diff --git a/app/assets/javascripts/token_access/components/inbound_token_access.vue b/app/assets/javascripts/token_access/components/inbound_token_access.vue
index 29dbc49f835aed0b6000f51ffa5d961e28fa9df6..593452e64b643c8298a49de0c25c4a7cd255a783 100644
--- a/app/assets/javascripts/token_access/components/inbound_token_access.vue
+++ b/app/assets/javascripts/token_access/components/inbound_token_access.vue
@@ -27,9 +27,12 @@ export default {
   i18n: {
     toggleLabelTitle: s__('CICD|Limit access %{italicStart}to%{italicEnd} this project'),
     toggleDescription: s__(
-      `CICD|Allow access to this project from authorized groups or projects by adding them to the allowlist. It is a security risk to disable this feature, because unauthorized projects might attempt to retrieve an active token and access the API. %{linkStart}Learn more%{linkEnd}.`,
+      `CICD|When enabled, only groups and projects in the allowlist are authorized to use a CI/CD job token to authenticate requests to this project. When disabled, any group or project can do so. %{linkStart}Learn more%{linkEnd}.`,
+    ),
+    cardHeaderTitle: s__('CICD|Authorized groups and projects'),
+    cardHeaderDescription: s__(
+      `CICD|Ensure only groups and projects with members authorized to access sensitive project data are added to the allowlist.`,
     ),
-    cardHeaderTitle: s__('CICD|Groups and projects with access'),
     settingDisabledMessage: s__(
       'CICD|Access unrestricted, so users with sufficient permissions in this project can authenticate with a job token generated in any other project. Enable this setting to restrict authentication to only job tokens generated in the groups and projects in the allowlist below.',
     ),
@@ -273,7 +276,7 @@ export default {
       <div>
         <gl-card
           class="gl-new-card"
-          header-class="gl-new-card-header gl-border-bottom-0"
+          header-class="gl-new-card-header gl-border-bottom-0 gl-flex-wrap gl-md-flex-nowrap"
           body-class="gl-new-card-body gl-px-0"
         >
           <template #header>
@@ -299,8 +302,9 @@ export default {
                   {{ projectCount }}
                 </span>
               </div>
+              <p class="gl-text-secondary">{{ $options.i18n.cardHeaderDescription }}</p>
             </div>
-            <div class="gl-new-card-actions">
+            <div class="gl-new-card-actions gl-w-full gl-md-w-auto gl-text-right">
               <gl-button
                 v-if="!isAddFormVisible"
                 size="small"
diff --git a/app/assets/javascripts/token_access/components/outbound_token_access.vue b/app/assets/javascripts/token_access/components/outbound_token_access.vue
index c3d08b884fee164648620763b8b1c012520f7881..d98a91529d2cf0b8937891bfb77ef06412c8ba99 100644
--- a/app/assets/javascripts/token_access/components/outbound_token_access.vue
+++ b/app/assets/javascripts/token_access/components/outbound_token_access.vue
@@ -21,7 +21,7 @@ import getCIJobTokenScopeQuery from '../graphql/queries/get_ci_job_token_scope.q
 import getProjectsWithCIJobTokenScopeQuery from '../graphql/queries/get_projects_with_ci_job_token_scope.query.graphql';
 import TokenAccessTable from './token_access_table.vue';
 
-// Note: This component will be removed in 17.0, as the outbound access token is getting deprecated
+// Note: This component will be removed in 18.0, as the outbound access token is getting deprecated
 export default {
   i18n: {
     toggleLabelTitle: s__(
diff --git a/app/views/projects/settings/ci_cd/show.html.haml b/app/views/projects/settings/ci_cd/show.html.haml
index f21386065bb344f0a277d00df7d686520e0612fd..6df016c4ed265e8f227045359cf72ac108724d0b 100644
--- a/app/views/projects/settings/ci_cd/show.html.haml
+++ b/app/views/projects/settings/ci_cd/show.html.haml
@@ -105,11 +105,11 @@
   %section.settings.no-animate#js-token-access{ class: ('expanded' if expanded) }
     .settings-header
       %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
-        = _("Token Access")
+        = _("Job token permissions")
       = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
         = expanded ? _('Collapse') : _('Expand')
       %p.gl-text-secondary
-        = _("Control how the CI_JOB_TOKEN CI/CD variable is used for API access between projects.")
+        = _("Control whether CI/CD job tokens can be used to authenticate with this project.")
     .settings-content
       = render 'ci/token_access/index'
 
diff --git a/doc/ci/jobs/ci_job_token.md b/doc/ci/jobs/ci_job_token.md
index 1cfb6cb6a2d0d826092f437dd95978e18f78712c..efb7789637039821a789385040587ceef7007574 100644
--- a/doc/ci/jobs/ci_job_token.md
+++ b/doc/ci/jobs/ci_job_token.md
@@ -88,6 +88,7 @@ with a job token from any project. These resources can also be [limited to only
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/346298/) in GitLab 15.10.
 > - **Allow access to this project with a CI_JOB_TOKEN** setting [renamed to **Limit access _to_ this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/411406) in GitLab 16.3.
 > - Adding groups to the job token allowlist [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/415519) in GitLab 17.0.
+> - **Token Access** setting [renamed to **Job token permissions**](https://gitlab.com/gitlab-org/gitlab/-/issues/415519) in GitLab 17.2.
 
 You can add groups or projects to your job token allowlist to allow access your project's resources
 with a job token for authentication. By default, the allowlist of any project only includes itself.
@@ -112,7 +113,7 @@ To add a group or project to the allowlist:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > CI/CD**.
-1. Expand **Token Access**.
+1. Expand **Job token permissions**.
 1. Ensure the **Limit access _to_ this project** toggle is enabled. Enabled by default in new projects.
    It is a security risk to disable this feature, so project maintainers or owners should
    keep this setting enabled at all times.
@@ -151,6 +152,7 @@ To set a feature to be only visible to project members:
 ### Allow any project to access your project
 
 > - **Allow access to this project with a CI_JOB_TOKEN** setting [renamed to **Limit access _to_ this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/411406) in GitLab 16.3.
+> - **Token Access** setting [renamed to **Job token permissions**](https://gitlab.com/gitlab-org/gitlab/-/issues/415519) in GitLab 17.2.
 
 WARNING:
 It is a security risk to disable the token access limit and allowlist. A malicious user could try to compromise
@@ -172,7 +174,7 @@ To disable the job token scope allowlist:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > CI/CD**.
-1. Expand **Token Access**.
+1. Expand **Job token permissions**.
 1. Toggle **Limit access _to_ this project** to disabled.
    Enabled by default in new projects.
 
@@ -214,6 +216,7 @@ to make an API request to project `B`, then `B` must be added to the allowlist f
 ### Configure the job token scope (deprecated)
 
 > - **Limit CI_JOB_TOKEN access** setting [renamed to **Limit access _from_ this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/411406) in GitLab 16.3.
+> - **Token Access** setting [renamed to **Job token permissions**](https://gitlab.com/gitlab-org/gitlab/-/issues/415519) in GitLab 17.2.
 
 Prerequisites:
 
@@ -223,7 +226,7 @@ To configure the job token scope:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > CI/CD**.
-1. Expand **Token Access**.
+1. Expand **Job token permissions**.
 1. Toggle **Limit access _from_ this project** to enabled.
 1. Optional. Add existing projects to the token's access scope. The user adding a
    project must have the Maintainer role in both projects.
diff --git a/lib/search/settings.rb b/lib/search/settings.rb
index 9f83af8548198a6a0bea039ff23e699dfd3e44a6..cb18b0d27a038f1599670ab52ff8f97f2da93e1d 100644
--- a/lib/search/settings.rb
+++ b/lib/search/settings.rb
@@ -58,7 +58,7 @@ def project_ci_cd_settings(project)
           href: project_settings_ci_cd_path(project, anchor: 'js-pipeline-triggers') },
         { text: _("Deploy freezes"),
           href: project_settings_ci_cd_path(project, anchor: 'js-deploy-freeze-settings') },
-        { text: _("Token Access"), href: project_settings_ci_cd_path(project, anchor: 'js-token-access') },
+        { text: _("Job token permissions"), href: project_settings_ci_cd_path(project, anchor: 'js-token-access') },
         { text: _("Secure Files"),
           href: project_settings_ci_cd_path(project, anchor: 'js-secure-files') }
       ]
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index c82d77a48b1d01f965af4b3682985eda1a8a9f17..5a2b0df8d9dd2ba85a6215d5b321e7f42c80fd29 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -10088,7 +10088,7 @@ msgstr ""
 msgid "CICD|Add an existing project to the scope"
 msgstr ""
 
-msgid "CICD|Allow access to this project from authorized groups or projects by adding them to the allowlist. It is a security risk to disable this feature, because unauthorized projects might attempt to retrieve an active token and access the API. %{linkStart}Learn more%{linkEnd}."
+msgid "CICD|Authorized groups and projects"
 msgstr ""
 
 msgid "CICD|Auto DevOps"
@@ -10121,7 +10121,7 @@ msgstr ""
 msgid "CICD|Enable feature to limit job token access to the following projects."
 msgstr ""
 
-msgid "CICD|Groups and projects with access"
+msgid "CICD|Ensure only groups and projects with members authorized to access sensitive project data are added to the allowlist."
 msgstr ""
 
 msgid "CICD|Jobs"
@@ -10163,6 +10163,9 @@ msgstr ""
 msgid "CICD|Use separate caches for protected branches"
 msgstr ""
 
+msgid "CICD|When enabled, only groups and projects in the allowlist are authorized to use a CI/CD job token to authenticate requests to this project. When disabled, any group or project can do so. %{linkStart}Learn more%{linkEnd}."
+msgstr ""
+
 msgid "CICD|group enabled"
 msgstr ""
 
@@ -14918,7 +14921,7 @@ msgstr ""
 msgid "Contributor analytics"
 msgstr ""
 
-msgid "Control how the CI_JOB_TOKEN CI/CD variable is used for API access between projects."
+msgid "Control whether CI/CD job tokens can be used to authenticate with this project."
 msgstr ""
 
 msgid "Control whether to display customer experience improvement content and third-party offers in GitLab."
@@ -29704,6 +29707,9 @@ msgstr ""
 msgid "Job logs and artifacts"
 msgstr ""
 
+msgid "Job token permissions"
+msgstr ""
+
 msgid "Job was retried"
 msgstr ""
 
@@ -55403,9 +55409,6 @@ msgstr ""
 msgid "Token"
 msgstr ""
 
-msgid "Token Access"
-msgstr ""
-
 msgid "Token name"
 msgstr ""