Migrate from AsciiDoc to Markdown

.gitignore

@@ -1,16 +1,2 @@
-# vscode stuff
-.vscode/*
-!.vscode/tasks.json
-
 # docs-builder default output
-.artifacts
-
-# vs stuff
-.vs/
-
-# osx stuff
-.DS_Store
-
-# jetbrains
-*.iml
-.idea
+.artifacts

cloud-account/add-a-login-method.md

@@ -0,0 +1,29 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/cloud/current/ec-change-login-method.html
+---
+
+# Add a login method [ec-change-login-method]
+
+When you create your account, you can choose one of the the following methods to log in:
+
+* A password-based login
+* Log in with Google
+* Log in with Microsoft
+
+After your account is created, you and can an additional login method. You can’t remove a login method after it’s added.
+
+## Enable password-based login [ec_enable_password_based_login]
+
+To enable password-based login in addition to Google or Microsoft sign-in, go to the [Forgot password](https://cloud.elastic.co/forgot) page and enter your email address. This will trigger the forgot password flow and will allow you to create a password for your account.
+
+After you create a password, log in. You’ll be prompted to [enable multifactor authentication](multifactor-authentication.md).
+
+You will now be able to change the email address in your [user settings](https://cloud.elastic.co/user/settings).
+
+
+## Enable Google or Microsoft sign-in [ec_enable_google_or_microsoft_sign_in]
+
+To enable Google or Microsoft sign-in in addition to password-based login, go to the [Login](https://cloud.elastic.co/login) page and select **Log in with Google** or **Log in with Microsoft**.
+
+

cloud-account/change-your-password.md

@@ -0,0 +1,27 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/cloud/current/ec-change-password.html
+---
+
+# Change your password [ec-change-password]
+
+If you created a password when you signed up for a Elasticsearch Service account, or you added the password-based login method to your account, then you can change your password if needed.
+
+If you know your current password:
+
+1. Log in to the [Elasticsearch Service Console](https://cloud.elastic.co?page=docs&placement=docs-body).
+2. Open the user menu in the header bar.
+3. Go to **Profile**.
+4. Select **Change password**.
+5. Enter the current password and provide the new password that you want to use.
+
+If you don’t know your current password:
+
+1. At the login screen for the [Elasticsearch Service Console](https://cloud.elastic.co?page=docs&placement=docs-body), select the link **Forgot password?**.
+2. Enter the primary email address for your account and select **Reset password**.
+
+    By default, to sign up for Elasticsearch Service you use your primary email address. If you change it at some point, use your current email address to log in to Elasticsearch Service.
+
+    An email is sent to the address you specified with a link to reset the password. If you don’t get the email after a few minutes, check your spam folder.
+
+

cloud-account/index.md

@@ -0,0 +1,18 @@
+---
+mapped_urls:
+  - https://www.elastic.co/guide/en/cloud/current/ec-account-user-settings.html
+  - https://www.elastic.co/guide/en/serverless/current/general-user-profile.html
+---
+
+# Cloud account
+
+% What needs to be done: Refine
+
+% GitHub issue: https://github.com/elastic/docs-projects/issues/304
+
+% Scope notes: https://github.com/elastic/docs-projects/issues/304
+
+% Use migrated content from existing pages that map to this page:
+
+% - [ ] ./raw-migrated-files/cloud/cloud/ec-account-user-settings.md
+% - [ ] ./raw-migrated-files/docs-content/serverless/general-user-profile.md

cloud-account/join-or-leave-an-organization.md

@@ -0,0 +1,16 @@
+---
+mapped_urls:
+  - https://www.elastic.co/guide/en/cloud/current/ec-invite-users.html
+  - https://www.elastic.co/guide/en/serverless/current/general-manage-organization.html
+---
+
+# Join or leave an organization
+
+% What needs to be done: Refine
+
+% Scope notes: https://github.com/elastic/docs-projects/issues/304
+
+% Use migrated content from existing pages that map to this page:
+
+% - [ ] ./raw-migrated-files/cloud/cloud/ec-invite-users.md
+% - [ ] ./raw-migrated-files/docs-content/serverless/general-manage-organization.md

cloud-account/multifactor-authentication.md

@@ -0,0 +1,120 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/cloud/current/ec-account-security-mfa.html
+---
+
+# Multifactor authentication [ec-account-security-mfa]
+
+If you use a password-based login, Elastic requires that you add an extra layer of security to your Elasticsearch Service account by enabling a multifactor authentication (MFA) method.
+
+You can choose from the following methods:
+
+* Set up an **authenticator app** such as Google Authenticator, Microsoft Authenticator, or Okta Verify. These apps generate a time-based one-time password (TOTP) that you enter along with your password when you log in.
+* Authenticate using a **hardware security key or biometric data**, such as a YubiKey or a fingerprint reader.
+* Receive a verification code through **email**. You enter this code along with your password when you log in.
+
+Elastic recommends that you enable multiple methods so that you can still access your account if you lose access to one method.
+
+If you use only a Google or Microsoft account to log in, then you can’t configure MFA in Elasticsearch Service. You can check and manage your multifactor authentication options in your Google or Microsoft account security settings.
+
+::::{note} 
+You can no longer configure SMS as a multifactor authentication method. If you already use SMS for multifactor authentication, then you can continue using it. You’ll be prompted to switch to a new MFA method in the future.
+
+::::
+
+
+## Configure an authenticator app [ec-account-security-mfa-authenticator]
+
+To enable multifactor authentication using an authenticator app, you must enroll your device.
+
+1. Log in to the [Elasticsearch Service Console](https://cloud.elastic.co?page=docs&placement=docs-body).
+2. Go to [User settings](https://cloud.elastic.co/user/settings) and choose **Profile**. Navigate to the **Multifactor authentication** section.
+3. On the **Authenticator app** card, select **Set up**.
+4. Scan the QR code with your authenticator app. If you can’t scan the QR code, then you can enter the code manually.
+5. Enter the verification code generated by your authenticator app and select **Enable authentication method**.
+
+
+## Configure a security key or biometrics [ec_configure_a_security_key_or_biometrics]
+
+To enable multifactor authentication using a security key or biometrics, you must register your security key or biometric data.
+
+1. Log in to the [Elasticsearch Service Console](https://cloud.elastic.co?page=docs&placement=docs-body).
+2. Go to [User settings](https://cloud.elastic.co/user/settings) and choose **Profile**. Navigate to the **Multifactor authentication** section.
+3. On the **Security key or biometrics** card, select **Set up**.
+4. Follow the prompts on your screen to register your hardware security key or your biometric authentication method.
+
+
+## Configure email authentication [ec_configure_email_authentication]
+
+To enable multifactor authentication using an authenticator app, you must verify your email address.
+
+1. Log in to the [Elasticsearch Service Console](https://cloud.elastic.co?page=docs&placement=docs-body).
+2. Go to [User settings](https://cloud.elastic.co/user/settings) and choose **Profile**. Navigate to the **Multifactor authentication** section.
+3. On the **Email** card, select **Set up**.
+4. Enter the verification code sent to your email address, and then select **Enable authentication method**.
+
+
+## Remove a multifactor authentication method [ec_remove_a_multifactor_authentication_method]
+
+You can remove a multifactor authentication method after it’s added by clicking **Remove**.
+
+Before you remove an authentication method, you must set up an alternate method. If you can’t use any of your configured authentication methods — for example, if your device is lost or stolen — then [contact support](../troubleshoot/troubleshoot/cloud.md).
+
+
+## Frequently asked questions [ec-account-security-mfa-faq]
+
+Below are some frequently asked questions about the multifactor authentication changes added in September 2024.
+
+**What changes are being introduced as part of the Elastic Cloud MFA initiative?**
+
+The following changes were introduced to Elastic Cloud MFA starting September 9th, 2024:
+
+* All users authenticating to any Elastic service through Elastic Cloud ([cloud.elastic.co/login](https://cloud.elastic.co/login)) with a username and password who have not yet set up an MFA method will be redirected to an MFA setup screen when they log in. Users will only be able to access their service after they successfully set up at least one MFA method, such as Authenticator or Email.
+* SMS MFA is gradually being phased out. This aligns with our internal information security policy and the industry best practice to move away from SMS as an additional authentication factor due to it not being phishing-resistant. All users with SMS MFA will eventually be redirected to the MFA setup screen to set up a different MFA method.
+
+We will be adding the following features in the future:
+
+* Support for customer email notifications for suspicious logins, such as logins from a new device or subsequent logins from geographically distant locations.
+
+Users who authenticate to Elastic Cloud using Google or Microsoft identities, or [SAML SSO](../deploy-manage/users-roles/cloud-organization/configure-saml-authentication.md), are not impacted by the MFA changes. In these cases, MFA is managed by the external identity provider.
+
+**What are the Elastic services that can be accessed through Elastic Cloud?**
+
+Elastic Cloud login ([cloud.elastic.co/login](https://cloud.elastic.co/login)) is used to authenticate the following services or portals provided by Elastic:
+
+* Elastic Cloud - [cloud.elastic.co](https://cloud.elastic.co). In Elastic Cloud, MFA enforcement will apply to both Elastic Cloud trial and non-trial organizations.
+* Support Hub - [support.elastic.co](https://support.elastic.co)
+* Learning Portal - [learn.elastic.co](https://learn.elastic.co)
+* *Coming soon:* Partner Portal - [partners.elastic.co](https://partners.elastic.co)
+
+**Does MFA enforcement apply to all Elastic Cloud regions and organizations?**
+
+Yes, the Elastic Cloud default MFA enforcement applies to all Elastic Cloud regions, including GovCloud, and all organizations, both trial and non-trial.
+
+**Does MFA enforcement apply to direct login to Kibana or Elasticsearch?**
+
+No, the Elastic Cloud default MFA enforcement does not apply when selecting **Log in with Elasticsearch** on the Kibana login screen or connecting to an Elasticsearch endpoint. However, it does apply when using the **Log in with Elastic Cloud** option.
+
+**My team uses a generic account or distribution/mailing list and shares the password to access Elastic Cloud. How will my team be able to log in and access our Elastic Cloud organization after the MFA enforcement?**
+
+There are ways to work around the limitations of generic account access, but the more secure approach is to use one Elastic account for each Elastic Cloud user.
+
+You can explore the following workarounds:
+
+* Grant your team members access to that account’s Elastic Cloud organization by inviting and making them organization members. This may involve creating additional Elastic user accounts for each team member, depending on their organization access and ownership needs since we have yet to support multi-organization membership. When each team member has their own account to access your Elastic Cloud organization, they will be able to set up their own MFA  method.
+* Use the email MFA method, assuming all of your team members have access to the generic account or distribution list’s mailbox.
+* Keep using the generic account to log in and set up multifactor authentication [using an authenticator app](#ec-account-security-mfa-authenticator).
+
+    ```
+    During the setup, take a photo of the QR code, or note its numeric version, and share it across your team. This code is sensitive and should be stored and shared securely. For example, it should be stored in an encrypted place using a secure algorithm such as AES-256, and transmitted over a secure encrypted channel such as TLS 1.3.
+    ```
+    ```
+    This QR code is the "base" number used by the Authenticator app to generate codes based on the current time. There is no danger of synchronization issues. However, there is risk of a breach if the QR code picture or number is compromised.
+    ```
+
+
+**After I set up an MFA method, will I need to answer an MFA challenge every time I authenticate through Elastic Cloud?**
+
+For now, you will need to answer an MFA challenge on every login, but we are working on adding a **Trust this device** option, which will "silence" the MFA challenge for one month per user session.
+
+

cloud-account/toc.yml

@@ -0,0 +1,8 @@
+project: 'Cloud account'
+toc:
+  - file: index.md
+  - file: join-or-leave-an-organization.md
+  - file: update-your-email-address.md
+  - file: change-your-password.md
+  - file: add-a-login-method.md
+  - file: multifactor-authentication.md

cloud-account/update-your-email-address.md

@@ -0,0 +1,23 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/cloud/current/ec-update-email-address.html
+---
+
+# Update your email address [ec-update-email-address]
+
+Each Elasticsearch Service account has a primary email associated with it. By default, the primary email address is used to sign up for Elasticsearch Service and to log in. If needed, you can change this primary email address:
+
+1. By **Email address**, select **edit**.
+2. Enter a new email address and your current password.
+
+    An email is sent to the new address with a link to confirm the change. If you don’t get the email after a few minutes, check your spam folder.
+
+
+If you are using Google or Microsoft Sign-In and would like to change your email address, you will need to:
+
+1. Go to the [Forgot password](https://cloud.elastic.co/forgot) page and enter your email address.
+2. Follow the instructions in the "Reset your password" email.
+3. In the [Elasticsearch Service Console](https://cloud.elastic.co?page=docs&placement=docs-body), update your [User settings](https://cloud.elastic.co/user/settings) to the new email address.
+
+If your organization is associated with [Azure Marketplace](../deploy-manage/deploy/elastic-cloud/azure-native-isv-service.md), you can’t change your primary email address using the above methods. Instead, [invite another user](../deploy-manage/users-roles/cloud-organization/manage-users.md) with the desired email address to your organization.
+

deploy-manage/api-keys.md

@@ -0,0 +1,7 @@
+# Manage API keys
+
+% What needs to be done: Write from scratch
+
+% GitHub issue: https://github.com/elastic/docs-projects/issues/349
+
+% Scope notes: Elasticsearch & Kibana authentication API Keys

deploy-manage/api-keys/elastic-cloud-api-keys.md

@@ -0,0 +1,49 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/cloud/current/ec-api-authentication.html
+---
+
+# Elastic Cloud API keys [ec-api-authentication]
+
+With a valid Elastic Cloud API key, you can access the API from its base URL at `api.elastic-cloud.com`.
+
+Only **Organization owners** can create and manage API keys. An API key is not tied to the user who created it. When creating a key, you assign it specific roles to control its access to organizational resources, including hosted deployments and serverless projects. If a user leaves the organization, the API keys they have created will still function until they expire.
+
+You can have multiple API keys for different purposes, and you can revoke them when you no longer need them.
+
+
+## Create an API key [ec-api-keys]
+
+1. Log in to the [Elasticsearch Service Console](https://cloud.elastic.co?page=docs&placement=docs-body).
+2. Go to your avatar in the upper right corner and choose **Organization**.
+3. On the API keys tab of the **Organization** page, click **Create API Key**.
+
+    ::::{note}
+    This key provides access to the API that enables you to manage your deployments. It does not provide access to {{es}}. To access {{es}} with an API key, create a key [in {{kib}}](elasticsearch-api-keys.md) or [using the {{es}} API](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html).
+    ::::
+
+4. From the **Create API Key** page, you can configure your new key by adding a name, set expiration, or assign [roles](../users-roles/cloud-organization/user-roles.md).
+
+    By default, API keys expire after three months. You can set the expiration to a different preset value or to a specific date, up to one year. If you need the key to work indefinitely, you can also set its expiration to Never. In this case, the key won’t expire.
+
+    ::::{note}
+    When an API key is nearing expiration, Elastic sends an email to the creator of the API key and each of the operational contacts. When you use an API key to authenticate, the API response header `X-Elastic-Api-Key-Expiration` indicates the key’s expiration date. You can log this value to detect API keys that are nearing expiration.
+    ::::
+
+5. Click **Create API key**, copy the generated API key, and store it in a safe place. You can also download the key as a CSV file.
+
+The API key needs to be supplied in the `Authorization` header of a request, in the following format:
+
+```sh
+Authorization: ApiKey $EC_API_KEY
+```
+
+
+## Revoke an API key [ec_revoke_an_api_key]
+
+1. Log in to the [Elasticsearch Service Console](https://cloud.elastic.co?page=docs&placement=docs-body).
+2. Go to your avatar in the upper right corner and choose **Organization**.
+
+    The keys currently associated with your organization are listed under the API keys tab of the **Organization** page.
+
+3. Find the key you want to revoke, and click the trash icon under **Actions**.