diff --git a/website/content/docs/concepts/domain-model/users.mdx b/website/content/docs/concepts/domain-model/users.mdx
index 1964625fd9..f1fcc98e08 100644
--- a/website/content/docs/concepts/domain-model/users.mdx
+++ b/website/content/docs/concepts/domain-model/users.mdx
@@ -8,46 +8,49 @@ description: |-
 
 # Users
 
-A user is any entity authorized to access Boundary
-using authentication credentials specific to one of the configured Authentication Methods.
-A User is owned by one and only one Organization.
-A User is associated with zero or one Authentication Methods.
-A User not associated with an Authentication Method can not log in to the system.
-A User can belong to zero or more Groups.
-A User inherits from Principal ("is-a" Principal) allowing it to be associated with zero or more Roles.
-A User is deleted when the Organization it belongs to is deleted.
-The lifecycle of a User is not tied to the lifecycle of any
-Authentication Method,
-Group
-or Role,
-but rather to its Organization only
-
-```shell-session
-+-------------------------------------+
-|           Organization              |
-+-------------------------------------+
-|  User 1    |  User 2    |  User 3   |
-+-------------------------------------+
-```
-
-# Attributes
-
-### ID
-
-A user ID has a `u_` prefix followed by ten digits.
-
-Example: `u_0123456789`
-
-### Name
-
-A user name is the friendly name of a user resource.
-
-### Description
-
-A user description is the friendly description of the user resource.
-
-# Referenced By
-
-- [Groups]()
-- [Roles]()
-- [Organization]()
+A user is a resource
+that represents an individual person or entity
+for the purposes of access control.
+A user can be associated with zero or more [accounts][].
+A user authenticates to Boundary through one of the accounts associated with that user.
+However, if a user is not associated with any account,
+they will not be able to access Boundary.
+
+A user is a principal
+which allows it to be assigned to [roles][].
+A user receives all the [permissions][]
+of the roles assigned directly to the user
+and all the permissions of roles assigned to [groups][] the user is in.
+
+Users can be defined at either a [Global][] or [Organization][] [scope][].
+A user can only be associated with accounts from an [authentication method][]
+configured in the same scope.
+
+## Attributes
+
+A user has the following configurable attributes:
+
+- `name` - (optional)
+  If set, the `name` must be unique within the user's immediate parent [scope][].
+
+- `description` - (optional)
+
+## Referenced By
+
+- [Account][]
+- [Global][]
+- [Group][]
+- [Organization][]
+- [Role][]
+
+[account]: /docs/concepts/domain-model/accounts
+[accounts]: /docs/concepts/domain-model/accounts
+[authentication method]: /docs/concepts/domain-model/auth-methods
+[global]: /docs/concepts/domain-model/scopes#global
+[group]: /docs/concepts/domain-model/groups
+[groups]: /docs/concepts/domain-model/groups
+[organization]: /docs/concepts/domain-model/scopes#organizations
+[permissions]: /docs/concepts/security/permissions
+[role]: /docs/concepts/domain-model/roles
+[roles]: /docs/concepts/domain-model/roles
+[scope]: /docs/concepts/domain-model/scopes