camunda · mesellings · Apr 1, 2026 · Apr 1, 2026 · Apr 1, 2026
diff --git a/docs/reference/announcements-release-notes/890/890-announcements.md b/docs/reference/announcements-release-notes/890/890-announcements.md
@@ -453,7 +453,8 @@ Camunda 8.9 introduces a new built-in Identity role, `task-worker`. Use this rol
 #### Removed: Web Modeler API milestone endpoints
 
 The Web Modeler API endpoints under `/api/v1/milestones` that were deprecated in Camunda 8.8 are now removed in 8.9.
-You can use the corresponding endpoints under `/api/v1/versions` instead.
+
+**Action:** Use the corresponding endpoints under `/api/v1/versions` instead.
 
 <p className="link-arrow">[Web Modeler API](/apis-tools/web-modeler-api/index.md)</p>
 
@@ -754,23 +755,13 @@ The configuration keys `global.secrets.autoGenerated`, `global.secrets.name`, an
 </div>
 <div className="release-announcement-content">
 
-#### Helm chart: TLS secret configuration pattern
-
-The legacy TLS secret configuration using `*.tls.existingSecret` is deprecated.
-
-Legacy keys still work in Camunda 8.9 but will cause deprecation warnings and are removed in a future version.
-
-Affected paths:
+#### Helm chart: Bitnami subcharts deprecated
 
-| Deprecated path                           | New path                                         |
-| :---------------------------------------- | :----------------------------------------------- |
-| `global.elasticsearch.tls.existingSecret` | `global.elasticsearch.tls.secret.existingSecret` |
-| `global.opensearch.tls.existingSecret`    | `global.opensearch.tls.secret.existingSecret`    |
-| `console.tls.existingSecret`              | `console.tls.secret.existingSecret`              |
+The four Bitnami-based subcharts (`identityPostgresql`, `identityKeycloak`, `webModelerPostgresql`, `elasticsearch`) are deprecated in Camunda 8.9 and will be removed in Camunda 8.10.
 
-**Action:** Migrate to the new pattern using `*.tls.secret.existingSecret`.
+If any of these subcharts are enabled, Helm prints a deprecation warning during installation or upgrade.
 
-<p className="link-arrow">[Secret management](/self-managed/deployment/helm/configure/secret-management.md)</p>
+**Action:** Migrate to externally managed services before upgrading to Camunda 8.10.
 
 </div>
 </div>
@@ -781,28 +772,47 @@ Affected paths:
 </div>
 <div className="release-announcement-content">
 
-#### Helm chart: Bitnami subcharts deprecated
+#### Helm chart: `global.elasticsearch` and `global.opensearch` deprecated
 
-The four Bitnami-based subcharts (`identityPostgresql`, `identityKeycloak`, `webModelerPostgresql`, `elasticsearch`) are deprecated in Camunda 8.9 and will be removed in Camunda 8.10.
+The `global.elasticsearch.*` and `global.opensearch.*` configuration trees are deprecated in Camunda 8.9 and will be removed in Camunda 8.10.
 
-If any of these subcharts are enabled, Helm prints a deprecation warning during installation or upgrade.
+These options are not truly global, as only the Orchestration and Optimize components use them.
 
-**Action:** Migrate to externally managed services before upgrading to Camunda 8.10.
+Legacy keys continue to work in Camunda 8.9 with deprecation warnings. Existing deployments will continue to function without changes.
+
+**Action:** You should migrate to the new component-specific configuration:
+
+| Component     | New configuration path                                                                                     |
+| :------------ | :--------------------------------------------------------------------------------------------------------- |
+| Orchestration | `orchestration.data.secondaryStorage.elasticsearch.*` / `orchestration.data.secondaryStorage.opensearch.*` |
+| Optimize      | `optimize.database.elasticsearch.*` / `optimize.database.opensearch.*`                                     |
 
 </div>
 </div>
 
 <div className="release-announcement-row">
 <div className="release-announcement-badge">
-<span className="badge badge--change">Change</span>
+<span className="badge badge--deprecated">Deprecated</span>
 </div>
 <div className="release-announcement-content">
 
-#### Helm chart: Bitnami subcharts bundled
+#### Helm chart: TLS secret configuration pattern
 
-The Bitnami subcharts (PostgreSQL, Keycloak, Elasticsearch, and Common) are bundled directly within the Camunda Helm chart instead of being fetched from external Bitnami repositories at install time.
+The legacy TLS secret configuration using `*.tls.existingSecret` is deprecated.
 
-This change reduces the risk of unexpected breaking changes from upstream Bitnami chart updates and gives Camunda full control over the lifecycle of these subcharts. No action is required — existing deployments will continue to work as before.
+Legacy keys still work in Camunda 8.9 but will cause deprecation warnings and are removed in a future version.
+
+This affects the following paths:
+
+| Deprecated path                           | New path                                         |
+| :---------------------------------------- | :----------------------------------------------- |
+| `global.elasticsearch.tls.existingSecret` | `global.elasticsearch.tls.secret.existingSecret` |
+| `global.opensearch.tls.existingSecret`    | `global.opensearch.tls.secret.existingSecret`    |
+| `console.tls.existingSecret`              | `console.tls.secret.existingSecret`              |
+
+**Action:** Migrate to the new pattern using `*.tls.secret.existingSecret`.
+
+<p className="link-arrow">[Secret management](/self-managed/deployment/helm/configure/secret-management.md)</p>
 
 </div>
 </div>
@@ -813,39 +823,30 @@ This change reduces the risk of unexpected breaking changes from upstream Bitnam
 </div>
 <div className="release-announcement-content">
 
-#### Helm chart: `global.elasticsearch` and `global.opensearch` deprecated
-
-The `global.elasticsearch.*` and `global.opensearch.*` configuration trees are deprecated in Camunda 8.9 and will be removed in Camunda 8.10.
-
-These options are not truly global, as only the Orchestration and Optimize components use them.
-
-Legacy keys continue to work in Camunda 8.9 with deprecation warnings. Existing deployments will continue to function without changes.
+#### Helm chart: Identity profile renamed to admin
 
-**Action:**
+The orchestration profile `orchestration.profiles.identity` is deprecated and renamed to `orchestration.profiles.admin`.
 
-You should migrate to the new component-specific configuration:
+If your `values.yaml` uses the `identity` profile key, the chart automatically migrates it to `admin` and prints a deprecation warning.
 
-| Component     | New configuration path                                                                                     |
-| :------------ | :--------------------------------------------------------------------------------------------------------- |
-| Orchestration | `orchestration.data.secondaryStorage.elasticsearch.*` / `orchestration.data.secondaryStorage.opensearch.*` |
-| Optimize      | `optimize.database.elasticsearch.*` / `optimize.database.opensearch.*`                                     |
+**Action:** Update your values file to use `orchestration.profiles.admin`.
 
 </div>
 </div>
 
 <div className="release-announcement-row">
 <div className="release-announcement-badge">
-<span className="badge badge--deprecated">Deprecated</span>
+<span className="badge badge--change">Change</span>
 </div>
 <div className="release-announcement-content">
 
-#### Helm chart: Identity profile renamed to admin
+#### Helm chart: Bitnami subcharts bundled
 
-The orchestration profile `orchestration.profiles.identity` is deprecated and renamed to `orchestration.profiles.admin`.
+The Bitnami subcharts (PostgreSQL, Keycloak, Elasticsearch, and Common) are bundled directly within the Camunda Helm chart instead of being fetched from external Bitnami repositories at install time.
 
-If your `values.yaml` uses the `identity` profile key, the chart automatically migrates it to `admin` and prints a deprecation warning.
+This change reduces the risk of unexpected breaking changes from upstream Bitnami chart updates and gives Camunda full control over the lifecycle of these subcharts.
 
-**Action:** Update your values file to use `orchestration.profiles.admin`.
+**Action:** No action is required. Existing deployments continue to work as before.
 
 </div>
 </div>
@@ -994,6 +995,30 @@ Camunda 8.9 adds a standardized JDBC driver management system for manual install
 </div>
 </div>
 
+## Identity
+
+<div className="release-announcement-row">
+<div className="release-announcement-badge">
+<span className="badge badge--change">Change</span>
+</div>
+<div className="release-announcement-content">
+
+#### Orchestration Cluster Identity renamed to Admin
+
+Starting with Camunda 8.9, the Orchestration Cluster Identity component has been renamed to **Admin** (also referred to as Orchestration Cluster Admin).
+
+Admin is the cluster-level admin UI hosting identity management and other administrative features. Identity management functionality (users, groups, roles, authorizations, tenants, mapping rules, and clients) is unchanged, although some naming, paths, and config keys are updated as follows:
+
+- The `admin` Spring profile replaces the `identity` profile. Both profiles work interchangeably in 8.9. The `identity` profile is deprecated and will be removed in a future version.
+- API paths change from `/identity/*` to `/admin/*`. The old paths redirect to the new paths but are deprecated.
+- Helm values change from `orchestration.identity.*` to `orchestration.admin.*`. The old values are deprecated.
+- Documentation paths are updated: `/components/identity/` is now `/components/admin/`.
+
+<p className="link-arrow">[Introduction to Admin](/components/admin/admin-introduction.md)</p>
+
+</div>
+</div>
+
 ## Modeler
 
 <div className="release-announcement-row">
@@ -1034,6 +1059,27 @@ This enhancement ensures consistency across environments and simplifies setup fo
 </div>
 <div className="release-announcement-content">
 
+#### Web Modeler: Form deployment changes
+
+With Camunda 8.9, you can now deploy forms independently. This enhancement provides greater control over what is deployed and when, enabling more precise management of changes and updates across environments.
+
+As part of this improvement, we have removed the automatic deployment of [linked forms](/components/modeler/web-modeler/modeling/advanced-modeling/form-linking.md). Forms must now be explicitly deployed, giving teams finer control over versioning, release timing, and deployment scope.
+
+This change supports more predictable deployments and helps teams manage updates with greater confidence and flexibility.
+
+:::info
+To learn more, see the [8.9.0-alpha5 release notes](/reference/announcements-release-notes/890/890-release-notes.md).
+:::
+
+</div>
+</div>
+
+<div className="release-announcement-row">
+<div className="release-announcement-badge">
+<span className="badge badge--breaking-change">Breaking change</span>
+</div>
+<div className="release-announcement-content">
+
 #### Web Modeler: Invite collaborators who haven't logged in before
 
 The behavior across OIDC providers is now aligned. Invitation suggestions only include users who have logged in at least once. This is a breaking change for Web Modeler installations using Keycloak as the OIDC provider. Before 8.9, Keycloak returned all organization users, including those who had never logged in.
@@ -1094,51 +1140,3 @@ This enhancement aligns Web Modeler's database configuration with the Orchestrat
 
 </div>
 </div>
-
-## Identity
-
-<div className="release-announcement-row">
-<div className="release-announcement-badge">
-<span className="badge badge--change">Change</span>
-</div>
-<div className="release-announcement-content">
-
-### Orchestration Cluster Identity renamed to Admin
-
-Starting with Camunda 8.9, the Orchestration Cluster Identity component has been renamed to **Admin** (also referred to as Orchestration Cluster Admin).
-
-Admin is the cluster-level admin UI that hosts identity management (users, groups, roles, authorizations, tenants, mapping rules, and clients) and other administrative features. The underlying identity management capabilities remain the same.
-
-What changed:
-
-- The component is now called **Admin** (previously Orchestration Cluster Identity).
-- The `admin` Spring profile replaces the `identity` profile. Both profiles work interchangeably in 8.9; the `identity` profile is deprecated and will be removed in a future version.
-- API paths have changed from `/identity/*` to `/admin/*`. The old paths remain functional and redirect to new paths, but are deprecated.
-- Helm values have changed from `orchestration.identity.*` to `orchestration.admin.*`. The old values remain functional but are deprecated.
-- Documentation paths have been updated: `/components/identity/` is now `/components/admin/`.
-
-<p className="link-arrow">[Introduction to Admin](/components/admin/admin-introduction.md)</p>
-
-</div>
-</div>
-
-<div className="release-announcement-row">
-<div className="release-announcement-badge">
-<span className="badge badge--breaking-change">Breaking change</span>
-</div>
-<div className="release-announcement-content">
-
-#### Web Modeler: Form deployment changes
-
-With Camunda 8.9, you can now deploy forms independently. This enhancement provides greater control over what is deployed and when, enabling more precise management of changes and updates across environments.
-
-As part of this improvement, we have removed the automatic deployment of [linked forms](/components/modeler/web-modeler/modeling/advanced-modeling/form-linking.md). Forms must now be explicitly deployed, giving teams finer control over versioning, release timing, and deployment scope.
-
-This change supports more predictable deployments and helps teams manage updates with greater confidence and flexibility.
-
-:::info
-To learn more, see the [8.9.0-alpha5 release notes](/reference/announcements-release-notes/890/890-release-notes.md).
-:::
-
-</div>
-</div>