Chore: Restructre Sidebar and Top Level Items

content/en/charts/_index.md

@@ -12,7 +12,7 @@ cascade:
 {{< alert type="info" title="Repository Only">}}
 This page only contains a brief synopsis of the Helm repository.
 
-See the [Self-Hosted section](/cloud/self-hosted/) of the Layer5 Cloud documentation for deployment prerequisites, considerations, and instructions.
+See the [Self-Hosted section](/cloud/guides/self-hosted/) of the Layer5 Cloud documentation for deployment prerequisites, considerations, and instructions.
 {{< /alert >}}
 
 ## Repository Contents
@@ -24,7 +24,7 @@ Contained in the Layer5 Helm repository is the [Meshery Remote Provider](https:/
 <p>The source for this chart is located in the <code>layer5io/meshery-cloud</code> repository under <code>install/kubernetes/</code>.</p>
 
 {{< alert type="info" title="Complete Deployment Instructions">}}
-Layer5 Cloud's Helm chart supports a number of [configuration options]({{<ref "/cloud/self-hosted/deployment/helm-chart-values" >}})
+Layer5 Cloud's Helm chart supports a number of [configuration options]({{<ref "/cloud/guides/self-hosted/deployment/helm-chart-values" >}})
 
-See the [Self-Hosted section](/cloud/self-hosted/) of the Layer5 Cloud documentation for deployment prerequisites, considerations, and instructions.
+See the [Self-Hosted section](/cloud/guides/self-hosted/) of the Layer5 Cloud documentation for deployment prerequisites, considerations, and instructions.
 {{< /alert >}}

content/en/cloud/_index.md

@@ -72,6 +72,20 @@ cascade:
 </div>
 {{% /pageinfo %}}
 
+## What is Layer5 Cloud?
+
+Layer5 Cloud is the centralized management console and identity provider for the Layer5 ecosystem — specifically for **Kanvas** and **Meshery** deployments. It provides an extensible, highly flexible authorization framework that enables organizations to govern complex, multi-cloud infrastructure with confidence. Think of it as the command center where your teams, workspaces, and cloud-native assets come together under a single, unified platform.
+
+Layer5 Cloud is available both as a fully managed service and as a [self-hosted](/cloud/guides/self-hosted/) deployment, giving organizations the flexibility to meet their own security and compliance requirements.
+
+## Why use Layer5 Cloud?
+
+- **Unified Identity and Access Management**: Define and enforce granular Role-Based Access Control (RBAC) across your organizations, teams, and users — all from one place.
+- **Collaborative Infrastructure Design**: Like Google Workspace for teams or Figma for designers, Layer5 Cloud enables real-time, multi-player collaboration on infrastructure patterns and deployments.
+- **Content Catalog**: Publish, discover, and reuse cloud-native architectures and patterns — either publicly or privately within your organization.
+- **Multi-Tenancy and Organizational Hierarchy**: Support service provider-grade structures with tenant entitlement services and a flexible organizational model that scales with your business.
+- **Flexible Deployment**: Run Layer5 Cloud as a SaaS product or bring it on-premises — your infrastructure, your rules.
+
 <!-- {{< blocks/section color="dark" type="row" >}}
 {{% blocks/feature icon="fa-lightbulb" title="Fastest OS **on the planet**!" %}}
 The new **TechOS** operating system is an open source project. It is a new project, but with grand ambitions.

content/en/cloud/academy/_index.md

@@ -1,6 +1,6 @@
 ---
 title: Academy
-weight: 5
+weight: 4
 description: >
   Learn how to use, build, manage, and extend the Layer5 Academy.
 categories: [Academy]

content/en/cloud/academy/creating-content/extending-the-academy/index.md

@@ -172,7 +172,7 @@ The Layer5 Academy platform supports all Hugo shortcode features. For more advan
 
 ### Branded Email Communications
 
-When using the Academy with [white-labeling](/cloud/self-hosted/white-labeling) enabled, all system-generated emails (badge awards, certificate awards, challenge registrations) automatically reflect your organization's branding.
+When using the Academy with [white-labeling](/cloud/guides/self-hosted/white-labeling) enabled, all system-generated emails (badge awards, certificate awards, challenge registrations) automatically reflect your organization's branding.
 
 Below is an example email template showing how badge award notifications appear when white-labeling is enabled. The parts enclosed in `{{}}` are automatically replaced with your organization's specific information:
 

content/en/cloud/academy/creating-content/using-content-template-creator/index.md

@@ -2,10 +2,10 @@
 title: Using Academy Content Template Creator
 weight: 6
 description: >
-  
+
 categories: [Academy]
 tags: [Academy]
-aliases: 
+aliases:
 - /cloud/academy/using-academy-content-template-creator
 - /cloud/academy/using-content-template-creator
 - /cloud/academy/academy-content-template-creator-guide
@@ -153,7 +153,7 @@ Your invitation link provides targeted access management:
 
 - **Specific Team Access**: Only members of your selected teams can access the content through this link
 - **Automatic Role Assignment**: Users who accept the invitation automatically receive the "Academy Learner" role
-- **Organization Boundary Protection**: Only users within your [organization](https://docs.layer5.io/cloud/identity/organizations/) can use this invitation
+- **Organization Boundary Protection**: Only users within your [organization](https://docs.layer5.io/cloud/concepts/identity-and-security/organizations/) can use this invitation
 
 ### 2. Flexible Sharing and Distribution
 
@@ -179,7 +179,7 @@ The invitation form contains eight properties. Three are automatically generated
 1. **Name**: Automatically formatted as "Academy Invitation for [your-content-name]"
    *Example: "Academy Invitation for meshery-contributors-certification" (lowercase with dash)*
 2. **Description**: "Invitation to join organization [organization-name] for academy curricula [course-name]"
-3. **Roles**: Defaults to "Academy Learner" - [Learn more about Academy roles](https://docs.layer5.io/cloud/security/roles/academy-roles/) 
+3. **Roles**: Defaults to "Academy Learner" - [Learn more about Academy roles](https://docs.layer5.io/cloud/concepts/identity-and-security/roles/academy-roles/)
 
 {{< alert type="info" title="Admin Role Invitations" >}}
 Academy admins can invite other instructors to become co-admins by changing the **Roles** property from "Academy Learner" to "Academy Admin" during invitation customization.
@@ -229,7 +229,7 @@ Specify which teams invited users will join:
 
 - **Team Selection**: Choose from available teams via dropdown menu
 - **Multiple Teams**: You can assign users to multiple teams
-- **No Teams Available**: If your organization has no teams, [create them](https://docs.layer5.io/cloud/identity/teams/) first. Users will be added to all successfully configured teams
+- **No Teams Available**: If your organization has no teams, [create them](https://docs.layer5.io/cloud/concepts/identity-and-security/teams/) first. Users will be added to all successfully configured teams
 
 {{< alert type="info" title="Team Structure Changes" >}}
 **During Organization Restructuring:**
@@ -252,4 +252,4 @@ Control invitation accessibility:
 
 {{< alert type="info" title="Invitation Idempotency" >}}
 Users only need to accept one invitation, regardless of how many invitation emails they receive. Once accepted, additional invitations to the same user are automatically ignored.
-{{< /alert >}}
+{{< /alert >}}

content/en/cloud/concepts/_index.md

@@ -21,6 +21,8 @@ The following concepts form the foundation of the Layer5 Cloud ecosystem:
 
 This section explains the underlying concepts of Layer5 Cloud — the building blocks that the rest of the documentation assumes you understand.
 
+- [Spaces](spaces/) explains workspaces, environments, and workspace management.
+- [Identity and Security](identity-and-security/) explains organizations, teams, users, access control, roles, keychains, keys, tokens, and sessions.
 - [Meshery Server Registration](meshery-server-registration) — How a Meshery Server registers itself with Layer5 Cloud as its Remote Provider, how Cloud identifies an existing registration, and what fields are preserved across re-registration.
 
 ---

content/en/cloud/catalog/_index.md → content/en/cloud/concepts/catalog/_index.md

@@ -5,15 +5,18 @@ description: >
   The Cloud Catalog is a web-based, public catalog to facilitate easy sharing and discovery of common cloud native architectures and design patterns.
 categories: [Catalog]
 tags: [Designer]
+aliases:
+  - /cloud/catalog/
+
 ---
 
 {{%pageinfo%}}
 Public Catalog: https://cloud.layer5.io/catalog
 {{%/pageinfo%}}
 
-<!-- {{< figure src="/cloud/catalog/images/delivering-catalog-content.svg" alt="Delivering-catalog-content" class="image-center-shadow" >}} -->
+<!-- {{< figure src="/cloud/concepts/catalog/images/delivering-catalog-content.svg" alt="Delivering-catalog-content" class="image-center-shadow" >}} -->
 
-<img src="/cloud/catalog/images/delivering-catalog-content.svg" alt="Delivering-catalog-content" />
+<img src="/cloud/concepts/catalog/images/delivering-catalog-content.svg" alt="Delivering-catalog-content" />
 
 The Cloud Catalog is a web-based, public catalog to facilitate easy discovery of existing designs. Designs that are published into the catalog can be, but are not always curated for known best practices and patterns. Content is published at [cloud.layer5.io/catalog](https://cloud.layer5.io/catalog), and one-click import of catalog content into Meshery Server is seamlessly integrated.
 

content/en/cloud/catalog/exploring-the-catalog.md → content/en/cloud/concepts/catalog/exploring-the-catalog.md

@@ -4,25 +4,28 @@ weight: 3
 description: "Discover how to browse, find, and interact with designs in the Catalog."
 categories: [Catalog]
 tags: [Designer]
+aliases:
+  - /cloud/catalog/exploring-the-catalog/
+
 ---
 
 The [Cloud Catalog](https://cloud.layer5.io/catalog) is the central hub for well-architected cloud and cloud native patterns and best practices templates. Here, you can discover and share designs with the wider community.
 
-![Catalog main page view](/cloud/catalog/images/catalog-view.gif)
+![Catalog main page view](/cloud/concepts/catalog/images/catalog-view.gif)
 
 ## Viewing Catalog Items
 
 Meshery Catalog displays all published designs in an organized, searchable format.
 
 ### Top Performers
 
-At the top of the page, you can find the **Top Performers** section. This provides a snapshot of the **Leaderboard**, highlighting the most popular designs based on various [metrics](/cloud/catalog/metrics/).
+At the top of the page, you can find the **Top Performers** section. This provides a snapshot of the **Leaderboard**, highlighting the most popular designs based on various [metrics](/cloud/concepts/catalog/metrics/).
 
 - To see the complete rankings, click the **Open Leaderboard** button.
 - You can toggle the visibility of this section using the **Hide Performers** / **Show Performers** button.
 
 {{< alert type="info" title="Learn More About Leaderboard" >}}
-To learn more about Leaderboard, see the [Leaderboard documentation](/cloud/catalog/leaderboard/).
+To learn more about Leaderboard, see the [Leaderboard documentation](/cloud/concepts/catalog/leaderboard/).
 {{< /alert >}}
 
 ### Grid View
@@ -36,10 +39,10 @@ Each card provides key information at a glance:
 - **Metrics:** A row of icons at the bottom displays key usage statistics (Opens, Downloads, Deploys, Clones, Shares)
 - **Detailed Information (on hover):** When you hover over a card, it flips to reveal more details, including the author, design version, technologies used, and the last updated time
 
-<img src="/cloud/catalog/images/card-view.png" alt="Card View" style="width: 40%" />
+<img src="/cloud/concepts/catalog/images/card-view.png" alt="Card View" style="width: 40%" />
 
 {{< alert type="info" title="Understanding Design Metrics" >}}
-To better understand what these Metrics represent, you can learn more about [design metrics](/cloud/catalog/metrics/).
+To better understand what these Metrics represent, you can learn more about [design metrics](/cloud/concepts/catalog/metrics/).
 {{< /alert >}}
 
 ### Table View
@@ -48,7 +51,7 @@ Table view provides a dense, list-based format that's ideal for sorting and comp
 
 To customize the information displayed in this view, click the **View Columns icon** and select the attributes you want to see, such as Author, Created At, or Downloads.
 
-![Catalog table view](/cloud/catalog/images/design-view.gif)
+![Catalog table view](/cloud/concepts/catalog/images/design-view.gif)
 
 ## Filtering and Sorting Catalog Items
 
@@ -81,7 +84,7 @@ These filters correspond to the metadata authors provide when they publish desig
 
 When you click on any design, you'll see its detail page. This page provides a complete overview of the design's purpose, technical details, and how you can use it.
 
-![Catalog modal](/cloud/catalog/images/design_model.png)
+![Catalog modal](/cloud/concepts/catalog/images/design_model.png)
 
 ### Key Information
 
@@ -124,7 +127,7 @@ Design downloads include only the core YAML definition, excluding associated cat
 
 After you've published a design, you might need to update its metadata or description. Clicking the **Edit** button opens a dialog where you can make your changes.
 
-![Design edit modal](/cloud/catalog/images/design-edit.png)
+![Design edit modal](/cloud/concepts/catalog/images/design-edit.png)
 
 You can modify the following fields:
 

content/en/cloud/catalog/leaderboard.md → content/en/cloud/concepts/catalog/leaderboard.md

@@ -5,14 +5,17 @@ description: >
    The Leaderboard is a visual representation of Designs, ranked based on key Metrics such as Opens, Downloads, Deployments, Clones, and Shares.
 categories: [Catalog]
 tags: [Designer]
+aliases:
+  - /cloud/catalog/leaderboard/
+
 ---
 
 Leaderboard provides a clear and engaging way to view and compare the performance of different Designs, highlighting the most popular and actively used ones within the Cloud.
 
-![Leaderboard page overview](/cloud/catalog/images/leaderboard-page.gif)
+![Leaderboard page overview](/cloud/concepts/catalog/images/leaderboard-page.gif)
 
 {{< alert type="info" title="Understanding Metrics" >}}
-Metrics are quantifiable measures used to track and assess the status, progress, and performance of various activities and user interactions with Designs. Learn more about [Metrics](/cloud/catalog/metrics/)
+Metrics are quantifiable measures used to track and assess the status, progress, and performance of various activities and user interactions with Designs. Learn more about [Metrics](/cloud/concepts/catalog/metrics/)
 {{< /alert >}}
 
 ### How to Access the Leaderboard
@@ -22,7 +25,7 @@ You can reach the Leaderboard page in two ways:
 1. **Global Navigation Bar:** Click the Leaderboard icon in the main navigation bar for quick access.
 2. **From the Catalog Page:** While Browse the Catalog, you can click the 'Open Leaderboard' button in the **Top Performers** section
 
-![Leaderboard Button](/cloud/catalog/images/leaderboard_button.png)
+![Leaderboard Button](/cloud/concepts/catalog/images/leaderboard_button.png)
 
 ### Using the Leaderboard Page
 
@@ -33,4 +36,4 @@ The Leaderboard page offers several ways to explore and interact with:
 - **Customize Your View:** Click the **View Columns** icon to show or hide specific metric columns.
 - **Take Actions:** Click the **Actions** icon to download, share, or perform other actions.
 
-![Leaderboard action menu](/cloud/catalog/images/leaderboard-action.png)
+![Leaderboard action menu](/cloud/concepts/catalog/images/leaderboard-action.png)

content/en/cloud/catalog/metrics.md → content/en/cloud/concepts/catalog/metrics.md

@@ -5,6 +5,9 @@ description: >
    Metrics are quantifiable measures used to track and assess the status, progress, and performance of various activities and user interactions with Designs.
 categories: [Catalog]
 tags: [Designer]
+aliases:
+  - /cloud/catalog/metrics/
+
 ---
 
 Metrics provide valuable insights into how users engage with the designs, allowing us to understand usage patterns, identify trends, and make data-driven decisions to improve the user experience.
@@ -19,10 +22,10 @@ Designs can be imported, exported, versioned, forked, merged, snapshotted, publi
 
 You can view the metrics of a Design in two ways:
 1. Below each Design's catalog card, you can see its metrics.
-![Catalog card](/cloud/catalog/images/cards.png)
+![Catalog card](/cloud/concepts/catalog/images/cards.png)
 
 2. By clicking on the catalog card, a modal will pop up displaying all the information about the Design, including its metrics.
-![Catalog modal](/cloud/catalog/images/design_model.png)
+![Catalog modal](/cloud/concepts/catalog/images/design_model.png)
 
 Here’s a detailed explanation of each metric we track:
 

content/en/cloud/concepts/identity-and-security/_index.md

@@ -0,0 +1,75 @@
+---
+title: Identity and Security
+linkTitle: Identity and Security
+description: >
+  Organizations, teams, users, roles, keychains, keys, sessions, and tokens.
+weight: 3
+categories: [Identity, Security]
+tags: [permissions, identity, authentication]
+aliases:
+  - /cloud/identity/
+  - /cloud/security/
+
+---
+
+Organizations are the basic unit of multi-tenancy inside of Layer5 Cloud. The identity structure is highly flexible: organizations can have any number of teams, teams can have any number of users, and users can belong to any number of teams and organizations.
+
+Below is an overview of the core identity components within the Layer5 Cloud.
+
+## Identity
+
+Organizations serve as the fundamental component of multi-tenancy within the Layer5 Cloud.
+
+They act as the top-level parent entity. All users and teams ultimately roll up to an organization. While Free plan users are limited to a single default organization, enterprise environments can leverage organizations to strictly isolate resources, billing, and access control across entirely different business units.
+
+Outside of grouping users together, teams offer controlled access to workspaces and to workspace resources such as environments and managed and unmanaged connections.
+
+Administrators can create teams as child units below the top-level organization. This allows you to apply unique settings, permissions, and workspace access to a specific set of users without altering the parent organization's settings.
+
+Each user account represents an individual collaborator. Individual user accounts exist beyond the bounds of organizations.
+
+Anyone who uses Layer5 Cloud signs into a user account, which acts as your sovereign identity. Your user account can independently own resources such as workspaces, designs, connections, and tokens. Any action taken on the platform is directly attributed to your individual user account, regardless of which teams or organizations you belong to.
+
+## Organizational Units
+
+Layer5 Cloud uses a hierarchical structure to isolate resources and manage users at scale:
+
+* **Provider Organizations:**  The top-level entity that can manage multiple tenant organizations.
+* **Tenant Organizations:** Individual customer or project-specific organizations (e.g., Layer5, Intel).
+* **Teams:** Logical groupings of users within an organization to facilitate collaborative management.
+* **Users:** Individual accounts that are members of teams and organizations.
+
+## Role and Access Control
+
+Access is granted through Role-Based Access Control (RBAC). Roles are assigned at different levels of the organizational hierarchy:
+
+* **Provider Administrators:** Management of provider-level settings and tenant organizations.
+* **Organization Administrators:** Full control over an entire tenant organization.
+* **Organization Billing Managers:** Access restricted to subscription and financial management.
+* **Team Administrators:** Management of specific team resources and memberships.
+* **Workspace Administrators:** Management of workspace-level resources and access.
+
+![permission](images/permissions.svg "image-center-shadow")
+
+## Key Management and Tokens
+
+Beyond structural roles, Layer5 Cloud uses cryptographic and session-based security:
+
+### Keychains
+
+Keychains are collections of keys used to manage environment-specific access and signing. They allow for the logical grouping of related security credentials.
+
+### Keys
+
+Keys are the atomic unit of access control within the system. They are used for secure communication between Meshery and Layer5 Cloud, as well as for signing design patterns.
+
+### Tokens
+
+Tokens provide temporary, secure access to the platform.
+
+* **Session Tokens:** Used for web browser authentication.
+* **Personal Access Tokens (PATs):** Used for programmatic access via CLI or CI/CD pipelines.
+
+### Need more detail?
+
+Check out the [Roles Reference](/cloud/concepts/identity-and-security/roles/) for a complete matrix of permissions for each role.