diff --git a/docs/production/authentication-methods.md b/docs/production/authentication-methods.md
index 5bb92b4ade..e8b51fea37 100644
--- a/docs/production/authentication-methods.md
+++ b/docs/production/authentication-methods.md
@@ -36,9 +36,9 @@ are documented in your `settings.py`.
 
 ## SAML
 
-Zulip 2.1 and later has beta support for SAML authentication, used by
-Okta, OneLogin, and many other IdPs (identity providers).  You can
-configure it as follows:
+Zulip 2.1 and later supports SAML authentication, used by Okta,
+OneLogin, and many other IdPs (identity providers).  You can configure
+it as follows:
 
 1. These instructions assume you have an installed Zulip server.  You
    can have created an organization already using EmailAuthBackend, or
diff --git a/docs/production/settings.md b/docs/production/settings.md
index 5750800a80..23ebf150e6 100644
--- a/docs/production/settings.md
+++ b/docs/production/settings.md
@@ -38,9 +38,7 @@ prefilled with that value.
 
 `AUTHENTICATION_BACKENDS`: Zulip supports a wide range of popular
 options for authenticating users to your server, including Google
-Auth, GitHub Auth, LDAP, REMOTE_USER, and more.  Note, however, that
-the default (email) backend must be used when creating a new
-organization.
+Auth, GitHub Auth, LDAP, SAML, REMOTE_USER, and more.
 
 If you want an additional or different authentication backend, you
 will need to uncomment one or more and then do any additional
diff --git a/templates/zerver/features.html b/templates/zerver/features.html
index e632a2700c..671085d2f5 100644
--- a/templates/zerver/features.html
+++ b/templates/zerver/features.html
@@ -240,6 +240,13 @@
                 by your choice of Zoom, Jitsi Meet, or Google Hangouts.
             </p>
         </a>
+        <a class="feature-block" href="/help/configure-authentication-methods" target="_blank">
+            <h3>FLEXIBLE AUTHENTICATION</h3>
+            <p>
+                Supported authentication providers include LDAP, SAML,
+                Google, GitHub, and more.
+            </p>
+        </a>
         <a class="feature-block" href="/help/import-from-slack" target="_blank">
             <h3>DATA IMPORT</h3>
             <p>
@@ -296,7 +303,6 @@
         <!--Hack: These two pseudo elements are here to ensure the flex
         arrangment uses the proper cell size with 4 elements in 2 rows.-->
         <div class="feature-block"></div>
-        <div class="feature-block"></div>
     </section>
 </div>
 {% endblock %}
diff --git a/templates/zerver/help/configure-authentication-methods.md b/templates/zerver/help/configure-authentication-methods.md
index 7664dcad8e..aeda0f8290 100644
--- a/templates/zerver/help/configure-authentication-methods.md
+++ b/templates/zerver/help/configure-authentication-methods.md
@@ -2,13 +2,13 @@
 
 {!admin-only.md!}
 
-By default, Zulip allows logging in via email/password, your Google account,
-or your GitHub account. You can restrict users to logging in via only a
-subset of these methods.
+By default, Zulip allows logging in via email/password, your Google
+account, or your GitHub account. You can restrict users to logging in
+via only a subset of these methods.
 
-LDAP and other SSO login methods are currently restricted to self-hosted
-Zulips only, though contact us at support@zulipchat.com if that is a
-blocker.
+LDAP and various custom SSO login methods are currently restricted to
+self-hosted Zulips only.  SAML authentication is supported by Zulip
+Cloud but requires contacting support@zulipchat.com to configure it.
 
 **Note:** If you are running your own server,
 [read this](https://zulip.readthedocs.io/en/latest/production/authentication-methods.html)
diff --git a/templates/zerver/help/logging-in.md b/templates/zerver/help/logging-in.md
index 7f724d6222..43aa00e839 100644
--- a/templates/zerver/help/logging-in.md
+++ b/templates/zerver/help/logging-in.md
@@ -4,8 +4,8 @@ By default, Zulip allows you to log with an email/password pair, a Google accoun
 a GitHub account.
 
 Organization administrators can
-[add other authentication methods](configure-authentication-methods),
-including SSO or LDAP integration, or disable any of the methods above.
+[add other authentication methods](/help/configure-authentication-methods),
+including the SAML and LDAP integrations, or disable any of the methods above.
 
 You can log in with any method allowed by your organization, regardless of
 how you signed up. E.g. if you originally signed up using your Google
diff --git a/templates/zerver/security.md b/templates/zerver/security.md
index 10230b4d94..387b26dc41 100644
--- a/templates/zerver/security.md
+++ b/templates/zerver/security.md
@@ -63,13 +63,13 @@ priority.
 
 ## Authentication
 
-- Zulip supports integrated single sign-on with Google, GitHub, and Active
-  Directory/LDAP. SAML and Okta authentication are coming soon. With Zulip
-  on-premise, we can support any of the 100+ authentication tools supported
-  by
+- Zulip supports integrated single sign-on with Google, GitHub, SAML
+  (including Okta), AzureAD, and Active Directory/LDAP.  With Zulip
+  on-premise, we can support any of the 100+ authentication tools
+  supported by
   [python-social-auth](https://python-social-auth-docs.readthedocs.io/en/latest/backends/index.html#social-backends)
-  as well as
-  [any SSO service that has a plugin for Apache][apache-sso].
+  as well as [any SSO service that has a plugin for
+  Apache][apache-sso].
 - Zulip uses the zxcvbn password strength checker by default, and supports
   customizing users’ password strength requirements. See our documentation
   on