diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1bb795ba7..31a9648fc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,20 @@
+## 17.3.1 (2024-08-27)
+
+This release was tested against GitLab 17.3, 17.2, and 17.1 for both CE and EE
+
+## Improvements (1 change)
+
+- [The provider now uses an exponential backoff when no RateLimit-Reset headers are sent from GitLab]() by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2073))
+
+## Bug Fixes (7 changes)
+
+- resource/gitlab_project_access_token: [Fixed an error when applying an update using a plan file that could cause the ID to return an error when rotating](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request}(https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)])
+- resource/gitlab_project_access_token: [Fixed an error when applying an update using a plan from from a previous day to rotate an access token](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request}(https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)])
+- resource/gitlab_group_access_token: [Fixed an error when applying an update using a plan file that could cause the ID to return an error when rotating](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request}(https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)])
+- resource/gitlab_group_access_token: [Fixed an error when applying an update using a plan from from a previous day to rotate an access token](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request}(https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)])
+- resource/gitlab_group_protected_environment: [Updated documentation for `deploy_access_levels` to be more specific](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/0d01e91b32fadd6980e666b11c877fe97c2ee45a) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2072))
+- resource/gitlab_project_protected_environment: [Updated documentation for `deploy_access_levels` to be more specific](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/0d01e91b32fadd6980e666b11c877fe97c2ee45a) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2072))
+- resource/gitlab_group_saml_link: [Updated documentation for `access_level` to be more descriptive when using custom roles](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/98d0762153fd4ec01d7df62ce5f991bc5b342d82) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2071))
 
 ## 17.3.0 (2024-08-15)
 
diff --git a/docs/resources/group_protected_environment.md b/docs/resources/group_protected_environment.md
index 28f468d45..65f9d3065 100644
--- a/docs/resources/group_protected_environment.md
+++ b/docs/resources/group_protected_environment.md
@@ -130,13 +130,13 @@ resource "gitlab_group_protected_environment" "example_with_multiple" {
 
 ### Required
 
-- `deploy_access_levels` (Attributes Set) Array of access levels allowed to deploy, with each described by a hash. (see [below for nested schema](#nestedatt--deploy_access_levels))
+- `deploy_access_levels` (Attributes Set) Array of access levels allowed to deploy, with each described by a hash. Elements in the `deploy_access_levels` should be one of `user_id`, `group_id` or `access_level`. (see [below for nested schema](#nestedatt--deploy_access_levels))
 - `environment` (String) The deployment tier of the environment.  Valid values are `production`, `staging`, `testing`, `development`, `other`.
 - `group` (String) The ID or full path of the group which the protected environment is created against.
 
 ### Optional
 
-- `approval_rules` (Attributes Set) Array of approval rules to deploy, with each described by a hash. (see [below for nested schema](#nestedatt--approval_rules))
+- `approval_rules` (Attributes Set) Array of approval rules to deploy, with each described by a hash. Elements in the `approval_rules` should be one of `user_id`, `group_id` or `access_level`. (see [below for nested schema](#nestedatt--approval_rules))
 
 ### Read-Only
 
@@ -147,10 +147,10 @@ resource "gitlab_group_protected_environment" "example_with_multiple" {
 
 Optional:
 
-- `access_level` (String) Levels of access required to deploy to this protected environment. Valid values are `developer`, `maintainer`.
-- `group_id` (Number) The ID of the group allowed to deploy to this protected environment. The group must be a sub-group under the given group.
+- `access_level` (String) Levels of access required to deploy to this protected environment. Mutually exclusive with `user_id` and `group_id`. Valid values are `developer`, `maintainer`.
+- `group_id` (Number) The ID of the group allowed to deploy to this protected environment. The group must be a sub-group under the given group. Mutually exclusive with `access_level` and `user_id`.
 - `group_inheritance_type` (Number) Group inheritance allows deploy access levels to take inherited group membership into account. Valid values are `0`, `1`. `0` => Direct group membership only, `1` => All inherited groups. Default: `0`
-- `user_id` (Number) The ID of the user allowed to deploy to this protected environment. The user must be a member of the group with Maintainer role or higher.
+- `user_id` (Number) The ID of the user allowed to deploy to this protected environment. The user must be a member of the group with Maintainer role or higher. Mutually exclusive with `access_level` and `group_id`.
 
 Read-Only:
 
@@ -163,11 +163,11 @@ Read-Only:
 
 Optional:
 
-- `access_level` (String) Levels of access allowed to approve a deployment to this protected environment. Valid values are `developer`, `maintainer`.
-- `group_id` (Number) The ID of the group allowed to approve a deployment to this protected environment. TThe group must be a sub-group under the given group. This is mutually exclusive with user_id.
+- `access_level` (String) Levels of access allowed to approve a deployment to this protected environment. Mutually exclusive with `user_id` and `group_id`. Valid values are `developer`, `maintainer`.
+- `group_id` (Number) The ID of the group allowed to approve a deployment to this protected environment. TThe group must be a sub-group under the given group. Mutually exclusive with `access_level` and `user_id`.
 - `group_inheritance_type` (Number) Group inheritance allows access rules to take inherited group membership into account. Valid values are `0`, `1`. `0` => Direct group membership only, `1` => All inherited groups. Default: `0`
 - `required_approvals` (Number) The number of approval required to allow deployment to this protected environment. This is mutually exclusive with user_id.
-- `user_id` (Number) The ID of the user allowed to approve a deployment to this protected environment. The user must be a member of the group with Maintainer role or higher. This is mutually exclusive with group_id and required_approvals.
+- `user_id` (Number) The ID of the user allowed to approve a deployment to this protected environment. The user must be a member of the group with Maintainer role or higher. Mutually exclusive with `access_level` and `group_id`.
 
 Read-Only:
 
diff --git a/docs/resources/group_saml_link.md b/docs/resources/group_saml_link.md
index 77437dbe2..4403833d1 100644
--- a/docs/resources/group_saml_link.md
+++ b/docs/resources/group_saml_link.md
@@ -24,6 +24,8 @@ resource "gitlab_group_saml_link" "test" {
 }
 
 # Example using a Custom Role (Ultimate only)
+# When using the custom role, the `access_level` must match the
+# base role used to create the custom role.
 resource "gitlab_group_saml_link" "test_custom_role" {
   group           = "12345"
   access_level    = "developer"
@@ -43,7 +45,7 @@ resource "gitlab_group_saml_link" "test_custom_role" {
 
 ### Optional
 
-- `member_role_id` (Number) The ID of a custom member role. Only available for Ultimate instances.
+- `member_role_id` (Number) The ID of a custom member role. Only available for Ultimate instances. When using a custom role, the `access_level` must match the base role used to create the custom role.
 
 ### Read-Only
 
diff --git a/docs/resources/project_protected_environment.md b/docs/resources/project_protected_environment.md
index 3bf7b63b4..38e03f6ca 100644
--- a/docs/resources/project_protected_environment.md
+++ b/docs/resources/project_protected_environment.md
@@ -132,8 +132,8 @@ resource "gitlab_project_protected_environment" "example_with_multiple" {
 
 ### Optional
 
-- `approval_rules` (Attributes List) Array of approval rules to deploy, with each described by a hash. (see [below for nested schema](#nestedatt--approval_rules))
-- `deploy_access_levels` (Block Set) Array of access levels allowed to deploy, with each described by a hash. (see [below for nested schema](#nestedblock--deploy_access_levels))
+- `approval_rules` (Attributes List) Array of approval rules to deploy, with each described by a hash. Elements in the `approval_rules` should be one of `user_id`, `group_id` or `access_level`. (see [below for nested schema](#nestedatt--approval_rules))
+- `deploy_access_levels` (Block Set) Array of access levels allowed to deploy, with each described by a hash.  Elements in the `deploy_access_levels` should be one of `user_id`, `group_id` or `access_level`. (see [below for nested schema](#nestedblock--deploy_access_levels))
 
 ### Read-Only
 
@@ -144,11 +144,11 @@ resource "gitlab_project_protected_environment" "example_with_multiple" {
 
 Optional:
 
-- `access_level` (String) Levels of access allowed to approve a deployment to this protected environment. Valid values are `developer`, `maintainer`.
-- `group_id` (Number) The ID of the group allowed to approve a deployment to this protected environment. The project must be shared with the group. This is mutually exclusive with user_id.
+- `access_level` (String) Levels of access allowed to approve a deployment to this protected environment. Mutually exclusive with `user_id` and `group_id`. Valid values are `developer`, `maintainer`.
+- `group_id` (Number) The ID of the group allowed to approve a deployment to this protected environment. The project must be shared with the group. Mutually exclusive with `access_level` and `user_id`.
 - `group_inheritance_type` (Number) Group inheritance allows deploy access levels to take inherited group membership into account. Valid values are `0`, `1`. `0` => Direct group membership only, `1` => All inherited groups. Default: `0`
 - `required_approvals` (Number) The number of approval required to allow deployment to this protected environment. This is mutually exclusive with user_id.
-- `user_id` (Number) The ID of the user allowed to approve a deployment to this protected environment. The user must be a member of the project. This is mutually exclusive with group_id and required_approvals.
+- `user_id` (Number) The ID of the user allowed to approve a deployment to this protected environment. The user must be a member of the project. Mutually exclusive with `access_level` and `group_id`.
 
 Read-Only:
 
@@ -161,10 +161,10 @@ Read-Only:
 
 Optional:
 
-- `access_level` (String) Levels of access required to deploy to this protected environment. Valid values are `developer`, `maintainer`.
-- `group_id` (Number) The ID of the group allowed to deploy to this protected environment. The project must be shared with the group.
+- `access_level` (String) Levels of access required to deploy to this protected environment. Mutually exclusive with `user_id` and `group_id`. Valid values are `developer`, `maintainer`.
+- `group_id` (Number) The ID of the group allowed to deploy to this protected environment. The project must be shared with the group. Mutually exclusive with `access_level` and `user_id`.
 - `group_inheritance_type` (Number) Group inheritance allows deploy access levels to take inherited group membership into account. Valid values are `0`, `1`. `0` => Direct group membership only, `1` => All inherited groups. Default: `0`
-- `user_id` (Number) The ID of the user allowed to deploy to this protected environment. The user must be a member of the project.
+- `user_id` (Number) The ID of the user allowed to deploy to this protected environment. The user must be a member of the project. Mutually exclusive with `access_level` and `group_id`.
 
 Read-Only: