1 files changed, 13 insertions, 2 deletions

diff --git a/doc/security/token_overview.md b/doc/security/token_overview.md
index a36d72f128d..8acd4a125ce 100644
--- a/doc/security/token_overview.md
+++ b/doc/security/token_overview.md
@@ -77,7 +77,7 @@ Project maintainers and owners can add or enable a deploy key for a project repo
 ## Runner registration tokens (deprecated)
 
 WARNING:
-The ability to pass a runner registration token was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and is
+The ability to pass a runner registration token has been [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) and is
 planned for removal in 17.0, along with support for certain configuration arguments. This change is a breaking change. GitLab plans to introduce a new
 [GitLab Runner token architecture](../architecture/blueprints/runner_tokens/index.md), which introduces
 a new method for registering runners and eliminates the
@@ -89,7 +89,7 @@ You can use the runner registration token to add runners that execute jobs in a
 
 ## Runner authentication tokens (also called runner tokens)
 
-After registration, the runner receives an authentication token, which it uses to authenticate with GitLab when picking up jobs from the job queue. The authentication token is stored locally in the runner's [`config.toml`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html) file.
+Once created, the runner receives an authentication token, which it uses to authenticate with GitLab when picking up jobs from the job queue. The authentication token is stored locally in the runner's [`config.toml`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html) file.
 
 After authentication with GitLab, the runner receives a [job token](../ci/jobs/ci_job_token.md), which it uses to execute the job.
 
@@ -97,6 +97,17 @@ In case of Docker Machine/Kubernetes/VirtualBox/Parallels/SSH executors, the exe
 
 Malicious access to a runner's file system may expose the `config.toml` file and thus the authentication token, allowing an attacker to [clone the runner](https://docs.gitlab.com/runner/security/#cloning-a-runner).
 
+In GitLab 16.0 and later, you can use an authentication token to register runners instead of a
+registration token. Runner registration tokens have been [deprecated](../update/deprecations.md#registration-tokens-and-server-side-runner-arguments-in-gitlab-runner-register-command).
+
+To generate an authentication token, you create a runner in the GitLab UI and use the authentication token
+instead of the registration token.
+
+| Process            | Registration command  |
+| ------------------ | --------------------- |
+| Registration token (deprecated) | `gitlab-runner register --registration-token $RUNNER_REGISTRATION_TOKEN <runner configuration arguments>` |
+| Authentication token | `gitlab-runner register --token $RUNNER_AUTHENTICATION_TOKEN` |
+
 ## CI/CD job tokens
 
 The [CI/CD](../ci/jobs/ci_job_token.md) job token