Revise the IAM Overview page

iam/index.mdx

@@ -1,45 +1,75 @@
 ---
-title: Identity and Access Management
-sidebarTitle: IAM
-description: Learn about ngrok's identity and access management system including credentials, RBAC, SSO, and audit logging.
+title: Identity and Access Management Overview
+sidebarTitle: Overview
+description: Learn about ngrok's identity and access management system for managing credentials, enforcing access controls, and federating identity.
 ---
 
-## Overview
+ngrok includes a robust identity and access management (IAM) system that enables you to issue, rotate and revoke unique credentials for each principal in your account and enforce least-privilege access. 
+All mutations are attributed to distinct principals in audit logs, and you can configure single sign-on (SSO) to federate identity with your IdP. 
+You can also administrate multiple ngrok accounts with a single user.
 
-ngrok includes a robust identity and access management (IAM) system. ngrok's
-IAM functionality enables you to:
+## Concepts
 
-- Issue, rotate and revoke unique credentials for each principal in your account (either a human user or an automated process).
-- Enforce least-privilege access for each principal acting within your ngrok account
-- Attribute all mutations to distinct principals in your ngrok account recorded in audit logs
-- Configure single sign-on (SSO) to federate identity and SCIM to enable provisioning from your own IdP
-- Administrate multiple ngrok accounts with a single user
+<Columns cols={1}>
+	<Card title="Users" href="/iam/users/" horizontal>
+		Manage human users who can log into the dashboard, start agents, create endpoints, and access the API.
+	</Card>
+	<Card title="Service Users" href="/iam/service-users/" horizontal>
+		Create dedicated credentials for automated processes that interact with your ngrok account programmatically.
+	</Card>
+	<Card title="Role-based Access Control" href="/iam/rbac/" horizontal>
+		Enforce least-privilege access by restricting what actions each user can take within your account.
+	</Card>
+	<Card title="Single Sign-On" href="/iam/sso/" horizontal>
+		Federate identity with your IdP and enable SSO authentication for dashboard access.
+	</Card>
+	<Card title="Account Domain Controls" href="/iam/domain-controls/" horizontal>
+		Enforce organization-wide account usage by requiring users with your email domain to use your account.
+	</Card>
+</Columns>
 
-## Concepts
+## Use cases
+
+<Columns cols={2}>
+	<Card
+		title="Site-to-site connectivity"
+		icon="network"
+		href="/guides/site-to-site-connectivity/"
+	>
+		Grant secure access to customer network resources like REST APIs and databases without exposing them to the public internet.
+	</Card>
+	<Card
+		title="Secure SSH and RDP access"
+		icon="key"
+		href="/guides/ssh-rdp/"
+	>
+		Enable technicians and IT admins to maintain remote devices and servers via SSH or RDP through edge gateways.
+	</Card>
+	<Card
+		title="Remote IoT device access"
+		icon="building"
+		href="/guides/device-gateway/agent/"
+	>
+		Access smart factory IoT devices, telemetry sensors, and monitoring dashboards from remote networks.
+	</Card>
+	<Card
+		title="Device gateway with SDK"
+		icon="code"
+		href="/guides/device-gateway/sdk/"
+	>
+		Embed ngrok connectivity into Python applications to access APIs running on IoT devices.
+	</Card>
+	<Card
+		title="Kubernetes customer networks"
+		icon="kubernetes"
+		href="/k8s/guides/customer-networks/"
+	>
+		Connect from your Kubernetes cluster to customer on-premises systems like inventory databases and payment APIs.
+	</Card>
+</Columns>
 
-Before diving into ngrok's IAM system, it's helpful to be acquainted with the
-terminology and concepts ngrok uses to describe its IAM primitives.
+## What's next?
 
-- **Accounts**: ngrok Accounts are the containers in which you create and consume ngrok services.
-- [**Users**](/iam/users/): An Account contains one or more **Users**. Users are members of
-  the Account who can take actions within it, like creating objects, start agents
-  or making API requests. Users may be members of multiple accounts and are not owned by any single account.
-- [**Service Users**](/iam/service-users): Accounts also contain **Service Users** which are like Users but
-  meant to be used for automated processes. Other systems may call these 'Service
-  Accounts'.
-- [**Principals**](/obs/events/#principal-object): A principal is either a User or Service User. Principals are
-  members of an Account that may take actions inside of it.
-- [**Credentials**](/iam/users/#credentials): These are the keys and tokens that Principals use to
-  authenticate with the ngrok service. Types of Credential include Authtokens,
-  API Keys, and SSH Public Keys.
-- [**Authtokens**](/agent/#authtokens): Principals begin Agent sessions and create Endpoints by
-  authenticating with Authtoken.
-- [**API Keys**](/api/#authentication): Principals make API Requests by authenticating with an API Key.
-- [**SSH Public Keys**](/agent/ssh-reverse-tunnel-agent/#authentication): Principals create Endpoints via the SSH Reverse Tunnel
-  Agent with an SSH Public Key.
-- [**Invitations**](/iam/users/#invitations): Invitations are a mechanism to add a new User with a given
-  email address to an Account.
-- [**RBAC**](/iam/rbac/): Role Base Access Control is used to limit the permissions of what
-  actions a User may take within your account.
-- [**Account Domain Controls**](/iam/domain-controls/): Account Domain Controls are used to create
-  policy on Users who log in or sign up with a given email domain.
+- Manage team access with [Users](/iam/users/) and invitations.
+- Create credentials for automation with [Service Users](/iam/service-users/).
+- Federate identity and require IdP login with [Single Sign-On](/iam/sso/).