diff --git a/app/assets/javascripts/token_access/components/inbound_token_access.vue b/app/assets/javascripts/token_access/components/inbound_token_access.vue
index 31575cd36b71842bc6ccc65d8c978d5ac56db7af..5e462754f345e6ceb926aa9f74efeb58974e3229 100644
--- a/app/assets/javascripts/token_access/components/inbound_token_access.vue
+++ b/app/assets/javascripts/token_access/components/inbound_token_access.vue
@@ -24,11 +24,14 @@ import TokenAccessTable from './token_access_table.vue';
 
 export default {
   i18n: {
-    toggleLabelTitle: s__('CICD|Limit access %{italicStart}to%{italicEnd} this project'),
+    toggleLabelTitle: s__('CICD|Allow CI/CD job token access'),
     toggleDescription: s__(
-      `CICD|Allow access to this project from authorized groups or projects by adding them to the allowlist. It is a security risk to disable this feature, because unauthorized projects might attempt to retrieve an active token and access the API. %{linkStart}Learn more%{linkEnd}.`,
+      `CICD|When enabled, groups and projects listed in the allowlist are authorized to use a CI/CD job token to authenticate requests to this project. %{linkStart}Learn more%{linkEnd}.`,
+    ),
+    cardHeaderTitle: s__('CICD|Authorized groups and projects'),
+    cardHeaderDescription: s__(
+      `CICD|Ensure only groups and projects with members authorized to access sensitive project data are added to the allowlist.`,
     ),
-    cardHeaderTitle: s__('CICD|Groups and projects with access'),
     settingDisabledMessage: s__(
       'CICD|No access is currently allowed to this project. Enable feature to authorize access from groups or projects in the allowlist below.',
     ),
@@ -258,22 +261,25 @@ export default {
       <div>
         <gl-card
           class="gl-new-card"
-          header-class="gl-new-card-header gl-border-bottom-0"
+          header-class="gl-new-card-header gl-border-bottom-0 gl-flex-wrap gl-md-flex-nowrap"
           body-class="gl-new-card-body gl-px-0"
         >
           <template #header>
-            <div class="gl-new-card-title-wrapper">
-              <h5 class="gl-new-card-title">{{ $options.i18n.cardHeaderTitle }}</h5>
-              <span class="gl-new-card-count">
-                <gl-icon name="group" class="gl-mr-2" />
-                {{ groups.length }}
-              </span>
-              <span class="gl-new-card-count">
-                <gl-icon name="project" class="gl-mr-2" />
-                {{ projects.length }}
-              </span>
+            <div class="gl-new-card-title-wrapper gl-flex-direction-column gl-flex-wrap">
+              <div class="gl-new-card-title">
+                <h5>{{ $options.i18n.cardHeaderTitle }}</h5>
+                <span class="gl-new-card-count">
+                  <gl-icon name="group" class="gl-mr-2" />
+                  {{ groups.length }}
+                </span>
+                <span class="gl-new-card-count">
+                  <gl-icon name="project" class="gl-mr-2" />
+                  {{ projects.length }}
+                </span>
+              </div>
+              <p class="gl-text-secondary">{{ $options.i18n.cardHeaderDescription }}</p>
             </div>
-            <div class="gl-new-card-actions">
+            <div class="gl-new-card-actions gl-w-full gl-md-w-auto gl-text-right">
               <gl-button
                 v-if="!isAddFormVisible"
                 size="small"
diff --git a/app/assets/javascripts/token_access/components/outbound_token_access.vue b/app/assets/javascripts/token_access/components/outbound_token_access.vue
index aad46e730d83890b53214c8b82f8f43208c53f75..dabfc799b8af666dc3b858df590ce959163abf15 100644
--- a/app/assets/javascripts/token_access/components/outbound_token_access.vue
+++ b/app/assets/javascripts/token_access/components/outbound_token_access.vue
@@ -20,7 +20,7 @@ import getCIJobTokenScopeQuery from '../graphql/queries/get_ci_job_token_scope.q
 import getProjectsWithCIJobTokenScopeQuery from '../graphql/queries/get_projects_with_ci_job_token_scope.query.graphql';
 import TokenAccessTable from './token_access_table.vue';
 
-// Note: This component will be removed in 17.0, as the outbound access token is getting deprecated
+// Note: This component will be removed in 18.0, as the outbound access token is getting deprecated
 export default {
   i18n: {
     toggleLabelTitle: s__(
@@ -39,7 +39,7 @@ export default {
     projectsFetchError: __('There was a problem fetching the projects'),
     scopeFetchError: __('There was a problem fetching the job token scope value'),
     outboundTokenAlertDeprecationMessage: s__(
-      `CICD|The %{boldStart}Limit access %{boldEnd}%{italicAndBoldStart}from%{italicAndBoldEnd}%{boldStart} this project%{boldEnd} setting is deprecated and will be removed in the 18.0 milestone. Use the %{boldStart}Limit access %{boldEnd}%{italicAndBoldStart}to%{italicAndBoldEnd}%{boldStart} this project%{boldEnd} setting and allowlist instead. %{linkStart}How do I do this?%{linkEnd}`,
+      `CICD|The %{boldStart}Limit access %{boldEnd}%{italicAndBoldStart}from%{italicAndBoldEnd}%{boldStart} this project%{boldEnd} setting is deprecated and will be removed in the 18.0 milestone. Use the %{boldStart}Allow CI/CD job token access%{boldEnd} setting and allowlist instead. %{linkStart}How do I do this?%{linkEnd}`,
     ),
     disableToggleWarning: s__('CICD|Disabling this feature is a permanent change.'),
   },
diff --git a/app/views/projects/settings/ci_cd/show.html.haml b/app/views/projects/settings/ci_cd/show.html.haml
index 290756e5aad2c0c18cb872a87a13ff04f7a4a5a2..322d958763d395585336d9ecbddcb3b310f5c681 100644
--- a/app/views/projects/settings/ci_cd/show.html.haml
+++ b/app/views/projects/settings/ci_cd/show.html.haml
@@ -103,11 +103,11 @@
   %section.settings.no-animate#js-token-access{ class: ('expanded' if expanded) }
     .settings-header
       %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only
-        = _("Token Access")
+        = _("Job token permissions")
       = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do
         = expanded ? _('Collapse') : _('Expand')
       %p.gl-text-secondary
-        = _("Control how the CI_JOB_TOKEN CI/CD variable is used for API access between projects.")
+        = _("Control whether CI/CD job tokens can be used to authenticate with this project.")
     .settings-content
       = render 'ci/token_access/index'
 
diff --git a/data/deprecations/15-9-insecure-ci-job-token.yml b/data/deprecations/15-9-insecure-ci-job-token.yml
index 1be584b99dea8f7e75e0b9f089cb6ef57e55e704..705d508c16bb28b12b921c016e980a5677d4310a 100644
--- a/data/deprecations/15-9-insecure-ci-job-token.yml
+++ b/data/deprecations/15-9-insecure-ci-job-token.yml
@@ -20,6 +20,8 @@
     To prepare for this change, users on GitLab.com or self-managed GitLab 15.9 or later can enable the **Allow access** setting now and add the other projects. It will not be possible to disable the setting in 18.0 or later.
 
     In 16.3, the names of these settings were changed to clarify their meanings: the deprecated **Limit CI_JOB_TOKEN access** setting is now called **Limit access _from_ this project**, and the newer **Allow access to this project with a CI_JOB_TOKEN** setting is now called **Limit access _to_ this project**.
+
+    In 17.1, the name of the **Limit access _to_ this project** setting was further clarified: it is now called **Grant access to this project**.
   #
   # OPTIONAL END OF SUPPORT FIELDS
   #
diff --git a/data/deprecations/16-5-ci-job-token-limit-setting.yml b/data/deprecations/16-5-ci-job-token-limit-setting.yml
index 7a4b3af500b116b5ab89bf7a380bd0b9b5ee4f97..014ea9e4a01915692e8192b823916be343bc908b 100644
--- a/data/deprecations/16-5-ci-job-token-limit-setting.yml
+++ b/data/deprecations/16-5-ci-job-token-limit-setting.yml
@@ -20,6 +20,8 @@
     To prepare for this change, users on GitLab.com or self-managed GitLab 15.9 or later can enable the **Allow access** setting now and add the other projects. It will not be possible to disable the setting in 18.0 or later.
 
     In 16.3, the names of these settings were changed to clarify their meanings: the deprecated **Limit CI_JOB_TOKEN access** setting is now called **Limit access _from_ this project**, and the newer **Allow access to this project with a CI_JOB_TOKEN** setting is now called **Limit access _to_ this project**.
+
+    In 17.1, the name of the **Limit access _to_ this project** setting was further clarified: it is now called **Grant access to this project**.
   #
   # OPTIONAL END OF SUPPORT FIELDS
   #
diff --git a/doc/api/project_job_token_scopes.md b/doc/api/project_job_token_scopes.md
index 761820784c4cbdc600b6aacbdb5b944a972c72a1..c5f6a9330bc488ff017d06af34f7ba745feab9df 100644
--- a/doc/api/project_job_token_scopes.md
+++ b/doc/api/project_job_token_scopes.md
@@ -34,7 +34,7 @@ If successful, returns [`200`](rest/index.md#status-codes) and the following res
 
 | Attribute          | Type    | Description |
 |--------------------|---------|-------------|
-| `inbound_enabled`  | boolean | Indicates if the [**Limit access _to_ this project** setting](../ci/jobs/ci_job_token.md#add-a-group-or-project-to-the-job-token-allowlist) is enabled. |
+| `inbound_enabled`  | boolean | Indicates if the [**Grant access to this project** setting](../ci/jobs/ci_job_token.md#add-a-group-or-project-to-the-job-token-allowlist) is enabled. |
 | `outbound_enabled` | boolean | Indicates if the CI/CD job token generated in this project has access to other projects. [Deprecated and planned for removal in GitLab 18.0](../update/deprecations.md#default-cicd-job-token-ci_job_token-scope-changed). |
 
 Example request:
@@ -55,8 +55,9 @@ Example response:
 ## Patch a project's CI/CD job token access settings
 
 > - **Allow access to this project with a CI_JOB_TOKEN** setting [renamed to **Limit access _to_ this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/411406) in GitLab 16.3.
+> - **Limit access _to_ this project** setting [renamed to **Grant access to this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/415519) in GitLab 17.1.
 
-Patch the [**Limit access _to_ this project** setting](../ci/jobs/ci_job_token.md#add-a-group-or-project-to-the-job-token-allowlist) (job token scope) of a project.
+Patch the [**Grant access to this project** setting](../ci/jobs/ci_job_token.md#add-a-group-or-project-to-the-job-token-allowlist) (job token scope) of a project.
 
 ```plaintext
 PATCH /projects/:id/job_token_scope
@@ -67,7 +68,7 @@ Supported attributes:
 | Attribute | Type           | Required | Description |
 |-----------|----------------|----------|-------------|
 | `id`      | integer/string | Yes      | ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding). |
-| `enabled` | boolean        | Yes      | Indicates if the [**Limit access _to_ this project** setting](../ci/jobs/ci_job_token.md#add-a-group-or-project-to-the-job-token-allowlist) should be enabled. |
+| `enabled` | boolean        | Yes      | Indicates if the [**Grant access to this project** setting](../ci/jobs/ci_job_token.md#add-a-group-or-project-to-the-job-token-allowlist) should be enabled. |
 
 If successful, returns [`204`](rest/index.md#status-codes) and no response body.
 
diff --git a/doc/ci/debugging.md b/doc/ci/debugging.md
index d78c6163573c72140bb45842135b8c41b6b80b20..32f03c37a364f60f82e01e05856bc37badc471cf 100644
--- a/doc/ci/debugging.md
+++ b/doc/ci/debugging.md
@@ -433,6 +433,7 @@ Ensure that included configuration files do not create a loop of references to e
 ### `Failed to pull image` messages
 
 > - **Allow access to this project with a CI_JOB_TOKEN** setting [renamed to **Limit access _to_ this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/411406) in GitLab 16.3.
+> - **Limit access _to_ this project** setting [renamed to **Grant access to this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/415519) in GitLab 17.1.
 
 A runner might return a `Failed to pull image` message when trying to pull a container image
 in a CI/CD job.
@@ -456,7 +457,7 @@ For example:
 
 These errors can happen if the following are both true:
 
-- The [**Limit access _to_ this project**](jobs/ci_job_token.md#limit-job-token-scope-for-public-or-internal-projects)
+- The [**Grant access to this project**](jobs/ci_job_token.md#limit-job-token-scope-for-public-or-internal-projects)
   option is enabled in the private project hosting the image.
 - The job attempting to fetch the image is running in a project that is not listed in
   the private project's allowlist.
diff --git a/doc/ci/jobs/ci_job_token.md b/doc/ci/jobs/ci_job_token.md
index caa3402985407cae2395bae63136e75aa14eaa73..ec1cf2b967434c43967451c3ab138fd7e9540be7 100644
--- a/doc/ci/jobs/ci_job_token.md
+++ b/doc/ci/jobs/ci_job_token.md
@@ -88,6 +88,7 @@ with a job token from any project. These resources can also be [limited to only
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/346298/) in GitLab 15.10.
 > - **Allow access to this project with a CI_JOB_TOKEN** setting [renamed to **Limit access _to_ this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/411406) in GitLab 16.3.
 > - Adding groups to the job token allowlist [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/415519) in GitLab 17.0.
+> - **Limit access _to_ this project** setting [renamed to **Grant access to this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/415519) in GitLab 17.1.
 
 You can add groups or projects to your job token allowlist to allow access your project's resources
 with a job token for authentication. By default, the allowlist of any project only includes itself.
@@ -109,7 +110,7 @@ To add a group or project to the allowlist:
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > CI/CD**.
 1. Expand **Token Access**.
-1. Ensure the **Limit access _to_ this project** toggle is enabled. Enabled by default in new projects.
+1. Ensure the **Grant access to this project** toggle is enabled. Enabled by default in new projects.
    It is a security risk to disable this feature, so project maintainers or owners should
    keep this setting enabled at all times.
 1. Select **Add group or project**.
@@ -147,13 +148,14 @@ To set a feature to be only visible to project members:
 ### Allow any project to access your project
 
 > - **Allow access to this project with a CI_JOB_TOKEN** setting [renamed to **Limit access _to_ this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/411406) in GitLab 16.3.
+> - **Limit access _to_ this project** setting [renamed to **Grant access to this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/415519) in GitLab 17.1.
 
 WARNING:
 It is a security risk to disable the token access limit and allowlist. A malicious user could try to compromise
 a pipeline created in an unauthorized project. If the pipeline was created by one of
 your maintainers, the job token could be used in an attempt to access your project.
 
-If you disable the **Limit access _to_ this project** setting, the allowlist is ignored.
+If you disable the **Grant access to this project** setting, the allowlist is ignored.
 Jobs from any project could access your project with a job token if the user that
 triggers the pipeline has permission to access your project.
 
@@ -169,7 +171,7 @@ To disable the job token scope allowlist:
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > CI/CD**.
 1. Expand **Token Access**.
-1. Toggle **Limit access _to_ this project** to disabled.
+1. Toggle **Grant access to this project** to disabled.
    Enabled by default in new projects.
 
 You can also enable and disable the setting with the [GraphQL](../../api/graphql/reference/index.md#mutationprojectcicdsettingsupdate) (`inboundJobTokenScopeEnabled`) and [REST](../../api/project_job_token_scopes.md#patch-a-projects-cicd-job-token-access-settings) API.
@@ -191,7 +193,7 @@ proposes to change this behavior.
 NOTE:
 The [**Limit access _from_ this project**](#configure-the-job-token-scope-deprecated)
 setting is disabled by default for all new projects and is [scheduled for removal](https://gitlab.com/gitlab-org/gitlab/-/issues/383084)
-in GitLab 17.0. Project maintainers or owners should configure the [**Limit access _to_ this project**](#add-a-group-or-project-to-the-job-token-allowlist)
+in GitLab 18.0. Project maintainers or owners should configure the [**Grant access to this project**](#add-a-group-or-project-to-the-job-token-allowlist)
 setting instead.
 
 Control your project's job token scope by creating an allowlist of projects which
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 190d895e8d2a2d6a0e0d7c907012e8997a27b756..f5a11047b0b4ab3296d332cab16b9b9a2a65349c 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -174,6 +174,8 @@ To prepare for this change, users on GitLab.com or self-managed GitLab 15.9 or l
 
 In 16.3, the names of these settings were changed to clarify their meanings: the deprecated **Limit CI_JOB_TOKEN access** setting is now called **Limit access _from_ this project**, and the newer **Allow access to this project with a CI_JOB_TOKEN** setting is now called **Limit access _to_ this project**.
 
+In 17.1, the name of the **Limit access _to_ this project** setting was further clarified: it is now called **Grant access to this project**.
+
 </div>
 
 <div class="deprecation breaking-change" data-milestone="18.0">
@@ -2907,6 +2909,8 @@ To prepare for this change, users on GitLab.com or self-managed GitLab 15.9 or l
 
 In 16.3, the names of these settings were changed to clarify their meanings: the deprecated **Limit CI_JOB_TOKEN access** setting is now called **Limit access _from_ this project**, and the newer **Allow access to this project with a CI_JOB_TOKEN** setting is now called **Limit access _to_ this project**.
 
+In 17.1, the name of the **Limit access _to_ this project** setting was further clarified: it is now called **Grant access to this project**.
+
 </div>
 
 <div class="deprecation breaking-change" data-milestone="16.0">
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 8e0f199f08d43d62be828e4ed36b3d6feaca8020..a0c2070a9ed42f7b88e5076f4cac0fb800f992f1 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -9805,7 +9805,10 @@ msgstr ""
 msgid "CICD|Add an existing project to the scope"
 msgstr ""
 
-msgid "CICD|Allow access to this project from authorized groups or projects by adding them to the allowlist. It is a security risk to disable this feature, because unauthorized projects might attempt to retrieve an active token and access the API. %{linkStart}Learn more%{linkEnd}."
+msgid "CICD|Allow CI/CD job token access"
+msgstr ""
+
+msgid "CICD|Authorized groups and projects"
 msgstr ""
 
 msgid "CICD|Auto DevOps"
@@ -9838,7 +9841,7 @@ msgstr ""
 msgid "CICD|Enable feature to limit job token access to the following projects."
 msgstr ""
 
-msgid "CICD|Groups and projects with access"
+msgid "CICD|Ensure only groups and projects with members authorized to access sensitive project data are added to the allowlist."
 msgstr ""
 
 msgid "CICD|Jobs"
@@ -9850,9 +9853,6 @@ msgstr ""
 msgid "CICD|Limit access %{italicStart}from%{italicEnd} this project (Deprecated)"
 msgstr ""
 
-msgid "CICD|Limit access %{italicStart}to%{italicEnd} this project"
-msgstr ""
-
 msgid "CICD|Maintainer"
 msgstr ""
 
@@ -9865,7 +9865,7 @@ msgstr ""
 msgid "CICD|Prevent CI/CD job tokens from this project from being used to access other projects unless the other project is added to the allowlist. It is a security risk to disable this feature, because unauthorized projects might attempt to retrieve an active token and access the API. %{linkStart}Learn more%{linkEnd}."
 msgstr ""
 
-msgid "CICD|The %{boldStart}Limit access %{boldEnd}%{italicAndBoldStart}from%{italicAndBoldEnd}%{boldStart} this project%{boldEnd} setting is deprecated and will be removed in the 18.0 milestone. Use the %{boldStart}Limit access %{boldEnd}%{italicAndBoldStart}to%{italicAndBoldEnd}%{boldStart} this project%{boldEnd} setting and allowlist instead. %{linkStart}How do I do this?%{linkEnd}"
+msgid "CICD|The %{boldStart}Limit access %{boldEnd}%{italicAndBoldStart}from%{italicAndBoldEnd}%{boldStart} this project%{boldEnd} setting is deprecated and will be removed in the 18.0 milestone. Use the %{boldStart}Allow CI/CD job token access%{boldEnd} setting and allowlist instead. %{linkStart}How do I do this?%{linkEnd}"
 msgstr ""
 
 msgid "CICD|The Auto DevOps pipeline runs by default in all projects with no CI/CD configuration file. %{link_start}What is Auto DevOps?%{link_end}"
@@ -9883,6 +9883,9 @@ msgstr ""
 msgid "CICD|Use separate caches for protected branches"
 msgstr ""
 
+msgid "CICD|When enabled, groups and projects listed in the allowlist are authorized to use a CI/CD job token to authenticate requests to this project. %{linkStart}Learn more%{linkEnd}."
+msgstr ""
+
 msgid "CICD|group enabled"
 msgstr ""
 
@@ -14596,7 +14599,7 @@ msgstr ""
 msgid "Contributor analytics"
 msgstr ""
 
-msgid "Control how the CI_JOB_TOKEN CI/CD variable is used for API access between projects."
+msgid "Control whether CI/CD job tokens can be used to authenticate with this project."
 msgstr ""
 
 msgid "Control whether to display customer experience improvement content and third-party offers in GitLab."
@@ -29250,6 +29253,9 @@ msgstr ""
 msgid "Job logs and artifacts"
 msgstr ""
 
+msgid "Job token permissions"
+msgstr ""
+
 msgid "Job was retried"
 msgstr ""
 
@@ -54296,9 +54302,6 @@ msgstr ""
 msgid "Token"
 msgstr ""
 
-msgid "Token Access"
-msgstr ""
-
 msgid "Token name"
 msgstr ""