feat(iam): change iam doc structure

macros/iam/login-member.mdx

@@ -10,7 +10,7 @@ macro: login-member
 3. Enter the Organization ID and click **Continue**.
     <Message type="important">
       - When you are added to an Organization as a Member, a Scaleway account is automatically created for you. An Organization administrator must provide a username, email and Organization ID for you to log in.
-      - If your Organization admin provided a [link to connect directly](/organizations-and-projects/how-to/set-organization-alias) to your Organization, you can disregard step 3.
+      - If your Organization admin provided a [link to connect directly](/organization-security/how-to/set-organization-alias) to your Organization, you can disregard step 3.
     </Message>
 4. Select an authentication method between **Send code**, **Enter password** and **SSO** (Google or Github).
     <Tabs>

menu/navigation.ts

@@ -47,7 +47,8 @@ import { managedMongodbDatabasesMenu } from "../pages/managed-mongodb-databases/
 import { natsMenu } from "../pages/nats/menu"
 import { objectStorageMenu } from "../pages/object-storage/menu"
 import { openSearchMenu } from "../pages/opensearch/menu"
-import { organizationsAndProjectsMenu } from '../pages/organizations-and-projects/menu'
+import { organizationsAndProjectsMenu } from "../pages/organizations-and-projects/menu"
+import { organizationSecurityMenu } from "../pages/organization-security/menu"
 import { partnerSpaceMenu } from "../pages/partner-space/menu"
 import { publicGatewaysMenu } from "../pages/public-gateways/menu"
 import { queuesMenu } from "../pages/queues/menu"
@@ -73,6 +74,7 @@ export default [
         icon: 'OrganizationDashboardCategoryIcon',
         items: [
           accountMenu,
+          organizationsAndProjectsMenu,
         ],
         label: 'Account',
         category: 'console',
@@ -89,9 +91,9 @@ export default [
       {
         icon: 'SecurityCategoryIcon',
         items: [
+          organizationSecurityMenu,
           iamMenu,
           keyManagerMenu,
-          organizationsAndProjectsMenu,
           secretManagerMenu,
         ],
         label: 'Security & Identity',

pages/iam/concepts.mdx

@@ -45,10 +45,6 @@ The Common Expression Language (CEL) is used to define expressions in [condition
 
 A condition is an additional layer of restrictions for your rule. You can allow access to specific user agents or IP addresses, and allow actions to be performed only at certain dates and times. Conditions are defined through [CEL](#common-expression-language-cel) expressions, and can be set up and configured in the Scaleway console. Refer to the [Understanding policy conditions](/iam/reference-content/understanding-policy-conditions) documentation page to learn how they are set up and how you can define them.
 
-## Grace period
-
-The grace period is the time an [IAM Member](#members) has to comply with the security requirements that are enforced in your Organization before their account is automatically locked. The accounts can be manually unlocked by an Owner or IAM Manager. Upon regaining access, the grace period resets, giving IAM Members another chance to meet security requirements.
-
 ## Group
 
 A group (also known as an IAM group) is a grouping of [users](#user) and/or [applications](#application). Creating groups allows you to attach [policies](#policy) to multiple users and/or applications at the same time.
@@ -69,7 +65,7 @@ You can also create non-human users in your Organization, called [IAM applicatio
 
 You are a Member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created. This is Scaleway's method for allowing Organizations to have multiple users.
 
-As a Member you are subject to [complying with the security requirements](/iam/how-to/comply-with-sec-requirements-member) in effect in your Organization. [Logging into an Organization as a Member](/iam/how-to/log-in-as-a-member) is also different from [logging in as an Owner](/account/how-to/log-in-to-the-console).
+As a Member you are subject to [complying with the security requirements](/organization-security/how-to/comply-with-sec-requirements-member) in effect in your Organization. [Logging into an Organization as a Member](/organization-security/how-to/log-in-as-a-member) is also different from [logging in as an Owner](/account/how-to/log-in-to-the-console).
 
 ## Organization
 

pages/iam/how-to/manage-members.mdx

@@ -26,11 +26,11 @@ Watch our interactive demo for a visual guide on how to manage IAM Members on th
 2. Click **+ Add user**. A pop-up displays.
 3. Enter the username of the Member you want to add to your Organization.
     <Message type="important">
-      When you create a Member, a Scaleway account is created for them. They exist only within your Organization. If you delete the Member, their account is also deleted. Make sure you inform your Members that [logging into an Organization as a Member](/iam/how-to/log-in-as-a-member) is different from [logging in as an Owner](/account/how-to/log-in-to-the-console).
+      When you create a Member, a Scaleway account is created for them. They exist only within your Organization. If you delete the Member, their account is also deleted. Make sure you inform your Members that [logging into an Organization as a Member](/organization-security/how-to/log-in-as-a-member) is different from [logging in as an Owner](/account/how-to/log-in-to-the-console).
     </Message>
 4. (Optional) Add a password.
     <Message type="note">
-      If you set a password, make sure you keep note of it to share it with the Member later. The password will only be shown once. If password renewal is enforced in the Organization, from their first login, the Member must update their password. They must comply with this security requirement within the [grace period](/iam/concepts#grace-period) defined for your Organization.
+      If you set a password, make sure you keep note of it to share it with the Member later. The password will only be shown once. If password renewal is enforced in the Organization, from their first login, the Member must update their password. They must comply with this security requirement within the [grace period](/organization-security/concepts#grace-period) defined for your Organization.
     </Message>
 5. (Optional) Check the box if you want to send the password to the Member via email.
 6. Click **Next**.
@@ -87,7 +87,7 @@ The Member is locked, their name is displayed in red, and their status is marked
 If a Member is locked you can unlock them anytime as an Owner or user with IAM Manager permissions. Their name is displayed in red and their status is marked as `Locked` in the IAM users list.
 
 <Message type="important">
-  If a Member fails to [comply with security requirements](/iam/how-to/log-in-as-a-member#how-to-comply-with-security-requirements) by the end of the [grace period](/iam/concepts#grace-period), they are automatically locked and are not able to connect to the Organization until they are manually unlocked.
+  If a Member fails to [comply with security requirements](/organization-security/how-to/log-in-as-a-member#how-to-comply-with-security-requirements) by the end of the [grace period](/organization-security/concepts#grace-period), they are automatically locked and are not able to connect to the Organization until they are manually unlocked.
 </Message>
 
 1. Click **IAM & API keys** on the top-right drop-down menu of the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
@@ -145,12 +145,12 @@ The updated information appears in the credentials tab.
 
 For the increased security of your Organization, you can enforce different security measures for your IAM Members.
 
-Refer to the dedicated [How to enforce security for Members](/iam/how-to/enforce-security-requirements-members/) documentation page to find out:
+Refer to the dedicated [How to enforce security for Members](/organization-security/how-to/enforce-security-requirements-members/) documentation page to find out:
 
-- [How to disable a Member's MFA](/iam/how-to/enforce-security-requirements-members/#how-to-disable-a-members-mfa)
-- [How to enforce password renewal](/iam/how-to/enforce-security-requirements-members/#how-to-enforce-password-renewal)
-- [How to stop enforcing password renewal](/iam/how-to/enforce-security-requirements-members/#how-to-stop-enforcing-password-renewal)
-- [How to edit the grace period of your Organization](/iam/how-to/enforce-security-requirements-members/#how-to-edit-the-grace-period-of-your-organization)
+- [How to disable a Member's MFA](/organization-security/how-to/enforce-security-requirements-members/#how-to-disable-a-members-mfa)
+- [How to enforce password renewal](/organization-security/how-to/enforce-security-requirements-members/#how-to-enforce-password-renewal)
+- [How to stop enforcing password renewal](/organization-security/how-to/enforce-security-requirements-members/#how-to-stop-enforcing-password-renewal)
+- [How to edit the grace period of your Organization](/organization-security/how-to/enforce-security-requirements-members/#how-to-edit-the-grace-period-of-your-organization)
 
 ## How to delete a Member
 

pages/iam/menu.ts

@@ -18,14 +18,6 @@ export const iamMenu = {
     },
     {
       items: [
-        {
-          label: 'Log in as a Member',
-          slug: 'log-in-as-a-member',
-        },
-        {
-          label: 'Comply with security requirements as a Member',
-          slug: 'comply-with-sec-requirements-member',
-        },
         {
           label: 'Create API keys',
           slug: 'create-api-keys',
@@ -38,18 +30,6 @@ export const iamMenu = {
           label: 'Manage Members',
           slug: 'manage-members',
         },
-        {
-          label: 'Enforce security requirements for Members',
-          slug: 'enforce-security-requirements-members',
-        },
-        {
-          label: 'How to set up identity federation',
-          slug: 'set-up-identity-federation'
-        },
-        {
-          label: 'How to set up SSO with Authentik',
-          slug: 'set-up-sso-with-authentik'
-        },
         {
           label: 'Create an application',
           slug: 'create-application',

pages/iam/reference-content/users-groups-and-applications.mdx

@@ -18,7 +18,7 @@ An IAM user is a human user in an Organization.
 They can be of two types:
 
 - **Owner** - you are the Owner of the Organization that was created with your account.
-- **Member** - you are a member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are added. As a member you are subject to [complying with the security requirements](/iam/how-to/comply-with-sec-requirements-member/) in effect in your Organization.
+- **Member** - you are a member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are added. As a member you are subject to [complying with the security requirements](/organization-security/how-to/comply-with-sec-requirements-member/) in effect in your Organization.
 
 Within each Organization, different IAM users can have different rights (defined through policies) to perform actions on resources.
 

pages/organization-security/concepts.mdx

@@ -0,0 +1,53 @@
+---
+title: Organizations Security - Concepts
+description: This page explains all the concepts related to Organizations Security
+tags: authentication saml security 
+dates:
+  validation: 2025-12-18
+---
+
+## Alias
+
+Each [Organization](#organization) can have an alias set up by an Organization Manager. Once set-up, all members can log in using a dedicated URL for the Organization using the alias, under the format [alias].account.scaleway.com
+
+## API key
+
+An API key is a unique identifier, used to authenticate requests made to the [Scaleway API](https://www.scaleway.com/en/developers/api/). An API key consists of an access key and a secret key. The access key is like a unique ID or username, and is not a sensitive piece of information. The secret key is more sensitive as it is like a password to authenticate the access key.
+
+API keys can have a validity duration defined by its creator. The maximum validity duration can also be enforced by an IAM administrator.
+
+## Console session
+
+A console session is an active, authenticated user session that allows interaction with the [Scaleway console](/account/concepts/#console). Console sessions duration can be limited by an [IAM administrator](#iam-administator).
+
+## Grace period
+
+The grace period is the time an [IAM Member](#members) has to comply with the security requirements that are enforced in your Organization before their account is automatically locked. The accounts can be manually unlocked by an Owner or [IAM Manager](#iam-manager). Upon regaining access, the grace period resets, giving IAM Members another chance to meet security requirements.
+
+## IAM manager
+
+An IAM manager can be the Owner of the Organization, or any IAM member with permission sets enabling them to perform administrative actions in the Organization, such as managing members or enforcing Security Requierements.
+
+
+## Identity Provider
+
+An Identity Provider (IdP) is a service that authenticates users and provides identity information to Scaleway to enable secure access through [Single Sign-On (SSO)](#single-sign-on)
+
+
+## Multi-Factor Authentication (MFA)
+
+Multi-factor authentication (MFA) is a security method that requires users to verify their identity using two or more independent factors, such as something they know, have, or are, before logging into an [Organization](/organizations-and-projects/concepts/#organization).
+
+## SAML
+
+Security Assertion Markup Language (SAML) is a standard protocol that enables secure authentication by exchanging identity and authorization data between an identity provider and a service provider.
+
+## Security requirements
+
+Security requirements are a set of actions that must be underdone by all members of an Organization to be compliant with its security standards. Security requirements can be enforced by an [IAM manager](#iam-manager).
+
+## Single Sign On
+
+Single sign-on (SSO) allows users to access multiple applications - including Scaleway - with one set of login credentials through a centralized authentication system.
+
+

pages/iam/how-to/comply-with-sec-requirements-member.mdx → pages/organization-security/how-to/comply-with-sec-requirements-member.mdx

@@ -7,10 +7,9 @@ dates:
 ---
 import Requirements from '@macros/iam/requirements.mdx'
 
-import image from './assets/scaleway-iam-member-sec-req.webp'
 
 
-Upon your [first login as a Member](/iam/how-to/log-in-as-a-member), you must comply with your Organization's security requirements to ensure you can log in without issues in the future.
+Upon your [first login as a Member](/organization-security/how-to/log-in-as-a-member), you must comply with your Organization's security requirements to ensure you can log in without issues in the future.
 
 <Requirements />
 
@@ -25,8 +24,6 @@ Organization administrators may require you to perform two different security ac
 
 If one of these requirements is enforced in your Organization, a security checklist will display in your Scaleway console when you log in for the first time.
 
-<Lightbox image={image} alt="screenshot of the scaleway console showing a checklist of the few quick steps to follow until you can explore the Scaleway console. 1. Update password - You are required to update your password to stay connected to this Organization. A message box indicates that there is 1 day left to update the password. It warns that once this grace period is up, you will be locked out of the Organization until an administrator unlocks your account. A button prompts to update the password. " />
-
 <Message type="note">
 The security requirements checklist is only visible to new Members who have not complied with their Organization's security requirements.
 </Message>

pages/iam/how-to/enforce-security-requirements-members.mdx → pages/organization-security/how-to/enforce-security-requirements-members.mdx

@@ -49,7 +49,7 @@ If [Multifactor Authentication (MFA) is enabled](/account/how-to/use-2fa) for a
 4. Scroll to the **Disable multifactor authentication** section.
 5. Click **Disable MFA**. A pop-up appears.
     <Message type="important">
-      Keep in mind that disabling MFA means a member will no longer be required to sign in with MFA. If [MFA is enforced](/organizations-and-projects/how-to/enforce-mfa) at the Organization level, the member will have a grace period allowing them to enable it again.
+      Keep in mind that disabling MFA means a member will no longer be required to sign in with MFA. If [MFA is enforced](/organization-security/how-to/enforce-mfa) at the Organization level, the member will have a grace period allowing them to enable it again.
     </Message>
 6. Type **DISABLE** in the box and click **Confirm**.
 
@@ -58,7 +58,7 @@ If [Multifactor Authentication (MFA) is enabled](/account/how-to/use-2fa) for a
 You can enforce MFA for all users in your Organization, including members.
 
 <Message type="tip">
-  Refer to the [How to enforce MFA](/organizations-and-projects/how-to/enforce-mfa) documentation page for more information.
+  Refer to the [How to enforce MFA](/organization-security/how-to/enforce-mfa) documentation page for more information.
 </Message>
 
 

pages/iam/how-to/log-in-as-a-member.mdx → pages/organization-security/how-to/log-in-as-a-member.mdx

@@ -16,5 +16,5 @@ Learn how to do so by following our guided tour or reading the instructions belo
 <LoginMember />
 
 <Message type="important">
-Once you have successfully logged in for the first time, you must then comply with your Organization's security requirements to ensure you can log in without issues in the future. Refer to the [How to comply with security requirements as a Member](/iam/how-to/comply-with-sec-requirements-member) documentation page to follow the procedure.
+Once you have successfully logged in for the first time, you must then comply with your Organization's security requirements to ensure you can log in without issues in the future. Refer to the [How to comply with security requirements as a Member](/organization-security/how-to/comply-with-sec-requirements-member) documentation page to follow the procedure.
 </Message>

pages/organizations-and-projects/how-to/set-organization-alias.mdx → pages/organization-security/how-to/set-organization-alias.mdx

@@ -30,4 +30,4 @@ An alias is a string of characters used to identify the Organization during memb
 4. Click **Confirm**. Your Organization alias displays in the Organization Information section.
 5. Navigate to `<organization-alias>.account.scaleway.com/`, replacing `<organization-alias>` with your alias to test.
 
-You can now share this link with members so they [can log in directly](/iam/how-to/log-in-as-a-member) to your Organization without filling out the Organization ID.
+You can now share this link with members so they [can log in directly](/organization-security/how-to/log-in-as-a-member) to your Organization without filling out the Organization ID.

pages/organization-security/index.mdx

@@ -0,0 +1,32 @@
+---
+title: Organization Security  Documentation
+description: Dive into Scaleway Organization security with our concepts and how-tos.
+---
+
+<ProductHeader
+   productName="Organization Security"
+   productLogo="iam"
+   description="Learn the measures you can undertake to secure access to the Organization."
+   url="/organizations-security/concepts/"
+   label="Organization Security Concepts"
+/>
+
+## Getting Started
+
+<Grid>
+    <SummaryCard
+        title="Concepts"
+        icon="info"
+        description="Core concepts that give you a better understanding of Organization security"
+        label="View Concepts"
+        url="/organization-security/concepts/"
+    />
+    <SummaryCard
+        title="How-Tos"
+        icon="help-circle-outline"
+        description="Learn how to manage your Organization security via the Scaleway console."
+        label="View How-Tos"
+        url="/organization-security/how-to/"
+    />
+</Grid>
+