButton')}
+              />
+            ) : (
+              <Flex
+                align='center'
+                gap={4}
+              >
+                <Button
+                  elementDescriptor={descriptors.configureSSOActivateButton}
+                  variant='solid'
+                  size='sm'
+                  isLoading={card.isLoading}
+                  onClick={() => void handleActivate()}
+                  localizationKey={localizationKeys('configureSSO.activate.activateButton')}
+                />
+
+                <Button
+                  elementDescriptor={descriptors.configureSSOActivateSkipButton}
+                  variant='outline'
+                  size='sm'
+                  isDisabled={card.isLoading}
+                  onClick={() => onExit?.()}
+                >
+                  <Text
+                    as='span'
+                    localizationKey={localizationKeys('configureSSO.activate.skipButton')}
+                  />
+                  <Icon
+                    icon={ChevronRight}
+                    size='sm'
+                    sx={t => ({ marginInlineStart: t.space.$1 })}
+                  />
+                </Button>
+              </Flex>
+            )}
+          </Step.Section>
+        </Step.Body>
+      </Step>
+    </Flow.Part>
+  );
+};
diff --git a/packages/ui/src/components/ConfigureSSO/steps/ConfirmationStep.tsx b/packages/ui/src/components/ConfigureSSO/steps/ConfirmationStep.tsx
deleted file mode 100644
index b0518e00c3d..00000000000
--- a/packages/ui/src/components/ConfigureSSO/steps/ConfirmationStep.tsx
+++ /dev/null
@@ -1,268 +0,0 @@
-import { useOrganization } from '@clerk/shared/react';
-import { useState } from 'react';
-
-import { AlertIcon, Badge, Button, Col, descriptors, Flex, Flow, Link, localizationKeys, Text } from '@/customizables';
-import { useCardState } from '@/elements/contexts';
-import { ProfileSection } from '@/elements/Section';
-import { Switch } from '@/elements/Switch';
-import { handleError } from '@/utils/errorHandler';
-
-import { useConfigureSSO } from '../ConfigureSSOContext';
-import { Step } from '../elements/Step';
-import { useWizard } from '../elements/Wizard';
-import { ResetConnectionDialog } from '../ResetConnectionDialog';
-
-export const ConfirmationStep = (): JSX.Element => {
-  const { enterpriseConnection } = useConfigureSSO();
-  const isActive = !!enterpriseConnection?.active;
-
-  return (
-    <Flow.Part part='ssoConfirmation'>
-      <Step
-        elementDescriptor={descriptors.configureSSOStep}
-        elementId={descriptors.configureSSOStep.setId('confirmation')}
-      >
-        <Step.Header
-          title={localizationKeys('configureSSO.confirmation.statusSection.title')}
-          badge={
-            <Badge
-              elementDescriptor={descriptors.configureSSOConfirmationStatusBadge}
-              elementId={descriptors.configureSSOConfirmationStatusBadge.setId(isActive ? 'active' : 'inactive')}
-              colorScheme={isActive ? 'success' : 'danger'}
-              localizationKey={
-                isActive
-                  ? localizationKeys('configureSSO.confirmation.statusSection.activeBadge')
-                  : localizationKeys('configureSSO.confirmation.statusSection.inactiveBadge')
-              }
-            />
-          }
-        />
-
-        <Step.Body>
-          <Step.Section>
-            <EnableSsoSection />
-            <DomainSection />
-            <ConfigurationDetailsSection />
-            <ResetConnectionSection />
-          </Step.Section>
-        </Step.Body>
-
-        <Step.Footer>
-          <Step.Footer.Reset />
-          {!isActive && (
-            <Flex
-              elementDescriptor={descriptors.configureSSOConfirmationInactiveBanner}
-              sx={{ flex: 1 }}
-              align='center'
-            >
-              <AlertIcon
-                variant='info'
-                colorScheme='info'
-                sx={t => ({ marginInlineEnd: t.space.$2 })}
-              />
-
-              <Text
-                colorScheme='secondary'
-                localizationKey={localizationKeys('configureSSO.confirmation.inactiveBanner.title')}
-              />
-            </Flex>
-          )}
-        </Step.Footer>
-      </Step>
-    </Flow.Part>
-  );
-};
-
-const EnableSsoSection = (): JSX.Element => {
-  const {
-    enterpriseConnection,
-    enterpriseConnectionMutations: { setConnectionActive },
-  } = useConfigureSSO();
-  const card = useCardState();
-
-  const [isChecked, setIsChecked] = useState(!!enterpriseConnection?.active);
-
-  const onActiveChange = async (active: boolean) => {
-    if (card.isLoading) {
-      return;
-    }
-
-    card.setError(undefined);
-    card.setLoading();
-    setIsChecked(active);
-
-    try {
-      // Enterprise connection is guaranteed to be set at this point
-      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-      const updated = await setConnectionActive(enterpriseConnection!.id, active);
-      if (updated) {
-        setIsChecked(updated.active);
-      }
-    } catch (err) {
-      setIsChecked(!active);
-      handleError(err as Error, [], card.setError);
-    } finally {
-      card.setIdle();
-    }
-  };
-
-  return (
-    <ProfileSection.Root
-      id='enableSso'
-      title={localizationKeys('configureSSO.confirmation.enableSection.title')}
-      sx={{ borderTopWidth: 0, paddingTop: 0 }}
-    >
-      <Switch
-        isChecked={isChecked}
-        isDisabled={card.isLoading}
-        onChange={active => void onActiveChange(active)}
-        aria-label='Enable SSO'
-      />
-    </ProfileSection.Root>
-  );
-};
-
-const DomainSection = (): JSX.Element | null => {
-  const { enterpriseConnection } = useConfigureSSO();
-  const domain = enterpriseConnection?.domains?.[0];
-
-  // A type guard only, domains are guaranteed to be set at this point
-  if (!domain) {
-    return null;
-  }
-
-  return (
-    <ProfileSection.Root
-      id='ssoDomain'
-      title={localizationKeys('configureSSO.confirmation.domainSection.title')}
-      sx={{ borderTopWidth: 0, paddingTop: 0 }}
-    >
-      <Link
-        elementDescriptor={descriptors.configureSSOConfirmationDomainLink}
-        href={`https://${domain}`}
-        isExternal
-        title={domain}
-        sx={{
-          display: 'block',
-          overflow: 'hidden',
-          whiteSpace: 'nowrap',
-          textOverflow: 'ellipsis',
-          textDecoration: 'underline',
-          minWidth: 0,
-        }}
-      >
-        {domain}
-      </Link>
-    </ProfileSection.Root>
-  );
-};
-
-const ConfigurationDetailsSection = (): JSX.Element => {
-  const { enterpriseConnection } = useConfigureSSO();
-  const { goToStep } = useWizard();
-
-  // This will later be expanded to support OIDC connections as well
-  const samlConnection = enterpriseConnection?.samlConnection;
-
-  return (
-    <ProfileSection.Root
-      id='ssoConfiguration'
-      title={localizationKeys('configureSSO.confirmation.configurationSection.title')}
-      centered={false}
-    >
-      <Col gap={4}>
-        <ProfileSection.ItemList
-          id='ssoConfiguration'
-          sx={t => ({ gap: t.sizes.$2 })}
-        >
-          <ProfileSection.Item
-            id='ssoConfiguration'
-            sx={t => ({ gap: t.space.$3, paddingInlineStart: 0 })}
-          >
-            <Text
-              elementDescriptor={descriptors.configureSSOConfirmationConfigDetailsLabel}
-              colorScheme='secondary'
-              localizationKey={localizationKeys('configureSSO.confirmation.configurationSection.ssoUrlLabel')}
-              sx={t => ({ width: t.space.$36, flexShrink: 0, whiteSpace: 'nowrap' })}
-            />
-
-            <Link
-              elementDescriptor={descriptors.configureSSOConfirmationConfigDetailsLink}
-              href={samlConnection?.idpSsoUrl ?? ''}
-              isExternal
-              title={samlConnection?.idpSsoUrl}
-              sx={{ display: 'block', overflow: 'hidden', whiteSpace: 'nowrap', textOverflow: 'ellipsis', minWidth: 0 }}
-            >
-              {samlConnection?.idpSsoUrl}
-            </Link>
-          </ProfileSection.Item>
-
-          <ProfileSection.Item
-            id='ssoConfiguration'
-            sx={t => ({ gap: t.space.$3, paddingInlineStart: 0 })}
-          >
-            <Text
-              elementDescriptor={descriptors.configureSSOConfirmationConfigDetailsLabel}
-              colorScheme='secondary'
-              localizationKey={localizationKeys('configureSSO.confirmation.configurationSection.issuerLabel')}
-              sx={t => ({ width: t.space.$36, flexShrink: 0, whiteSpace: 'nowrap' })}
-            />
-            <Text
-              elementDescriptor={descriptors.configureSSOConfirmationConfigDetailsValue}
-              truncate
-              title={samlConnection?.idpEntityId}
-              sx={{ minWidth: 0 }}
-            >
-              {samlConnection?.idpEntityId}
-            </Text>
-          </ProfileSection.Item>
-        </ProfileSection.ItemList>
-
-        <Flex justify='start'>
-          <Button
-            elementDescriptor={descriptors.configureSSOConfirmationReconfigureButton}
-            id='configureAgain'
-            onClick={() => goToStep('configure')}
-            variant='outline'
-            size='sm'
-            localizationKey={localizationKeys('configureSSO.confirmation.configurationSection.configureAgainLink')}
-          />
-        </Flex>
-      </Col>
-    </ProfileSection.Root>
-  );
-};
-
-const ResetConnectionSection = (): JSX.Element => {
-  const { enterpriseConnection, enterpriseConnectionMutations, contentRef } = useConfigureSSO();
-  const { organization } = useOrganization();
-  const [isOpen, setIsOpen] = useState(false);
-
-  return (
-    <ProfileSection.Root
-      title={localizationKeys('configureSSO.confirmation.resetSection.title')}
-      id='resetSso'
-    >
-      <Flex justify='start'>
-        <Button
-          elementDescriptor={descriptors.configureSSOConfirmationResetButton}
-          variant='solid'
-          colorScheme='danger'
-          size='sm'
-          onClick={() => setIsOpen(true)}
-          localizationKey={localizationKeys('configureSSO.confirmation.resetSection.title')}
-        />
-      </Flex>
-
-      <ResetConnectionDialog
-        isOpen={isOpen}
-        onClose={() => setIsOpen(false)}
-        confirmationValue={organization?.name ?? ''}
-        // The confirmation step is only reachable with a connection, so the resource is set.
-        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-        onDelete={() => enterpriseConnectionMutations.deleteConnection(enterpriseConnection!.id)}
-        contentRef={contentRef}
-      />
-    </ProfileSection.Root>
-  );
-};
diff --git a/packages/ui/src/components/ConfigureSSO/steps/__tests__/ActivateStep.test.tsx b/packages/ui/src/components/ConfigureSSO/steps/__tests__/ActivateStep.test.tsx
new file mode 100644
index 00000000000..78fda5f8c7e
--- /dev/null
+++ b/packages/ui/src/components/ConfigureSSO/steps/__tests__/ActivateStep.test.tsx
@@ -0,0 +1,153 @@
+import { ClerkRuntimeError } from '@clerk/shared/error';
+import type { ReactElement } from 'react';
+import { describe, expect, it, vi } from 'vitest';
+
+import { bindCreateFixtures } from '@/test/create-fixtures';
+import { render, screen, waitFor } from '@/test/utils';
+import { CardStateProvider } from '@/ui/elements/contexts';
+
+const setConnectionActive = vi.fn();
+const onExit = vi.fn();
+
+// The step reads the connection (id + domains), the organizationEnterpriseConnection
+// domain object (isActive), the activate mutation, and the host `onExit` from
+// context. Fields are mutated per-test.
+const contextState = vi.hoisted(() => ({
+  domains: ['clerk.com'] as string[],
+  isActive: false,
+}));
+
+vi.mock('../../ConfigureSSOContext', () => ({
+  useConfigureSSO: () => ({
+    enterpriseConnection: { id: 'ent_1', domains: contextState.domains },
+    organizationEnterpriseConnection: { isActive: contextState.isActive },
+    enterpriseConnectionMutations: { setConnectionActive },
+    onExit,
+  }),
+}));
+
+import { ActivateStep } from '../ActivateStep';
+
+const { createFixtures } = bindCreateFixtures('ConfigureSSO');
+
+const renderStep = (
+  wrapper: React.ComponentType<{ children?: React.ReactNode }>,
+  ui: ReactElement = <ActivateStep />,
+) => {
+  return render(<CardStateProvider>{ui}</CardStateProvider>, { wrapper });
+};
+
+const resetMocks = () => {
+  setConnectionActive.mockReset();
+  setConnectionActive.mockResolvedValue(undefined);
+  onExit.mockReset();
+  contextState.domains = ['clerk.com'];
+  contextState.isActive = false;
+};
+
+describe('ActivateStep', () => {
+  it('renders the shield icon, heading, subtext, and both buttons', async () => {
+    resetMocks();
+    const { wrapper } = await createFixtures();
+    const { container } = renderStep(wrapper);
+
+    expect(screen.getByRole('heading', { name: 'SSO connection configured' })).toBeInTheDocument();
+    expect(screen.getByRole('button', { name: 'Activate SSO' })).toBeInTheDocument();
+    expect(screen.getByRole('button', { name: /skip for now/i })).toBeInTheDocument();
+    // The shield-check icon renders (asserted via its element descriptor — the
+    // SVG itself is stubbed to a <span> in the test transform).
+    expect(container.querySelector('.cl-configureSSOActivateIcon')).toBeInTheDocument();
+  });
+
+  it('interpolates a single domain into the subtitle copy', async () => {
+    resetMocks();
+    const { wrapper } = await createFixtures();
+    renderStep(wrapper);
+
+    expect(screen.getByText(/anyone signing in with clerk\.com must use your identity provider/i)).toBeInTheDocument();
+  });
+
+  it('joins multiple domains in the subtitle copy', async () => {
+    resetMocks();
+    contextState.domains = ['clerk.com', 'clerk.dev'];
+    const { wrapper } = await createFixtures();
+    renderStep(wrapper);
+
+    expect(
+      screen.getByText(/anyone signing in with clerk\.com, clerk\.dev must use your identity provider/i),
+    ).toBeInTheDocument();
+  });
+
+  it('activates the connection then exits when "Activate SSO" is clicked', async () => {
+    resetMocks();
+    setConnectionActive.mockResolvedValue({ id: 'ent_1', active: true } as any);
+    const { wrapper } = await createFixtures();
+    const { userEvent } = renderStep(wrapper);
+
+    await userEvent.click(screen.getByRole('button', { name: 'Activate SSO' }));
+
+    await waitFor(() => expect(setConnectionActive).toHaveBeenCalledWith('ent_1', true));
+    await waitFor(() => expect(onExit).toHaveBeenCalledTimes(1));
+  });
+
+  it('surfaces the error and does not exit when activation fails', async () => {
+    resetMocks();
+    setConnectionActive.mockRejectedValue(new ClerkRuntimeError('Activation failed', { code: 'activation_failed' }));
+    const { wrapper } = await createFixtures();
+    const { userEvent } = renderStep(wrapper);
+
+    await userEvent.click(screen.getByRole('button', { name: 'Activate SSO' }));
+
+    await waitFor(() => expect(setConnectionActive).toHaveBeenCalledWith('ent_1', true));
+    await screen.findByText(/activation failed/i);
+    expect(onExit).not.toHaveBeenCalled();
+  });
+
+  it('exits without mutating when "Skip for now" is clicked', async () => {
+    resetMocks();
+    const { wrapper } = await createFixtures();
+    const { userEvent } = renderStep(wrapper);
+
+    await userEvent.click(screen.getByRole('button', { name: /skip for now/i }));
+
+    expect(onExit).toHaveBeenCalledTimes(1);
+    expect(setConnectionActive).not.toHaveBeenCalled();
+  });
+
+  describe('already-active variant', () => {
+    it('renders the active heading and domain-interpolated subtitle', async () => {
+      resetMocks();
+      contextState.isActive = true;
+      const { wrapper } = await createFixtures();
+      renderStep(wrapper);
+
+      expect(screen.getByRole('heading', { name: 'SSO connection is active' })).toBeInTheDocument();
+      expect(
+        screen.getByText(/anyone signing in with clerk\.com must use your identity provider/i),
+      ).toBeInTheDocument();
+    });
+
+    it('shows only the Done button — no Activate SSO, no Skip for now', async () => {
+      resetMocks();
+      contextState.isActive = true;
+      const { wrapper } = await createFixtures();
+      renderStep(wrapper);
+
+      expect(screen.getByRole('button', { name: 'Done' })).toBeInTheDocument();
+      expect(screen.queryByRole('button', { name: 'Activate SSO' })).not.toBeInTheDocument();
+      expect(screen.queryByRole('button', { name: /skip for now/i })).not.toBeInTheDocument();
+    });
+
+    it('calls onExit when Done is clicked', async () => {
+      resetMocks();
+      contextState.isActive = true;
+      const { wrapper } = await createFixtures();
+      const { userEvent } = renderStep(wrapper);
+
+      await userEvent.click(screen.getByRole('button', { name: 'Done' }));
+
+      expect(onExit).toHaveBeenCalledTimes(1);
+      expect(setConnectionActive).not.toHaveBeenCalled();
+    });
+  });
+});
diff --git a/packages/ui/src/components/ConfigureSSO/steps/index.ts b/packages/ui/src/components/ConfigureSSO/steps/index.ts
index 49cae50a535..e8e79f07900 100644
--- a/packages/ui/src/components/ConfigureSSO/steps/index.ts
+++ b/packages/ui/src/components/ConfigureSSO/steps/index.ts
@@ -1,5 +1,5 @@
+export { ActivateStep } from './ActivateStep';
 export { ConfigureStep } from './ConfigureStep';
-export { ConfirmationStep } from './ConfirmationStep';
 export { OrganizationDomainsStep } from './OrganizationDomainsStep';
 export { SelectProviderStep } from './SelectProviderStep';
 export { TestConfigurationStep } from './TestConfigurationStep';
diff --git a/packages/ui/src/components/ConfigureSSO/types.ts b/packages/ui/src/components/ConfigureSSO/types.ts
index eff70d760a5..bbc9d8ed4f5 100644
--- a/packages/ui/src/components/ConfigureSSO/types.ts
+++ b/packages/ui/src/components/ConfigureSSO/types.ts
@@ -1,3 +1,3 @@
 export type ProviderType = 'saml_okta' | 'saml_custom' | 'saml_google' | 'saml_microsoft';
 
-export type WizardStepId = 'select-provider' | 'verify-domain' | 'configure' | 'test' | 'confirmation';
+export type WizardStepId = 'select-provider' | 'verify-domain' | 'configure' | 'test' | 'activate';
diff --git a/packages/ui/src/customizables/elementDescriptors.ts b/packages/ui/src/customizables/elementDescriptors.ts
index 556e0443633..54c9a0b264d 100644
--- a/packages/ui/src/customizables/elementDescriptors.ts
+++ b/packages/ui/src/customizables/elementDescriptors.ts
@@ -617,14 +617,12 @@ export const APPEARANCE_KEYS = containsAllElementsConfigKeys([
   'configureSSOTestRunParsedUserInfo',
   'configureSSOTestError',
 
-  'configureSSOConfirmationStatusBadge',
-  'configureSSOConfirmationDomainLink',
-  'configureSSOConfirmationConfigDetailsLabel',
-  'configureSSOConfirmationConfigDetailsValue',
-  'configureSSOConfirmationConfigDetailsLink',
-  'configureSSOConfirmationInactiveBanner',
-  'configureSSOConfirmationReconfigureButton',
-  'configureSSOConfirmationResetButton',
+  'configureSSOActivate',
+  'configureSSOActivateIcon',
+  'configureSSOActivateTitle',
+  'configureSSOActivateSubtitle',
+  'configureSSOActivateButton',
+  'configureSSOActivateSkipButton',
 
   'configureSSOResetConnectionDialog',
   'configureSSOResetConnectionDialogCancelButton',
diff --git a/packages/ui/src/elements/contexts/index.tsx b/packages/ui/src/elements/contexts/index.tsx
index 3097de03351..59949799f38 100644
--- a/packages/ui/src/elements/contexts/index.tsx
+++ b/packages/ui/src/elements/contexts/index.tsx
@@ -140,7 +140,7 @@ export type FlowMetadata = {
     | 'configureCreateApp'
     | 'configureMapAttributes'
     | 'testSso'
-    | 'ssoConfirmation';
+    | 'ssoActivate';
 };
 
 const [FlowMetadataCtx, useFlowMetadata] = createContextAndHook<FlowMetadata>('FlowMetadata');
diff --git a/packages/ui/src/icons/duotone-shield-check.svg b/packages/ui/src/icons/duotone-shield-check.svg
new file mode 100644
index 00000000000..eb00296343c
--- /dev/null
+++ b/packages/ui/src/icons/duotone-shield-check.svg
@@ -0,0 +1,5 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path transform="translate(4.4 4.4)" d="M23.2 6.8C23.2 6.8 18 4.26667 11.6 0C5.2 4.26667 0 6.8 0 6.8C0 18 9.46667 23.2 11.6 23.2C13.7333 23.2 23.2 18 23.2 6.8Z" fill="currentColor" fill-opacity="0.2"/>
+<path fill-rule="evenodd" clip-rule="evenodd" transform="translate(3.23 3.21)" d="M12.4837 0.0484076C12.3701 0.0740076 11.7493 0.438808 11.0965 0.862808C7.67254 3.08201 3.93654 5.26121 0.947736 6.78281C0.0069355 7.26121 -0.0538644 7.41001 0.0245356 8.97641C0.237336 13.1396 1.56694 16.6596 4.16054 19.9204C4.71574 20.618 6.30614 22.2036 7.03574 22.7844C8.58774 24.0228 10.4645 25.0692 11.7525 25.4132C12.9845 25.7444 14.1621 25.4804 16.0005 24.4628C17.4821 23.642 18.6821 22.722 20.0245 21.3796C21.5813 19.8228 22.6661 18.3332 23.5829 16.4964C24.7669 14.1236 25.3717 11.7508 25.5109 8.94121C25.5861 7.41641 25.5205 7.26281 24.5813 6.78121C21.4325 5.16521 17.8789 3.09001 14.4437 0.864408C13.6805 0.370008 13.1813 0.0804078 13.0293 0.0452078C12.7605 -0.0155922 12.7573 -0.0155924 12.4837 0.0484076ZM13.4453 3.04681C16.5969 5.08282 19.8392 6.9749 23.1621 8.71721C23.1733 8.72521 23.1557 9.05321 23.1221 9.44521C22.7845 13.354 21.2245 16.7732 18.5061 19.5556C17.0693 21.0244 15.2437 22.3172 13.7509 22.9236C13.2421 23.13 13.1189 23.1588 12.7685 23.1588C12.4181 23.1588 12.2949 23.13 11.7861 22.9236C10.2933 22.3172 8.46774 21.0244 7.03094 19.5556C4.31254 16.7732 2.75254 13.354 2.41494 9.44521C2.38759 9.20351 2.37423 8.96044 2.37494 8.71721C2.38614 8.70921 2.86294 8.45481 3.43574 8.15241C5.99094 6.80201 10.0133 4.42601 12.1813 2.98441L12.7525 2.60681C12.7589 2.60521 13.0709 2.80201 13.4453 3.04681Z" fill="currentColor"/>
+<path fill-rule="evenodd" clip-rule="evenodd" transform="translate(3.23 3.21)" d="M16.9859 8.16007C17.5542 8.50105 17.7385 9.23816 17.3975 9.80646L13.0775 17.0065C12.8874 17.3233 12.5619 17.5349 12.1952 17.5801C11.8284 17.6252 11.4613 17.4989 11.2 17.2376L8.32003 14.3576C7.8514 13.889 7.8514 13.1292 8.32003 12.6605C8.78866 12.1919 9.54845 12.1919 10.0171 12.6605L11.8103 14.4538L15.3396 8.57167C15.6805 8.00337 16.4177 7.81909 16.9859 8.16007Z" fill="currentColor"/>
+</svg>
diff --git a/packages/ui/src/icons/index.ts b/packages/ui/src/icons/index.ts
index 836daa2d95d..bbd9306f598 100644
--- a/packages/ui/src/icons/index.ts
+++ b/packages/ui/src/icons/index.ts
@@ -35,6 +35,7 @@ export { default as DeviceLaptop } from './device-laptop.svg';
 export { default as DeviceMobile } from './device-mobile.svg';
 export { default as ThreeDotsCircle } from './three-dots-circle.svg';
 export { default as DuotoneAtSymbol } from './duotone-at-symbol.svg';
+export { default as DuotoneShieldCheck } from './duotone-shield-check.svg';
 export { default as Envelope } from './envelope.svg';
 export { default as ExclamationCircle } from './exclamation-circle.svg';
 export { default as ExclamationTriangle } from './exclamation-triangle.svg';
diff --git a/packages/ui/src/internal/appearance.ts b/packages/ui/src/internal/appearance.ts
index 57e15ed126d..000da0270bf 100644
--- a/packages/ui/src/internal/appearance.ts
+++ b/packages/ui/src/internal/appearance.ts
@@ -753,14 +753,12 @@ export type ElementsConfig = {
   configureSSOTestRunParsedUserInfo: WithOptions;
   configureSSOTestError: WithOptions;
 
-  configureSSOConfirmationStatusBadge: WithOptions<string>;
-  configureSSOConfirmationDomainLink: WithOptions;
-  configureSSOConfirmationConfigDetailsLabel: WithOptions;
-  configureSSOConfirmationConfigDetailsValue: WithOptions;
-  configureSSOConfirmationConfigDetailsLink: WithOptions;
-  configureSSOConfirmationInactiveBanner: WithOptions;
-  configureSSOConfirmationReconfigureButton: WithOptions;
-  configureSSOConfirmationResetButton: WithOptions;
+  configureSSOActivate: WithOptions;
+  configureSSOActivateIcon: WithOptions;
+  configureSSOActivateTitle: WithOptions;
+  configureSSOActivateSubtitle: WithOptions;
+  configureSSOActivateButton: WithOptions;
+  configureSSOActivateSkipButton: WithOptions;
 
   configureSSOResetConnectionDialog: WithOptions;
   configureSSOResetConnectionDialogCancelButton: WithOptions;