diff --git a/openedx/core/djangoapps/oauth_dispatch/docs/decisions/0005-restricted-application-for-SSO.rst b/openedx/core/djangoapps/oauth_dispatch/docs/decisions/0005-restricted-application-for-SSO.rst
index d0ff2e2505..4a517de763 100644
--- a/openedx/core/djangoapps/oauth_dispatch/docs/decisions/0005-restricted-application-for-SSO.rst
+++ b/openedx/core/djangoapps/oauth_dispatch/docs/decisions/0005-restricted-application-for-SSO.rst
@@ -4,7 +4,9 @@
 Status
 ------
 
-Accepted
+Partially Replaced (see ADR `Enforce Scopes in LMS APIs`_)
+
+.. _Enforce Scopes in LMS APIs: https://github.com/openedx/edx-platform/blob/master/openedx/core/djangoapps/oauth_dispatch/docs/decisions/0006-enforce-scopes-in-LMS-APIs.rst#3-restricted-applications-receive-unexpired-jwts-signed-with-a-new-key
 
 Context
 -------
@@ -38,6 +40,9 @@ Although these applications can still request access tokens via the usual
 Authorization Code grant protocol, issue them only **expired** access tokens
 so they cannot make unauthorized calls to our API endpoints.
 
+.. note::
+    Although we still use the new model for "Restricted Applications", the decision to use **expired** access tokens has been superseded by ADR `Enforce Scopes in LMS APIs`_. That ADR specifies a different method to restrict "Restricted Applications" from accessing API endpoints that have not implemented Scopes.
+
 Consequences
 ------------