codefresh-io · NimRegev · Jan 12, 2023 · Jan 12, 2023
diff --git a/_data/nav.yml b/_data/nav.yml
@@ -21,7 +21,7 @@
     - title: CI/CD quick starts
       url: "/ci-quickstart"
       sub-pages:
-      - title: CI pipeline quick start
+      - title: Pipeline quick start
         url: "/create-ci-pipeline"
       - title: Kubernetes deployment quick start  
         url: "/deploy-to-kubernetes"
@@ -48,7 +48,7 @@
 
 
 
-- title: Dashboards & Insights
+- title: Dashboards & insights
   url: "/dashboards"
   pages:
     - title: Home dashboard
@@ -58,7 +58,7 @@
 
 
 
-- title: CI/CD Guides
+- title: CI/CD guides
   url: "/ci-cd-guides"
   pages:
     - title: Building your app
@@ -439,7 +439,7 @@
       url: "/what-is-the-codefresh-yaml"    
 
 
-- title: Workflows
+- title: Argo Workflows
   url: "/workflows"
   pages:
     - title: Creating workflows
@@ -453,7 +453,7 @@
     - title: Sharing file systems
       url: "/sharing-file-system"
 
-- title: CI/CD testing
+- title: Testing
   url: "/testing"
   pages:
     - title: Unit tests
@@ -471,23 +471,18 @@
     - title: SonarQube scanning
       url: "/sonarqube-integration"
 
-- title: Clients
-  url: "/clients"
-  pages:
-    - title: Download CLI
-      url: "/csdp-cli"
 
 
 - title: Installation
   url: "/installation"
   pages:
-    - title: Environments
+    - title: Options
       url: "/installation-options"
-    - title: Runtime architectures
+    - title: Architecture
       url: "/runtime-architecture"
-    - title: Codefresh Runner
+    - title: Runner
       url: "/codefresh-runner"
-    - title: On-Premises installation
+    - title: On-Premises
       url: "/codefresh-on-prem"
     - title: On-Premises upgrade
       url: "/codefresh-on-prem-upgrade"
@@ -504,6 +499,8 @@
           url: "/managed-cluster" 
         - title: Add Git Sources to to GitOps Runtimes
           url: "/git-sources"
+        - title: Download/upgrade GitOps CLI
+          url: "/upgrade-gitops-cli"
 
 
 - title: Administration
@@ -535,6 +532,8 @@
 - title: Single Sign-On
   url: /single-sign-on
   pages:
+    - title: Single sign-on overview
+      url: /single-sign-on
     - title: Common configuration
       url: /team-sync
     - title: OpenID Connect

diff --git a/_docs/administration/account-user-management/access-control.md b/_docs/administration/account-user-management/access-control.md
@@ -14,11 +14,11 @@ toc: true
 <!-- needs fine tuning for GitOps as well; all x-refs have to be updated-->
 Codefresh provides several complementary ways for access control within an organization:
 
-* **Role-based access**: [Role-based access](#users-and-administrators), restricts access to parts of the Codefresh UI intended for account administrators. For example, only an account administrator should be able to change integrations with [git providers]({{site.baseurl}}/docs/integrations/git-providers/) and [cloud services]({{site.baseurl}}/docs/deployments/kubernetes/add-kubernetes-cluster/). 
+* **Role-based access**: [Role-based access]({{site.baseurl}}/docs/administration/account-user-management/add-users/#users-in-codefresh), restricts access to parts of the Codefresh UI intended for account administrators. For example, only an account administrator should be able to change integrations with [git providers]({{site.baseurl}}/docs/integrations/git-providers/) and [cloud services]({{site.baseurl}}/docs/integrations/kubernetes/#connect-a-kubernetes-cluster). 
 
-* **Attribute-based access control (ABAC)**: Policy-based access control via attributes (ABAC), restricts access to [Kubernetes clusters and pipelines](#access-to-kubernetes-clusters-and-pipelines). This option allows account administrators to define exactly which teams have access to which clusters and pipelines. For example, access to production clusters can be granted only to a subset of trusted developers/operators. On the other hand, access to a QA/staging cluster can be less strict.
+* **Attribute-based access control (ABAC)**: Policy-based access control via attributes (ABAC), restricts access to [Add Kubernetes clusters with policy attributes](##add-kubernetes-clusters-with-policy-attributes). This option allows account administrators to define exactly which teams have access to which clusters and pipelines. For example, you can grant access to production clusters only to a subset of trusted developers/operators. On the other hand, access to a QA/staging cluster can be less strict.
 
-* **Git-repository access**: Restrict the Git repositories used to load [pipeline definitions](#pipeline-definition-restrictions).
+* **Git-repository access**: Restrict the Git repositories used to load [pipeline definitions](##enabledisable-access-to-pipeline-yamls-by-source).
 
 
 ## Role-based access for users and administrators
@@ -47,14 +47,14 @@ The table below lists the functionality available for role-based access.
 |View Docker images      | `User` and `Admin`|
 |Inspect text reports    | `User` and `Admin`|
 |[Git Integrations]({{site.baseurl}}/docs/integrations/git-providers/)      | `Admin`|
-|[External docker registry settings]({{site.baseurl}}/docs/docker-registries/external-docker-registries/)      | `Admin`|
-|[External Helm repositories]({{site.baseurl}}/docs/new-helm/add-helm-repository/)      | `Admin`|
-|[Cloud provider settings]({{site.baseurl}}/docs/deployments/kubernetes/add-kubernetes-cluster/)      | `Admin`|
+|[External Docker registry settings]({{site.baseurl}}/docs/integrations/docker-registries/)      | `Admin`|
+|[External Helm repositories]({{site.baseurl}}/docs/deployments/helm/add-helm-repository/)      | `Admin`|
+|[Cloud provider settings]({{site.baseurl}}/docs//integrations/kubernetes/#connect-a-kubernetes-cluster)      | `Admin`|
 |[Cloud storage settings]({{site.baseurl}}/docs/testing/test-reports/#connecting-your-storage-account)      | `Admin`|
-|[Shared configuration]({{site.baseurl}}/docs/configure-ci-cd-pipeline/shared-configuration/)      | `Admin`|
+|[Shared configuration]({{site.baseurl}}/docs/pipelines/shared-configuration/)      | `Admin`|
 |[API token generation]({{site.baseurl}}/docs/integrations/codefresh-api/#authentication-instructions)      | `Admin`|
-|[SSO Settings]({{site.baseurl}}/docs/administration/single-sign-on/)      | `Admin`|
-|[Runtime environment selection]({{site.baseurl}}/docs/configure-ci-cd-pipeline/pipelines/#pipeline-settings)      | `Admin`|
+|[SSO Settings]({{site.baseurl}}/docs/single-sign-on/)      | `Admin`|
+|[Runtime environment selection]({{site.baseurl}}/docs/pipelines/pipelines/#pipeline-settings)      | `Admin`|
 |[Slack settings]({{site.baseurl}}/docs/integrations/notifications/slack-integration/)      | `Admin`|
 |[Audit logs]({{site.baseurl}}/docs/administration/audit-logs/)      | `Admin`|
 |ABAC for Kubernetes clusters      | `Admin`|
@@ -92,7 +92,7 @@ You can assign multiple tags to each cluster, making it easy to define multiple
     %}
 
 **Before you begin**  
-* If needed, [add a Kubernetes cluster]({{site.baseurl}}/docs/deployments/kubernetes/add-kubernetes-cluster/)
+* If needed, [add a Kubernetes cluster]({{site.baseurl}}/docs//integrations/kubernetes/#connect-a-kubernetes-cluster)
 
 **How to**  
 
@@ -109,6 +109,8 @@ You can assign multiple tags to each cluster, making it easy to define multiple
   caption="Assigning tags to a cluster"
   max-width="60%"
     %}
+
+{:start="3"}
 1. Click **Add** and type in the tag. 
 1. Continue to add tags and when finished, click **Save**. 
 
@@ -119,11 +121,11 @@ You can assign multiple tags to each cluster, making it easy to define multiple
 Similar to Kubernetes clusters, you can also add tags to specific pipelines. 
 
 **Before you begin**  
-* If needed, [create a CI pipeline]({{site.baseurl}}/docs/pipelines/pipelines/)
+* If needed, [create a pipeline]({{site.baseurl}}/docs/pipelines/pipelines/)
 
 **How to**  
 
-1. In the Codefresh UI, go to [Pipelines](https://g.codefresh.io/pipelines/all/){:target="\_blank"}.
+1. In the Codefresh UI, from Pipelines in the sidebar, select [Pipelines](https://g.codefresh.io/pipelines/all/){:target="\_blank"}.
 1. In the row with the target pipline, click the context menu for the pipeline, and then select **Edit tags**.
 1. Type in the new tag, press Enter, and continue to add the tags you need.
 1. When finished, click **Save**.  
@@ -149,7 +151,7 @@ For each rule you define, select:
 
 
 **Before you begin**  
-* Make sure you have [created at least one team]({{site.baseurl}}/docs/administration/add-users/#create-a-team-in-codefresh)  
+* Make sure you have [created at least one team]({{site.baseurl}}/docs/administration/account-user-management/add-users/#teams-in-codefresh)  
 
 **How to**  
 1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **Account Settings**.
@@ -177,23 +179,23 @@ For each rule you define, select:
 * `Update` - can see and edit existing allowed cluster resources (which means also perform [installation, removal and rollbacks of Helm charts]({{site.baseurl}}/docs/new-helm/helm-best-practices/)). Tags are managed from account settings, so this permission doesn’t apply to it currently.
 * `Delete` - cluster removal requires someone to be account administrator anyway so currently this permission isn’t really necessary.
 
-For pipelines:
+**For pipelines:**  
 
 * `Create` - can only create new pipelines, not see, edit (which includes tagging them) or delete them. This permission should also go hand in hand with additional permissions like read/edit untagged pipelines.
 * `Read` - view allowed pipelines only.
 * `Update` - see and edit allowed pipelines only (including tagging them).
 * `Delete` - can delete allowed pipelines only.
 * `Run` - can run allowed pipelines only.
-* `Approve` - resume pipelines that are waiting for manual [approval]({{site.baseurl}}/docs/codefresh-yaml/steps/approval/).
-* `Debug` - allow the usage of the [pipeline debugger]({{site.baseurl}}/docs/configure-ci-cd-pipeline/debugging-pipelines/).
+* `Approve` - resume pipelines that are waiting for manual [approval]({{site.baseurl}}/docs/pipelines/steps/approval/).
+* `Debug` - allow the usage of the [pipeline debugger]({{site.baseurl}}/docs/pipelines/debugging-pipelines/).
 
 
 
 ## Git-repository access restrictions 
 
-By default, users can load pipeline definitions when [creating a pipeline]({{site.baseurl}}/docs/configure-ci-cd-pipeline/pipelines/), from the inline editor, or any private or public Git repository.  
+By default, users can load pipeline definitions when [creating a pipeline]({{site.baseurl}}/docs/pipelines/pipelines/), from the inline editor, or any private or public Git repository.  
 
-You can change the default behavior to restrict loading CI pipeline definitions from specific Git repositories or completely disable loading the definitions from all Git repositories.
+You can change the default behavior to restrict loading pipeline definitions from specific Git repositories or completely disable loading the definitions from all Git repositories.
 
 ### Enable/disable access to pipeline YAMLs by source
 Enable or disable access to pipeline definition YAMLs based on the source of the YAML. These global settings are effective for all pipelines in the account and enables or disables that method of pipeline creation from the Codefresh UI.
@@ -203,6 +205,7 @@ pipeline definitions from:
  * Any Git repository connected to Codefresh 
  * **Any** public URL
 
+
 1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **Account Settings**.
 1. From Configuration on the sidebar, select [**Pipeline Settings**](https://g.codefresh.io/account-admin/account-conf/pipeline-settings){:target="\_blank"}.
 
@@ -215,8 +218,9 @@ pipeline definitions from:
   max-width="80%"
     %}
 
+{:start="3"}
 1. Turn on or off the options as needed. 
-1. Continue with 
+
 
 ### Define access to Git repositories for pipeline YAMLs
 If access to pipeline definitions are enabled for Git repositories, you can configure fine-grained restrictions through the integrations settings for your [Git provider]({{site.baseurl}}/docs/integrations/git-providers/).
@@ -244,5 +248,5 @@ If access to pipeline definitions are enabled for Git repositories, you can conf
 
 
 ## Related articles
-[Codefresh installation options]({{site.baseurl}}/docs/administration/installation-security/)  
+[Codefresh installation options]({{site.baseurl}}/docs/installation/installation-options/)  
 [Managing your Kubernetes cluster]({{site.baseurl}}/docs/deployments/kubernetes/manage-kubernetes/)  
diff --git a/_docs/administration/account-user-management/add-users.md b/_docs/administration/account-user-management/add-users.md
@@ -6,24 +6,26 @@ sub_group: account-user-management
 toc: true
 ---
 
-Once you have created a Codefresh account, you can add any number of users to collaborate on repositories, workflows, and pipelines, and teams of users. 
+Once you have created a Codefresh account, you can add any number of users to collaborate on repositories, workflows, and pipelines, and teams of users.   
+
+
 You can then create teams in Codefresh to group users who share a common denominator, such as the same permissions, access to the same functionality, or roles. Teams make it easy for administrators to both define and manage items shared by multiple users in an orgranization.
 
 
 ## Users in Codefresh
-Adding a user requires assigning a role to define access to account resources, and optionally, selecting an SSO provider for the user:
+Adding a user to an account requires assigning a role to define access to account resources, and optionally, selecting an SSO provider for the user:
 
 * **Role**: Defines the user's access level to the resources in the account.  
   * **User**: The default. With this role, users can work with your repositories and pipelines, but cannot change settings
 on clusters, docker registries, git integrations, shared configurations etc.
-  * **Administrator**: User with this role have full access to your account and can change all your settings, so make sure that they are trusted colleagues.
+  * **Administrator**: With this role, users have full access to accounts, and can change all settings, so make sure that they are trusted colleagues.
   For guidelines on access control, see [Access control]({{site.baseurl}}/docs/administration/account-user-management/access-control/).  
 * **SSO**: By default, SSO is not enabled for users. If required, explicitly select the SSO provider. For an overview of SSO, see [Single Sign on]({{site.baseurl}}/docs/single-sign-on/).
 
 
 ###  Add a user to a Codefresh account 
 1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **Account Settings**.
-1. On the sidebar, from Access & Collaboration, select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.   
+1. On the sidebar, from Access & Collaboration select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.   
 1. Select **Users**, and then select **+ [Add User]**.  
 1. Type the **User's email address**, and click **Invite**. 
 <!---add screenshot-->
@@ -45,10 +47,10 @@ Once you add a user to your Codefresh account, you can do the following to manag
 
 
 ## Teams in Codefresh
-Teams are users who share the same permissions, roles, or as required and defined according to company processes. Teams allow you to enforce access control through ABAC (Attribute Based Access Control).  
+Teams are users who share the same permissions, roles, or requirements defined according to company processes. Teams allow you to enforce access control through ABAC (Attribute Based Access Control).  
 By default, there are two teams:
 * Users
-*  Admins with users [invited as collaborators]({{site.baseurl}}/docs/accounts/assign-a-user-to-a-team/)  
+* Admins with users [invited as collaborators](#assign-a-user-to-a-team)  
 
 > Only Enterprise customers can add new teams. Other Codefresh plans can only use the predefined *Users* and *Admin* teams. [Contact us](https://codefresh.io/contact-us/){:target="\_blank"} to upgrade to an Enterprise plan.
 
@@ -84,10 +86,11 @@ As an administrator, you can optionally define session timeouts to automatically
 
 > The maximum duration for inactivity is 30 days. Inactive users are warned 15 minutes before they are logged out.
 
-1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **Account Settings**.
+1. In the Codefresh UI, on the toolbar, click the **Settings** icon, and then select **Account Settings**.
 1. On the sidebar, from Access & Collaboration, select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.   
 1. Select **Security**.  
 1. For **User Session**, add the timeout duration in minutes/hours/days.
+1. To restrict invitations to specific email domains, below User Invitations, turn on **Restrict inviting additional users..** and then in the **Email domains**, type in the domains to allow, one per line.
 
  {% include image.html
   lightbox="true"
@@ -98,18 +101,14 @@ As an administrator, you can optionally define session timeouts to automatically
   max-width="90%"
     %}
 
-{:start="5"}
-1. To restrict invitations to specific email domains, in the **Email domains** field below User Invitations, type in the domains to allow, one per line.
-
 ## Troubleshoot add users
 
-* [User is prompted to enter an organization name](https://support.codefresh.io/hc/en-us/articles/360020177959-User-is-prompted-to-enter-an-organization-name)
-* [Account invitation not permitting login](https://support.codefresh.io/hc/en-us/articles/360015251000-Account-invitation-not-permitting-login)
-
+* [User is prompted to enter an organization name](https://support.codefresh.io/hc/en-us/articles/360020177959-User-is-prompted-to-enter-an-organization-name){:target="\_blank"}
+* [Account invitation not permitting login](https://support.codefresh.io/hc/en-us/articles/360015251000-Account-invitation-not-permitting-login){:target="\_blank"}
 <!--this is already mentioned as inline refs; add other topics-->
 
 ## Related articles
 [Access control]({{site.baseurl}}/docs/administration/account-user-management/access-control/)  
 [Single Sign on]({{site.baseurl}}/docs/single-sign-on/)  
-[OAuth authentication for Git providers]({{site.baseurl}}/docs/administration/account-user-management/oauth-setup)  
+[Setting up OAuth authentication for Git providers]({{site.baseurl}}/docs/administration/account-user-management/oauth-setup)  
 
diff --git a/_docs/administration/account-user-management/audit.md b/_docs/administration/account-user-management/audit.md
@@ -1,6 +1,6 @@
 ---
-title: "Audit logs"
-description: "Get a list of all actions in Codefresh"
+title: "Auditing actions in Codefresh"
+description: "Getlogs of all actions in Codefresh"
 group: administration
 sub_group: account-user-management
 redirect_from:
@@ -13,7 +13,7 @@ The time frames covered by audit logs depends on the pricing tier of your Codefr
 
 The audit log includes:   
 * UI actions from users
-* [CLI](https://codefresh-io.github.io/cli/) invocations
+* [CLI](https://codefresh-io.github.io/cli/){:target="\_blank"} invocations
 * Any [external integrations]({{site.baseurl}}/docs/integrations/codefresh-api/) used with Codefresh
 
 You can:  
@@ -106,6 +106,6 @@ Export all audited events, both Audits and Triggers, to a  `CSV` file, for offli
 
 
 ## Related articles
-[Codefresh installation options]({{site.baseurl}}/docs/installation/installation-security/)  
+[Codefresh installation options]({{site.baseurl}}/docs/installation/installation-options/)  
 [Configuring access Control]({{site.baseurl}}/docs/administration/account-user-management/access-control/)  
-[Codefresh API]({{site.baseurl}}/docs/integrations/codefresh-api/)  
+[Codefresh API integration]({{site.baseurl}}/docs/integrations/codefresh-api/)