[CF1] Insights restructure (#26139)

deadlypants1973 · web-flow · commit 4168caac728b · 2025-10-29T14:53:33.000Z
* [CF1] Analytics overview page restructure

* reorganize user risk score and user logs documentation

* period

* better index description

* broken links
diff --git a/public/__redirects b/public/__redirects
@@ -2146,7 +2146,7 @@
 /cloudflare-one/analytics/private-network-discovery/ /cloudflare-one/insights/analytics/shadow-it-discovery/#private-network-origins 301
 /cloudflare-one/analytics/access/ /cloudflare-one/insights/analytics/access/ 301
 /cloudflare-one/analytics/gateway/ /cloudflare-one/insights/analytics/gateway/ 301
-/cloudflare-one/analytics/users/ /cloudflare-one/insights/logs/users/ 301
+/cloudflare-one/analytics/users/ /cloudflare-one/team-and-resources/users/users/ 301
 /cloudflare-one/api-terraform/access-api-examples/azure-group/ /cloudflare-one/api-terraform/access-api-examples/entra-group/ 301
 /cloudflare-one/api-terraform/gateway-api-examples/ /cloudflare-one/policies/gateway/ 301
 /cloudflare-one/api-terraform/gateway-api-examples/dns-policy/ /cloudflare-one/policies/gateway/dns-policies/common-policies/ 301
@@ -2252,7 +2252,7 @@
 /cloudflare-one/identity/idp-integration/ping-saml/ /cloudflare-one/identity/idp-integration/pingfederate-saml/ 301
 /cloudflare-one/identity/idp-integration/saml-okta/ /cloudflare-one/identity/idp-integration/okta-saml/ 301
 /cloudflare-one/identity/login-page/ /cloudflare-one/applications/login-page/ 301
-/cloudflare-one/insights/analytics/ /cloudflare-one/insights/analytics/analytics-overview/ 301
+/cloudflare-one/insights/analytics/ /cloudflare-one/insights/analytics-overview/ 301
 /cloudflare-one/insights/dex/fleet-status/ /cloudflare-one/insights/dex/monitoring/ 301
 /cloudflare-one/insights/logs/logpush/rdata/ /cloudflare-one/insights/logs/logpush/#parse-logpush-logs 301
 /cloudflare-one/applications/custom-pages/ /cloudflare-one/applications/ 301
@@ -2423,6 +2423,9 @@
 /cloudflare-one/applications/casb/ /cloudflare-one/cloud-and-saas-findings/ 301
 /cloudflare-one/applications/casb/manage-findings/ /cloudflare-one/cloud-and-saas-findings/manage-findings/ 301
 /cloudflare-one/applications/casb/casb-dlp/ /cloudflare-one/cloud-and-saas-findings/casb-dlp/ 301
+/cloudflare-one/insights/analytics/analytics-overview/ /cloudflare-one/insights/analytics-overview/ 301
+/cloudflare-one/insights/risk-score/ /cloudflare-one/team-and-resources/users/risk-score/ 301
+/cloudflare-one/insights/logs/users/ /cloudflare-one/team-and-resources/users/users/ 301
 
 # Email Security new revamp
 /cloudflare-one/email-security/email-monitoring/download-report/ /cloudflare-one/email-security/monitoring/download-report/ 301
diff --git a/src/content/changelog/risk-score/2024-06-17-okta-risk-exchange.mdx b/src/content/changelog/risk-score/2024-06-17-okta-risk-exchange.mdx
@@ -6,6 +6,6 @@ date: 2024-06-17
 
 import { Render } from "~/components";
 
-Beyond the controls in [Zero Trust](/cloudflare-one/), you can now [exchange user risk scores](/cloudflare-one/insights/risk-score/#send-risk-score-to-okta) with Okta to inform SSO-level policies.
+Beyond the controls in [Zero Trust](/cloudflare-one/), you can now [exchange user risk scores](/cloudflare-one/team-and-resources/users/risk-score/#send-risk-score-to-okta) with Okta to inform SSO-level policies.
 
 <Render file="send-risk-scores-okta" product="cloudflare-one" />
diff --git a/src/content/docs/cloudflare-one/access-controls/applications/http-apps/saas-apps/generic-saml-saas.mdx b/src/content/docs/cloudflare-one/access-controls/applications/http-apps/saas-apps/generic-saml-saas.mdx
@@ -105,7 +105,7 @@ To send additional SAML attributes to your SaaS application, configure the follo
 
 ### JSONata transforms
 
-In **Advanced settings** > **Transformation**, you can enter a [JSONata](https://jsonata.org/) script that modifies a copy of the [User Registry identity](/cloudflare-one/insights/logs/users/). This is useful for setting default values, excluding email addresses, or ensuring usernames meet arbitrary criteria. Access will send the modified user identity to the SaaS application as SAML attributes.
+In **Advanced settings** > **Transformation**, you can enter a [JSONata](https://jsonata.org/) script that modifies a copy of the [User Registry identity](/cloudflare-one/team-and-resources/users/users/). This is useful for setting default values, excluding email addresses, or ensuring usernames meet arbitrary criteria. Access will send the modified user identity to the SaaS application as SAML attributes.
 
 :::note
 JSONata transformations are not compatible with [SAML attribute statements](#saml-attribute-statements). JSONata transformations will override any specified SAML attributes.
diff --git a/src/content/docs/cloudflare-one/changelog/risk-score.mdx b/src/content/docs/cloudflare-one/changelog/risk-score.mdx
@@ -17,4 +17,4 @@ import { ProductChangelog, Render } from "~/components";
 
 **SentinelOne signal ingestion**
 
-You can now configure a [predefined risk behavior](/cloudflare-one/insights/risk-score/#predefined-risk-behaviors) to evaluate user risk score using device posture attributes from the [SentinelOne integration](/cloudflare-one/integrations/service-providers/sentinelone/).
+You can now configure a [predefined risk behavior](/cloudflare-one/team-and-resources/users/risk-score/#predefined-risk-behaviors) to evaluate user risk score using device posture attributes from the [SentinelOne integration](/cloudflare-one/integrations/service-providers/sentinelone/).
diff --git a/src/content/docs/cloudflare-one/insights/analytics-overview.mdx b/src/content/docs/cloudflare-one/insights/analytics-overview.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: reference
 title: Analytics overview
 sidebar:
-  order: 2
+  order: 1
 ---
 
 The Cloudflare One Analytics overview provides a dashboard that reports on how Cloudflare One is protecting your organization and networks.
diff --git a/src/content/docs/cloudflare-one/insights/analytics/index.mdx b/src/content/docs/cloudflare-one/insights/analytics/index.mdx
@@ -1,6 +1,6 @@
 ---
 pcx_content_type: navigation
-title: Analytics
+title: Dashboards
 sidebar:
   order: 1
   group:
@@ -9,6 +9,6 @@ sidebar:
 
 import { DirectoryListing, Render } from "~/components";
 
-[Zero Trust](https://one.dash.cloudflare.com/) analytics provide a summary of your applications and traffic.
+[Cloudflare One](https://one.dash.cloudflare.com/) provides a catalog of saved analytics views for reporting and investigation.
 
 <DirectoryListing />
diff --git a/src/content/docs/cloudflare-one/insights/dex/index.mdx b/src/content/docs/cloudflare-one/insights/dex/index.mdx
@@ -1,6 +1,6 @@
 ---
 pcx_content_type: navigation
-title: DEX
+title: Digital experience
 sidebar:
   order: 1
 ---
diff --git a/src/content/docs/cloudflare-one/insights/index.mdx b/src/content/docs/cloudflare-one/insights/index.mdx
@@ -9,6 +9,6 @@ sidebar:
 
 import { DirectoryListing } from "~/components";
 
-Cloudflare Zero Trust gives you comprehensive and in-depth visibility into your network. Whether you need data on network usage, on security threats blocked by Cloudflare Zero Trust, or on how many users have logged in to your applications this month, Zero Trust provides you with the right tools for the job.
+Cloudflare One provides observability tools to monitor your environment. View traffic metrics for Access applications and Gateway policies in Dashboards, monitor endpoint and network performance with Digital Experience Monitoring (DEX), and analyze logs for security events.
 
 <DirectoryListing />
diff --git a/src/content/docs/cloudflare-one/insights/logs/scim-logs.mdx b/src/content/docs/cloudflare-one/insights/logs/scim-logs.mdx
@@ -14,7 +14,7 @@ SCIM activity logs allow administrators to audit how [SCIM provisioning](/cloudf
 
 For an overview of SCIM events across all users, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Logs** > **SCIM provisioning**. This page lists the inbound SCIM requests from all identity providers configured with SCIM. You can select an individual request to view more details about the SCIM operation.
 
-To investigate how SCIM events impacted a specific user, go to their [User Registry identity](/cloudflare-one/insights/logs/users/).
+To investigate how SCIM events impacted a specific user, go to their [User Registry identity](/cloudflare-one/team-and-resources/users/users/).
 
 <Render file="access/scim-requires-login" product="cloudflare-one" />
 
diff --git a/src/content/docs/cloudflare-one/integrations/identity-providers/okta.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/okta.mdx
@@ -8,7 +8,7 @@ import { Render } from "~/components";
 
 Okta provides cloud software that helps companies manage and secure user authentication to modern applications, and helps developers build identity controls into applications, website web services, and devices. You can integrate Okta with Cloudflare One and build rules based on user identity and group membership. Cloudflare One supports Okta integrations using either the OIDC (default) or [SAML](/cloudflare-one/integrations/identity-providers/okta-saml/) protocol.
 
-Additionally, you can configure Okta to use risk information from Cloudflare One [user risk scores](/cloudflare-one/insights/risk-score/) to create SSO-level policies. For more information, refer to [Send risk score to Okta](/cloudflare-one/insights/risk-score/#send-risk-score-to-okta).
+Additionally, you can configure Okta to use risk information from Cloudflare One [user risk scores](/cloudflare-one/team-and-resources/users/risk-score/) to create SSO-level policies. For more information, refer to [Send risk score to Okta](/cloudflare-one/team-and-resources/users/risk-score/#send-risk-score-to-okta).
 
 ## Prerequisites
 
diff --git a/src/content/docs/cloudflare-one/integrations/service-providers/sentinelone.mdx b/src/content/docs/cloudflare-one/integrations/service-providers/sentinelone.mdx
@@ -79,4 +79,4 @@ Device posture data is gathered from the SentinelOne Management APIs. For more i
 
 ### Detect user risk behavior
 
-SentinelOne provides endpoint detection and response (EDR) signals to determine [user risk score](/cloudflare-one/insights/risk-score/). User risk scores allow you to detect users that present security risks to your organization. For more information, refer to [Predefined risk behaviors](/cloudflare-one/insights/risk-score/#predefined-risk-behaviors).
+SentinelOne provides endpoint detection and response (EDR) signals to determine [user risk score](/cloudflare-one/team-and-resources/users/risk-score/). User risk scores allow you to detect users that present security risks to your organization. For more information, refer to [Predefined risk behaviors](/cloudflare-one/team-and-resources/users/risk-score/#predefined-risk-behaviors).
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/index.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/index.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: navigation
 title: Devices
 sidebar:
-  order: 4
+  order: 2
 ---
 
 import { DirectoryListing, Render } from "~/components";
diff --git a/src/content/docs/cloudflare-one/team-and-resources/users/index.mdx b/src/content/docs/cloudflare-one/team-and-resources/users/index.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: navigation
 title: Users
 sidebar:
-  order: 5
+  order: 3
 ---
 
 import { DirectoryListing, Render } from "~/components";
diff --git a/src/content/docs/cloudflare-one/team-and-resources/users/risk-score.mdx b/src/content/docs/cloudflare-one/team-and-resources/users/risk-score.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: concept
 title: Risk score
 sidebar:
-  order: 4
+  order: 5
 head:
   - tag: title
     content: User risk score
diff --git a/src/content/docs/cloudflare-one/team-and-resources/users/scim.mdx b/src/content/docs/cloudflare-one/team-and-resources/users/scim.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: concept
 title: SCIM provisioning
 sidebar:
-  order: 6
+  order: 3
 
 ---
 
diff --git a/src/content/docs/cloudflare-one/team-and-resources/users/seat-management.mdx b/src/content/docs/cloudflare-one/team-and-resources/users/seat-management.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: how-to
 title: Seat management
 sidebar:
-  order: 4
+  order: 2
 ---
 
 Cloudflare One subscriptions consist of seats that active users in your account consume. Active users are added to Cloudflare One through any [authentication event](#authentication-events).
diff --git a/src/content/docs/cloudflare-one/team-and-resources/users/users.mdx b/src/content/docs/cloudflare-one/team-and-resources/users/users.mdx
@@ -2,8 +2,7 @@
 pcx_content_type: concept
 title: User logs
 sidebar:
-  order: 1
-
+  order: 4
 ---
 
 import { GlossaryTooltip } from "~/components"
diff --git a/src/content/docs/cloudflare-one/traffic-policies/identity-selectors.mdx b/src/content/docs/cloudflare-one/traffic-policies/identity-selectors.mdx
@@ -20,7 +20,7 @@ Unless you use an [IdP that supports SCIM provisioning](#automatic-scim-idp-upda
 - Log out from an Access-protected application and log back in.
 - In their WARP client settings, select **Preferences** > **Account** > **Re-Authenticate Session**. This will open a browser window and prompt the user to log in.
 
-To view the identity that Gateway will use when evaluating policies, check the [user registry](/cloudflare-one/insights/logs/users/).
+To view the identity that Gateway will use when evaluating policies, check the [user registry](/cloudflare-one/team-and-resources/users/users/).
 
 ### Automatic SCIM IdP updates
 
diff --git a/src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx b/src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx
@@ -33,7 +33,7 @@ Determine which identity provider you will use as the source of truth for user e
 Ensure that the [identity provider is connected to Cloudflare](/learning-paths/replace-vpn/get-started/configure-idp/) and available to users in your [device enrollment permissions](/learning-paths/replace-vpn/configure-device-agent/device-enrollment-permissions/).
 :::
 
-If you plan to grant access to services based on group membership, [view the user registry](/cloudflare-one/insights/logs/users/) and verify that the target users have that group value in their User Registry.
+If you plan to grant access to services based on group membership, [view the user registry](/cloudflare-one/team-and-resources/users/users/) and verify that the target users have that group value in their User Registry.
 
 #### Device posture
 
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/secure-saas-applications/configure-casb.mdx b/src/content/docs/learning-paths/secure-internet-traffic/secure-saas-applications/configure-casb.mdx
@@ -14,7 +14,7 @@ Only available on Enterprise plans.
 
 <GlossaryDefinition term="Cloudflare CASB" />
 
-Cloudflare's API-implemented CASB addresses the final, common security concern for administrators of SaaS applications or security organizations: How can I get insights into the existing configurations of my SaaS tools and proactively address issues before there is an incident? CASB integrates with a number of leading SaaS applications and surfaces instant security insights related to misconfiguration and potential for data loss. CASB also powers [risk score heuristics](/cloudflare-one/insights/risk-score/) organized by severity.
+Cloudflare's API-implemented CASB addresses the final, common security concern for administrators of SaaS applications or security organizations: How can I get insights into the existing configurations of my SaaS tools and proactively address issues before there is an incident? CASB integrates with a number of leading SaaS applications and surfaces instant security insights related to misconfiguration and potential for data loss. CASB also powers [risk score heuristics](/cloudflare-one/team-and-resources/users/risk-score/) organized by severity.
 
 For more information on Cloudflare CASB, including available SaaS integrations, refer to [Scan SaaS applications](/cloudflare-one/integrations/cloud-and-saas/).
 
diff --git a/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx b/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx
@@ -149,7 +149,7 @@ For more information about securing data in transit, refer to our [reference arc
 
 Cloudflare's [Cloud Access Security Broker (CASB)](/cloudflare-one/integrations/cloud-and-saas/) integrates with [popular SaaS applications](/cloudflare-one/integrations/cloud-and-saas/) through APIs. Once integrated, Cloudflare continuously scans these applications for security risks. This enables IT teams to detect incidents of authorized users oversharing data, such as sharing a file publicly on the Internet. For Google Workspace, Microsoft 365, Box, and Dropbox, the API CASB can also utilize DLP profiles to detect the sharing of sensitive data. For more information about securing data at rest, refer to our [reference architecture center](/reference-architecture/diagrams/security/securing-data-at-rest/).
 
-In addition to the previous measures, IT teams should also consider introducing [User Entity and Behavior Analytics (UEBA)](https://www.cloudflare.com/en-gb/learning/security/what-is-ueba/) controls. Cloudflare can assign a [risk score](/cloudflare-one/insights/risk-score/) to users when detecting activities and behaviors that could introduce risks to the organization. These risk behaviors include scenarios where users trigger an unusually high number of DLP policy matches. By implementing these measures, organizations can significantly reduce the risk of data leaks from managed SaaS applications, even by authorized users.
+In addition to the previous measures, IT teams should also consider introducing [User Entity and Behavior Analytics (UEBA)](https://www.cloudflare.com/en-gb/learning/security/what-is-ueba/) controls. Cloudflare can assign a [risk score](/cloudflare-one/team-and-resources/users/risk-score/) to users when detecting activities and behaviors that could introduce risks to the organization. These risk behaviors include scenarios where users trigger an unusually high number of DLP policy matches. By implementing these measures, organizations can significantly reduce the risk of data leaks from managed SaaS applications, even by authorized users.
 
 ![Figure 6: Cloudflare can secure data traveling over its network, as well as using SaaS application APIs to examine data stored at rest.](~/assets/images/reference-architecture/zero-trust-for-saas/zero-trust-saas-image-06.svg "Figure 6: Cloudflare can secure data traveling over its network, as well as using SaaS application APIs to examine data stored at rest.")
 
diff --git a/src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx b/src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx
@@ -17,7 +17,7 @@ import { Markdown } from "~/components"
 * **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/access-controls/access-settings/session-management/#per-user) when they are removed from the SCIM application in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/).
 * **Remove user seat on deprovision**: [Remove a user's seat](/cloudflare-one/team-and-resources/users/seat-management/) from your Cloudflare One account when they are removed from the SCIM application in {props.idp}.
 * **SCIM identity update behavior**: Choose what happens in Cloudflare One when the user's identity updates in {props.idp}.
-	- _Automatic identity updates_: Automatically update the [User Registry identity](/cloudflare-one/insights/logs/users/) when {props.idp} sends an updated identity or group membership through SCIM. This identity is used for Gateway policies and WARP [device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/); Access will read the user's updated identity when they reauthenticate.
+	- _Automatic identity updates_: Automatically update the [User Registry identity](/cloudflare-one/team-and-resources/users/users/) when {props.idp} sends an updated identity or group membership through SCIM. This identity is used for Gateway policies and WARP [device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/); Access will read the user's updated identity when they reauthenticate.
 	- _Group membership change reauthentication_: [Revoke a user's active session](/cloudflare-one/access-controls/access-settings/session-management/#per-user) when their group membership changes in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). Access will read the user's updated group membership when they reauthenticate.
 	- _No action_: Update the user's identity the next time they reauthenticate to Access or WARP.
 
diff --git a/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx b/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx
@@ -58,7 +58,7 @@ Determine whether the user is matching any policy, or if they are matching a pol
 2. Go to **Traffic policies** > **Firewall policies** and compare the [order of enforcement](/cloudflare-one/traffic-policies/order-of-enforcement/) of the matched policy versus the expected policy.
 3. Compare the Gateway log values with the expected policy criteria.
 
-   - If the mismatched value is related to identity, [check the user registry](/cloudflare-one/insights/logs/users/) and verify the values that are passed to Gateway from your IdP. Cloudflare updates the registry when the user enrolls in the WARP client. If the user's identity is outdated, ask the user to re-authenticate WARP (**Preferences** > **Account** > **Re-Authenticate Session**).
+   - If the mismatched value is related to identity, [check the user registry](/cloudflare-one/team-and-resources/users/users/) and verify the values that are passed to Gateway from your IdP. Cloudflare updates the registry when the user enrolls in the WARP client. If the user's identity is outdated, ask the user to re-authenticate WARP (**Preferences** > **Account** > **Re-Authenticate Session**).
 
    - If the mismatched value is related to device posture, [view posture check results](/cloudflare-one/reusable-components/posture-checks/#2-verify-device-posture-checks) for the user's device. Verify that the device passes the posture checks configured in the policy.
 

Original file line number	Diff line number	Diff line change
`@@ -17,4 +17,4 @@ import { ProductChangelog, Render } from "~/components";`
`17`	`17`
`18`	`18`	`SentinelOne signal ingestion`
`19`	`19`
`20`		`-You can now configure a [predefined risk behavior](/cloudflare-one/insights/risk-score/#predefined-risk-behaviors) to evaluate user risk score using device posture attributes from the [SentinelOne integration](/cloudflare-one/integrations/service-providers/sentinelone/).`
	`20`	`+You can now configure a [predefined risk behavior](/cloudflare-one/team-and-resources/users/risk-score/#predefined-risk-behaviors) to evaluate user risk score using device posture attributes from the [SentinelOne integration](/cloudflare-one/integrations/service-providers/sentinelone/).`