diff --git a/docs/docs/apis/actions/code-examples.mdx b/docs/docs/apis/actions/code-examples.mdx
new file mode 100644
index 0000000000..6dcf913417
--- /dev/null
+++ b/docs/docs/apis/actions/code-examples.mdx
@@ -0,0 +1,308 @@
+---
+title: Code examples
+---
+
+Actions are a powerful tool to extend ZITADEL and you might wonder what use cases actions can be used for.
+
+This page provides a non-exhaustive list of possibilities which is provided by [examples](https://github.com/zitadel/actions/tree/main/examples). If a use case is missing feel free to contribute an issue or pull request to the repository, thanks in advance π€.
+
+## Customize OIDC response
+
+Append claims returned on OIDC requests.
+
+### Triggers
+
+- Complement token
+ - [Pre Userinfo creation](./complement-token#pre-userinfo-creation-id_token--userinfo--introspection-endpoint)
+ - [Pre access token creation](./complement-token#pre-access-token-creation)
+
+### Set hardcoded claim
+
+Extend the claims by a hardcoded value.
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/add_claim.js
+```
+
+
+
+### Set dynamic claim from user metadata
+
+Extend the claims by dynamically read metadata from a user and sets the picture-claim if idpPicture-metadata value is present.
+
+
+{props.summary ? props.summary : 'Code example'}
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/add_picture_claim_from_idp_metadata.js
+```
+
+
+
+### Set dynamic claim from organization metadata
+
+Extend the claims by dynamically read metadata from an organization and sets the present metadata.
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/org_metadata_claim.js
+```
+
+
+
+### Custom role mapping in claims
+
+Some products require specific role mapping from ZITADEL, no worries we got you covered π
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/custom_roles.js
+```
+
+
+
+## Customize SAML response
+
+Append attributes returned on SAML requests.
+
+### Triggers
+
+- Complement SAMLResponse
+ - [Pre SAMLResponse creation](./customize-samlresponse#pre-samlresponse-creation)
+
+### Custom role mapping in attributes
+
+Some products require specific role mapping from ZITADEL, no worries we got you covered π
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/set_custom_attribute.js
+```
+
+
+
+### Set dynamic attribute from organization metadata
+
+Extend the attributes by dynamically read metadata from an organization and sets the present metadata.
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/org_metadata_attribute.js
+```
+
+
+
+## Manipulate user
+
+You can automate manual tasks like setting default grants during user creation.
+
+### Set email always verified
+
+Useful if you trust the provided information or don't want the users to verify their e-mail addresses.
+
+#### Triggers
+
+- Internal Authentication
+ - [Pre Creation](/docs/apis/actions/internal-authentication#pre-creation)
+- External Authentication
+ - [Pre Creation](/docs/apis/actions/external-authentication#pre-creation)
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/verify_email.js
+```
+
+
+
+### Add grants to users
+
+Allows you to add default user grants to a user after it was created or federated.
+
+#### Triggers
+
+- Internal Authentication
+ - [Post Creation](/docs/apis/actions/internal-authentication#post-creation)
+- External Authentication
+ - [Post Creation](/docs/apis/actions/external-authentication#post-creation)
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/add_user_grant.js
+```
+
+
+
+### Add metadata to users
+
+Adding metadata to users allows you to set default metadata on users.
+
+#### Triggers
+
+- Internal Authentication
+ - [Post Creation](/docs/apis/actions/internal-authentication#post-creation)
+ - [Post Authentication](/docs/apis/actions/internal-authentication#post-authentication)
+- External Authentication
+ - [Post Creation](/docs/apis/actions/internal-authentication#post-creation)
+ - [Post Authentication](/docs/apis/actions/internal-authentication#post-authentication)
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/add_metadata.js
+```
+
+
+
+## Use provided fields of identity providers
+
+If you want to ensure that the data of a user are always update you can automatically update user fields during authentication and safe time of your customers and your team. π€―
+
+### Trigger
+
+- External Authentication
+ - [Post Authentication](./external-authentication#post-authentication)
+
+### Fields provided by Okta
+
+If you use [Okta as an identity provider](/guides/integrate/identity-providers/okta) you can improve the onboarding experience of new users by prefilling some basic information during authentication.
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/okta_identity_provider.js
+```
+
+
+
+### Fields provided by Gitlab
+
+If you use [Gitlab as an identity provider](/guides/integrate/identity-providers/gitlab) you can improve the onboarding experience of new users by prefilling some basic information during authentication.
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/gitlab_identity_provider.js
+```
+
+
+
+### Fields provided by Github
+
+If you use [Github as an identity provider](/guides/integrate/identity-providers/github) you can improve the onboarding experience of new users by prefilling some basic information during authentication.
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/github_identity_provider.js
+```
+
+
+
+### Claims provided by a generic OIDC identity provider
+
+If you use a [generic OIDC identity provider](/guides/integrate/identity-providers/migrate#migrate-generic-oidc-provider) you can improve the onboarding experience of new users by prefilling some basic information during authentication.
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/set_idp_picture_metadata.js
+```
+
+
+
+### Attributes provided by a generic SAML identity provider
+
+If you use a [SAML identity provider like mocksaml](/guides/integrate/identity-providers/mocksaml) you can improve the onboarding experience of new users by prefilling some basic information during authentication.
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/post_auth_saml.js
+```
+
+
+
+## Context aware execution
+
+Based on the context the execution path of an action can change. ZITADEL allows complex execution paths of course. π
+
+### Based on auth request information
+
+Execution paths might change based on the application initiating the authentication.
+
+#### Triggers
+
+- Internal Authentication
+ - [Pre Creation](/docs/apis/actions/internal-authentication#pre-creation)
+ - [Post Creation](/docs/apis/actions/internal-authentication#post-creation)
+ - [Post Authentication](/docs/apis/actions/internal-authentication#post-authentication)
+- External Authentication
+ - [Pre Creation](/docs/apis/actions/external-authentication#pre-creation)
+ - [Post Creation](/docs/apis/actions/external-authentication#post-creation)
+ - [Post Authentication](/docs/apis/actions/external-authentication#post-authentication)
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/execute_action_on_specific_app.js
+```
+
+
+
+This example uses [zitadel's log module](/docs/apis/actions/modules#log)
+
+### Check authentication error
+
+Your action can also check for errors during the login process.
+
+#### Triggers
+
+- Internal Authentication
+ - [Post Authentication](/docs/apis/actions/internal-authentication#post-authentication)
+- External Authentication
+ - [Post Authentication](/docs/apis/actions/external-authentication#post-authentication)
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/post_auth_log.js
+```
+
+
+
+This example uses [zitadel's log module](/docs/apis/actions/modules#log)
+
+### Throw an error
+
+Allows you to limit the user interaction. The error thrown will be shown to the user if the action is not [allowed to fail](/concepts/features/actions#how-it-works).
+
+
+Code example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/throw_error.js
+```
+
\ No newline at end of file
diff --git a/docs/docs/apis/actions/internal-authentication.md b/docs/docs/apis/actions/internal-authentication.md
index aee2ebe4d2..85b25fd5c0 100644
--- a/docs/docs/apis/actions/internal-authentication.md
+++ b/docs/docs/apis/actions/internal-authentication.md
@@ -2,6 +2,8 @@
title: Internal Authentication Flow
---
+This flow is executed if the user logs in using the login UI hosted by ZITADEL.
+
The flow is represented by the following Ids in the API: `3`
## Post Authentication
diff --git a/docs/docs/apis/actions/introduction.md b/docs/docs/apis/actions/introduction.md
index 0210009042..98309c819a 100644
--- a/docs/docs/apis/actions/introduction.md
+++ b/docs/docs/apis/actions/introduction.md
@@ -46,10 +46,13 @@ Trigger types define the point during execution of request. Each trigger defines
Currently ZITADEL provides the following flows:
-- [Internal Authentication](./internal-authentication.md)
-- [External Authentication](./external-authentication.md)
-- [Complement Token](./complement-token.md)
+- [Internal Authentication](./internal-authentication)
+- [External Authentication](./external-authentication)
+- [Complement Token](./complement-token)
+- [Customize SAML Response](./customize-samlresponse)
## Available Modules inside Javascript
- [HTTP module](./modules#http) to call API's
+- [Logging module](./modules#log) logs information to stdout
+- [UUID module](./modules#uuid) generates uuids
diff --git a/docs/docs/apis/actions/modules.md b/docs/docs/apis/actions/modules.md
index 9b87b51908..7c99ab05bb 100644
--- a/docs/docs/apis/actions/modules.md
+++ b/docs/docs/apis/actions/modules.md
@@ -52,6 +52,12 @@ The object has the following fields and methods:
- `text()` *string*
Returns the body
+### Example
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/make_api_call.js#L10-L20
+```
+
## Log
The log module provides you with the functionality to log to stdout.
diff --git a/docs/docs/concepts/features/actions.md b/docs/docs/concepts/features/actions.md
index a91001fce5..c3c18b0611 100644
--- a/docs/docs/concepts/features/actions.md
+++ b/docs/docs/concepts/features/actions.md
@@ -36,3 +36,4 @@ Within the JavaScript code, you can read and manipulate the state.
- [Assign users a role after they register using an external identity provider](/guides/manage/customize/behavior)
- [Actions reference](/apis/actions/introduction#action)
- [Actions Marketplace: Find example actions to use in ZITADEL](https://github.com/zitadel/actions)
+- [Example use cases](/apis/actions/code-examples)
diff --git a/docs/docs/guides/integrate/identity-providers/mocksaml.mdx b/docs/docs/guides/integrate/identity-providers/mocksaml.mdx
index 8b9bd426ff..f18e331814 100644
--- a/docs/docs/guides/integrate/identity-providers/mocksaml.mdx
+++ b/docs/docs/guides/integrate/identity-providers/mocksaml.mdx
@@ -10,6 +10,7 @@ import CustomLoginPolicy from './_custom_login_policy.mdx';
import IDPsOverview from './_idps_overview.mdx';
import Activate from './_activate.mdx';
import TestSetup from './_test_setup.mdx';
+import PrefillAction from './_prefill_action.mdx';
@@ -63,3 +64,11 @@ They are available under [https://{CUSTOMDOMAIN}/idps/{ID of the provider in ZIT
+
+## Optional: Add ZITADEL action to autofill userdata
+
+
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/post_auth_saml.js
+```
\ No newline at end of file
diff --git a/docs/docs/guides/integrate/identity-providers/okta.mdx b/docs/docs/guides/integrate/identity-providers/okta.mdx
index b1e856ce61..ae558e0471 100644
--- a/docs/docs/guides/integrate/identity-providers/okta.mdx
+++ b/docs/docs/guides/integrate/identity-providers/okta.mdx
@@ -11,6 +11,7 @@ import IDPsOverview from './_idps_overview.mdx';
import GenericOIDC from './_generic_oidc.mdx';
import Activate from './_activate.mdx';
import TestSetup from './_test_setup.mdx';
+import PrefillAction from './_prefill_action.mdx';
diff --git a/docs/docs/guides/integrate/retrieve-user-roles.md b/docs/docs/guides/integrate/retrieve-user-roles.md
index 0b7d97aae4..64793a07e6 100644
--- a/docs/docs/guides/integrate/retrieve-user-roles.md
+++ b/docs/docs/guides/integrate/retrieve-user-roles.md
@@ -192,6 +192,19 @@ This request can be tested out in the following way:
3. When you run the command, you will see the roles in the response.
4. If you remove the role claims in the scope and run the command, you will not receive the roles.
+#### Customize roles using actions
+
+If your application requires a custom role structure, [ZITADEL actions](/docs/apis/actions/complement-token#pre-userinfo-creation-id_token--userinfo--introspection-endpoint) allow you to customize your claims.
+
+
+Example on github
+
+```js reference
+https://github.com/zitadel/actions/blob/main/examples/custom_roles.js
+```
+
+
+
### Retrieve roles using the auth API
Now we will use the auth API to retrieve roles from a logged in user using the userβs token
diff --git a/docs/sidebars.js b/docs/sidebars.js
index 79f3e648c1..5666fe63bf 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -807,6 +807,7 @@ module.exports = {
items: [
"apis/actions/introduction",
"apis/actions/modules",
+ "apis/actions/code-examples",
"apis/actions/internal-authentication",
"apis/actions/external-authentication",
"apis/actions/complement-token",