From f7530b0738f3307933812d82a5f91297bca12029 Mon Sep 17 00:00:00 2001
From: SG <212444234+sg-writer@users.noreply.github.com>
Date: Fri, 17 Oct 2025 13:07:33 -0700
Subject: [PATCH 1/5] initializing

---
 iam/index.mdx | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/iam/index.mdx b/iam/index.mdx
index 10000708a5..101adc566d 100644
--- a/iam/index.mdx
+++ b/iam/index.mdx
@@ -14,7 +14,7 @@ IAM functionality enables you to:
 - Configure single sign-on (SSO) to federate identity and SCIM to enable provisioning from your own IdP
 - Administrate multiple ngrok accounts with a single user
 
-## Concepts
+## Features
 
 Before diving into ngrok's IAM system, it's helpful to be acquainted with the
 terminology and concepts ngrok uses to describe its IAM primitives.
@@ -40,5 +40,12 @@ terminology and concepts ngrok uses to describe its IAM primitives.
   email address to an Account.
 - [**RBAC**](/iam/rbac/): Role Base Access Control is used to limit the permissions of what
   actions a User may take within your account.
-- [**Account Domain Controls**](/iam/domain-controls/): Account Domain Controls are used to create
-  policy on Users who log in or sign up with a given email domain.
+- [**Account Domain Controls**](/iam/domain-controls/): Account Domain Controls are used to create policy on Users who log in or sign up with a given email domain.
+
+## Use cases
+
+TK
+
+## What's next
+
+TK

From 17d47bdc8b40ceb1dc88d810a1150116d92f199c Mon Sep 17 00:00:00 2001
From: SG <212444234+sg-writer@users.noreply.github.com>
Date: Wed, 5 Nov 2025 13:58:36 -0800
Subject: [PATCH 2/5] match UG rewrite structure

---
 iam/index.mdx | 95 ++++++++++++++++++++++++++++++---------------------
 1 file changed, 57 insertions(+), 38 deletions(-)

diff --git a/iam/index.mdx b/iam/index.mdx
index 101adc566d..d5aeb150b3 100644
--- a/iam/index.mdx
+++ b/iam/index.mdx
@@ -1,51 +1,70 @@
 ---
-title: Identity and Access Management
-sidebarTitle: IAM
+title: Identity and Access Management Overview
+sidebarTitle: Overview
+description: Learn about ngrok's identity and access management system for managing credentials, enforcing access controls, and federating identity.
 ---
 
-## Overview
+ngrok includes a robust identity and access management (IAM) system that enables you to:
 
-ngrok includes a robust identity and access management (IAM) system. ngrok's
-IAM functionality enables you to:
-
-- Issue, rotate and revoke unique credentials for each principal in your account (either a human user or an automated process).
+- Issue, rotate and revoke unique credentials for each principal in your account (either a human user or an automated process)
 - Enforce least-privilege access for each principal acting within your ngrok account
 - Attribute all mutations to distinct principals in your ngrok account recorded in audit logs
 - Configure single sign-on (SSO) to federate identity and SCIM to enable provisioning from your own IdP
 - Administrate multiple ngrok accounts with a single user
 
-## Features
-
-Before diving into ngrok's IAM system, it's helpful to be acquainted with the
-terminology and concepts ngrok uses to describe its IAM primitives.
-
-- **Accounts**: ngrok Accounts are the containers in which you create and consume ngrok services.
-- [**Users**](/iam/users/): An Account contains one or more **Users**. Users are members of
-  the Account who can take actions within it, like creating objects, start agents
-  or making API requests. Users may be members of multiple accounts and are not owned by any single account.
-- [**Service Users**](/iam/service-users): Accounts also contain **Service Users** which are like Users but
-  meant to be used for automated processes. Other systems may call these 'Service
-  Accounts'.
-- [**Principals**](/obs/events/#principal-object): A principal is either a User or Service User. Principals are
-  members of an Account that may take actions inside of it.
-- [**Credentials**](/iam/users/#credentials): These are the keys and tokens that Principals use to
-  authenticate with the ngrok service. Types of Credential include Authtokens,
-  API Keys, and SSH Public Keys.
-- [**Authtokens**](/agent/#authtokens): Principals begin Agent sessions and create Endpoints by
-  authenticating with Authtoken.
-- [**API Keys**](/api/#authentication): Principals make API Requests by authenticating with an API Key.
-- [**SSH Public Keys**](/agent/ssh-reverse-tunnel-agent/#authentication): Principals create Endpoints via the SSH Reverse Tunnel
-  Agent with an SSH Public Key.
-- [**Invitations**](/iam/users/#invitations): Invitations are a mechanism to add a new User with a given
-  email address to an Account.
-- [**RBAC**](/iam/rbac/): Role Base Access Control is used to limit the permissions of what
-  actions a User may take within your account.
-- [**Account Domain Controls**](/iam/domain-controls/): Account Domain Controls are used to create policy on Users who log in or sign up with a given email domain.
+## Concepts
 
-## Use cases
+Here are the core elements you should familiarize yourself with to make the most of ngrok's IAM system:
 
-TK
+<Columns cols={1}>
+	<Card title="Users" href="/iam/users/" horizontal>
+		Manage human users who can log into the dashboard, start agents, create endpoints, and access the API.
+	</Card>
+	<Card title="Service Users" href="/iam/service-users/" horizontal>
+		Create dedicated credentials for automated processes that interact with your ngrok account programmatically.
+	</Card>
+	<Card title="Role-based Access Control" href="/iam/rbac/" horizontal>
+		Enforce least-privilege access by restricting what actions each user can take within your account.
+	</Card>
+	<Card title="Single Sign-On" href="/iam/sso/" horizontal>
+		Federate identity with your IdP and enable SSO authentication for dashboard access.
+	</Card>
+	<Card title="Account Domain Controls" href="/iam/domain-controls/" horizontal>
+		Enforce organization-wide account usage by requiring users with your email domain to use your account.
+	</Card>
+</Columns>
+
+## Use cases
 
-## What's next
+Here are some of the most common use cases for ngrok's IAM system:
 
-TK
+<Columns cols={2}>
+	<Card
+		title="Use Service Users for automated processes"
+		icon="robot"
+		href="/guides/site-to-site-connectivity/"
+	>
+		Create Service Users for isolated agent management with authtokens and ACL restrictions.
+	</Card>
+	<Card
+		title="Enforce least-privilege access with RBAC"
+		icon="shield"
+		href="/guides/security-dev-productivity/"
+	>
+		Restrict developer permissions with RBAC and create user-specific authtokens with ACL rules.
+	</Card>
+	<Card
+		title="Secure SSH and RDP access"
+		icon="key"
+		href="/guides/ssh-rdp/"
+	>
+		Create Service Users and authtokens with ACL restrictions for secure remote access to edge gateways and servers.
+	</Card>
+	<Card
+		title="Secure remote device access"
+		icon="building"
+		href="/guides/device-gateway/agent/"
+	>
+		Create Service Users and authtokens with ACL restrictions for secure remote access to IoT devices and services.
+	</Card>
+</Columns>

From 7885985fcbb98b512a3d08242489e6ff132a8951 Mon Sep 17 00:00:00 2001
From: SG <212444234+sg-writer@users.noreply.github.com>
Date: Tue, 9 Dec 2025 16:02:01 -0800
Subject: [PATCH 3/5] next pass

---
 iam/index.mdx | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/iam/index.mdx b/iam/index.mdx
index d5aeb150b3..9ad2a5e2e8 100644
--- a/iam/index.mdx
+++ b/iam/index.mdx
@@ -4,18 +4,12 @@ sidebarTitle: Overview
 description: Learn about ngrok's identity and access management system for managing credentials, enforcing access controls, and federating identity.
 ---
 
-ngrok includes a robust identity and access management (IAM) system that enables you to:
-
-- Issue, rotate and revoke unique credentials for each principal in your account (either a human user or an automated process)
-- Enforce least-privilege access for each principal acting within your ngrok account
-- Attribute all mutations to distinct principals in your ngrok account recorded in audit logs
-- Configure single sign-on (SSO) to federate identity and SCIM to enable provisioning from your own IdP
-- Administrate multiple ngrok accounts with a single user
+ngrok includes a robust identity and access management (IAM) system that enables you to issue, rotate and revoke unique credentials for each principal in your account and enforce least-privilege access. 
+All mutations are attributed to distinct principals in audit logs, and you can configure single sign-on (SSO) to federate identity with your IdP. 
+You can also administrate multiple ngrok accounts with a single user.
 
 ## Concepts
 
-Here are the core elements you should familiarize yourself with to make the most of ngrok's IAM system:
-
 <Columns cols={1}>
 	<Card title="Users" href="/iam/users/" horizontal>
 		Manage human users who can log into the dashboard, start agents, create endpoints, and access the API.
@@ -36,8 +30,6 @@ Here are the core elements you should familiarize yourself with to make the most
 
 ## Use cases
 
-Here are some of the most common use cases for ngrok's IAM system:
-
 <Columns cols={2}>
 	<Card
 		title="Use Service Users for automated processes"

From 3039ccfa47cd71fced915ceb21c1fd688105c148 Mon Sep 17 00:00:00 2001
From: SG <212444234+sg-writer@users.noreply.github.com>
Date: Mon, 15 Dec 2025 15:55:40 -0800
Subject: [PATCH 4/5] another pass at use cases

---
 iam/index.mdx | 33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/iam/index.mdx b/iam/index.mdx
index 9ad2a5e2e8..b16b518102 100644
--- a/iam/index.mdx
+++ b/iam/index.mdx
@@ -32,31 +32,38 @@ You can also administrate multiple ngrok accounts with a single user.
 
 <Columns cols={2}>
 	<Card
-		title="Use Service Users for automated processes"
-		icon="robot"
+		title="Site-to-site connectivity"
+		icon="network"
 		href="/guides/site-to-site-connectivity/"
 	>
-		Create Service Users for isolated agent management with authtokens and ACL restrictions.
-	</Card>
-	<Card
-		title="Enforce least-privilege access with RBAC"
-		icon="shield"
-		href="/guides/security-dev-productivity/"
-	>
-		Restrict developer permissions with RBAC and create user-specific authtokens with ACL rules.
+		Grant secure access to customer network resources like REST APIs and databases without exposing them to the public internet.
 	</Card>
 	<Card
 		title="Secure SSH and RDP access"
 		icon="key"
 		href="/guides/ssh-rdp/"
 	>
-		Create Service Users and authtokens with ACL restrictions for secure remote access to edge gateways and servers.
+		Enable technicians and IT admins to maintain remote devices and servers via SSH or RDP through edge gateways.
 	</Card>
 	<Card
-		title="Secure remote device access"
+		title="Remote IoT device access"
 		icon="building"
 		href="/guides/device-gateway/agent/"
 	>
-		Create Service Users and authtokens with ACL restrictions for secure remote access to IoT devices and services.
+		Access smart factory IoT devices, telemetry sensors, and monitoring dashboards from remote networks.
+	</Card>
+	<Card
+		title="Device gateway with SDK"
+		icon="code"
+		href="/guides/device-gateway/sdk/"
+	>
+		Embed ngrok connectivity into Python applications to access APIs running on IoT devices.
+	</Card>
+	<Card
+		title="Kubernetes customer networks"
+		icon="kubernetes"
+		href="/k8s/guides/customer-networks/"
+	>
+		Connect from your Kubernetes cluster to customer on-premises systems like inventory databases and payment APIs.
 	</Card>
 </Columns>

From 0ea379c7204c41d08b5291918112688c5340fd46 Mon Sep 17 00:00:00 2001
From: SG <212444234+sg-writer@users.noreply.github.com>
Date: Tue, 16 Dec 2025 11:54:33 -0800
Subject: [PATCH 5/5] whats next, redundant??

---
 iam/index.mdx | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/iam/index.mdx b/iam/index.mdx
index b16b518102..2983aae9fa 100644
--- a/iam/index.mdx
+++ b/iam/index.mdx
@@ -67,3 +67,9 @@ You can also administrate multiple ngrok accounts with a single user.
 		Connect from your Kubernetes cluster to customer on-premises systems like inventory databases and payment APIs.
 	</Card>
 </Columns>
+
+## What's next?
+
+- Manage team access with [Users](/iam/users/) and invitations.
+- Create credentials for automation with [Service Users](/iam/service-users/).
+- Federate identity and require IdP login with [Single Sign-On](/iam/sso/).