docs: Docs v2 (#3733)

* fix: change images

* fix: change images, add policies

* fix: change images, add policies

* docs: add customer portal docs

* docs: add customer portal docs

* docs: add customer portal docs

* docs: add customer portal docs

* docs: organization creation

* docs: policy docs

* docs: change password

* docs: verify domain

* docs: profile page

* docs: profile page

* docs: profile page

* docs: login page

* docs: login page

* docs: fix broken links

* docs: customer portal users

* docs: instance detail

* docs: instance detail

* docs: getting started

* Update organizations.mdx

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

docs/docs/apis/introduction.mdx

@@ -208,8 +208,8 @@ In the table below you can see the URI of those calls.
 
 | Service | URI                                                                                                                                            |
 | :------ | :--------------------------------------------------------------------------------------------------------------------------------------------- |
-| REST    | [{your_domain}/auth/v1/users/me]({your_domain}/auth/v1/users/me)                                                             |
+| REST    | {your_domain}/auth/v1/users/me                                               |
-| GRPC    | [{your_domain}/caos.zitadel.auth.api.v1.AuthService/GetMyUser]({your_domain}/caos.zitadel.auth.api.v1.AuthService/GetMyUser) |
+| GRPC    | {your_domain}/caos.zitadel.auth.api.v1.AuthService/GetMyUser |
 
 ## Domains
 

docs/docs/apis/openidoauth/endpoints.md

@@ -8,13 +8,13 @@ import TabItem from '@theme/TabItem';
 ## OpenID Connect 1.0 Discovery
 
 The OpenID Connect Discovery Endpoint is located within the issuer domain.
- This would give us [{your_domain}/.well-known/openid-configuration]({your_domain}/.well-known/openid-configuration).
+ This would give us {your_domain}/.well-known/openid-configuration.
 
 **Link to spec.** [OpenID Connect Discovery 1.0 incorporating errata set 1](https://openid.net/specs/openid-connect-discovery-1_0.html)
 
 ## authorization_endpoint
 
-[https://accounts.zitadel.ch/oauth/v2/authorize]({your_domain}/oauth/v2/authorize)
+{your_domain}/oauth/v2/authorize
 
 :::note
 The authorization_endpoint is located with the login page, due to the need of accessing the same cookie domain
@@ -142,7 +142,7 @@ the error will be display directly to the user on the auth server
 
 ## token_endpoint
 
-[{your_domain}/oauth/v2/token]({your_domain}/oauth/v2/token)
+{your_domain}/oauth/v2/token
 
 The token_endpoint will as the name suggests return various tokens (access, id and refresh) depending on the used `grant_type`. 
 When using [`authorization_code`](#authorization-code-grant-code-exchange) flow call this endpoint after receiving the code from the authorization_endpoint.
@@ -321,7 +321,7 @@ Send a `client_assertion` as JWT for us to validate the signature against the re
 
 ## introspection_endpoint
 
-[{your_domain}/oauth/v2/introspect]({your_domain}/oauth/v2/introspect)
+{your_domain}/oauth/v2/introspect
 
 This endpoint enables client to validate an `acccess_token`, either opaque or JWT. Unlike client side JWT validation,
 this endpoint will check if the token is not revoked (by client or logout).
@@ -387,7 +387,7 @@ If the authorization fails, an HTTP 401 with `invalid_client` will be returned.
 
 ## userinfo_endpoint
 
-[{your_domain}/oauth/v2/userinfo]({your_domain}/oauth/v2/userinfo)
+{your_domain}/oauth/v2/userinfo
 
 This endpoint will return information about the authorized user.
 
@@ -409,7 +409,7 @@ If the token is invalid or expired, an HTTP 401 will be returned.
 
 ## revocation_endpoint
 
-[{your_domain}/oauth/v2/revoke]({your_domain}/oauth/v2/revoke)
+{your_domain}/oauth/v2/revoke
 
 This endpoint enables clients to revoke an `access_token` or `refresh_token` they have been granted.
 
@@ -482,13 +482,13 @@ curl --request POST \
 
 ## end_session_endpoint
 
-[{your_domain}/oauth/v2/endsession]({your_domain}/oauth/v2/endsession)
+{your_domain}/oauth/v2/endsession
 
 > The end_session_endpoint is located with the login page, due to the need of accessing the same cookie domain
 
 ## jwks_uri
 
-[{your_domain}/oauth/v2/keys]({your_domain}/oauth/v2/keys)
+{your_domain}/oauth/v2/keys
 
 > Be aware that these keys can be rotated without any prior notice. We will however make sure that a proper `kid` is set with each key!
 

docs/docs/concepts/introduction.mdx

@@ -39,4 +39,7 @@ Please be reminded that ZITADEL is open source — and so is the documentation.
   <ListWrapper title="Features">
     <ListElement link="./features/actions" type={ICONTYPE.FILE} title="Actions" description="Customizing ZITADELs behavior using the actions feature" />
   </ListWrapper>
+    <ListWrapper title="Customer Portal">
+      <ListElement link="./customerportal/instances" type={ICONTYPE.INSTANCE} title="Instances" description="Manage all your ZITADEL instances" />
+    </ListWrapper>
 </Column>

docs/docs/concepts/structure/_instance_description.mdx

@@ -1,5 +1,5 @@
 An instance is the top hierarchy in the ZITADEL.
-Within an instance all the default [settings](./policies), such as branding, login policy, password policy, etc. for the system can be configured.
+Within an instance all the default [settings](/docs/concepts/structure/policies), such as branding, login policy, password policy, etc. for the system can be configured.
 One instance normally runs on one domain and has one issuer. (e.g login.customer.com)
 
 One instance can contain multiple [organizations](./organizations). Which can represent the own company or the customers.

docs/docs/concepts/structure/policies.md

@@ -3,25 +3,40 @@ title: Settings/Policies
 ---
 
 Settings and policies are configurations of all the different parts of the Instance or an organization. For all parts we have a suitable default in the Instance.
-The default configuration can be overridden for each organization.
+The default configuration can be overridden for each organization, some policies are currently only available on the instance level. If thats the case it will be mentioned on the descriptions below.
+
+You can find these settings in the instance page under settings, or on a specific organization menu organization in the section policies.
+Each policy can be overridden and reset to the default.
 
 ## General
 
-You can find these settings in the instance page under settings, or on a specific organization menu organization in the section polycies.
+:::info
-Each policy can be overridden and reset to the default.
+Only available on the instance settings
+:::
 
-## Password Complexity
+At the moment general settings is only one configuration. This defines the default language of the whole instance.
 
-With the password complexity policy you can define the requirements for a users password.
+![General Settings](/img/console_instance_policy_general.png)
 
-The following properties can be set:
+## Notification
-- Minimum Length
-- Has Uppercase
-- Has Lowercase
-- Has Number
-- Has Symbol
 
-![Password Complexity Policy](/img/manuals/policies/console_org_pw_complexity.png)
+:::info
+Only available on the instance settings
+:::
+
+In the notification settings you can configure your SMTP and an SMS Provider. At the moment only Twilio is available as SMS provider.
+
+### SMTP 
+On each instance we configure our default SMTP provider. To make sure, that you only send some E-Mails from domains you own. You need to add a custom domain on your instance.
+Go to the ZITADEL [customer portal](https://zitadel.cloud) to configure a custom domain. 
+
+![Notification Providers](/img/console_instance_policy_notification.png)
+
+### SMS
+
+No default provider is configured to send some sms to your users. If you like to validate the phone numbers of your users make sure to add your twilio configuration.
+
+![Notification Providers](/img/console_instance_policy_notification_twilio.png)
 
 ## Login Policy
 
@@ -37,7 +52,12 @@ The Login Policy defines how the login process should look like and which authen
 
 ![Login Policy](/img/manuals/policies/console_org_login.png)
 
-### Multifactors / Second Factors
+### Passwordless
+
+Passwordless authentication means that the user doesn't need to enter a password to login. In our case the user has to enter his loginname and as the next step proof the identity through a registered device or token.
+There are two different types one is depending on the device (e.g. Fingerprint, Face recognition, WindowsHello) and the other is independent (eg. Yubikey, Solokey).
+
+### Multifactor
 
 In the multifactors section you can configure what kind of multifactors should be allowed. For passwordless to work, it's required to enable U2F (Universial Second Factor) with PIN. There is no other option at the moment.
 Multifactors:
@@ -49,13 +69,18 @@ Secondfactors:
 
 ![Second- and Multifactors](/img/manuals/policies/console_org_second_and_multi_factors.png)
 
-### Identity Providers
+## Password Complexity
 
-You can configure all kinds of external identity providers for identity brokering, which support OIDC (OpenID Connect).
+With the password complexity policy you can define the requirements for a users password.
-Create a new identity provider configuration and enable it in the list afterwards.
 
-For a detailed guide about how to configure a new identity provider for identity brokering have a look at our guide:
+The following properties can be set:
-[Identity Brokering](../../guides/authentication/identity-brokering)
+- Minimum Length
+- Has Uppercase
+- Has Lowercase
+- Has Number
+- Has Symbol
+
+![Password Complexity Policy](/img/manuals/policies/console_org_pw_complexity.png)
 
 ## Lockout Policy
 
@@ -66,8 +91,24 @@ The following settings are available:
 
 If an account is locked, the administrator has to unlock it in the ZITADEL console
 
+## Identity Providers
 
-## Private Labeling / Branding
+You can configure all kinds of external identity providers for identity brokering, which support OIDC (OpenID Connect).
+Create a new identity provider configuration and enable it in the list afterwards.
+
+For a detailed guide about how to configure a new identity provider for identity brokering have a look at our guide:
+[Identity Brokering](../../guides/authentication/identity-brokering)
+
+## Domain policy
+
+In the domain policy you have two different settings.
+One is the "user_login_must_be_domain", by setting this all the users within an organisation will be suffixed with the domain of the organisation.
+
+The second is "validate_org_domains" if this is set to true all created domains on an organisation must be verified per acme challenge.
+More about how to verify a domain [here](../../guides/basics/organizations#domain-verification-and-primary-domain).
+If it is set to false, all registered domain will automatically be created as verified and the users will be able to use the domain for login.
+
+## Branding
 
 With private labeling you can brand and customize your login page and emails, that it matches your CI/CD.
 You can configure a light and a dark design.
@@ -82,17 +123,50 @@ Make sure you click the "Set preview as current configuration" button after you
 | Hide Loginname suffix | If enabled,  your loginname suffix (Domain) will not be shown in the login page |
 | Disable Watermark | If you disable the watermark you will not see the "Powered by ZITADEL" in the login page |
 
-![Private Labeling](/img/manuals/policies/console_org_private_labeling.png)
+![Private Labeling](/img/console_private_labeling.png)
 
 ## Privacy Policy and TOS
 
-Each organization is able to configure its own privacy policy and terms of service.
+Each organization is able to configure its own privacy policy, terms of service and help.
 A link to the current policies can be provided. On register each user has to accept these policies.
 
+By clicking on an input field you can see the language attribute to integrate into a link, for the possibility to have different links for different languages.
+The language of the user will be set into the url.
+Example:
+https://demo.com/tos-{{.Lang}}
 
-## Domain policy
+![Privacy Policy](/img/manuals/policies/console_org_privacy.png)
 
-In the domain policy you have two different settings. 
+## OIDC token lifetime and expiration
-One is the "user_login_must_be_domain", by setting this all the users within an organisation will be suffixed with the domain of the organisation.
+
-The second is "validate_org_domains" if this is set to true all created domains on an organisation must be verified per acme challenge. [Verify Domain] (../../guides/basics/organizations#domain-verification-and-primary-domain)
+:::info
-If it is set to false, all registered domain will automatically be created as verified and the users will be able to use the domain for login.
+Only available on the instance settings
+:::
+
+Configure how long the different oidc tokens should life.
+You can set the following times:
+- Access Token Lifetime
+- ID Token Lifetime
+- Refresh Token Expiration
+- Refresh Token Idle Expiration
+
+![OIDC Token Lifetimes](/img/manuals/policies/console_policy_oidc.png)
+
+
+## Secret appearance
+
+:::info
+Only available on the instance settings
+:::
+
+ZITADEL has some different codes and secrets, that can be specified.
+You can configure what kind of characters should be included, how long the secret should be and the expiration.
+The following secrets can be configured:
+- Initialization Mail Code
+- Email verification code
+- Phone verification code
+- Password reset code
+- Passwordless initialization code
+- Application secrets
+
+![OIDC Token Lifetimes](/img/manuals/policies/console_policy_secrets.png)

docs/docs/guides/basics/get-started.mdx

@@ -11,24 +11,23 @@ It additionally leverages industry standards like OAuth 2.0 and OpenID Connect s
 
 This provides a quick start guide on how to register your organization as well as creating your first project.
 
-## Trying out ZITADEL on zitadel.ch
+## Trying out ZITADEL on zitadel.cloud
 
-<Column>
+1. Go to zitadel.cloud to create your first ZITADEL instance. If you already have a ZITADEL instance sign in with your Customer Portal user.already
-<div>
+2. Enter all the data for your instance
+3. By clicking "Let's go" we will create a new instance in the "Free" tier, where you already get all the features
+4. You will now get two different initialize emails. One is to verify the user for the Customer Portal and one for the first user in your ZITADEL instance
 
-To create a ZITADEL project, you have to register as an organization first. Click [here](https://accounts.zitadel.ch/register/org) to register.
+You can now use the Customer Portal and you are ready to configure your ZITADEL instance
-You will receive an email prompting you to verify your mail.
-Then go to your [Console Projects](https://console.zitadel.ch/projects) view and create a new project.
 
-Now you can proceed adding users to your organization as well as integrating your applications. We refer to our guides as well as our [Quickstarts](../../quickstarts/introduction) to do so.
+![Customer Portal Landing Page](/img/manuals/portal/customer_portal_landing_page.png)
 
-</div>
+## Login to your instance
-<img width="400px" src="/img/accounts_org_register_light.png" alt="register view"/>
-</Column>
 
-### Verify your domain name (optional)
+After you have initialized your first admin user of the new created ZITADEL instance. You can access the Instance Console, to manage all your resources.
+Login with the user you have initialized.
 
-If you verify a domain you get the benefit that your organisations users can use this domain as the **preferred logonname**.
+![Console Landing Page](/img/console_dashboard.png)
 
 ### Elect Managers
 
@@ -40,7 +39,16 @@ Read the [guides](../overview) for more information.
 ### Integrating an application
 
 After creating your project you can start integrating your applications.
-After choosing your [project](https://console.zitadel.ch/projects) add a client application on the top of the page.
+After choosing your project add a client application on the top of the page.
 The wizard should provide some guidance what client is the proper for you. If you are still unsure consult our [Guide Project](projects).
 
-## Learn more
+## Login to Customer Portal
+
+Use your Customer Portal user to login to the ZITADEL Customer Portal.
+Here you can manage all your different instances, subscriptions and billing data.
+
+1. Click on the new created instance in the list
+2. In the section Domains you can find the generated domain for your instanc
+3. Click on the domain and you will be able to login
+
+Find out more about the Customer Portal [here](/docs/manuals/customerportal/overview).

docs/docs/guides/basics/instance.mdx

@@ -78,7 +78,7 @@ Make sure to click the button "apply configuration" after you are finish to trig
 
 ## Summary
 
-* Create your instance in the customer portal
+* Create your instance in the Customer Portal
 * Verify your domain in the Customer Portal to improve user experience; remember to not delete the verification code to allow recheck of ownership
 * You can manage all your default settings in the instance itself
 

docs/docs/guides/basics/organizations.mdx

@@ -20,17 +20,18 @@ There are several more modules in our documentation to go into more detail regar
 
 ## Exercise - Create a new organization
 
-To register your organization and create a user for ZITADEL, visit zitadel.ch or directly <https://accounts.zitadel.ch/register/org> and fill in the required information.
+To create a new organization login to your ZITADEL instance ({your-domain}-{random string}.zitadel.cloud or your custom domain).
+Click the organization drop down in the name in the upper left corner in the header, and then select “New organization”.
+You can either create a new organization with yourself as the organization manger or directly add another account.
+
+![Select Organization](/img/console_org_select.png)
+
+
+If you want to enable you customers to create their organization by themself, we provide a creation form for a organization. <https://{your-domain}-{random string}.zitadel.cloud/ui/login/register/org>
+The customer needs to fill in the form with the organization name and the contact details.
 
 ![Register new Organization](/img/console_org_register.png)
 
-<Column>
-<div>
-  If you already have an existing login for zitadel.ch, you need to visit the console, then click on your organization’s name in the upper left corner, and then select “New organization”.
-</div>
-
-<img src="/img/console_org_select.png" alt="Select Organization"/>
-</Column>
 
 ## How ZITADEL handles usernames
 

docs/docs/guides/customization/texts.md

@@ -39,4 +39,4 @@ ZITADEL is available in the following languages
 
 A language is displayed based on your agent's language header. The default language is English.
 
-If you need support for a specific language we highly encourage you to [contribute translation files](/CONTRIBUTING.md) for the missing language.
+If you need support for a specific language we highly encourage you to [contribute translation files](https://github.com/zitadel/zitadel/blob/v2-alpha/CONTRIBUTING.md) for the missing language.

docs/docs/guides/overview.mdx

@@ -7,7 +7,7 @@ import Column from "../../src/components/column";
 
 With our guides you will learn everything you need to know about specific topics. You get step-by-step instructions for certain tasks and have a knowledge check at the end.
 
-You can either use our cloud-instance [zitadel.com](https://zitadel.com) or deploy your own **ZITADEL** instance. To get started, we recommend you to try out our free tier first. Jump directly to the [get started](./guides/installation) docs.
+You can either use our cloud-instance [zitadel.com](https://zitadel.com) or deploy your own **ZITADEL** instance. To get started, we recommend you to try out our free tier first. Jump directly to the [get started](./installation) docs.
 
 <Column>
   <ListWrapper title="Get to know ZITADEL">

docs/docs/manuals/customerportal/billing.md

@@ -0,0 +1,23 @@
+---
+title: Billing
+---
+
+In the billing page shows your configured payment methods and the invoice 
+
+![Customer Portal Billing](/img/manuals/portal/customer_portal_billing.png)
+
+## Payment and Billing
+
+If you click on edit payment and billing you will get redirected to the payment page of stripe.
+Configure your payment method here.
+
+At the moment we provide the following methods:
+- Credit Card
+- Apple Pay
+- Google Pay
+
+Once a payment method is configured, it can be selected directly in the instance creation process.
+
+## Invoices
+
+We show all you invoices, and you are able to download them directly in the Customer Portal.

docs/docs/manuals/customerportal/instances.md

@@ -0,0 +1,55 @@
+---
+title: Instances
+---
+
+The ZITADEL customer Portal is used to manage all your different ZITADEL instances.
+You can also manage your subscriptions, billing, newsletters and support requests.
+
+## Overview
+
+The overview shows all the instances that are registered for a specific customer.
+You can directly see what kind of subscription the instance has and in which data region it is stored.
+With a click on a instance row you get to the detail of the chosen instance.
+
+## New instance
+
+Click on the new button above the instance table to create a new instance.
+1. Enter the name of your new instance
+2. Choose if you like to start with the free or the pay as you go tier
+3. Choose your options (pay as you go)
+   1. Data Region: The region where your data is stored
+   2. Custom Domain: We generate a default domain ({instance-name}-{random-string}.zitadel.cloud), but you can choose you custom domain
+   3. If our basic SLA and Support is not enough, you can extend it
+4. Check the summary
+5. Add you payment method (pay as you go)
+6. Return to Customer Portal
+7. Instance created!
+
+You will get an email to initialize your first user of the instance and to access the new created ZITADEL instance.
+
+![New Instance](/img/manuals/portal/customer_portal_new_instance.gif)
+
+## Detail
+
+The detail shows you general information about your instance, which options you have and your usage.
+
+![New Instance](/img/manuals/portal/customer_portal_instance_detail.png)
+
+## Custom Domain
+
+We recommend register a custom domain to access your ZITADEL instance.
+The primary domain of your ZITADEL instance will be the issuer of the instance. All other domains can be used to access the instance itself
+
+Be aware that it has some impacts if you change the primary domain of your instance.
+1. The urls and issuer have to change in your app
+2. Passwordless authentication is based on the domain, if you change it, your users will not be able to login with the registered passwordless authentication
+
+### Verify Domain
+
+If you need a custom domain for your ZITADEL instance, you need to verify the domain.
+
+1. Go to your DNS provider
+2. Add a new CNAME record (You can find the target on the detail page of your instance)
+3. After adding the CNAME you need to wait till the domain is verified (this can take some time)
+
+You will now be able to use the added custom domain to access your ZITADEL instance

docs/docs/manuals/customerportal/overview.md

@@ -0,0 +1,14 @@
+---
+title: Overview
+---
+
+The ZITADEL customer Portal is used to manage all your different ZITADEL instances.
+You can also manage your subscriptions, billing, newsletters and support requests.
+
+More details on the specific objects:
+
+- [Getting Started](./start)
+- [Instances](./instances)
+- [Billing](./billing)
+- [Users](./users)
+- [Support](./support)

docs/docs/manuals/customerportal/start.md

@@ -0,0 +1,22 @@
+---
+title: Getting Started
+---
+
+If you are new to ZITADEL your first action is to create your first ZITADEL instance and an account to access the ZITADEL Customer Portal.
+
+Got to [ZITADEL Customer Portal](https://zitadel.cloud) and enter all the detail information.
+As soon as you click "Let's go" you will get two initialization mails to finish your registration.
+One is for your Customer Portal account and the other for your new created ZITADEL instance, verify both to be able to login to the systems.
+
+To get started, enter the following data:
+- Firstname
+- Lastname
+- Email
+- Username
+- Organization Name
+- Instance Name
+
+![Customer Portal Landing Page](/img/manuals/portal/customer_portal_landing_page.png)
+
+The instance you have created will automatically be in the free subscription, which already allows you to use all the features.
+Sign in to [ZITADEL Customer Portal](https://zitadel.cloud), to manage all you instances.

docs/docs/manuals/customerportal/support.md

@@ -0,0 +1,14 @@
+---
+title: Support
+---
+
+In the header you can find a button for the support.
+
+Create a new support request with the following information:
+- Severity
+- Subject
+- Message
+
+At the bottom of the page you can see all your support requests. 
+
+![Customer Portal Support](/img/manuals/portal/customer_portal_support.png)

docs/docs/manuals/customerportal/users.md

@@ -0,0 +1,31 @@
+---
+title: Users
+---
+
+Manage all your users who are allowed to access the Customer Portal.
+For the moment all users with access to the Customer Portal will have the role "Admin".
+
+![Create user](/img/manuals/portal/customer_portal_user_list.png)
+
+
+## Add new user
+
+1. Go to the Users tab in the ZITADEL Customer Portal
+2. Click the button "Create user"
+3. Fill in the Firstname, Lastname, Email and the username
+4. Click create
+
+The user will get a verification email, by clicking the button in the mail, he will get to the user activation screen and has to enter a password.
+
+![Create user](/img/manuals/portal/customer_portal_create_user.png)
+
+## Delete user
+
+1. Go to the Users tab in the ZITADEL Customer Portal
+2. Click the bin icon in the users table for the user you like to delete
+3. You will get a popup, where you have to enter the login name of the user to confirm that you like to delete the user
+4. Click the "delete" button
+
+The user will be deleted and has no access to the Customer Portal anymore
+
+![Delete user](/img/manuals/portal/customer_portal_delete_user.png)

docs/docs/manuals/introduction.mdx

@@ -7,19 +7,21 @@ import Column from '../../src/components/column';
 
 In this section we provide manuals for different user profiles.
 
-<ListWrapper title="User">
+<ListWrapper title="User Profile/Login">
   <Column>
     <div>
-      <ListElement link="/docs/manuals/user-register" type={ICONTYPE.HELP_REGISTER} title="Register" description="User and Org registration" />
+      <ListElement link="/docs/manuals/user-profile#change-password" type={ICONTYPE.HELP_PASSWORD} title="Password" description="Change your ZITADEL password" />
-      <ListElement link="/docs/manuals/user-login" type={ICONTYPE.HELP_LOGIN} title="Login" description="Login methods, use of multifactors, passwordless" />
+      <ListElement link="/docs/manuals/user-profile#change-email" type={ICONTYPE.HELP_EMAIL} title="Email" description="Change your email address" />
-      <ListElement link="/docs/manuals/user-passwordless" type={ICONTYPE.HELP_PASSWORDLESS} title="Passwordless" description="Authenticate with your fingerprint or security key." />
+      <ListElement link="/docs/manuals/user-profile#change-phone" type={ICONTYPE.HELP_PHONE} title="Phone" description="Change your phone number" />
-      <ListElement link="/docs/manuals/user-password" type={ICONTYPE.HELP_PASSWORD} title="Password" description="Change your ZITADEL password" />
+      <ListElement link="/docs/manuals/user-profile#identity-providers" type={ICONTYPE.HELP_SOCIAL} title="Social logins" description="Link an external Identity Provider with your accoun" />
+      <ListElement link="/docs/manuals/user-profile#passwordless" type={ICONTYPE.HELP_PASSWORDLESS} title="Passwordless" description="Authenticate with your fingerprint or security key." />
+      <ListElement link="/docs/manuals/user-profile#multifactor-authentication" type={ICONTYPE.HELP_FACTORS} title="Factors" description="Enable multifactor authentication for more security" />
     </div>
     <div>
-      <ListElement link="/docs/manuals/user-factors" type={ICONTYPE.HELP_FACTORS} title="Factors" description="Enable multifactor authentication for more security" />
+      <ListElement link="/docs/manuals/user-profile#authorization" type={ICONTYPE.POLICY} title="Authorizations" description="Show all the permissions and roles you have" />
-      <ListElement link="/docs/manuals/user-email" type={ICONTYPE.HELP_EMAIL} title="Email" description="How to change your email" />
+      <ListElement link="/docs/manuals/user-profile#memberships" type={ICONTYPE.ARCHITECTURE} title="Memberships" description="See the permissions you have within ZITADEL" />
-      <ListElement link="/docs/manuals/user-phone" type={ICONTYPE.HELP_PHONE} title="Phone" description="How to change your phonenumber" />
+      <ListElement link="/docs/manuals/user-profile#metadata" type={ICONTYPE.PRIVATELABELING} title="Metadata" description="Additional data on your user" />
-      <ListElement link="/docs/manuals/user-social-login" type={ICONTYPE.HELP_SOCIAL} title="Social Login" description="Link an external Identity Provider with your account" />   
+      <ListElement link="/docs/manuals/user-login" type={ICONTYPE.LOGIN} title="Login" description="Login with your ZITADEL user" />
     </div>
   </Column> 
 </ListWrapper>

docs/docs/manuals/user-email.md

@@ -1,12 +0,0 @@
----
-title: Email
----
-
-To change your email address visit your Personal Information page and amend the email field.
-
-
-## Change EMail
-![Change EMail](/img/change-email.gif)
-
-## Verify EMail
-![Verify EMail](/img/email-verify.gif)

docs/docs/manuals/user-factors.md

@@ -1,45 +0,0 @@
----
-title: Factors
----
-
-## Manage Multi Factor
-
-To enable multifactor authentication visit the "Personal Information" page of your account and scroll to the "multifactor authentication".
-
-:::caution
-In order to avoid being locked out if a factor does not work, we recommend registering several options
-:::
-
-### Configure OTP (One Time Password)
-
-An OTP application creates a dynamic Token that changes periodically and needs to be added in addition to the password. 
-1. Install an appropriate OTP application of your choice
-2. Click Add AuthFactor
-3. Choose OTP Option
-4. Scan the QR Code with you chosen authenticator app
-5. Enter the code from your app in the ZITADEL Console
-
-:::info
-Some example Authenticator Apps for OTP are: Google Authenticator, Microsoft Authenticator, Authy. You can choose the one you like the most.
-:::
-
-![Add One Time Password](/img/manuals/console_add_otp.gif)
-
-### Configure U2F (Universal Second Factor)
-
-U2F is dependent on the device and browser you are currently working.
-In general there might be the following possibilities:
-- FingerScan
-- FaceRecognition (e.g. FaceID)
-- Hardware Tokens (e.g. YubiKey, Solokeys)
-
-Hardware Tokens are basically a piece of hardware such as a USB key that gets linked to your Identity and authorizes as second factor when a button on the device is pressed.
-
-:::info
-Some example Keys are [Solokeys](https://solokeys.com) or [Yubikey](https://www.yubico.com/) You can choose the one you like the most.
-:::
-
-![Add Universal Second Factor](/img/manuals/console_add_u2f.gif)
-
-
-

docs/docs/manuals/user-login.md

@@ -4,11 +4,16 @@ title: Login
 
 ## Login Username
 
-Enter your login name in the input field. Your loginname consists of the username with @ organisation domain. E.g road.runner@acme.caos.ch
+Enter your login name in the input field. Your loginname consists of the username with @ organisation domain. E.g road.runner@acme.zitadel.cloud
 If the organization is already pre-selected you do not have to enter the domain.
 
 ![Login Username](/img/accounts_page.png)
 
+## Select Account
+
+If you already have logged in with an account in this browser. ZITADEL has stored your usersession and you will be able to choose one of the accounts.
+
+
 
 ## Login with Password
 
@@ -25,18 +30,18 @@ If you have registered a One time password (OTP) as a second factor you need to
 
 ![Login OTP](/img/accounts_multifactor.png)
 
-You can find out how to register OTP [here](./user-factors).
+You can find out how to register OTP [here](./user-profile##one-time-password-otp).
 
 ### Can't remember your otp
 
-If you have a problem with your OTP, please contact your organization support. If you have a user in the Global Organization feel free to contact support@zitadel.com
+If you have a problem with your OTP, please contact the support of your organization.
 
 ## Login with Universal Second Factor (U2F) (FaceID, FingerPrint, etc.)
 
 If you have registered U2F as second factor for your account you will have to verify this factor.
 1. Click the button "Verify Token"
 2. Your browser/device will show you the methods you have to verify your account (e.g FingerScan, Face Recognition, External Hardware Token, etc)
-3. Use your verification method
+3. Follow the steps your browser shows you
 
 ![Login Multi Factor](/img/login-mfa.gif)
 

docs/docs/manuals/user-password.md

@@ -1,12 +0,0 @@
----
-title: Password
----
-
-## Change Password
-
-To change your password you can hit the link right at the overview page. Alternatively  you can set it in the "Personal Information" page.
-
-
-Change Password
-![Change Password](/img/change-password.gif)
-

docs/docs/manuals/user-passwordless.md

@@ -1,28 +0,0 @@
----
-title: Passwordless
----
-
-## Register Passwordless Authentication
-
-Add passwordless authentication to secure your account.
-
-1. Go to personal information - passwordless authentication
-2. Click add authenticator
-3. Enter a name for your authentication
-4. You have three options to register a new method
-   - Directly register a new method
-   - Send a link to your email address
-   - Generate a QR Code to scan with another device (e.g. Mobile Phone)
-5. Directly register a new method 
-   1. Your device/browser will show you the possibilities you have
-   2. Choose your preferred method
-   3. Verify your method (e.g. Finger Scan, Face Recognition, Hardware Token, etc..)
-
-:::caution
-If you use different browsers, make sure you register all of them, otherwise you will not be able to use passwordless registration everywhere.
-This doesn't count for hardware tokens, as these are device independent.
-:::
-
-
-![Add Passwordless](/img/manuals/console_add_passwordless_direct.gif)
-

docs/docs/manuals/user-phone.md

@@ -1,14 +0,0 @@
----
-title: Phone
----
-
-
-## Change Phone
-
-tbd
-
-## Verify Phone
-
-tbd
-
-## Remove Phone

docs/docs/manuals/user-profile.md

@@ -0,0 +1,133 @@
+---
+title: User Profile
+---
+
+To get to your user profile you have to login to your ZITADEL Console {your-domain}-{randomstring}.zitadel.cloud or {your-custom-domain}.
+If you have no special permissions in the ZITADEL Console, you will get directly to your profile page. 
+Otherwise click on your user avatar in the top right of the console. A menu will open, with the "Edit Account" button you will be redirected to your profile page.
+
+## Loginname
+
+You are able to login with some different login names. The login name consists of the username and the organization suffix. The organization suffix are the registered domains on your organization.
+![Loginname](/img/manuals/console_profile_loginname.png)
+
+## General
+
+In the general section you can find your profile data and contact information.
+In the profile data you can change the following data:
+- Avatar
+- Username
+- Firstname
+- Lastname
+- Nickname
+- Display Name
+- Gender
+- Language
+
+In the contact information you can change your password, email and phone number. The Email and Phone number need to be verified.
+
+![Profile](/img/manuals/console_profile.png)
+### Change Password
+
+Change your password by entering your old, new and new confirmation password.
+
+![Change Password](/img/change_password.gif)
+
+### Change Email
+
+Click on the edit button next to the email to change your email address.
+You will now get an email to verify that this is your account. This can take a moment. 
+Click on the button in the mail to verify the address. If you now reload your profile page the email address should be shown as verified.
+
+If you wait to long to verify the email, your code will probably be expired. 
+The get a new verification mail click on "resend code" next to the "not verified" label.
+
+The email doesn't need to be unique within the whole system.
+
+### Change Phone number
+
+The phone number is not mandatory withing ZITADEL. If you like to add it, you have to verify it. 
+
+1. Click "edit button" and add your number
+2. Get an SMS with a verification code to the added number
+3. Click "Verify" below the added number
+4. A popup with an Input field for your code will be shown
+5. Enter the code a click "OK"
+
+Your phone number should now be verified.
+
+## Identity Providers
+
+The identity provider section shows you, if you have linked an account from another system. (e.g. Google Account, Github, Azure AD, etc)
+If you have some linked accounts, in this section you can remove them, if you don't need them anymore.
+
+## Passwordless
+
+ZITADEL provides some different authentication methods, passwordless is one of them.
+Passwordless has two different types, system based or system independent.
+
+If you use system based methods make sure to register all the different devices you need to login. (e.g. Notebook, Mobile Phone, etc)
+ 
+Examples for passwordless authentication methods are: Fingerprint, Windows Hello, Face Recognition, etc.
+For device independent authentication you can use some hardware tokens. e.g. Yubikey, Solokey, etc.
+
+There are different options how to add a passwordless autehntication.
+1. Add directly on the current device
+2. Send a registration link to your email. You can open this email and use the link on any device you like to register
+3. Generate a qr code with a registration link and scann the QR Code with the device where you like to register 
+
+Make sure to add at least to different devices or a device independent method
+
+![Add Passwordless fingerprint](/img/manuals/console_profile_passwordless.gif)
+
+## Multifactor Authentication
+
+Multifactor authentication means that after entering the password, you need some kind of second authentication.
+At the moment ZITADEL provides Webauthn and OTP.
+Webauthn uses your device to authenticate e.g Fingerprint, Face Recognition, Windows Hello.
+OTP means One time password, to use this method you need to install some kind of Authenticator App like Google Authenticator, Authy, Microsoft Authenticator.
+
+### Fingerprint, Security Keys, Face ID, etc.
+
+Use a method that is provided by your device to authenticate yourself.
+
+1. Click the button "Add Factor" in the multifactor authentication section of your profile
+2. Choose Fingerprint, Security Keys, Face ID and others
+3. Enter a name which identifies your authentication (e.g iPhone Road.Runner, Mac Book 1, Yubikey), The name is used for nothing just for yourself to recognize what you have registered.
+4. Your device will show you a popup to choose what method you like to register
+5. Choose the method ond follow the instructions (e.g. Scan your finger, Enter Pin, etc.)
+
+![Add MFA Fingerprint](/img/manuals/console_profile_mfa_webauthn.gif)
+
+### One time Password (OTP)
+
+For One time password (OTP) you will need an Authenticator app of your choice that provides an authentication code.
+
+1. Download an Authenticator App of your choice (e.g. Authy, Google Authenticator, Microsoft Authenticator, etc.)
+2. Click the button "Add Factor" in the multifactor authentication section of your profile
+3. Choose OTP (One-Time-Password)
+4. Scan the QR Code with your app
+5. Enter the code you get in the app in the Code input field
+
+You will now be able to use otp as a second factor during the login process
+
+
+
+## Authorization
+
+In the authorization section you can see all the permissions and roles you have to some different applications.
+
+## Memberships
+
+Membership is the role model ZITADEL provides for itself. If you have any permissions to manage something within ZITADEL you will have a membership.
+This memeberships are hierarchical and have the following layers:
+- System
+- Organization
+- Project
+- Granted Project
+
+To read more about the different roles withing ZITADEL click [here](../concepts/structure/managers.md).
+
+## Metadata
+
+Sometimes it is needed to store some more data on a user. This data can be stored in the metadata.

docs/docs/manuals/user-social-login.md

@@ -1,31 +0,0 @@
----
-title: Social Login
----
-
-## Identity Linking
-
-To link an external Identity Provider with a Zitadel Account you have to:
-
-1. choose your IDP
-2. Login to your IDP
-
-you can then either
-
-1. link the Identity to an existing ZITADEL useraccount
-2. auto register a new ZITADEL useraccount
-
-
-Linking Accounts
-![Linking Accounts](/img/linking-accounts.gif)
-
-
-
-## Manage Account Linking
-
-You can manage the linked external IDP Providers within the "Personal Information" Page.
-
-
-Manage External IDP
-![Manage External IDP](/img/manage-external-idp.png)
-
-

docs/sidebars.js

@@ -211,20 +211,20 @@ module.exports = {
   ],
   manuals: [
     "manuals/introduction",
+    "manuals/user-profile",
+    "manuals/user-login",
     {
       type: "category",
-      label: "User",
+      label: "Customer Portal",
+      collapsed: true,
       items: [
-        "manuals/user-register",
+        "manuals/customerportal/overview",
-        "manuals/user-login",
+        "manuals/customerportal/start",
-        "manuals/user-passwordless",
+        "manuals/customerportal/instances",
-        "manuals/user-password",
+        "manuals/customerportal/billing",
-        "manuals/user-factors",
+        "manuals/customerportal/users",
-        "manuals/user-email",
+        "manuals/customerportal/support",
-        "manuals/user-phone",
-        "manuals/user-social-login",
       ],
-      collapsed: false,
     },
     "manuals/troubleshooting",
   ],

docs/src/components/list.jsx

@@ -12,6 +12,9 @@ export const ICONTYPE = {
   ARCHITECTURE: <div className="rounded rounded-architecture">
   <i className={`las la-sitemap`}></i>
 </div>,
+  INSTANCE: <div className="rounded rounded-instance">
+    <i className={`las la-industry`}></i>
+  </div>,
   LOGIN: <div className="rounded rounded-login">
     <i className={`las la-sign-in-alt`}></i>
   </div>,

docs/src/css/custom.css

@@ -360,7 +360,8 @@ main .container img {
 
 .rounded-system,
 .rounded-apis,
-.rounded-policy {
+.rounded-policy,
+.rounded-instance {
   background: linear-gradient(40deg, #1f2937, #111827);
 }