Open
Conversation
added 17 commits
December 15, 2025 09:47
crlptl
changed the title
RoRoJ
reviewed
Dec 19, 2025
| <ProductHeader | ||
| productName="Organization Security" | ||
| productLogo="iam" | ||
| description="Learn the measures you can undertake to secure access to the Organization." |
Contributor
There was a problem hiding this comment.
Suggested change
| description="Learn the measures you can undertake to secure access to the Organization." | |
| description="Organization Security helps you protect your Scaleway environment. Enable MFA, configure SSO and identity federation, and manage authentication methods to secure your Scaleway Organization and meet your compliance needs." |
| productName="Organization Security" | ||
| productLogo="iam" | ||
| description="Learn the measures you can undertake to secure access to the Organization." | ||
| url="/organizations-security/concepts/" |
Contributor
There was a problem hiding this comment.
Change links to Quickstart, for conformity
|
|
||
| ## Getting Started | ||
|
|
||
| <Grid> |
| url="/organization-security/how-to/" | ||
| /> | ||
| </Grid> | ||
|
|
Contributor
There was a problem hiding this comment.
Usually we also have a Changelog widget on the Overview page, which suggests we should also create a new Changelog category here?
|
|
||
| ## Alias | ||
|
|
||
| Each [Organization](#organization) can have an alias set up by an Organization Manager. Once set-up, all members can log in using a dedicated URL for the Organization using the alias, under the format [alias].account.scaleway.com |
Contributor
There was a problem hiding this comment.
Suggested change
| Each [Organization](#organization) can have an alias set up by an Organization Manager. Once set-up, all members can log in using a dedicated URL for the Organization using the alias, under the format [alias].account.scaleway.com | |
| An alias is a string of characters used to identify the [Organization](#organizations-and-projects/concepts/#organization) during member login. Aliases can be used as an alternative to the Organization ID, to make memorization and access easier for members. | |
| Each Organization can have one alias, configured by an Organization Manager. Once set up, all members can log in via a dedicated URL, with the format [alias].account.scaleway.com |
|
|
||
| ## IAM manager | ||
|
|
||
| An IAM manager can be the Owner of the Organization, or any IAM member with permission sets enabling them to perform administrative actions in the Organization, such as managing members or enforcing Security Requierements. |
Contributor
There was a problem hiding this comment.
Suggested change
| An IAM manager can be the Owner of the Organization, or any IAM member with permission sets enabling them to perform administrative actions in the Organization, such as managing members or enforcing Security Requierements. | |
| An IAM manager can be the Owner of the Organization, or any IAM member with permission sets enabling them to perform administrative actions in the Organization, such as managing members or enforcing security requirements. |
|
|
||
| ## Identity Provider | ||
|
|
||
| An Identity Provider (IdP) is a service that authenticates users and provides identity information to Scaleway to enable secure access through [Single Sign-On (SSO)](#single-sign-on) |
Contributor
There was a problem hiding this comment.
Suggested change
| An Identity Provider (IdP) is a service that authenticates users and provides identity information to Scaleway to enable secure access through [Single Sign-On (SSO)](#single-sign-on) | |
| An **Id**entity **P**rovider (IdP) is a service that authenticates users and provides identity information to Scaleway as a third party. This enables secure access through mechanisms such as [Single Sign-On (SSO)](#single-sign-on). |
|
|
||
| ## Multi-Factor Authentication (MFA) | ||
|
|
||
| Multi-factor authentication (MFA) is a security method that requires users to verify their identity using two or more independent factors, such as something they know, have, or are, before logging into an [Organization](/organizations-and-projects/concepts/#organization). |
Contributor
There was a problem hiding this comment.
Maybe we should link to the existing concept in Account as well, which provides more information.
|
|
||
| ## SAML | ||
|
|
||
| Security Assertion Markup Language (SAML) is a standard protocol that enables secure authentication by exchanging identity and authorization data between an identity provider and a service provider. |
Contributor
There was a problem hiding this comment.
Suggested change
| Security Assertion Markup Language (SAML) is a standard protocol that enables secure authentication by exchanging identity and authorization data between an identity provider and a service provider. | |
| **S**ecurity **A**ssertion **M**arkup **L**anguage (SAML) is a standard protocol that enables secure authentication by exchanging identity and authorization data between an identity provider and a service provider. In relation to Scaleway, SAML enables Single Sign-On for Organizations, with external identity providers authenticating users for Scaleway (the service provider). |
|
|
||
| ## Security requirements | ||
|
|
||
| Security requirements are a set of actions that must be underdone by all members of an Organization to be compliant with its security standards. Security requirements can be enforced by an [IAM manager](#iam-manager). |
Contributor
There was a problem hiding this comment.
Suggested change
| Security requirements are a set of actions that must be underdone by all members of an Organization to be compliant with its security standards. Security requirements can be enforced by an [IAM manager](#iam-manager). | |
| Security requirements are a set of actions that must be undertaken by all members of an Organization to be compliant with its security standards. Security requirements can be enforced by an [IAM manager](#iam-manager). |
RoRoJ
reviewed
Dec 19, 2025
Contributor
There was a problem hiding this comment.
The following redirections would need to be put in place, also we need to correct links (indicated) from other pages:
/iam/how-to/log-in-as-a-member/ -- > /organization-security/how-to/log-in-as-a-member
- Also linked to from /demos/index, link needs updating
/iam/how-to/comply-with-sec-requirements-member/ -- > /organization-security/how-to/comply-with-sec-requirements-member
- Also linked to from /account/how-to/use-2fa, link needs updating
/iam/how-to/enforce-security-requirements-members/ --> /organization-security/how-to/enforce-security-requirements-members
- Also linked to from /use-cases/security/security-baseline, link needs updating
/organizations-and-projects/how-to/set-organization-alias/ --> /organization-security/how-to/set-organization-alias
- Also linked to from /account/how-to/log-in-to-the-console, link needs updating
/iam/how-to/set-up-identity-federation/ --> /organization-security/how-to/set-up-identity-federation
- Also linked to from /use-cases/security/security-baseline, link needs updating
/iam/how-to/set-up-sso-with-authentik/ --> /organization-security/how-to/set-up-sso-with-authentik
/organizations-and-projects/how-to/enforce-mfa/ --> /organization-security/how-to/enforce-mfa
|
|
||
| A condition is an additional layer of restrictions for your rule. You can allow access to specific user agents or IP addresses, and allow actions to be performed only at certain dates and times. Conditions are defined through [CEL](#common-expression-language-cel) expressions, and can be set up and configured in the Scaleway console. Refer to the [Understanding policy conditions](/iam/reference-content/understanding-policy-conditions) documentation page to learn how they are set up and how you can define them. | ||
|
|
||
| ## Grace period |
Contributor
There was a problem hiding this comment.
Need to replace links towards this anchor with the new URL (find in "/pages" /iam/concepts/#grace-period replace with /organization-security/concepts/#grace-period
Possible also check for links from the console
| label: 'Set up SSO with Authentik', | ||
| slug: 'set-up-sso-with-authentik' | ||
| }, | ||
| { |
SamyOubouaziz
added
the
do not merge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Your checklist for this pull request
Description
Please describe what you added or changed.