[DO NOT MERGE] Updated TV and added Connected Accounts doc

main/docs.json

@@ -2036,7 +2036,9 @@
                             "group": "Token Vault",
                             "pages": [
                               "docs/secure/tokens/token-vault",
-                              "docs/secure/tokens/token-vault/call-apis-with-token-vault",
+                              "docs/secure/tokens/token-vault/connected-accounts-for-token-vault",
+                              "docs/secure/tokens/token-vault/refresh-token-exchange-with-token-vault",
+                              "docs/secure/tokens/token-vault/access-token-exchange-with-token-vault",
                               "docs/secure/tokens/token-vault/configure-token-vault"
                             ]
                           }
@@ -24195,6 +24197,18 @@
     {
      "source": "/docs/secure/security-guidance/measures-against-application-impersonation",
       "destination": "/docs/secure/security-guidance/measures-against-app-impersonation"
+    },
+    {
+     "source": "/docs/secure/tokens/token-vault/configure-access-token-exchange-with-token-vault",
+      "destination": "/docs/secure/tokens/token-vault/configure-token-vault"
+    },
+    {
+     "source": "/docs/secure/tokens/token-vault/configure-refresh-token-exchange-with-token-vault",
+      "destination": "/docs/secure/tokens/token-vault/configure-token-vault"
+    },
+    {
+     "source": "/docs/secure/tokens/token-vault/call-apis-with-token-vault",
+      "destination": "/docs/secure/tokens/token-vault/refresh-token-exchange-with-token-vault"
     }
   ]
 }

main/docs/authenticate/identity-providers/enterprise-identity-providers.mdx

@@ -8,6 +8,9 @@ title: Enterprise Identity Providers
 'twitter:description': Learn about enterprise identity providers supported by Auth0.
 'twitter:title': Enterprise Identity Providers
 ---
+
+Auth0 supports enterprise login for both web-based and native applications. Enterprise login is a method of authentication that allows users to log in to an application using existing credentials from an enterprise identity provider, such as Google Workspace or Microsoft Azure Active Directory (Entra ID). This is separate from connecting and authorizing applications for an external provider so they can access external APIs on the user’s behalf. To learn more, read [User authentication vs Connected Accounts](/docs/secure/tokens/connected-accounts-for-token-vault#user-authentication-vs-connected-accounts).
+
 Auth0 supports the following enterprise providers out of the box:
 
 * [Active Directory/LDAP](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap)

main/docs/authenticate/identity-providers/enterprise-identity-providers/azure-active-directory/v2.mdx

@@ -189,13 +189,16 @@ Create and configure an Azure AD Enterprise Connection in Auth0. Make sure you h
 <td><strong>Email Verification</strong></td>
 <td>Choose how Auth0 sets the <code>email_verified</code> field in the user profile. To learn more, read <a href="/docs/authenticate/identity-providers/enterprise-identity-providers/azuread-adfs-email-verification">Email Verification for Azure AD and ADFS</a>.</td>
 </tr>
+<tr>
+<td><strong>Purpose</strong></td>
+<td>Enable the connection for Authentication, Connected Accounts for Token Vault, or both. To learn more, read [User authentication vs Connected Accounts](/docs/secure/tokens/connected-accounts-for-token-vault#user-authentication-vs-connected-accounts).</td>
+</tr>
 </tbody>
 </table>
 
-   <Frame>![Create new Azure AD connection](/docs/images/cdy7uua7fh8z/1r6WTgLJUlbiV9jligIwER/55904e9d3c1eec62c2e8421b71cff94b/Enterprise_Connection_-_MSFT_-_English.png)</Frame>
 3. In the **Provisioning** view, you can configure how user profiles get created and updated in Auth0.
 
-   <table class="table"><thead>
+<table class="table"><thead>
 <tr>
 <th>Field</th>
 <th>Description</th>

main/docs/authenticate/identity-providers/enterprise-identity-providers/google-apps.mdx

@@ -164,14 +164,17 @@ Next, you will need to create and configure a Google Workspace Enterprise Connec
 <td><strong>Sync user profile attributes at each login</strong></td>
 <td>When enabled, Auth0 automatically syncs user profile data with each user login, thereby ensuring that changes made in the connection source are automatically updated in Auth0.</td>
 </tr>
+<tr>
+<td><strong>Purpose</strong></td>
+<td>Enable the connection for Authentication, Connected Accounts for Token Vault, or both. To learn more, read [User authentication vs Connected Accounts](/docs/secure/tokens/connected-accounts-for-token-vault#user-authentication-vs-connected-accounts).</td>
+</tr>
 </tbody>
 </table>
 
-   <Frame>![Create Google Workspace Connection](/docs/images/cdy7uua7fh8z/5s3W98sar77mRxZ3F3s0Ol/2743ece52e85d378412b770344f7d3d5/Enterprise_Connection_-_Google_Work_-_English.png)</Frame>
 3. If you have appropriate administrative permissions to configure your Google Workspace settings so you can use Google's Admin APIs, then click **Continue**. Otherwise, provide the given URL to your administrator so that they can adjust the required settings.
 4. On the **Login Experience** tab, you can configure how users log in with this connection.
 
-   <table class="table"><thead>
+<table class="table"><thead>
 <tr>
 <th><strong>Field</strong></th>
 <th><strong>Description</strong></th>

main/docs/authenticate/identity-providers/enterprise-identity-providers/oidc.mdx

@@ -171,6 +171,10 @@ To be configurable through the Auth0 Dashboard, the OpenID Connect (OIDC) Identi
 <td><strong>Sync user profiles using SCIM</strong></td>
 <td>When enabled, Auth0 allows user profile data to be synced using SCIM. For more information, see <a href="/docs/authenticate/protocols/scim/configure-inbound-scim">Configure Inbound SCIM</a>.</td>
 </tr>
+<tr>
+<td><strong>Purpose</strong></td>
+<td>Enable the connection for Authentication, Connected Accounts for Token Vault, or both. To learn more, read [User authentication vs Connected Accounts](/docs/secure/tokens/connected-accounts-for-token-vault#user-authentication-vs-connected-accounts).</td>
+</tr>
 </tbody>
 </table>
 5. In the **Login Experience** view, configure how users log in with this connection.

main/docs/authenticate/identity-providers/social-identity-providers.mdx

@@ -9,7 +9,7 @@ title: Social Identity Providers
 'twitter:description': Learn about the social identity providers supported by Auth0.
 'twitter:title': Social Identity Providers
 ---
-Auth0 supports social login for both web-based and native applications. Social login is a method of authentication that allows users to log in to an application using existing credentials from a social <Tooltip tip="Identity Provider (IdP): Service that stores and manages digital identities." cta="View Glossary" href="/docs/glossary?term=identity+provider">identity provider</Tooltip>, such as Google or Facebook.
+Auth0 supports social login for both web-based and native applications. Social login is a method of authentication that allows users to log in to an application using existing credentials from a social <Tooltip tip="Identity Provider (IdP): Service that stores and manages digital identities." cta="View Glossary" href="/docs/glossary?term=identity+provider">identity provider</Tooltip>, such as Google or Facebook. This is separate from connecting and authorizing applications for an external provider, allowing them to access external APIs on the user’s behalf. To learn more, read [User authentication vs Connected Accounts](/docs/secure/tokens/connected-accounts-for-token-vault#user-authentication-vs-connected-accounts).
 
 As users frequently have their social credentials stored in their browser or device, social login provides a frictionless user experience that requires minimal manual interaction with an application.
 

main/docs/authenticate/identity-providers/social-identity-providers/google-native.mdx

@@ -34,6 +34,7 @@ This feature uses Android's Credential Manager to facilitate Sign in with Google
 Before you begin configuring Sign in with Google, ensure the following are true:
 
 * A [Google social connection](https://marketplace.auth0.com/integrations/google-social-connection) has been set up within your Auth0 tenant.
+    * For the **Purpose** setting, enable the connection for Authentication, Connected Accounts for Token Vault, or both. To learn more, read [User authentication vs Connected Accounts](/docs/secure/tokens/connected-accounts-for-token-vault#user-authentication-vs-connected-accounts).
 * Sign in with Google has been added to your Android application using [Android's Credential Manager](https://developer.android.com/identity/sign-in/credential-manager-siwg).
 
 ## Configuring Sign in with Google for Android applications

main/docs/authenticate/identity-providers/social-identity-providers/oauth2.mdx

@@ -34,6 +34,7 @@ The form that appears contains several fields that you must use to configure the
 * **<Tooltip tip="Client ID: Identification value given to your registered resource from Auth0." cta="View Glossary" href="/docs/glossary?term=Client+ID">Client ID</Tooltip>**: Client ID for Auth0 as an application used to request authorization and exchange the authorization code. To get a Client ID, you will need to register with the <Tooltip tip="Identity Provider (IdP): Service that stores and manages digital identities." cta="View Glossary" href="/docs/glossary?term=identity+provider">identity provider</Tooltip>.
 * **<Tooltip tip="Client Secret: Secret used by a client (application) to authenticate with the Authorization Server; it should be known to only the client and the Authorization Server and must be sufficiently random to not be guessable." cta="View Glossary" href="/docs/glossary?term=Client+Secret">Client Secret</Tooltip>**: Client Secret for Auth0 as an application used to exchange the authorization code. To get a Client Secret, you will need to register with the identity provider.
 * **Fetch User Profile Script**: Node.js script used to call a userinfo URL with the provided access token. To learn more about this script, see [Fetch User Profile Script](#fetch-user-profile-script).
+* **Purpose**: Enables the social connection for Authentication, Cconnected Aaccounts for Token Vault, or both. To learn more, read [User authentication vs Connected Accounts](/docs/secure/tokens/connected-accounts-for-token-vault#user-authentication-vs-connected-accounts).
 
 <Callout icon="file-lines" color="#0EA5E9" iconType="regular">
 

main/docs/authenticate/identity-providers/social-identity-providers/tiktok.mdx

@@ -53,6 +53,7 @@ You must create a custom connection to associate your TikTok instance with Auth0
    4. Scope: `user.info.basic`
    5. Client ID: Client key assigned to you by TikTok
    6. Client Secret: Client secret assigned to you by TikTok
+   7. Purpose: Enable the connection for Authentication, Connected Accounts for Token Vault, or both. To learn more, read [User authentication vs Connected Accounts](/docs/secure/tokens/connected-accounts-for-token-vault#user-authentication-vs-connected-accounts).
 5. Configure the [Fetch User Profile Script](/docs/authenticate/identity-providers/social-identity-providers/oauth2#fetch-user-profile-script) to fetch profile information from [TikTok's user_info endpoint](https://developers.tiktok.com/doc/tiktok-api-v2-get-user-info/). Map attributes to Auth0’s normalized user profile.
 
    <Callout icon="file-lines" color="#0EA5E9" iconType="regular">

main/docs/manage-users/my-account-api.mdx

@@ -87,6 +87,46 @@ The My Account API supports the following scopes:
 <td><code>create:me:authentication-methods</code></td>
 <td>Allows the user to enroll a new authentication method.</td>
 </tr>
+<tr>
+<td><code>read:me:authentication-methods</code></td>
+<td>Allows the user to view existing authentication methods.</td>
+</tr>
+<tr>
+<td><code>update:me:authentication-methods</code></td>
+<td>Allows the user to modify existing authentication methods.</td>
+</tr>
+<tr>
+<td><code>delete:me:authentication-methods</code></td>
+<td>Allows the user to modify existing authentication methods.</td>
+</tr>
+<tr>
+<td><code>read:me:factors</code></td>
+<td>Allows the user to view the factors they can enroll.</td>
+</tr>
+</tbody>
+</table>
+
+For [Connected Accounts with Token Vault](/docs/secure/tokens/connected-accounts-for-token-vault), the My Account API supports the following scopes:
+
+<table class="table"><thead>
+<tr>
+<th><strong>Scope</strong></th>
+<th><strong>Description</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><code>create:me:connected_accounts</code></td>
+<td>Allows the user to connect a new account to their user profile.</td>
+</tr>
+<tr>
+<td><code>read:me:connected_accounts</code></td>
+<td>Allows the user to view the existing connected accounts linked to their user profile.</td>
+</tr>
+<tr>
+<td><code>delete:me:connected_accounts</code></td>
+<td>Allows the user to delete a connected account from their user profile.</td>
+</tr>
 </tbody>
 </table>
 

main/docs/manage-users/user-accounts/user-account-linking.mdx

@@ -14,6 +14,10 @@ title: User Account Linking
 
 import {AuthCodeGroup} from "/snippets/AuthCodeGroup.jsx";
 
+<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
+Connected Accounts enables a single Auth0 user profile to be linked to multiple external accounts. When you enable Connected Accounts for a supported external provider, Auth0 automatically adds the account for that provider to the user profile after the user successfully logs in. To learn more, read [Connected Accounts for Token Vault](/docs/secure/tokens/connected-accounts-for-token-vault).
+</Callout>
+
 Auth0 supports the linking of user accounts from various <Tooltip tip="Identity Provider (IdP): Service that stores and manages digital identities." cta="View Glossary" href="/docs/glossary?term=identity+providers">identity providers</Tooltip>. This allows a user to authenticate from any of their accounts and still be recognized by your app and associated with the same user profile.
 
 <Card title="Availability varies by Auth0 plan">
@@ -199,4 +203,4 @@ Previously, in some cases, you could use ID Tokens to link and unlink user accou
 * [Link User Accounts](/docs/manage-users/user-accounts/user-account-linking/link-user-accounts)
 * [Unlink User Accounts](/docs/manage-users/user-accounts/user-account-linking/unlink-user-accounts)
 * [User-Initiated Account Linking: Client-Side Implementation](/docs/manage-users/user-accounts/user-account-linking/user-initiated-account-linking-client-side-implementation)
-* [User Account Linking: Server-Side Implementation](/docs/manage-users/user-accounts/user-account-linking/suggested-account-linking-server-side-implementation)
+* [User Account Linking: Server-Side Implementation](/docs/manage-users/user-accounts/user-account-linking/suggested-account-linking-server-side-implementation)