Merge branch 'main' into docs/remove-create-issue

Author: rebelice

docs/administration/user-groups.mdx …/administration/user-groups/overview.mdxdocs/administration/user-groups.mdx renamed to docs/administration/user-groups/overview.mdx docs/administration/user-groups.mdx renamed to docs/administration/user-groups/overview.mdx

@@ -1,5 +1,5 @@
 ---
-title: Users and Groups
+title: Overview
 ---
 
 ## User
@@ -10,6 +10,23 @@ A `User` represents anyone who can access and perform operations in Bytebase. Us
 
 Service accounts are special users designed for automated processes and applications.
 
+## Workload Identity
+
+Workload Identity is a secure authentication method for CI/CD pipelines and external services using OpenID Connect (OIDC) tokens, eliminating the need for long-lived credentials.
+
+Unlike traditional Service Accounts that require storing API keys as secrets, Workload Identity:
+- Uses short-lived tokens generated per job
+- Validates tokens against your CI/CD platform's identity provider  
+- Restricts access to specific repositories, branches, and workflows
+
+### Setup Workload Identity
+
+<CardGroup cols={2}>
+  <Card title="GitHub Actions" icon="github" href="/administration/user-groups/workload-identity/github-actions">
+    Configure OIDC authentication for GitHub Actions workflows
+  </Card>
+</CardGroup>
+
 ## User Group
 
 A `User Group` organizes multiple users together for easier permission management. Workspace admins create groups and add users, then assign these groups to roles within projects.

…ons/workload-identity/github-actions.mdx …ups/workload-identity/github-actions.mdxdocs/integrations/workload-identity/github-actions.mdx renamed to docs/administration/user-groups/workload-identity/github-actions.mdx docs/integrations/workload-identity/github-actions.mdx renamed to docs/administration/user-groups/workload-identity/github-actions.mdx

@@ -1,5 +1,5 @@
 ---
-title: GitHub Actions
+title: Workload Identity for GitHub Actions
 ---
 
 This guide explains how to configure Workload Identity for GitHub Actions to authenticate with Bytebase without storing long-lived credentials.

docs/docs.json

@@ -243,7 +243,13 @@
                   "administration/sso/idp-initiated"
                 ]
               },
-              "administration/user-groups",
+              {
+                "group": "Users & Groups",
+                "pages": [
+                  "administration/user-groups/overview",
+                  "administration/user-groups/workload-identity/github-actions"
+                ]
+              },
               "administration/roles",
               "administration/scim/overview",
               "administration/2fa",
@@ -272,13 +278,6 @@
       {
         "tab": "Integrations",
         "groups": [
-          {
-            "group": "Workload Identity",
-            "pages": [
-              "integrations/workload-identity/overview",
-              "integrations/workload-identity/github-actions"
-            ]
-          },
           {
             "group": "API",
             "pages": [