broken links

Author: deadlypants1973

src/content/changelog/risk-score/2024-06-17-okta-risk-exchange.mdx

@@ -6,6 +6,6 @@ date: 2024-06-17
 
 import { Render } from "~/components";
 
-Beyond the controls in [Zero Trust](/cloudflare-one/), you can now [exchange user risk scores](/cloudflare-one/insights/risk-score/#send-risk-score-to-okta) with Okta to inform SSO-level policies.
+Beyond the controls in [Zero Trust](/cloudflare-one/), you can now [exchange user risk scores](/cloudflare-one/team-and-resources/users/risk-score/#send-risk-score-to-okta) with Okta to inform SSO-level policies.
 
 <Render file="send-risk-scores-okta" product="cloudflare-one" />

src/content/docs/cloudflare-one/access-controls/applications/http-apps/saas-apps/generic-saml-saas.mdx

@@ -105,7 +105,7 @@ To send additional SAML attributes to your SaaS application, configure the follo
 
 ### JSONata transforms
 
-In **Advanced settings** > **Transformation**, you can enter a [JSONata](https://jsonata.org/) script that modifies a copy of the [User Registry identity](/cloudflare-one/insights/logs/users/). This is useful for setting default values, excluding email addresses, or ensuring usernames meet arbitrary criteria. Access will send the modified user identity to the SaaS application as SAML attributes.
+In **Advanced settings** > **Transformation**, you can enter a [JSONata](https://jsonata.org/) script that modifies a copy of the [User Registry identity](/cloudflare-one/team-and-resources/users/users/). This is useful for setting default values, excluding email addresses, or ensuring usernames meet arbitrary criteria. Access will send the modified user identity to the SaaS application as SAML attributes.
 
 :::note
 JSONata transformations are not compatible with [SAML attribute statements](#saml-attribute-statements). JSONata transformations will override any specified SAML attributes.

src/content/docs/cloudflare-one/insights/logs/scim-logs.mdx

@@ -14,7 +14,7 @@ SCIM activity logs allow administrators to audit how [SCIM provisioning](/cloudf
 
 For an overview of SCIM events across all users, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Logs** > **SCIM provisioning**. This page lists the inbound SCIM requests from all identity providers configured with SCIM. You can select an individual request to view more details about the SCIM operation.
 
-To investigate how SCIM events impacted a specific user, go to their [User Registry identity](/cloudflare-one/insights/logs/users/).
+To investigate how SCIM events impacted a specific user, go to their [User Registry identity](/cloudflare-one/team-and-resources/users/users/).
 
 <Render file="access/scim-requires-login" product="cloudflare-one" />
 

src/content/docs/cloudflare-one/traffic-policies/identity-selectors.mdx

@@ -20,7 +20,7 @@ Unless you use an [IdP that supports SCIM provisioning](#automatic-scim-idp-upda
 - Log out from an Access-protected application and log back in.
 - In their WARP client settings, select **Preferences** > **Account** > **Re-Authenticate Session**. This will open a browser window and prompt the user to log in.
 
-To view the identity that Gateway will use when evaluating policies, check the [user registry](/cloudflare-one/insights/logs/users/).
+To view the identity that Gateway will use when evaluating policies, check the [user registry](/cloudflare-one/team-and-resources/users/users/).
 
 ### Automatic SCIM IdP updates
 

src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx

@@ -33,7 +33,7 @@ Determine which identity provider you will use as the source of truth for user e
 Ensure that the [identity provider is connected to Cloudflare](/learning-paths/replace-vpn/get-started/configure-idp/) and available to users in your [device enrollment permissions](/learning-paths/replace-vpn/configure-device-agent/device-enrollment-permissions/).
 :::
 
-If you plan to grant access to services based on group membership, [view the user registry](/cloudflare-one/insights/logs/users/) and verify that the target users have that group value in their User Registry.
+If you plan to grant access to services based on group membership, [view the user registry](/cloudflare-one/team-and-resources/users/users/) and verify that the target users have that group value in their User Registry.
 
 #### Device posture
 

src/content/docs/learning-paths/secure-internet-traffic/secure-saas-applications/configure-casb.mdx

@@ -14,7 +14,7 @@ Only available on Enterprise plans.
 
 <GlossaryDefinition term="Cloudflare CASB" />
 
-Cloudflare's API-implemented CASB addresses the final, common security concern for administrators of SaaS applications or security organizations: How can I get insights into the existing configurations of my SaaS tools and proactively address issues before there is an incident? CASB integrates with a number of leading SaaS applications and surfaces instant security insights related to misconfiguration and potential for data loss. CASB also powers [risk score heuristics](/cloudflare-one/insights/risk-score/) organized by severity.
+Cloudflare's API-implemented CASB addresses the final, common security concern for administrators of SaaS applications or security organizations: How can I get insights into the existing configurations of my SaaS tools and proactively address issues before there is an incident? CASB integrates with a number of leading SaaS applications and surfaces instant security insights related to misconfiguration and potential for data loss. CASB also powers [risk score heuristics](/cloudflare-one/team-and-resources/users/risk-score/) organized by severity.
 
 For more information on Cloudflare CASB, including available SaaS integrations, refer to [Scan SaaS applications](/cloudflare-one/integrations/cloud-and-saas/).
 

src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx

@@ -149,7 +149,7 @@ For more information about securing data in transit, refer to our [reference arc
 
 Cloudflare's [Cloud Access Security Broker (CASB)](/cloudflare-one/integrations/cloud-and-saas/) integrates with [popular SaaS applications](/cloudflare-one/integrations/cloud-and-saas/) through APIs. Once integrated, Cloudflare continuously scans these applications for security risks. This enables IT teams to detect incidents of authorized users oversharing data, such as sharing a file publicly on the Internet. For Google Workspace, Microsoft 365, Box, and Dropbox, the API CASB can also utilize DLP profiles to detect the sharing of sensitive data. For more information about securing data at rest, refer to our [reference architecture center](/reference-architecture/diagrams/security/securing-data-at-rest/).
 
-In addition to the previous measures, IT teams should also consider introducing [User Entity and Behavior Analytics (UEBA)](https://www.cloudflare.com/en-gb/learning/security/what-is-ueba/) controls. Cloudflare can assign a [risk score](/cloudflare-one/insights/risk-score/) to users when detecting activities and behaviors that could introduce risks to the organization. These risk behaviors include scenarios where users trigger an unusually high number of DLP policy matches. By implementing these measures, organizations can significantly reduce the risk of data leaks from managed SaaS applications, even by authorized users.
+In addition to the previous measures, IT teams should also consider introducing [User Entity and Behavior Analytics (UEBA)](https://www.cloudflare.com/en-gb/learning/security/what-is-ueba/) controls. Cloudflare can assign a [risk score](/cloudflare-one/team-and-resources/users/risk-score/) to users when detecting activities and behaviors that could introduce risks to the organization. These risk behaviors include scenarios where users trigger an unusually high number of DLP policy matches. By implementing these measures, organizations can significantly reduce the risk of data leaks from managed SaaS applications, even by authorized users.
 
 ![Figure 6: Cloudflare can secure data traveling over its network, as well as using SaaS application APIs to examine data stored at rest.](~/assets/images/reference-architecture/zero-trust-for-saas/zero-trust-saas-image-06.svg "Figure 6: Cloudflare can secure data traveling over its network, as well as using SaaS application APIs to examine data stored at rest.")
 

src/content/partials/cloudflare-one/access/enable-scim-on-dashboard.mdx

@@ -17,7 +17,7 @@ import { Markdown } from "~/components"
 * **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/access-controls/access-settings/session-management/#per-user) when they are removed from the SCIM application in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/).
 * **Remove user seat on deprovision**: [Remove a user's seat](/cloudflare-one/team-and-resources/users/seat-management/) from your Cloudflare One account when they are removed from the SCIM application in {props.idp}.
 * **SCIM identity update behavior**: Choose what happens in Cloudflare One when the user's identity updates in {props.idp}.
-	- _Automatic identity updates_: Automatically update the [User Registry identity](/cloudflare-one/insights/logs/users/) when {props.idp} sends an updated identity or group membership through SCIM. This identity is used for Gateway policies and WARP [device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/); Access will read the user's updated identity when they reauthenticate.
+	- _Automatic identity updates_: Automatically update the [User Registry identity](/cloudflare-one/team-and-resources/users/users/) when {props.idp} sends an updated identity or group membership through SCIM. This identity is used for Gateway policies and WARP [device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/); Access will read the user's updated identity when they reauthenticate.
 	- _Group membership change reauthentication_: [Revoke a user's active session](/cloudflare-one/access-controls/access-settings/session-management/#per-user) when their group membership changes in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). Access will read the user's updated group membership when they reauthenticate.
 	- _No action_: Update the user's identity the next time they reauthenticate to Access or WARP.
 

src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx

@@ -58,7 +58,7 @@ Determine whether the user is matching any policy, or if they are matching a pol
 2. Go to **Traffic policies** > **Firewall policies** and compare the [order of enforcement](/cloudflare-one/traffic-policies/order-of-enforcement/) of the matched policy versus the expected policy.
 3. Compare the Gateway log values with the expected policy criteria.
 
-   - If the mismatched value is related to identity, [check the user registry](/cloudflare-one/insights/logs/users/) and verify the values that are passed to Gateway from your IdP. Cloudflare updates the registry when the user enrolls in the WARP client. If the user's identity is outdated, ask the user to re-authenticate WARP (**Preferences** > **Account** > **Re-Authenticate Session**).
+   - If the mismatched value is related to identity, [check the user registry](/cloudflare-one/team-and-resources/users/users/) and verify the values that are passed to Gateway from your IdP. Cloudflare updates the registry when the user enrolls in the WARP client. If the user's identity is outdated, ask the user to re-authenticate WARP (**Preferences** > **Account** > **Re-Authenticate Session**).
 
    - If the mismatched value is related to device posture, [view posture check results](/cloudflare-one/reusable-components/posture-checks/#2-verify-device-posture-checks) for the user's device. Verify that the device passes the posture checks configured in the policy.