Revert "website: latest migration to new structure" (#11634)

Revert "website: latest migration to new structure (#11522)"

This reverts commit 9a89a5f94b.

.github/pull_request_template.md

@@ -1,7 +1,7 @@
 <!--
 👋 Hi there! Welcome.
 
-Please check the Contributing guidelines: https://docs.goauthentik.io/docs/developer-docs/#how-can-i-contribute
+Please check the Contributing guidelines: https://goauthentik.io/developer-docs/#how-can-i-contribute
 -->
 
 ## Details

Makefile

@@ -19,13 +19,14 @@ pg_name := $(shell python -m authentik.lib.config postgresql.name 2>/dev/null)
 CODESPELL_ARGS = -D - -D .github/codespell-dictionary.txt \
 		-I .github/codespell-words.txt \
 		-S 'web/src/locales/**' \
-		-S 'website/docs/developer-docs/api/reference/**' \
+		-S 'website/developer-docs/api/reference/**' \
 		authentik \
 		internal \
 		cmd \
 		web/src \
 		website/src \
 		website/blog \
+		website/developer-docs \
 		website/docs \
 		website/integrations \
 		website/src

README.md

@@ -34,7 +34,7 @@ For bigger setups, there is a Helm Chart [here](https://github.com/goauthentik/h
 
 ## Development
 
-See [Developer Documentation](https://docs.goauthentik.io/docs/developer-docs/?utm_source=github)
+See [Developer Documentation](https://goauthentik.io/developer-docs/?utm_source=github)
 
 ## Security
 

authentik/blueprints/v1/importer.py

@@ -69,7 +69,7 @@ from authentik.stages.authenticator_webauthn.models import WebAuthnDeviceType
 from authentik.tenants.models import Tenant
 
 # Context set when the serializer is created in a blueprint context
-# Update website/docs/customize/blueprints/v1/models.md when used
+# Update website/developer-docs/blueprints/v1/models.md when used
 SERIALIZER_CONTEXT_BLUEPRINT = "blueprint_entry"
 
 

authentik/lib/default.yml

@@ -1,4 +1,4 @@
-# update website/docs/install-config/configuration/configuration.mdx
+# update website/docs/installation/configuration.mdx
 # This is the default configuration file
 postgresql:
   host: localhost

authentik/outposts/models.py

@@ -53,7 +53,7 @@ class ServiceConnectionInvalid(SentryIgnoredException):
 class OutpostConfig:
     """Configuration an outpost uses to configure it self"""
 
-    # update website/docs/add-secure-apps/outposts/_config.md
+    # update website/docs/outposts/_config.md
 
     authentik_host: str = ""
     authentik_host_insecure: bool = False

authentik/stages/prompt/models.py

@@ -38,7 +38,7 @@ LOGGER = get_logger()
 class FieldTypes(models.TextChoices):
     """Field types an Prompt can be"""
 
-    # update website/docs/add-secure-apps/flows-stages/stages/prompt/index.md
+    # update website/docs/flow/stages/prompt/index.md
 
     # Simple text field
     TEXT = "text", _("Text: Simple Text input")

scripts/api-ts-templates/README.mustache

@@ -4,7 +4,7 @@ This package provides a generated API Client for [authentik](https://goauthentik
 
 ### Building
 
-See https://docs.goauthentik.io/docs/developer-docs/making-schema-changes
+See https://goauthentik.io/developer-docs/making-schema-changes
 
 ### Consuming
 

web/src/admin/applications/ApplicationListPage.ts

@@ -2,7 +2,7 @@ import "@goauthentik/admin/applications/ApplicationForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { PFSize } from "@goauthentik/common/enums.js";
 import "@goauthentik/components/ak-app-icon";
-import MDApplication from "@goauthentik/docs/add-secure-apps/applications/index.md";
+import MDApplication from "@goauthentik/docs/applications/index.md";
 import "@goauthentik/elements/Markdown";
 import "@goauthentik/elements/buttons/SpinnerButton";
 import "@goauthentik/elements/forms/DeleteBulkForm";

web/src/admin/blueprints/BlueprintForm.ts

@@ -159,7 +159,7 @@ export class BlueprintForm extends ModelForm<BlueprintInstance, string> {
                                       target="_blank"
                                       rel="noopener noreferrer"
                                       href="${docLink(
-                                          "/docs/customize/blueprints/?utm_source=authentik#storage---oci",
+                                          "/developer-docs/blueprints/?utm_source=authentik#storage---oci",
                                       )}"
                                       >${msg("Documentation")}</a
                                   >

web/src/admin/outposts/OutpostDeploymentModal.ts

@@ -22,9 +22,7 @@ export class OutpostDeploymentModal extends ModalButton {
                 <p>
                     <a
                         target="_blank"
-                        href="${docLink(
-                            "/docs/add-secure-apps/outposts?utm_source=authentik#deploy",
-                        )}"
+                        href="${docLink("/docs/outposts?utm_source=authentik#deploy")}"
                         rel="noopener noreferrer"
                         >${msg("View deployment documentation")}</a
                     >

web/src/admin/outposts/OutpostForm.ts

@@ -215,7 +215,7 @@ export class OutpostForm extends ModelForm<Outpost, string> {
                     <a
                         target="_blank"
                         rel="noopener noreferrer"
-                        href="${docLink("/docs/add-secure-apps/outposts?utm_source=authentik")}"
+                        href="${docLink("/docs/outposts?utm_source=authentik")}"
                         >${msg("See documentation")}</a
                     >.
                 </p>
@@ -251,7 +251,7 @@ export class OutpostForm extends ModelForm<Outpost, string> {
                                 target="_blank"
                                 rel="noopener noreferrer"
                                 href="${docLink(
-                                    "/docs/add-secure-apps/outposts?utm_source=authentik#configuration",
+                                    "/docs/outposts?utm_source=authentik#configuration",
                                 )}"
                                 >${msg("Documentation")}</a
                             >

web/src/admin/policies/expression/ExpressionPolicyForm.ts

@@ -87,9 +87,7 @@ export class ExpressionPolicyForm extends BasePolicyForm<ExpressionPolicy> {
                             <a
                                 rel="noopener noreferrer"
                                 target="_blank"
-                                href="${docLink(
-                                    "/docs/customize/policies/expression?utm_source=authentik",
-                                )}"
+                                href="${docLink("/docs/policies/expression?utm_source=authentik")}"
                             >
                                 ${msg("See documentation for a list of all variables.")}
                             </a>

web/src/admin/property-mappings/BasePropertyMappingForm.ts

@@ -16,7 +16,7 @@ export abstract class BasePropertyMappingForm<T extends PropertyMapping> extends
     string
 > {
     docLink(): string {
-        return "/docs/add-secure-apps/providers/property-mappings/expression?utm_source=authentik";
+        return "/docs/providers/property-mappings/expression?utm_source=authentik";
     }
 
     getSuccessMessage(): string {

web/src/admin/property-mappings/PropertyMappingProviderRACForm.ts

@@ -154,7 +154,7 @@ export class PropertyMappingProviderRACForm extends BasePropertyMappingForm<RACP
                                 target="_blank"
                                 rel="noopener noreferrer"
                                 href="${docLink(
-                                    "/docs/add-secure-apps/providers/property-mappings/expression?utm_source=authentik",
+                                    "/docs/providers/property-mappings/expression?utm_source=authentik",
                                 )}"
                             >
                                 ${msg("See documentation for a list of all variables.")}

web/src/admin/property-mappings/PropertyMappingSourceLDAPForm.ts

@@ -10,7 +10,7 @@ import { LDAPSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/api
 @customElement("ak-property-mapping-source-ldap-form")
 export class PropertyMappingSourceLDAPForm extends BasePropertyMappingForm<LDAPSourcePropertyMapping> {
     docLink(): string {
-        return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik";
+        return "/docs/sources/property-mappings/expressions?utm_source=authentik";
     }
 
     loadInstance(pk: string): Promise<LDAPSourcePropertyMapping> {

web/src/admin/property-mappings/PropertyMappingSourceOAuthForm.ts

@@ -10,7 +10,7 @@ import { OAuthSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/ap
 @customElement("ak-property-mapping-source-oauth-form")
 export class PropertyMappingSourceOAuthForm extends BasePropertyMappingForm<OAuthSourcePropertyMapping> {
     docLink(): string {
-        return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik";
+        return "/docs/sources/property-mappings/expressions?utm_source=authentik";
     }
 
     loadInstance(pk: string): Promise<OAuthSourcePropertyMapping> {

web/src/admin/property-mappings/PropertyMappingSourcePlexForm.ts

@@ -10,7 +10,7 @@ import { PlexSourcePropertyMapping, PropertymappingsApi } from "@goauthentik/api
 @customElement("ak-property-mapping-source-plex-form")
 export class PropertyMappingSourcePlexForm extends BasePropertyMappingForm<PlexSourcePropertyMapping> {
     docLink(): string {
-        return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik";
+        return "/docs/sources/property-mappings/expressions?utm_source=authentik";
     }
 
     loadInstance(pk: string): Promise<PlexSourcePropertyMapping> {

web/src/admin/property-mappings/PropertyMappingSourceSAMLForm.ts

@@ -10,7 +10,7 @@ import { PropertymappingsApi, SAMLSourcePropertyMapping } from "@goauthentik/api
 @customElement("ak-property-mapping-source-saml-form")
 export class PropertyMappingSourceSAMLForm extends BasePropertyMappingForm<SAMLSourcePropertyMapping> {
     docLink(): string {
-        return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik";
+        return "/docs/sources/property-mappings/expressions?utm_source=authentik";
     }
 
     loadInstance(pk: string): Promise<SAMLSourcePropertyMapping> {

web/src/admin/property-mappings/PropertyMappingSourceSCIMForm.ts

@@ -10,7 +10,7 @@ import { PropertymappingsApi, SCIMSourcePropertyMapping } from "@goauthentik/api
 @customElement("ak-property-mapping-source-scim-form")
 export class PropertyMappingSourceSCIMForm extends BasePropertyMappingForm<SCIMSourcePropertyMapping> {
     docLink(): string {
-        return "/docs/user-sources/sources/property-mappings/expressions?utm_source=authentik";
+        return "/docs/sources/property-mappings/expressions?utm_source=authentik";
     }
 
     loadInstance(pk: string): Promise<SCIMSourcePropertyMapping> {

web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts

@@ -4,7 +4,7 @@ import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import renderDescriptionList from "@goauthentik/components/DescriptionList";
 import "@goauthentik/components/events/ObjectChangelog";
-import MDProviderOAuth2 from "@goauthentik/docs/add-secure-apps/providers/oauth2/index.md";
+import MDProviderOAuth2 from "@goauthentik/docs/providers/oauth2/index.md";
 import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/EmptyState";

web/src/admin/providers/proxy/ProxyProviderViewPage.ts

@@ -6,14 +6,14 @@ import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import { convertToSlug } from "@goauthentik/common/utils";
 import "@goauthentik/components/ak-status-label";
 import "@goauthentik/components/events/ObjectChangelog";
-import MDCaddyStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_caddy_standalone.md";
-import MDNginxIngress from "@goauthentik/docs/add-secure-apps/providers/proxy/_nginx_ingress.md";
-import MDNginxPM from "@goauthentik/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md";
-import MDNginxStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_nginx_standalone.md";
-import MDTraefikCompose from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_compose.md";
-import MDTraefikIngress from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_ingress.md";
-import MDTraefikStandalone from "@goauthentik/docs/add-secure-apps/providers/proxy/_traefik_standalone.md";
-import MDHeaderAuthentication from "@goauthentik/docs/add-secure-apps/providers/proxy/header_authentication.md";
+import MDCaddyStandalone from "@goauthentik/docs/providers/proxy/_caddy_standalone.md";
+import MDNginxIngress from "@goauthentik/docs/providers/proxy/_nginx_ingress.md";
+import MDNginxPM from "@goauthentik/docs/providers/proxy/_nginx_proxy_manager.md";
+import MDNginxStandalone from "@goauthentik/docs/providers/proxy/_nginx_standalone.md";
+import MDTraefikCompose from "@goauthentik/docs/providers/proxy/_traefik_compose.md";
+import MDTraefikIngress from "@goauthentik/docs/providers/proxy/_traefik_ingress.md";
+import MDTraefikStandalone from "@goauthentik/docs/providers/proxy/_traefik_standalone.md";
+import MDHeaderAuthentication from "@goauthentik/docs/providers/proxy/header_authentication.md";
 import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/Markdown";
@@ -166,7 +166,7 @@ export class ProxyProviderViewPage extends AKElement {
                     return input;
                 }
                 const extHost = new URL(this.provider.externalHost);
-                // See website/docs/add-secure-apps/providers/proxy/forward_auth.mdx
+                // See website/docs/providers/proxy/forward_auth.mdx
                 if (this.provider?.mode === ProxyMode.ForwardSingle) {
                     return input
                         .replaceAll("authentik.company", window.location.hostname)

web/src/admin/providers/scim/SCIMProviderViewPage.ts

@@ -5,7 +5,7 @@ import "@goauthentik/admin/rbac/ObjectPermissionsPage";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import "@goauthentik/components/events/ObjectChangelog";
-import MDSCIMProvider from "@goauthentik/docs/add-secure-apps/providers/scim/index.md";
+import MDSCIMProvider from "@goauthentik/docs/providers/scim/index.md";
 import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/Markdown";
 import "@goauthentik/elements/SyncStatusCard";

website/.gitignore

@@ -25,4 +25,4 @@ yarn-error.log*
 
 static/docker-compose.yml
 static/schema.yaml
-docs/developer-docs/api/reference/**
+developer-docs/api/reference/**

website/developer-docs/api/flow-executor.md

@@ -2,7 +2,7 @@
 title: Flow executor (backend)
 ---
 
-A big focus of authentik is the flows system, which allows you to combine and build complex conditional processes using stages and policies. Normally, these flows are automatically executed in the browser using authentik's [standard browser-based flow executor (/if/flows)](../../add-secure-apps/flows-stages/flow/executors/if-flow.md).
+A big focus of authentik is the flows system, which allows you to combine and build complex conditional processes using stages and policies. Normally, these flows are automatically executed in the browser using authentik's [standard browser-based flow executor (/if/flows)](/docs/flow/executors/if-flow).
 
 However, any flow can be executed via an API from anywhere, in fact that is what every flow executor does. With a few requests you can execute flows from anywhere, and integrate authentik even better.
 

website/developer-docs/hackathon/index.md

@@ -4,7 +4,7 @@ title: Hackathon 2023
 
 ![hackathon-image](./horizontal-brandon-frie-rdHeGGn7rwQ-unsplash.jpg)
 
-**REGISTRATION NOW CLOSED. PLEASE JOIN US FOR A FUTURE AUTHENTIK HACKATHON.**
+**REGISTRATION NOW CLOSED! PLEASE JOIN US FOR A FUTURE AUTHENTIK HACKATHON.**
 
 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
 

website/developer-docs/index.md

@@ -1,5 +1,6 @@
 ---
 title: Contributing to authentik
+slug: /
 ---
 
 :+1::tada: Thanks for taking the time to contribute! :tada::+1:
@@ -116,7 +117,7 @@ When you are creating an enhancement suggestion, please fill in [the template](h
 
 authentik can be run locally, all though depending on which part you want to work on, different pre-requisites are required.
 
-This is documented in the [developer docs](./setup/frontend-dev-environment.md).
+This is documented in the [developer docs](./setup/frontend-dev-environment.md)
 
 ### Help with the Docs
 
@@ -135,7 +136,7 @@ The process described here has several goals:
 
 Please follow these steps to have your contribution considered by the maintainers:
 
-1. Follow the [styleguides](#style-guides)
+1. Follow the [styleguides](#styleguides)
 2. After you submit your pull request, verify that all [status checks](https://help.github.com/articles/about-status-checks/) are passing <details><summary>What if the status checks are failing?</summary>If a status check is failing, and you believe that the failure is unrelated to your change, please leave a comment on the pull request explaining why you believe the failure is unrelated. A maintainer will re-run the status check for you. If we conclude that the failure was a false positive, then we will open an issue to track that problem with our status check suite.</details>
 3. Ensure your Code has tests. While it is not always possible to test every single case, the majority of the code should be tested.
 

website/developer-docs/setup/frontend-dev-environment.md

@@ -16,8 +16,8 @@ Depending on platform, some native dependencies might be required. On macOS, run
 
 ### Instructions
 
-1. Clone the git repo from https://github.com/goauthentik/authentik.
-2. In the cloned repository, follow the docker-compose installation instructions [here](../../install-config/install/docker-compose).
+1. Clone the git repo from https://github.com/goauthentik/authentik
+2. In the cloned repository, follow the docker-compose installation instructions [here](/docs/installation/docker-compose)
 3. Add the following entry to your `.env` file:
 
     ```
@@ -29,7 +29,7 @@ Depending on platform, some native dependencies might be required. On macOS, run
 
     This will cause authentik to use the beta images.
 
-4. Add this volume mapping to your compose file.
+4. Add this volume mapping to your compose file
 
     ```yaml
     services:

website/docs/add-secure-apps/flows-stages/stages/user_logout.md

@@ -1,5 +0,0 @@
----
-title: User logout stage
----
-
-Opposite stage of [User Login Stages](./user_login/index.md). It removes the user from the current session.

website/docs/advanced/tenancy.md

@@ -11,7 +11,7 @@ This feature is in alpha. Use at your own risk.
 ::::
 
 ::::info
-This feature is available from 2024.2 and is not to be confused with [brands](../customize/brands.md), which were previously called tenants.
+This feature is available from 2024.2 and is not to be confused with [brands](../core/brands.md), which were previously called tenants.
 ::::
 
 ## About tenants
@@ -32,7 +32,7 @@ For each additional tenant (beyond the default one), one or more licenses is req
 
 A single tenant and its corresponding installation can have multiple license keys. For example, a company might purchase one license for 50 users, and then later in the same year need to buy another license for 50 more users, due to company growth. Both licenses are associated to the one installation, the one tenant.
 
-Learn more in our documentation about [Enterprise licenses](../enterprise/manage-enterprise.md#license-management).
+Learn more in our documentation about [Enterprise licenses](../enterprise/manage-enterprise#license-management).
 
 ### Important considerations
 
@@ -42,7 +42,7 @@ Learn more in our documentation about [Enterprise licenses](../enterprise/manage
 
 -   Files are isolated on a per-tenant basis, with each tenant folder named according to the schema_name. For example, `/media/t_example`. The same is true regardless of the storage backend.
 
--   Using an [embedded outpost](../add-secure-apps/outposts/embedded/embedded.mdx) with multi-tenancy is not currently supported. Disable the embedded outpost with `AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true` configuration setting.
+-   Using an [embedded outpost](../outposts/embedded/embedded.mdx) with multi-tenancy is not currently supported. Disable the embedded outpost with `AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true` configuration setting.
 
 ## Usage
 
@@ -50,7 +50,7 @@ To create one or more additional tenants (beyond the default tenant) use the fol
 
 ### 1. Configure authentik to allow multiple tenants
 
-First, enable the multi-tenancy feature with the `AUTHENTIK_TENANTS__ENABLED=true` [configuration setting](../install-config/configuration/configuration.mdx).
+First, enable the multi-tenancy feature with the `AUTHENTIK_TENANTS__ENABLED=true` [configuration setting](../installation/configuration.mdx).
 
 Next, set `AUTHENTIK_TENANTS__API_KEY` to a random string. This string will be used to authenticate to the tenancy API. This key allows the creation of recovery keys for every tenant hosted by authentik, so be sure to _store it securely_. Be aware that creating a recovery key allows access to all data stored inside a tenant.
 
@@ -58,7 +58,7 @@ Be sure to disable the embedded outpost with `AUTHENTIK_OUTPOSTS__DISABLE_EMBEDD
 
 ### 2. Create a new tenant with authentik API endpoints
 
-Tenants are created using the API routes associated. Search for `tenant` in the [API browser](../developer-docs/api/reference/authentik) for the available endpoints.
+Tenants are created using the API routes associated. Search for `tenant` in the [API browser](/developer-docs/api/reference/authentik) for the available endpoints.
 
 When creating a tenant you must specify a `name`, used for display purposes, and a `schema_name`, used to create the PostgreSQL schema associated with the tenant.
 

website/docs/applications/index.md

@@ -22,7 +22,7 @@ Applications are displayed to users when:
 -   The user has access defined via policies (or the application has no policies bound)
 -   A valid Launch URL is configured/could be guessed, this consists of URLs starting with http:// and https://
 
-The following options can be configured:
+The following aspects can be configured:
 
 -   _Name_: This is the name shown for the application card
 -   _Launch URL_: The URL that is opened when a user clicks on the application. When left empty, authentik tries to guess it based on the provider
@@ -35,7 +35,7 @@ The following options can be configured:
 
     If the authentik server does not have a volume mounted under `/media`, you'll get a text input. This accepts absolute URLs. If you've mounted single files into the container, you can reference them using `https://authentik.company/media/my-file.png`.
 
-    If there is a mount under `/media` or if [S3 storage](../../install-config/storage-s3.md) is configured, you'll instead see a field to upload a file.
+    If there is a mount under `/media` or if [S3 storage](../installation/storage-s3.md) is configured, you'll instead see a field to upload a file.
 
 -   _Publisher_: Text shown below the application
 -   _Description_: Subtext shown on the application card below the publisher

website/docs/core/architecture.md

@@ -25,7 +25,7 @@ The core sub-component handles most of authentik's logic, such as API requests,
 
 #### Embedded outpost
 
-Similar to [other outposts](../add-secure-apps/outposts/index.mdx), this outpost allows using [Proxy providers](../add-secure-apps/providers/proxy/index.md) without deploying a separate outpost.
+Similar to [other outposts](../outposts/index.mdx), this outpost allows using [Proxy providers](../providers/proxy/index.md) without deploying a separate outpost.
 
 #### Persistence
 
@@ -37,8 +37,8 @@ This container executes background tasks, such as sending emails, the event noti
 
 #### Persistence
 
--   `/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../sys-mgmt/certificates.md#lets-encrypt)
--   `/templates` is used for [custom email templates](../add-secure-apps/flows-stages/stages/email/index.mdx#custom-templates), and as with the other ones fully optional
+-   `/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../core/certificates.md#lets-encrypt)
+-   `/templates` is used for [custom email templates](../flow/stages/email/index.mdx#custom-templates), and as with the other ones fully optional
 
 ### PostgreSQL
 

website/docs/core/geoip.mdx

@@ -1,6 +1,6 @@
 # GeoIP
 
-authentik supports GeoIP to add additional information to login/authorization/enrollment requests. Additionally, a [GeoIP policy](../customize/policies/index.md#geoip-policy) can be used to make policy decisions based on the lookup result.
+authentik supports GeoIP to add additional information to login/authorization/enrollment requests. Additionally, a [GeoIP policy](../policies/#geoip-policy) can be used to make policy decisions based on the lookup result.
 
 ### Configuration
 

website/docs/core/settings.md

@@ -2,7 +2,7 @@
 title: System Settings
 ---
 
-These settings are similar to the configuration options listed [here](../install-config/configuration/configuration.mdx), however they can only be adjusted through the authentik Admin interface or API.
+These settings are similar to the configuration options listed [here](../installation/configuration.mdx), however they can only be adjusted through the authentik Admin interface or API.
 
 ### Avatars
 
@@ -39,7 +39,7 @@ Enable the ability for users to change their Usernames, defaults to `false`.
 
 ### Event retention
 
-Configure how long [Events](./events/index.md) are retained for within authentik. Default value is `days=365`. When forwarding events to an external application, this value can be decreased. When changing this value, only new events are affected.
+Configure how long [Events](../events/index.md) are retained for within authentik. Default value is `days=365`. When forwarding events to an external application, this value can be decreased. When changing this value, only new events are affected.
 
 ### Footer links
 

website/docs/core/terminology.md

@@ -45,7 +45,7 @@ A Provider is a way for other applications to authenticate against authentik. Co
 
 At a base level a policy is a yes/no gate. It will either evaluate to True or False depending on the Policy Kind and settings. For example, a "Group Membership Policy" evaluates to True if the user is member of the specified Group and False if not. This can be used to conditionally apply Stages, grant/deny access to various objects, and for other custom logic.
 
-See [Policies](../customize/policies/index.md)
+See [Policies](../policies/index.md)
 
 ### Flows & Stages
 
@@ -57,19 +57,19 @@ A stage represents a single verification or logic step. They are used to authent
 
 Certain use cases within authentik add steps that are run as part of a flow. These steps are a special type of stage called the "Dynamic in-memory" stage, as they are added to flows dynamically when required, only exist in memory, and are thus not configurable by administrators.
 
-See [Flows](../add-secure-apps/flows-stages/flow/index.md)
+See [Flows](../flow/index.md)
 
 ### Property Mappings
 
 Property Mappings allow you to make information available for external applications, and to modify how information from sources are stored in authentik. For example, if you want to log in to AWS with authentik, you'd use property mappings to set the user's roles in AWS based on their group memberships in authentik.
 
-See [Providers Property Mappings](../add-secure-apps/providers/property-mappings/index.md) and [Source Property Mappings](../users-sources/sources/property-mappings/index.md).
+See [Providers Property Mappings](../providers/property-mappings/index.md) and [Source Property Mappings](../sources/property-mappings/index.md).
 
 ### Outpost
 
 An outpost is a separate component of authentik, which can be deployed anywhere, regardless of the authentik deployment. The outpost offers services that aren't implemented directly into the authentik core, e.g. Reverse Proxying.
 
-See [Outposts](../add-secure-apps/outposts/index.mdx)
+See [Outposts](../outposts/index.mdx)
 
 ### System tasks
 

website/docs/enterprise/get-started.md

@@ -6,12 +6,12 @@ Installing authentik is exactly the same process for both Enterprise version and
 
 ## Install Enterprise
 
-To get started working with Enterprise authentik, [upgrade](../install-config/upgrade.mdx) to the [2023.8.x](../releases) version or later.
+To get started working with Enterprise authentik, [upgrade](../installation/upgrade.mdx) to the [2023.8.x](../releases) version or later.
 
-If this is a fresh install, refer to our [technical documentation](../install-config/index.mdx) for instructions to install and configure authentik.
+If this is a fresh install, refer to our [technical documentation](../installation/index.mdx) for instructions to install and configure authentik.
 
--   [Docker Compose installation](../install-config/install/docker-compose.mdx)
--   [Kubernetes installation](../install-config/install/kubernetes.md)
+-   [Docker Compose installation](../installation/docker-compose.mdx)
+-   [Kubernetes installation](../installation/kubernetes.md)
 
 ## Access Enterprise
 

website/docs/enterprise/manage-enterprise.md

@@ -8,7 +8,7 @@ Your organization defines the members, their roles, the licenses associated with
 
 ### Create an Organization
 
-1. To create a new organization, log in to the [Customer portal](./get-started.md#access-enterprise).
+1. To create a new organization, log in to the [Customer portal](./get-started#access-enterprise).
 
 2. On the **My organizations** page, click **Create an organization**.
 
@@ -27,7 +27,7 @@ In the Customer portal you can remove members and invite new members to the orga
 -   **Member**: can view licenses, including the license key.
 -   **Owner**: can do everything the Member role can do, plus: add and remove members, order and renew licenses, and edit the organization.
 
-1. To manage membership in an organization, log in to the [Customer portal](./get-started.md#access-enterprise).
+1. To manage membership in an organization, log in to the [Customer portal](./get-started#access-enterprise).
 
 2. On the **My organizations** page, click the name of the organization you want to edit membership in.
 
@@ -107,7 +107,7 @@ The following events occur when a license expires or the internal/external user
 
 License usage is calculated based on total user counts that authentik regularly captures. This data is checked against all valid licenses, and the sum total of all users. Internal and external users are counted based on the number of active users of the respective type saved in authentik. Service account users are not counted towards the license.
 
-An **internal** user is typically a team member, such as a company employee, who has access to the full Enterprise feature set. An **external** user might be an external consultant, a volunteer in a charitable site, or a B2C customer who logged onto your website to shop. External users don't get access to Enterprise features, nor to the **My applications** page in authentik. Instead, external users are authenticated and then redirected to log directly into their [default application](../customize/brands.md#external-user-settings).
+An **internal** user is typically a team member, such as a company employee, who has access to the full Enterprise feature set. An **external** user might be an external consultant, a volunteer in a charitable site, or a B2C customer who logged onto your website to shop. External users don't get access to Enterprise features, nor to the **My applications** page in authentik. Instead, external users are authenticated and then redirected to log directly into their [default application](../core/brands.md#external-user-settings).
 
 ### Upgrade the number of users in a license
 

website/docs/events/notifications.md

@@ -36,6 +36,6 @@ Before authentik 2023.5, when no group is selected, policies bound to the rule a
 :::
 
 You also have to select which transports should be used to send the notification.
-A transport with the name "default-email-transport" is created by default. This transport will use the [global email configuration](../../install-config/install/docker-compose.mdx#email-configuration-optional-but-recommended).
+A transport with the name "default-email-transport" is created by default. This transport will use the [global email configuration](../installation/docker-compose#email-configuration-optional-but-recommended).
 
 Starting with authentik 2022.6, a new default transport will be created. This is because notifications are no longer created by default, they are now a transport method instead. This allows for better customization of the notification before it is created.

website/docs/events/transports.md

@@ -2,7 +2,7 @@
 title: Transports
 ---
 
-Notifications can be sent to users via multiple mediums. By default, the [global email configuration](../../install-config/install/docker-compose.mdx#email-configuration-optional-but-recommended) will be used.
+Notifications can be sent to users via multiple mediums. By default, the [global email configuration](../installation/docker-compose#email-configuration-optional-but-recommended) will be used.
 
 ## Generic Webhook
 

website/docs/expressions/_functions.md

@@ -62,7 +62,7 @@ return ak_is_group_member(request.user, name="test_group")
 
 Fetch a user matching `**filters`.
 
-Returns "None" if no user was found, otherwise returns the [User](/docs/users-sources/user) object.
+Returns "None" if no user was found, otherwise returns the [User](/docs/user-group-role/user) object.
 
 Example:
 

website/docs/expressions/_user.md

@@ -1,4 +1,4 @@
--   `user`: The current user. This may be `None` if there is no contextual user. See [User](../users-sources/user/user_ref.md#object-properties).
+-   `user`: The current user. This may be `None` if there is no contextual user. See [User](../user-group-role/user/user_ref.md#object-properties).
 
 Example:
 

website/docs/flow/context/index.md

@@ -22,15 +22,15 @@ Keys prefixed with `goauthentik.io` are used internally by authentik and are sub
 
 ### Common keys
 
-#### `pending_user` ([User object](../../../../users-sources/user/user_ref.md#object-properties))
+#### `pending_user` ([User object](../../user-group-role/user/user_ref.md#object-properties))
 
-`pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../../stages/identification/index.md).
+`pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../stages/identification/).
 
-Stages that require a user, such as the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.md) and others will use this value if it is set, and fallback to the request's users when possible.
+Stages that require a user, such as the [Password stage](../stages/password/), the [Authenticator validation stage](../stages/authenticator_validate/) and others will use this value if it is set, and fallback to the request's users when possible.
 
 #### `prompt_data` (Dictionary)
 
-`prompt_data` is primarily used by the [Prompt stage](../../stages/prompt/index.md). The value of any field within a prompt stage is written to the `prompt_data` dictionary. For example, given a field with the _Field key_ `email` that was submitted with the value `foo@bar.baz` will result in the following context:
+`prompt_data` is primarily used by the [Prompt stage](../stages/prompt/). The value of any field within a prompt stage is written to the `prompt_data` dictionary. For example, given a field with the _Field key_ `email` that was submitted with the value `foo@bar.baz` will result in the following context:
 
 ```json
 {
@@ -40,7 +40,7 @@ Stages that require a user, such as the [Password stage](../../stages/password/i
 }
 ```
 
-This data can be modified with policies. The data is also used by stages like [User write](../../stages/user_write.md), which takes data in `prompt_data` and writes it to `pending_user`.
+This data can be modified with policies. The data is also used by stages like [User write](../stages/user_write.md), which takes data in `prompt_data` and writes it to `pending_user`.
 
 #### `redirect` (string)
 
@@ -62,7 +62,7 @@ When a user authenticates/enrolls via an external source, this will be set to th
 
 #### `outpost` (dictionary) <span class="badge badge--version">authentik 2024.10+</span>
 
-When a flow is executed by an Outpost (for example the [LDAP](../../../providers/ldap/index.md) or [RADIUS](../../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`.
+When a flow is executed by an Outpost (for example the [LDAP](../../providers/ldap/index.md) or [RADIUS](../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`.
 
 ### Scenario-specific keys
 
@@ -72,7 +72,7 @@ Set to `True` when the flow is executed from an "SSO" context. For example, this
 
 #### `is_restored` (Token object)
 
-Set when a flow execution is continued from a token. This happens for example when an [Email stage](../../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution.
+Set when a flow execution is continued from a token. This happens for example when an [Email stage](../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution.
 
 ### Stage-specific keys
 
@@ -118,9 +118,9 @@ Optionally overwrite the deny message shown, has a higher priority than the mess
 
 #### User write stage
 
-##### `groups` (List of [Group objects](../../../../users-sources/groups/index.mdx))
+##### `groups` (List of [Group objects](../../user-group-role/groups/index.mdx))
 
-See [Group](../../../../users-sources/groups/index.mdx). If set in the flow context, the `pending_user` will be added to all the groups in this list.
+See [Group](../../user-group-role/groups/index.mdx). If set in the flow context, the `pending_user` will be added to all the groups in this list.
 
 If set, this must be a list of group objects and not group names.
 
@@ -136,11 +136,11 @@ Type the `pending_user` will be created as. Must be one of `internal`, `external
 
 ##### `user_backend` (string)
 
-Set by the [Password stage](../../stages/password/index.md) after successfully authenticating in the user. Contains a dot-notation to the authentication backend that was used to successfully authenticate the user.
+Set by the [Password stage](../stages/password/index.md) after successfully authenticating in the user. Contains a dot-notation to the authentication backend that was used to successfully authenticate the user.
 
 ##### `auth_method` (string)
 
-Set by the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.md), the [OAuth2 Provider](../../../providers/oauth2/index.md), and the API authentication depending on which method was used to authenticate.
+Set by the [Password stage](../stages/password/index.md), the [Authenticator validation stage](../stages/authenticator_validate/index.md), the [OAuth2 Provider](../../providers/oauth2/index.md), and the API authentication depending on which method was used to authenticate.
 
 Possible options:
 
@@ -149,7 +149,7 @@ Possible options:
 -   `ldap` (Authenticated via LDAP bind from an LDAP source)
 -   `auth_mfa` (Authentication via MFA device without password)
 -   `auth_webauthn_pwl` (Passwordless authentication via WebAuthn)
--   `jwt` ([M2M](../../../providers/oauth2/client_credentials.md) authentication via an existing JWT)
+-   `jwt` ([M2M](../../providers/oauth2/client_credentials.md) authentication via an existing JWT)
 
 ##### `auth_method_args` (dictionary)
 

website/docs/flow/executors/headless.md

@@ -6,6 +6,6 @@ The headless flow executor is used by clients that don't have access to the web
 
 The following stages are supported:
 
--   [**Identification stage**](../../stages/identification/index.md)
--   [**Password stage**](../../stages/password/index.md)
--   [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.md)
+-   [**Identification stage**](../stages/identification/)
+-   [**Password stage**](../stages/password/)
+-   [**Authenticator Validation Stage**](../stages/authenticator_validate/)

website/docs/flow/executors/if-flow.md

@@ -5,5 +5,5 @@ title: Default
 This is the default, web-based environment that flows are executed in. All stages are compatible with this environment and no limitations are imposed.
 
 :::info
-All flow executors use the same [API](../../../../developer-docs/api/flow-executor.md), which allows for the implementation of custom flow executors.
+All flow executors use the same [API](../../../developer-docs/api/flow-executor), which allows for the implementation of custom flow executors.
 :::

website/docs/flow/executors/sfe.md

@@ -13,14 +13,14 @@ Currently this flow executor is automatically used for the following browsers:
 
 The following stages are supported:
 
--   [**Identification stage**](../../stages/identification/index.md)
+-   [**Identification stage**](../stages/identification/)
 
     :::info
     Only user identifier and user identifier + password stage configurations are supported; sources and passwordless configurations are not supported.
     :::
 
--   [**Password stage**](../../stages/password/index.md)
--   [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.md)
+-   [**Password stage**](../stages/password/)
+-   [**Authenticator Validation Stage**](../stages/authenticator_validate/)
 
 Compared to the [default flow executor](./if-flow.md), this flow executor does _not_ support the following features:
 

website/docs/flow/executors/user-settings.md

@@ -10,4 +10,4 @@ The user interface (/if/user/) uses a specialized flow executor to allow individ
 
 Because the stages in a flow can change during its execution, be awre that configuring this executor to use any stage type other than Prompt or User Write will automatically trigger a redirect to the standard executor.
 
-An admin can customize which fields can be changed by the user by updating the default-user-settings-flow, or copying it to create a new flow with a Prompt Stage and a User Write Stage. Different variants of your flow can be applied to different [Brands](../../../../customize/brands.md) on the same authentik instance.
+An admin can customize which fields can be changed by the user by updating the default-user-settings-flow, or copying it to create a new flow with a Prompt Stage and a User Write Stage. Different variants of your flow can be applied to different [Brands](../../core/brands.md) on the same authentik instance.

website/docs/flow/index.md

@@ -2,7 +2,7 @@
 title: Flows
 ---
 
-Flows are a major component in authentik. In conjunction with stages and [policies](../../../customize/policies/index.md), flows are at the heart of our system of building blocks, used to define and execute the workflows of authentication, authorization, enrollment, and user settings.
+Flows are a major component in authentik. In conjunction with stages and [policies](../policies/index.md), flows are at the heart of our system of building blocks, used to define and execute the workflows of authentication, authorization, enrollment, and user settings.
 
 There are over a dozen default, out-of-the box flows available in authentik. Users can decide if they already have everything they need with the default flows or if they want to [create](#create-a-custom-flow) their own custom flow, using the Admin interface.
 
@@ -20,13 +20,13 @@ When these stages are successfully completed, authentik logs in the user.
 
 By default, policies are evaluated dynamically, right before the stage (to which a policy is bound) is presented to the user. This flexibility allows the login process to continue, change, or stop, based on the success or failure of each policy.
 
-This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](./context/index.md).
+This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](../flow/context/index.md).
 
-To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../../../customize/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used.
+To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../core/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used.
 
 ## Permissions
 
-Flows can have [policies](../stages/index.md) assigned to them. These policies determine if the current user is allowed to see and use this flow.
+Flows can have [policies](../flow/stages/index.md) assigned to them. These policies determine if the current user is allowed to see and use this flow.
 
 Keep in mind that in certain circumstances, policies cannot match against users and groups as there is no authenticated user yet.
 
@@ -46,9 +46,9 @@ To create a flow, follow these steps:
 2. In the Admin interface, navigate to **Flows and Stages -> Flows**.
 3. Click **Create**, define the flow using the [configuration settings](#flow-configuration-options) described below, and then click **Finish**.
 
-After creating the flow, you can then [bind specific stages](../stages/index.md#bind-a-stage-to-a-flow) to the flow and [bind policies](../../../customize/policies/working_with_policies/working_with_policies.md) to the flow to further customize the user's log in and authentication process.
+After creating the flow, you can then [bind specific stages](../flow/stages/index.md#bind-a-stage-to-a-flow) to the flow and [bind policies](../policies/working_with_policies/working_with_policies.md) to the flow to further customize the user's log in and authentication process.
 
-To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../../../customize/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used.
+To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../core/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used.
 
 ## Flow configuration options
 
@@ -64,17 +64,17 @@ When creating or editing a flow in the UI of the Admin interface, you can set th
 
 **Designation**: Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available:
 
--   **Authentication**: this option designates a flow to be used for authentication. The authentication flow should always contain a [**User Login**](../stages/user_login/index.md) stage, which attaches the staged user to the current session.
+-   **Authentication**: this option designates a flow to be used for authentication. The authentication flow should always contain a [**User Login**](stages/user_login/index.md) stage, which attaches the staged user to the current session.
 
 -   **Authorization**: designates a flow to be used for authorization. The authorization flow `default-provider-authorization-explicit-consent` should always contain a consent stage.
 
--   **Invalidation**: designates a flow to be used to invalidate a session. This flow should always contain a [**User Logout**](../stages/user_logout.md) stage, which resets the current session.
+-   **Invalidation**: designates a flow to be used to invalidate a session. This flow should always contain a [**User Logout**](stages/user_logout.md) stage, which resets the current session.
 
--   **Enrollment**: designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](../stages/email/index.mdx) or [**captcha**](../stages/captcha/index.md). At the end, to create the user, you can use the [**user_write**](../stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
+-   **Enrollment**: designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). At the end, to create the user, you can use the [**user_write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
 
--   **Unenrollment**: designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](../stages/email/index.mdx) or [**captcha**](../stages/captcha/index.md). As a final stage, to delete the account, use the [**user_delete**](../stages/user_delete.md) stage.
+-   **Unenrollment**: designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). As a final stage, to delete the account, use the [**user_delete**](stages/user_delete.md) stage.
 
--   **Recovery**: designates a flow for recovery. This flow normally contains an [**identification**](../stages/identification/index.md) stage to find the user. It can also contain any amount of verification stages, such as [**email**](../stages/email/index.mdx) or [**captcha**](../stages/captcha/index.md). Afterwards, use the [**prompt**](../stages/prompt/index.md) stage to ask the user for a new password and the [**user_write**](../stages/user_write.md) stage to update the password.
+-   **Recovery**: designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). Afterwards, use the [**prompt**](stages/prompt/) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
 
 -   **Stage configuration**: designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure Factors, like change a password and setup TOTP.
 

website/docs/flow/inspector.md

@@ -2,7 +2,7 @@
 title: Flow Inspector
 ---
 
-The flow inspector, introduced in 2021.10, allows administrators to visually determine how custom flows work, inspect the current [flow context](./context/index.md), and investigate issues.
+The flow inspector, introduced in 2021.10, allows administrators to visually determine how custom flows work, inspect the current [flow context](../flow/context/index.md), and investigate issues.
 
 As shown in the screenshot below, the flow inspector displays next to the selected flow (in this case, "Change Password"), with [information](#flow-inspector-details) about that specific flow and flow context.
 
@@ -11,12 +11,12 @@ As shown in the screenshot below, the flow inspector displays next to the select
 ## Access the Flow Inspector
 
 :::info
-Be aware that when running a flow with the inspector enabled, the flow is still executed normally. This means that for example, a [User write](../stages/user_write.md) stage _will_ write user data.
+Be aware that when running a flow with the inspector enabled, the flow is still executed normally. This means that for example, a [User write](../flow/stages/user_write.md) stage _will_ write user data.
 :::
 
 ### Permissions and debug mode
 
-By default, the inspector is only enabled when the currently authenticated user is a superuser, OR if a user has been granted the [permission](../../../users-sources/access-control/permissions.md) **Can inspect a Flow's execution** (or is a user assigned to role with the permission).
+By default, the inspector is only enabled when the currently authenticated user is a superuser, OR if a user has been granted the [permission](../user-group-role/access-control/permissions.md) **Can inspect a Flow's execution** (or is a user assigned to role with the permission).
 
 When developing authentik with the debug mode enabled, the inspector is enabled by default and can be accessed by both unauthenticated users and standard users. However the debug mode should only be used for the development of authentik. So unless you are a developer and need the more verbose error information, the best practice for using the flow inspector is to assign the permission, not use debug mode.
 

website/docs/flow/stages/authenticator_sms/index.md

@@ -48,7 +48,7 @@ return {
 
 ## Verify only <span class="badge badge--version">authentik 2022.6+</span>
 
-To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/index.md) stage.
+To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/) stage.
 
 ## Limiting phone numbers
 

website/docs/flow/stages/authenticator_validate/index.md

@@ -4,11 +4,11 @@ title: Authenticator validation stage
 
 This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages:
 
--   [Duo authenticator stage](../authenticator_duo/index.md)
--   [SMS authenticator stage](../authenticator_sms/index.md).
--   [Static authenticator stage](../authenticator_static/index.md).
--   [TOTP authenticator stage](../authenticator_totp/index.md)
--   [WebAuth authenticator stage](../authenticator_webauthn/index.md).
+-   [Duo authenticator stage](../authenticator_duo/)
+-   [SMS authenticator stage](../authenticator_sms/).
+-   [Static authenticator stage](../authenticator_static/).
+-   [TOTP authenticator stage](../authenticator_totp/)
+-   [WebAuth authenticator stage](../authenticator_webauthn/).
 
 You can select which type of device classes are allowed.
 

website/docs/flow/stages/captcha/index.md

@@ -14,7 +14,7 @@ This stage adds a form of verification using [Google's ReCaptcha](https://www.go
 
 This stage has two required fields: Public key and private key. These can both be acquired at https://www.google.com/recaptcha/admin.
 
-![](./captcha-admin.png)
+![](captcha-admin.png)
 
 #### Configuration options