[CF1] IA revamp: Users section (#26034)

* move Users section

* fix typo

* fix links

Author: ranbel

public/__redirects

@@ -2382,6 +2382,10 @@
 
 # Cloudflare One nav revamp
 /cloudflare-one/connections/ /cloudflare-one/ 301
+/cloudflare-one/identity/users/ /cloudflare-one/team-and-resources/users/ 301
+/cloudflare-one/identity/users/session-management/ /cloudflare-one/team-and-resources/users/session-management/ 301
+/cloudflare-one/identity/users/seat-management/ /cloudflare-one/team-and-resources/users/seat-management/ 301
+/cloudflare-one/identity/users/scim/ /cloudflare-one/team-and-resources/users/scim/ 301
 /cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices/:splat 301
 /cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/:splat 301
 /cloudflare-one/policies/gateway/* /cloudflare-one/traffic-policies/:splat 301
@@ -2391,7 +2395,7 @@
 /cloudflare-one/identity/one-time-pin/ /cloudflare-one/integrations/identity-providers/one-time-pin/ 301
 /cloudflare-one/identity/idp-integration/* /cloudflare-one/integrations/identity-providers/:splat 301
 /cloudflare-one/identity/devices/service-providers/* /cloudflare-one/integrations/service-providers/:splat 301
-/cloudflare-one/applications/configure-apps/* /cloudflare-one/access-controls/applications/configure-apps/:splat 301
+/cloudflare-one/applications/configure-apps/* /cloudflare-one/access-controls/applications/http-apps/:splat 301
 /cloudflare-one/applications/non-http/* /cloudflare-one/access-controls/applications/non-http/:splat 301
 
 # Learning paths

src/content/changelog/access/2025-03-03-saml-oidc-fields-saml-transformations.mdx

@@ -6,7 +6,7 @@ products:
   - access
 ---
 
-[Access for SaaS applications](/cloudflare-one/access-controls/applications/configure-apps/saas-apps/) now include more configuration options to support a wider array of SaaS applications.
+[Access for SaaS applications](/cloudflare-one/access-controls/applications/http-apps/saas-apps/) now include more configuration options to support a wider array of SaaS applications.
 
 **SAML and OIDC Field Additions**
 

src/content/changelog/access/2025-04-09-SCIM-provisioning-logs.mdx

@@ -6,7 +6,7 @@ products:
   - access
 ---
 
-[Cloudflare Zero Trust SCIM provisioning](/cloudflare-one/identity/users/scim) now has a full audit log of all create, update and delete event from any SCIM Enabled IdP. The [SCIM logs](/cloudflare-one/insights/logs/scim-logs/) support filtering by IdP, Event type, Result and many more fields. This will help with debugging user and group update issues and questions.
+[Cloudflare Zero Trust SCIM provisioning](/cloudflare-one/team-and-resources/users/scim) now has a full audit log of all create, update and delete event from any SCIM Enabled IdP. The [SCIM logs](/cloudflare-one/insights/logs/scim-logs/) support filtering by IdP, Event type, Result and many more fields. This will help with debugging user and group update issues and questions.
 
 SCIM logs can be found on the Zero Trust Dashboard under **Logs** -> **SCIM provisioning**.
 

src/content/changelog/access/2025-08-26-access-mcp-oauth.mdx

@@ -8,6 +8,6 @@ products:
 
 You can now control who within your organization has access to internal MCP servers, by putting internal MCP servers behind [Cloudflare Access](/cloudflare-one/access-controls/policies/).
 
-[Self-hosted applications](/cloudflare-one/access-controls/applications/configure-apps/mcp-servers/linked-apps/) in Cloudflare Access now support OAuth for MCP server authentication. This allows Cloudflare to delegate access from any self-hosted application to an MCP server via OAuth. The OAuth access token authorizes the MCP server to make requests to your self-hosted applications on behalf of the authorized user, using that user's specific permissions and scopes.
+[Self-hosted applications](/cloudflare-one/access-controls/applications/http-apps/mcp-servers/linked-apps/) in Cloudflare Access now support OAuth for MCP server authentication. This allows Cloudflare to delegate access from any self-hosted application to an MCP server via OAuth. The OAuth access token authorizes the MCP server to make requests to your self-hosted applications on behalf of the authorized user, using that user's specific permissions and scopes.
 
 For example, if you have an MCP server designed for internal use within your organization, you can configure Access policies to ensure that only authorized users can access it, regardless of which MCP client they use. Support for internal, self-hosted MCP servers also works with MCP server portals, allowing you to provide a single MCP endpoint for multiple MCP servers. For more on MCP server portals, read the [blog post](https://blog.cloudflare.com/zero-trust-mcp-server-portals/) on the Cloudflare Blog.

src/content/changelog/access/2025-08-26-mcp-server-portals.mdx

@@ -8,7 +8,7 @@ products:
 
 ![MCP server portal](~/assets/images/changelog/access/mcp-server-portal.png)
 
-An [MCP server portal](/cloudflare-one/access-controls/applications/configure-apps/mcp-servers/mcp-portals/) centralizes multiple Model Context Protocol (MCP) servers onto a single HTTP endpoint. Key benefits include:
+An [MCP server portal](/cloudflare-one/access-controls/applications/http-apps/mcp-servers/mcp-portals/) centralizes multiple Model Context Protocol (MCP) servers onto a single HTTP endpoint. Key benefits include:
 
 - **Streamlined access to multiple MCP servers**: MCP server portals support both unauthenticated MCP servers as well as MCP servers secured using any third-party or custom OAuth provider. Users log in to the portal URL through Cloudflare Access and are prompted to authenticate separately to each server that requires OAuth.
 - **Customized tools per portal**: Admins can tailor an MCP portal to a particular use case by choosing the specific tools and prompt templates that they want to make available to users through the portal. This allows users to access a curated set of tools and prompts — the less external context exposed to the AI model, the better the AI responses tend to be.

src/content/docs/agents/model-context-protocol/authorization.mdx

@@ -81,7 +81,7 @@ Remember — [authentication is different from authorization](https://www.cloud
 
 You can use Cloudflare Access as a Single Sign-On (SSO) provider to authorize users to your MCP server. Users log in using a [configured identity provider](/cloudflare-one/integrations/identity-providers/) or a [one-time PIN](/cloudflare-one/integrations/identity-providers/one-time-pin/), and they are only granted access if their identity matches your [Access policies](/cloudflare-one/access-controls/policies/).
 
-To deploy an [example MCP server](https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-cf-access) with Cloudflare Access as the OAuth provider, refer to [Secure MCP servers with Access for SaaS](/cloudflare-one/access-controls/applications/configure-apps/mcp-servers/saas-mcp/).
+To deploy an [example MCP server](https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-cf-access) with Cloudflare Access as the OAuth provider, refer to [Secure MCP servers with Access for SaaS](/cloudflare-one/access-controls/applications/http-apps/mcp-servers/saas-mcp/).
 
 ### (3) Third-party OAuth Provider
 

src/content/docs/agents/model-context-protocol/mcp-portal.mdx

@@ -5,7 +5,7 @@ tags:
   - MCP
 sidebar:
   order: 101
-external_link: /cloudflare-one/access-controls/applications/configure-apps/mcp-servers/mcp-portals/
+external_link: /cloudflare-one/access-controls/applications/http-apps/mcp-servers/mcp-portals/
 description: Centralize multiple MCP servers onto a single endpoint and customize the tools, prompts, and resources available to users.
 
 ---

src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/secure-with-access.mdx

@@ -25,4 +25,4 @@ Cloudflare Access provides visibility and control over who has access to your [c
 5. Select **Add public hostname**.
 6. For **Input method**, select _Custom_.
 7. In **Hostname**, enter your custom hostname (for example, `mycustomhostname.com`).
-8. Follow the remaining [self-hosted application creation steps](/cloudflare-one/access-controls/applications/configure-apps/self-hosted-public-app/) to publish the application.
+8. Follow the remaining [self-hosted application creation steps](/cloudflare-one/access-controls/applications/http-apps/self-hosted-public-app/) to publish the application.

src/content/docs/cloudflare-one/access-controls/applications/configure-apps/index.mdx renamed to src/content/docs/cloudflare-one/access-controls/applications/http-apps/index.mdx

@@ -13,12 +13,12 @@ Cloudflare Access allows you to secure your web applications by acting as an ide
 
 You can protect the following types of web applications:
 
-- [**SaaS applications**](/cloudflare-one/access-controls/applications/configure-apps/saas-apps/) consist of applications your team relies on that are not hosted by your organization. Examples include Salesforce and Workday. To secure SaaS applications, you must integrate Cloudflare Access with the SaaS application's SSO configuration.
+- [**SaaS applications**](/cloudflare-one/access-controls/applications/http-apps/saas-apps/) consist of applications your team relies on that are not hosted by your organization. Examples include Salesforce and Workday. To secure SaaS applications, you must integrate Cloudflare Access with the SaaS application's SSO configuration.
 
 - **Self-hosted applications** consist of internal applications that you host in your own environment. These can be the data center versions of tools like the Atlassian suite or applications created by your own team. Setup requirements for a self-hosted application depend on whether the application is publicly accessible on the Internet or restricted to users on a private network.
-  - [**Public hostname applications**](/cloudflare-one/access-controls/applications/configure-apps/self-hosted-public-app/) are web applications that have public DNS records. Anyone on the Internet can access the application by entering the URL in their browser and authenticating through Cloudflare Access. Securing access to a public website requires a Cloudflare DNS [full setup](/dns/zone-setups/full-setup/) or [partial CNAME setup](/dns/zone-setups/partial-setup/).
+  - [**Public hostname applications**](/cloudflare-one/access-controls/applications/http-apps/self-hosted-public-app/) are web applications that have public DNS records. Anyone on the Internet can access the application by entering the URL in their browser and authenticating through Cloudflare Access. Securing access to a public website requires a Cloudflare DNS [full setup](/dns/zone-setups/full-setup/) or [partial CNAME setup](/dns/zone-setups/partial-setup/).
   - [**Private network applications**](/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app/) do not have public DNS records, meaning they are not reachable from the public Internet. To connect using a private IP or private hostname, the user's traffic must route through Cloudflare Gateway. The preferred method is to install the WARP client on the user's device, but you could also forward device traffic from a [network location](/magic-wan/) or use an agentless option such as [PAC files](/cloudflare-one/team-and-resources/devices/agentless/pac-files/) or [Clientless Web Isolation](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/).
 
-- [**Model Context Protocol (MCP) servers**](/cloudflare-one/access-controls/applications/configure-apps/mcp-servers/) are web applications that enable generative AI tools to read and write data within your business applications. For example, Salesforce provides an [MCP server](https://github.com/salesforcecli/mcp) for developers to interact with resources in their Salesforce tenant using GitHub Copilot or other AI code editors.
+- [**Model Context Protocol (MCP) servers**](/cloudflare-one/access-controls/applications/http-apps/mcp-servers/) are web applications that enable generative AI tools to read and write data within your business applications. For example, Salesforce provides an [MCP server](https://github.com/salesforcecli/mcp) for developers to interact with resources in their Salesforce tenant using GitHub Copilot or other AI code editors.
 
 - [**Cloudflare Dashboard SSO**](/fundamentals/manage-members/dashboard-sso/) is a special type of SaaS application that manages SSO settings for the Cloudflare dashboard and has limited permissions for administrator edits.