diff --git a/macros/iam/login-member.mdx b/macros/iam/login-member.mdx
index 7041f5abc3..478837e119 100644
--- a/macros/iam/login-member.mdx
+++ b/macros/iam/login-member.mdx
@@ -10,7 +10,7 @@ macro: login-member
3. Enter the Organization ID and click **Continue**.
- When you are added to an Organization as a Member, a Scaleway account is automatically created for you. An Organization administrator must provide a username, email and Organization ID for you to log in.
- - If your Organization admin provided a [link to connect directly](/organizations-and-projects/how-to/set-organization-alias) to your Organization, you can disregard step 3.
+ - If your Organization admin provided a [link to connect directly](/organization-security/how-to/set-organization-alias) to your Organization, you can disregard step 3.
4. Select an authentication method between **Send code**, **Enter password** and **SSO** (Google or Github).
diff --git a/menu/navigation.ts b/menu/navigation.ts
index 943cc5f63c..1c71f6dfe3 100644
--- a/menu/navigation.ts
+++ b/menu/navigation.ts
@@ -47,7 +47,8 @@ import { managedMongodbDatabasesMenu } from "../pages/managed-mongodb-databases/
import { natsMenu } from "../pages/nats/menu"
import { objectStorageMenu } from "../pages/object-storage/menu"
import { openSearchMenu } from "../pages/opensearch/menu"
-import { organizationsAndProjectsMenu } from '../pages/organizations-and-projects/menu'
+import { organizationsAndProjectsMenu } from "../pages/organizations-and-projects/menu"
+import { organizationSecurityMenu } from "../pages/organization-security/menu"
import { partnerSpaceMenu } from "../pages/partner-space/menu"
import { publicGatewaysMenu } from "../pages/public-gateways/menu"
import { queuesMenu } from "../pages/queues/menu"
@@ -73,6 +74,7 @@ export default [
icon: 'OrganizationDashboardCategoryIcon',
items: [
accountMenu,
+ organizationsAndProjectsMenu,
],
label: 'Account',
category: 'console',
@@ -89,9 +91,9 @@ export default [
{
icon: 'SecurityCategoryIcon',
items: [
+ organizationSecurityMenu,
iamMenu,
keyManagerMenu,
- organizationsAndProjectsMenu,
secretManagerMenu,
],
label: 'Security & Identity',
diff --git a/pages/iam/concepts.mdx b/pages/iam/concepts.mdx
index 3e1604c57d..b8c8403efd 100644
--- a/pages/iam/concepts.mdx
+++ b/pages/iam/concepts.mdx
@@ -45,10 +45,6 @@ The Common Expression Language (CEL) is used to define expressions in [condition
A condition is an additional layer of restrictions for your rule. You can allow access to specific user agents or IP addresses, and allow actions to be performed only at certain dates and times. Conditions are defined through [CEL](#common-expression-language-cel) expressions, and can be set up and configured in the Scaleway console. Refer to the [Understanding policy conditions](/iam/reference-content/understanding-policy-conditions) documentation page to learn how they are set up and how you can define them.
-## Grace period
-
-The grace period is the time an [IAM Member](#members) has to comply with the security requirements that are enforced in your Organization before their account is automatically locked. The accounts can be manually unlocked by an Owner or IAM Manager. Upon regaining access, the grace period resets, giving IAM Members another chance to meet security requirements.
-
## Group
A group (also known as an IAM group) is a grouping of [users](#user) and/or [applications](#application). Creating groups allows you to attach [policies](#policy) to multiple users and/or applications at the same time.
@@ -69,7 +65,7 @@ You can also create non-human users in your Organization, called [IAM applicatio
You are a Member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created. This is Scaleway's method for allowing Organizations to have multiple users.
-As a Member you are subject to [complying with the security requirements](/iam/how-to/comply-with-sec-requirements-member) in effect in your Organization. [Logging into an Organization as a Member](/iam/how-to/log-in-as-a-member) is also different from [logging in as an Owner](/account/how-to/log-in-to-the-console).
+As a Member you are subject to [complying with the security requirements](/organization-security/how-to/comply-with-sec-requirements-member) in effect in your Organization. [Logging into an Organization as a Member](/organization-security/how-to/log-in-as-a-member) is also different from [logging in as an Owner](/account/how-to/log-in-to-the-console).
## Organization
diff --git a/pages/iam/how-to/manage-members.mdx b/pages/iam/how-to/manage-members.mdx
index 643c5ef0e5..9f767af24a 100644
--- a/pages/iam/how-to/manage-members.mdx
+++ b/pages/iam/how-to/manage-members.mdx
@@ -26,11 +26,11 @@ Watch our interactive demo for a visual guide on how to manage IAM Members on th
2. Click **+ Add user**. A pop-up displays.
3. Enter the username of the Member you want to add to your Organization.
- When you create a Member, a Scaleway account is created for them. They exist only within your Organization. If you delete the Member, their account is also deleted. Make sure you inform your Members that [logging into an Organization as a Member](/iam/how-to/log-in-as-a-member) is different from [logging in as an Owner](/account/how-to/log-in-to-the-console).
+ When you create a Member, a Scaleway account is created for them. They exist only within your Organization. If you delete the Member, their account is also deleted. Make sure you inform your Members that [logging into an Organization as a Member](/organization-security/how-to/log-in-as-a-member) is different from [logging in as an Owner](/account/how-to/log-in-to-the-console).
4. (Optional) Add a password.
- If you set a password, make sure you keep note of it to share it with the Member later. The password will only be shown once. If password renewal is enforced in the Organization, from their first login, the Member must update their password. They must comply with this security requirement within the [grace period](/iam/concepts#grace-period) defined for your Organization.
+ If you set a password, make sure you keep note of it to share it with the Member later. The password will only be shown once. If password renewal is enforced in the Organization, from their first login, the Member must update their password. They must comply with this security requirement within the [grace period](/organization-security/concepts#grace-period) defined for your Organization.
5. (Optional) Check the box if you want to send the password to the Member via email.
6. Click **Next**.
@@ -87,7 +87,7 @@ The Member is locked, their name is displayed in red, and their status is marked
If a Member is locked you can unlock them anytime as an Owner or user with IAM Manager permissions. Their name is displayed in red and their status is marked as `Locked` in the IAM users list.
- If a Member fails to [comply with security requirements](/iam/how-to/log-in-as-a-member#how-to-comply-with-security-requirements) by the end of the [grace period](/iam/concepts#grace-period), they are automatically locked and are not able to connect to the Organization until they are manually unlocked.
+ If a Member fails to [comply with security requirements](/organization-security/how-to/log-in-as-a-member#how-to-comply-with-security-requirements) by the end of the [grace period](/organization-security/concepts#grace-period), they are automatically locked and are not able to connect to the Organization until they are manually unlocked.
1. Click **IAM & API keys** on the top-right drop-down menu of the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
@@ -145,12 +145,12 @@ The updated information appears in the credentials tab.
For the increased security of your Organization, you can enforce different security measures for your IAM Members.
-Refer to the dedicated [How to enforce security for Members](/iam/how-to/enforce-security-requirements-members/) documentation page to find out:
+Refer to the dedicated [How to enforce security for Members](/organization-security/how-to/enforce-security-requirements-members/) documentation page to find out:
-- [How to disable a Member's MFA](/iam/how-to/enforce-security-requirements-members/#how-to-disable-a-members-mfa)
-- [How to enforce password renewal](/iam/how-to/enforce-security-requirements-members/#how-to-enforce-password-renewal)
-- [How to stop enforcing password renewal](/iam/how-to/enforce-security-requirements-members/#how-to-stop-enforcing-password-renewal)
-- [How to edit the grace period of your Organization](/iam/how-to/enforce-security-requirements-members/#how-to-edit-the-grace-period-of-your-organization)
+- [How to disable a Member's MFA](/organization-security/how-to/enforce-security-requirements-members/#how-to-disable-a-members-mfa)
+- [How to enforce password renewal](/organization-security/how-to/enforce-security-requirements-members/#how-to-enforce-password-renewal)
+- [How to stop enforcing password renewal](/organization-security/how-to/enforce-security-requirements-members/#how-to-stop-enforcing-password-renewal)
+- [How to edit the grace period of your Organization](/organization-security/how-to/enforce-security-requirements-members/#how-to-edit-the-grace-period-of-your-organization)
## How to delete a Member
diff --git a/pages/iam/menu.ts b/pages/iam/menu.ts
index 051720b5e9..675e0b30ae 100644
--- a/pages/iam/menu.ts
+++ b/pages/iam/menu.ts
@@ -18,14 +18,6 @@ export const iamMenu = {
},
{
items: [
- {
- label: 'Log in as a Member',
- slug: 'log-in-as-a-member',
- },
- {
- label: 'Comply with security requirements as a Member',
- slug: 'comply-with-sec-requirements-member',
- },
{
label: 'Create API keys',
slug: 'create-api-keys',
@@ -38,18 +30,6 @@ export const iamMenu = {
label: 'Manage Members',
slug: 'manage-members',
},
- {
- label: 'Enforce security requirements for Members',
- slug: 'enforce-security-requirements-members',
- },
- {
- label: 'How to set up identity federation',
- slug: 'set-up-identity-federation'
- },
- {
- label: 'How to set up SSO with Authentik',
- slug: 'set-up-sso-with-authentik'
- },
{
label: 'Create an application',
slug: 'create-application',
diff --git a/pages/iam/reference-content/users-groups-and-applications.mdx b/pages/iam/reference-content/users-groups-and-applications.mdx
index eff99a9d37..04275fd35c 100644
--- a/pages/iam/reference-content/users-groups-and-applications.mdx
+++ b/pages/iam/reference-content/users-groups-and-applications.mdx
@@ -18,7 +18,7 @@ An IAM user is a human user in an Organization.
They can be of two types:
- **Owner** - you are the Owner of the Organization that was created with your account.
-- **Member** - you are a member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are added. As a member you are subject to [complying with the security requirements](/iam/how-to/comply-with-sec-requirements-member/) in effect in your Organization.
+- **Member** - you are a member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are added. As a member you are subject to [complying with the security requirements](/organization-security/how-to/comply-with-sec-requirements-member/) in effect in your Organization.
Within each Organization, different IAM users can have different rights (defined through policies) to perform actions on resources.
diff --git a/pages/organization-security/concepts.mdx b/pages/organization-security/concepts.mdx
new file mode 100644
index 0000000000..58394c019f
--- /dev/null
+++ b/pages/organization-security/concepts.mdx
@@ -0,0 +1,53 @@
+---
+title: Organizations Security - Concepts
+description: This page explains all the concepts related to Organizations Security
+tags: authentication saml security
+dates:
+ validation: 2025-12-18
+---
+
+## Alias
+
+Each [Organization](#organization) can have an alias set up by an Organization Manager. Once set-up, all members can log in using a dedicated URL for the Organization using the alias, under the format [alias].account.scaleway.com
+
+## API key
+
+An API key is a unique identifier, used to authenticate requests made to the [Scaleway API](https://www.scaleway.com/en/developers/api/). An API key consists of an access key and a secret key. The access key is like a unique ID or username, and is not a sensitive piece of information. The secret key is more sensitive as it is like a password to authenticate the access key.
+
+API keys can have a validity duration defined by its creator. The maximum validity duration can also be enforced by an IAM administrator.
+
+## Console session
+
+A console session is an active, authenticated user session that allows interaction with the [Scaleway console](/account/concepts/#console). Console sessions duration can be limited by an [IAM administrator](#iam-administator).
+
+## Grace period
+
+The grace period is the time an [IAM Member](#members) has to comply with the security requirements that are enforced in your Organization before their account is automatically locked. The accounts can be manually unlocked by an Owner or [IAM Manager](#iam-manager). Upon regaining access, the grace period resets, giving IAM Members another chance to meet security requirements.
+
+## IAM manager
+
+An IAM manager can be the Owner of the Organization, or any IAM member with permission sets enabling them to perform administrative actions in the Organization, such as managing members or enforcing Security Requierements.
+
+
+## Identity Provider
+
+An Identity Provider (IdP) is a service that authenticates users and provides identity information to Scaleway to enable secure access through [Single Sign-On (SSO)](#single-sign-on)
+
+
+## Multi-Factor Authentication (MFA)
+
+Multi-factor authentication (MFA) is a security method that requires users to verify their identity using two or more independent factors, such as something they know, have, or are, before logging into an [Organization](/organizations-and-projects/concepts/#organization).
+
+## SAML
+
+Security Assertion Markup Language (SAML) is a standard protocol that enables secure authentication by exchanging identity and authorization data between an identity provider and a service provider.
+
+## Security requirements
+
+Security requirements are a set of actions that must be underdone by all members of an Organization to be compliant with its security standards. Security requirements can be enforced by an [IAM manager](#iam-manager).
+
+## Single Sign On
+
+Single sign-on (SSO) allows users to access multiple applications - including Scaleway - with one set of login credentials through a centralized authentication system.
+
+
diff --git a/pages/iam/how-to/comply-with-sec-requirements-member.mdx b/pages/organization-security/how-to/comply-with-sec-requirements-member.mdx
similarity index 82%
rename from pages/iam/how-to/comply-with-sec-requirements-member.mdx
rename to pages/organization-security/how-to/comply-with-sec-requirements-member.mdx
index f402e69d12..acfd4d3081 100644
--- a/pages/iam/how-to/comply-with-sec-requirements-member.mdx
+++ b/pages/organization-security/how-to/comply-with-sec-requirements-member.mdx
@@ -7,10 +7,9 @@ dates:
---
import Requirements from '@macros/iam/requirements.mdx'
-import image from './assets/scaleway-iam-member-sec-req.webp'
-Upon your [first login as a Member](/iam/how-to/log-in-as-a-member), you must comply with your Organization's security requirements to ensure you can log in without issues in the future.
+Upon your [first login as a Member](/organization-security/how-to/log-in-as-a-member), you must comply with your Organization's security requirements to ensure you can log in without issues in the future.
@@ -25,8 +24,6 @@ Organization administrators may require you to perform two different security ac
If one of these requirements is enforced in your Organization, a security checklist will display in your Scaleway console when you log in for the first time.
-
-
The security requirements checklist is only visible to new Members who have not complied with their Organization's security requirements.
diff --git a/pages/organizations-and-projects/how-to/enforce-mfa.mdx b/pages/organization-security/how-to/enforce-mfa.mdx
similarity index 100%
rename from pages/organizations-and-projects/how-to/enforce-mfa.mdx
rename to pages/organization-security/how-to/enforce-mfa.mdx
diff --git a/pages/iam/how-to/enforce-security-requirements-members.mdx b/pages/organization-security/how-to/enforce-security-requirements-members.mdx
similarity index 94%
rename from pages/iam/how-to/enforce-security-requirements-members.mdx
rename to pages/organization-security/how-to/enforce-security-requirements-members.mdx
index 9ac62d91d9..cecb5a4a53 100644
--- a/pages/iam/how-to/enforce-security-requirements-members.mdx
+++ b/pages/organization-security/how-to/enforce-security-requirements-members.mdx
@@ -49,7 +49,7 @@ If [Multifactor Authentication (MFA) is enabled](/account/how-to/use-2fa) for a
4. Scroll to the **Disable multifactor authentication** section.
5. Click **Disable MFA**. A pop-up appears.
- Keep in mind that disabling MFA means a member will no longer be required to sign in with MFA. If [MFA is enforced](/organizations-and-projects/how-to/enforce-mfa) at the Organization level, the member will have a grace period allowing them to enable it again.
+ Keep in mind that disabling MFA means a member will no longer be required to sign in with MFA. If [MFA is enforced](/organization-security/how-to/enforce-mfa) at the Organization level, the member will have a grace period allowing them to enable it again.
6. Type **DISABLE** in the box and click **Confirm**.
@@ -58,7 +58,7 @@ If [Multifactor Authentication (MFA) is enabled](/account/how-to/use-2fa) for a
You can enforce MFA for all users in your Organization, including members.
- Refer to the [How to enforce MFA](/organizations-and-projects/how-to/enforce-mfa) documentation page for more information.
+ Refer to the [How to enforce MFA](/organization-security/how-to/enforce-mfa) documentation page for more information.
diff --git a/pages/iam/how-to/log-in-as-a-member.mdx b/pages/organization-security/how-to/log-in-as-a-member.mdx
similarity index 84%
rename from pages/iam/how-to/log-in-as-a-member.mdx
rename to pages/organization-security/how-to/log-in-as-a-member.mdx
index cb23eec7a9..c4ff6a18e9 100644
--- a/pages/iam/how-to/log-in-as-a-member.mdx
+++ b/pages/organization-security/how-to/log-in-as-a-member.mdx
@@ -16,5 +16,5 @@ Learn how to do so by following our guided tour or reading the instructions belo
-Once you have successfully logged in for the first time, you must then comply with your Organization's security requirements to ensure you can log in without issues in the future. Refer to the [How to comply with security requirements as a Member](/iam/how-to/comply-with-sec-requirements-member) documentation page to follow the procedure.
+Once you have successfully logged in for the first time, you must then comply with your Organization's security requirements to ensure you can log in without issues in the future. Refer to the [How to comply with security requirements as a Member](/organization-security/how-to/comply-with-sec-requirements-member) documentation page to follow the procedure.
\ No newline at end of file
diff --git a/pages/organizations-and-projects/how-to/set-organization-alias.mdx b/pages/organization-security/how-to/set-organization-alias.mdx
similarity index 93%
rename from pages/organizations-and-projects/how-to/set-organization-alias.mdx
rename to pages/organization-security/how-to/set-organization-alias.mdx
index 6f8d7cfd3b..69977de9e0 100644
--- a/pages/organizations-and-projects/how-to/set-organization-alias.mdx
+++ b/pages/organization-security/how-to/set-organization-alias.mdx
@@ -30,4 +30,4 @@ An alias is a string of characters used to identify the Organization during memb
4. Click **Confirm**. Your Organization alias displays in the Organization Information section.
5. Navigate to `.account.scaleway.com/`, replacing `` with your alias to test.
-You can now share this link with members so they [can log in directly](/iam/how-to/log-in-as-a-member) to your Organization without filling out the Organization ID.
\ No newline at end of file
+You can now share this link with members so they [can log in directly](/organization-security/how-to/log-in-as-a-member) to your Organization without filling out the Organization ID.
\ No newline at end of file
diff --git a/pages/iam/how-to/set-up-identity-federation.mdx b/pages/organization-security/how-to/set-up-identity-federation.mdx
similarity index 100%
rename from pages/iam/how-to/set-up-identity-federation.mdx
rename to pages/organization-security/how-to/set-up-identity-federation.mdx
diff --git a/pages/iam/how-to/set-up-sso-with-authentik.mdx b/pages/organization-security/how-to/set-up-sso-with-authentik.mdx
similarity index 100%
rename from pages/iam/how-to/set-up-sso-with-authentik.mdx
rename to pages/organization-security/how-to/set-up-sso-with-authentik.mdx
diff --git a/pages/organization-security/index.mdx b/pages/organization-security/index.mdx
new file mode 100644
index 0000000000..0e055580ad
--- /dev/null
+++ b/pages/organization-security/index.mdx
@@ -0,0 +1,32 @@
+---
+title: Organization Security Documentation
+description: Dive into Scaleway Organization security with our concepts and how-tos.
+---
+
+
+
+## Getting Started
+
+
+
+
+
+
diff --git a/pages/organization-security/menu.ts b/pages/organization-security/menu.ts
new file mode 100644
index 0000000000..c42b2a8329
--- /dev/null
+++ b/pages/organization-security/menu.ts
@@ -0,0 +1,48 @@
+export const organizationSecurityMenu = {
+ items: [
+ {
+ label: 'Overview',
+ slug: '../organization-security',
+ },
+ {
+ label: 'Concepts',
+ slug: 'concepts',
+ },
+ {
+ items: [
+ {
+ label: 'Log in as a Member',
+ slug: 'log-in-as-a-member',
+ },
+ {
+ label: 'Comply with security requirements as a Member',
+ slug: 'comply-with-sec-requirements-member',
+ },
+ {
+ label: 'Enforce security requirements for Members',
+ slug: 'enforce-security-requirements-members',
+ },
+ {
+ label: "Set an Organization alias",
+ slug: "set-organization-alias"
+ },
+ {
+ label: 'Set up identity federation',
+ slug: 'set-up-identity-federation'
+ },
+ {
+ label: 'Set up SSO with Authentik',
+ slug: 'set-up-sso-with-authentik'
+ },
+ {
+ label: 'Enforce multifactor authentication',
+ slug: 'enforce-mfa',
+ },
+ ],
+ label: 'How to',
+ slug: 'how-to',
+ },
+ ],
+ label: 'Organization Security',
+ slug: 'organization-security',
+}
diff --git a/pages/organizations-and-projects/concepts.mdx b/pages/organizations-and-projects/concepts.mdx
index 31df70fd5d..24efd80bc9 100644
--- a/pages/organizations-and-projects/concepts.mdx
+++ b/pages/organizations-and-projects/concepts.mdx
@@ -14,9 +14,7 @@ Each [Organization](#organization) has at least one associated [Project](#projec
## Organization
-An Organization is made of one or several [Projects](#project). When you create your Scaleway account, an Organization is automatically created, of which you are the Owner. You can also be added to an existing Organization as a [Member](#member).
-
-When you create [IAM rules](#rule), you can set their scope at Organization level. This means you can give access to features managed at Organization level, like billing and IAM, to users, applications, and groups in your Organization.
+An Organization is made of one or several [Projects](#project). When you create your Scaleway account, an Organization is automatically created, of which you are the Owner. You can also be added to an existing Organization as a [Member](/iam/concepts/#member).
diff --git a/pages/organizations-and-projects/menu.ts b/pages/organizations-and-projects/menu.ts
index 55163f64c0..c01082f370 100644
--- a/pages/organizations-and-projects/menu.ts
+++ b/pages/organizations-and-projects/menu.ts
@@ -18,10 +18,6 @@ export const organizationsAndProjectsMenu = {
label: 'Manage Organization quotas',
slug: 'manage-quotas',
},
- {
- "label": "Set an Organization alias",
- "slug": "set-organization-alias"
- },
{
label: 'Create a Project',
slug: 'create-a-project',
@@ -34,10 +30,6 @@ export const organizationsAndProjectsMenu = {
label: 'Generate an SSH key',
slug: 'create-ssh-key',
},
- {
- label: 'Enforce multifactor authentication',
- slug: 'enforce-mfa',
- },
{
label: 'Add resources to a Project',
slug: 'add-resources-project',