new Rule Groups link

Author: ranbel

public/_redirects

@@ -79,7 +79,7 @@
 /access/service-auth/mtls/ /cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/ 301
 /access/service-auth/service-token/ /cloudflare-one/identity/service-tokens/ 301
 /access/setting-up-access/ /cloudflare-one/identity/ 301
-/access/setting-up-access/access-groups/ /cloudflare-one/identity/users/groups/ 301
+/access/setting-up-access/access-groups/ /cloudflare-one/policies/access/groups/ 301
 /access/setting-up-access/audit-logs/ /cloudflare-one/insights/ 301
 /access/setting-up-access/configuring-access-policies/ /cloudflare-one/policies/access/policy-management/ 301
 /access/setting-up-access/validate-jwt-tokens/ /cloudflare-one/identity/authorization-cookie/validating-json/ 301
@@ -1721,6 +1721,7 @@
 /cloudflare-one/insights/logs/logpush/rdata/ /cloudflare-one/insights/logs/logpush/#parse-logpush-logs 301
 /cloudflare-one/applications/custom-pages/ /cloudflare-one/applications/ 301
 /cloudflare-one/identity/service-auth/service-tokens/ /cloudflare-one/identity/service-tokens/ 301
+/cloudflare-one/identity/users/groups/ /cloudflare-one/policies/access/groups/ 301
 /cloudflare-one/identity/users/short-lived-certificates/ /cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/ 301
 /cloudflare-one/identity/users/validating-json/ /cloudflare-one/identity/authorization-cookie/validating-json/ 301
 /cloudflare-one/policies/gateway/configuring-block-page/ /cloudflare-one/policies/gateway/block-page/ 301
@@ -1759,9 +1760,9 @@
 /cloudflare-one/tutorials/block-tld/ /cloudflare-one/policies/gateway/dns-policies/common-policies/#block-sites-by-top-level-domain 301
 /cloudflare-one/tutorials/block-uploads/ /cloudflare-one/policies/gateway/http-policies/common-policies/#block-google-drive-uploads 301
 /cloudflare-one/tutorials/corp-device-tag/ /cloudflare-one/identity/devices/ 301
-/cloudflare-one/tutorials/country-rules/ /cloudflare-one/identity/users/groups/ 301
+/cloudflare-one/tutorials/country-rules/ /cloudflare-one/policies/access/groups/ 301
 /cloudflare-one/tutorials/credentials-only/ /cloudflare-one/connections/connect-networks/get-started/ 301
-/cloudflare-one/tutorials/default-groups/ /cloudflare-one/identity/users/groups/ 301
+/cloudflare-one/tutorials/default-groups/ /cloudflare-one/policies/access/groups/ 301
 /cloudflare-one/tutorials/do-not-decrypt/ /cloudflare-one/policies/gateway/http-policies/common-policies/#skip-inspection-for-groups-of-applications 301
 /cloudflare-one/tutorials/gateway-list/ /cloudflare-one/policies/gateway/lists/ 301
 /cloudflare-one/tutorials/identity-dns/ /cloudflare-one/policies/gateway/dns-policies/common-policies/#restrict-access-to-specific-groups 301

src/content/docs/cloudflare-one/policies/access/index.mdx

@@ -108,7 +108,7 @@ When setting up a Require rule for an Access policy, keep in mind that any value
 
 the policy will only grant access to people reaching the application from both the United States AND Portugal, and who have both an email ending in `@cloudflare.com` AND in `@contractors.com`. Therefore, nobody will have access to the application.
 
-Instead, you can address this need by using [Access groups](/cloudflare-one/identity/users/groups/). First, you can set up a group (we will call it `My Access Group`) that includes users in Portugal OR in the United States:
+Instead, you can address this need by using [Access groups](/cloudflare-one/policies/access/groups/). First, you can set up a group (we will call it `My Access Group`) that includes users in Portugal OR in the United States:
 
 | Rule type | Selector | Value                       |
 | --------- | -------- | --------------------------- |

src/content/docs/cloudflare-one/policies/access/mfa-requirements.mdx

@@ -26,7 +26,7 @@ To enforce an MFA requirement to an application:
 
 4. If your application already has a rule containing an identity requirement, find it and select **Edit**.
 
-   The rule must contain an Include rule which defines an identity. For example, the Include rule should allow for users who are part of a user [group](/cloudflare-one/identity/users/groups/), email domain, or identity provider group.
+   The rule must contain an Include rule which defines an identity. For example, the Include rule should allow for users who are part of a [rule group](/cloudflare-one/policies/access/groups/), email domain, or identity provider group.
 
 5. Add a _Require_ action to the rule.
 

src/content/docs/cloudflare-one/policies/access/policy-management.mdx

@@ -31,7 +31,7 @@ You can now configure an [Access policy](/cloudflare-one/policies/access/) to co
 
 2. Specify a policy [action](/cloudflare-one/policies/access/#actions).
 
-3. Assign [Access groups](/cloudflare-one/identity/users/groups/) to reuse existing rules, or create new rules. You can add as many include, exception, or require statements as needed.
+3. Assign [Access groups](/cloudflare-one/policies/access/groups/) to reuse existing rules, or create new rules. You can add as many include, exception, or require statements as needed.
 
 13. (Optional) Customize the login experience for users who match this policy:
 

src/content/docs/cloudflare-one/policies/gateway/identity-selectors.mdx

@@ -82,7 +82,7 @@ Use this selector to create identity-based Gateway rules based on an IdP usernam
 
 :::note[Gateway groups vs. Access groups]
 
-In Gateway, a **User Group** refers to a group in your IdP (for example, an Okta group). Gateway does not currently support applying DNS, HTTP, and Network policies to [Access groups](/cloudflare-one/identity/users/groups/). This is because Access groups may include criteria not available through the IdP, such as device location or IP address.
+In Gateway, a **User Group** refers to a group in your IdP (for example, an Okta group). Gateway does not currently support applying DNS, HTTP, and Network policies to [Access groups](/cloudflare-one/policies/access/groups/). This is because Access groups may include criteria not available through the IdP, such as device location or IP address.
 
 :::
 

src/content/docs/cloudflare-one/tutorials/mongodb-tunnel.mdx

@@ -39,7 +39,7 @@ You can build a rule in Cloudflare Access to control who can connect to your Mon
 
 5. Select **Add public hostname** and enter the subdomain where users will connect to your deployment (for example, `mongodb.app.com`).
 
-6. Add [Access policies](/cloudflare-one/policies/access/) to control who can reach the deployment. You can build a policy that allows anyone in your organization to connect or you can build more granular policies based on signals like identity provider groups, [multifactor method](/cloudflare-one/tutorials/okta-u2f/), or [country](/cloudflare-one/identity/users/groups/).
+6. Add [Access policies](/cloudflare-one/policies/access/) to control who can reach the deployment. You can build a policy that allows anyone in your organization to connect or you can build more granular policies based on signals like identity provider groups, [multifactor method](/cloudflare-one/tutorials/okta-u2f/), or [country](/cloudflare-one/policies/access/groups/).
 
 7. Follow the remaining [self-hosted application creation steps](/cloudflare-one/applications/configure-apps/self-hosted-public-app/) to publish the application.
 

src/content/docs/r2/tutorials/cloudflare-access.mdx

@@ -68,7 +68,7 @@ You will need to [connect a custom domain](/r2/buckets/public-buckets/#connect-a
 
 Visit the custom domain you connected to your R2 bucket, which should present a Cloudflare Access authentication page with your selected identity provider(s) and/or authentication methods.
 
-For example, if you connected Google and/or GitHub identity providers, you can log in with those providers. If the login is successful and your account is a member of the [Access group](/cloudflare-one/identity/users/groups/#access-groups) you associated with the Access application you created in this guide, you will be able to access (read/download) objects within the R2 bucket.
+For example, if you connected Google and/or GitHub identity providers, you can log in with those providers. If the login is successful and your account is a member of the [Access group](/cloudflare-one/policies/access/groups/#access-groups) you associated with the Access application you created in this guide, you will be able to access (read/download) objects within the R2 bucket.
 
 If you cannot authenticate or receive a block page after authenticating, check that you have an [Access policy](/cloudflare-one/applications/configure-apps/self-hosted-public-app/#2-add-an-access-policy) configured within your Access application that explicitly allows the group your user account is associated with.
 

src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx

@@ -237,7 +237,7 @@ Add an additional layer of access control by requiring users to obtain "temporar
 
 ### Access Groups
 
-One of the most important parts of defining ZTNA policies is to leverage reusable elements called [Access Groups](/cloudflare-one/identity/users/groups/). Each access group uses the same rules we've just described to define users, traffic or devices. These groups can then be used across many policies to allow, deny, bypass, or isolate access to an application.
+One of the most important parts of defining ZTNA policies is to leverage reusable elements called [Access Groups](/cloudflare-one/policies/access/groups/). Each access group uses the same rules we've just described to define users, traffic or devices. These groups can then be used across many policies to allow, deny, bypass, or isolate access to an application.
 
 For example, you can define "Employees" once as an Access Group, and then use that in every application policy where you want to refer to employees. Updates to this Access Group would then be reflected in every policy. This is also a good way to include nested logic (for example, users with a Linux device and has antivirus software enabled)