move service tokens

Author: ranbel

public/__redirects

@@ -2397,6 +2397,7 @@
 /cloudflare-one/identity/authorization-cookie/validating-json/ /cloudflare-one/access-controls/applications/http-apps/authorization-cookie/validating-json/ 301
 /cloudflare-one/identity/authorization-cookie/application-token/ /cloudflare-one/access-controls/applications/http-apps/authorization-cookie/application-token/ 301
 /cloudflare-one/identity/authorization-cookie/cors/ /cloudflare-one/access-controls/applications/http-apps/authorization-cookie/cors/ 301
+/cloudflare-one/identity/service-tokens/ /cloudflare-one/access-controls/service-credentials/service-tokens/ 301
 /cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices/:splat 301
 /cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/:splat 301
 /cloudflare-one/policies/gateway/* /cloudflare-one/traffic-policies/:splat 301

src/content/docs/cloudflare-one/access-controls/applications/http-apps/authorization-cookie/application-token.mdx

@@ -34,7 +34,7 @@ Unless your application is connected to Access through Cloudflare Tunnel, your a
 
 ## Payload
 
-The payload contains the actual claim and user information to pass to the application. Payload contents vary depending on whether you authenticated to the application with an identity provider or with a [service token](/cloudflare-one/identity/service-tokens/).
+The payload contains the actual claim and user information to pass to the application. Payload contents vary depending on whether you authenticated to the application with an identity provider or with a [service token](/cloudflare-one/access-controls/service-credentials/service-tokens/).
 
 ### Identity-based authentication
 

src/content/docs/cloudflare-one/access-controls/applications/http-apps/authorization-cookie/cors.mdx

@@ -126,7 +126,7 @@ To avoid having to log in twice, you can create a Cloudflare Worker that automat
 
 ### 1. Generate a service token
 
-Follow [these instructions](/cloudflare-one/identity/service-tokens/) to generate a new Access service token. Copy the `Client ID` and `Client Secret` to a safe place, as you will use them in a later step.
+Follow [these instructions](/cloudflare-one/access-controls/service-credentials/service-tokens/) to generate a new Access service token. Copy the `Client ID` and `Client Secret` to a safe place, as you will use them in a later step.
 
 ### 2. Add a Service Auth policy
 

src/content/docs/cloudflare-one/access-controls/applications/non-http/cloudflared-authentication/index.mdx

@@ -12,7 +12,7 @@ Users log in to the application by running a `cloudflared access` command in the
 
 :::note
 
-Automated services should only authenticate with `cloudflared` if they cannot use a [service token](/cloudflare-one/identity/service-tokens/). Cloudflared authentication relies on WebSockets to establish a connection. WebSockets have a known limitation where persistent connections may close unexpectedly. We recommend either a [Service Auth policy](/cloudflare-one/access-controls/policies/#service-auth) or using [Warp to Tunnel routing](/cloudflare-one/access-controls/applications/non-http/) in these instances.
+Automated services should only authenticate with `cloudflared` if they cannot use a [service token](/cloudflare-one/access-controls/service-credentials/service-tokens/). Cloudflared authentication relies on WebSockets to establish a connection. WebSockets have a known limitation where persistent connections may close unexpectedly. We recommend either a [Service Auth policy](/cloudflare-one/access-controls/policies/#service-auth) or using [Warp to Tunnel routing](/cloudflare-one/access-controls/applications/non-http/) in these instances.
 :::
 
 For examples of how to connect to Access applications with client-side `cloudflared`, refer to these tutorials:

src/content/docs/cloudflare-one/access-controls/policies/index.mdx

@@ -146,7 +146,7 @@ Non-identity attributes are polled continuously, meaning they are-evaluated with
 | Common Name              | The request will need to present a valid certificate with an expected common name.                                                                                                                                                        | ✅               | ✅                               | ❌                       |
 | Valid Certificate        | The request will need to present any valid client certificate.                                                                                                                                                                            | ✅               | ✅                               | ❌                       |
 | Service Token            | The request will need to present the correct service token headers configured for the specific application.                                                                                                                               | ✅               | ✅                               | ❌                       |
-| Any Access Service Token | The request will need to present the headers for any [service token](/cloudflare-one/identity/service-tokens/) created for this account.                                                                                                  | ✅               | ✅                               | ❌                       |
+| Any Access Service Token | The request will need to present the headers for any [service token](/cloudflare-one/access-controls/service-credentials/service-tokens/) created for this account.                                                                                                  | ✅               | ✅                               | ❌                       |
 | Login Methods            | Checks the identity provider used at the time of login.                                                                                                                                                                                   | ✅               | ❌                               | ✅                       |
 | Authentication Method    | Checks the [multifactor authentication](/cloudflare-one/access-controls/policies/mfa-requirements/) method used by the user, if supported by the identity provider.                                                                                | ✅               | ❌                               | ✅                       |
 | Identity provider group  | Checks the user groups configured with your identity provider (IdP). This selector only displays if you use Microsoft Entra ID, GitHub, Google, Okta, or an IdP that provisions groups with [SCIM](/cloudflare-one/team-and-resources/users/scim/). | ✅               | ❌                               | ✅                       |

src/content/docs/cloudflare-one/identity/index.mdx renamed to src/content/docs/cloudflare-one/access-controls/service-credentials/index.mdx

@@ -1,12 +1,13 @@
 ---
 pcx_content_type: navigation
-title: Identity
+title: Service credentials
 sidebar:
-  order: 4
+  order: 5
   group:
     hideIndex: true
 ---
 
-import { DirectoryListing} from "~/components";
+import { DirectoryListing } from "~/components";
 
 <DirectoryListing />
+

src/content/docs/cloudflare-one/identity/service-tokens.mdx renamed to src/content/docs/cloudflare-one/access-controls/service-credentials/service-tokens.mdx

@@ -35,7 +35,7 @@ These settings will only apply to logs displayed in Zero Trust. Logpush data is
 | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | **Query name**        | Name of the domain that was queried.                                                                                                                                                                                                                                                                                                                                                                   |
 | **Query ID**          | UUID of the query assigned by Cloudflare.                                                                                                                                                                                                                                                                                                                                                              |
-| **Email**             | Email address of the user who registered the WARP client where traffic originated from. If a non-identity on-ramp (such as a [proxy endpoint](/cloudflare-one/team-and-resources/devices/agentless/pac-files/)) or machine-level authentication (such as a [service token](/cloudflare-one/identity/service-tokens/)) was used, this value will be `non_identity@<team-domain>.cloudflareaccess.com`. |
+| **Email**             | Email address of the user who registered the WARP client where traffic originated from. If a non-identity on-ramp (such as a [proxy endpoint](/cloudflare-one/team-and-resources/devices/agentless/pac-files/)) or machine-level authentication (such as a [service token](/cloudflare-one/access-controls/service-credentials/service-tokens/)) was used, this value will be `non_identity@<team-domain>.cloudflareaccess.com`. |
 | **Action**            | The [Action](/cloudflare-one/traffic-policies/dns-policies/#actions) Gateway applied to the query (such as Allow or Block).                                                                                                                                                                                                                                                                            |
 | **Time**              | Date and time of the DNS query.                                                                                                                                                                                                                                                                                                                                                                        |
 | **Resolver decision** | The reason why Gateway applied a particular **Action** to the request. Refer to the [list of resolver decisions](#resolver-decisions).                                                                                                                                                                                                                                                                 |

src/content/docs/cloudflare-one/insights/logs/gateway-logs/index.mdx

@@ -99,7 +99,7 @@ Example response body:
 
 ### 1. Create a service token
 
-WARP uses an Access Client ID and Access Client Secret to securely authenticate to the external API. If you do not already have an Access Client ID and Access Client Secret, [create a new service token](/cloudflare-one/identity/service-tokens/#create-a-service-token).
+WARP uses an Access Client ID and Access Client Secret to securely authenticate to the external API. If you do not already have an Access Client ID and Access Client Secret, [create a new service token](/cloudflare-one/access-controls/service-credentials/service-tokens/#create-a-service-token).
 
 ### 2. Create an Access application
 

src/content/docs/cloudflare-one/integrations/service-providers/custom.mdx

@@ -122,7 +122,7 @@ Currently, authentication tokens can only be generated through the API. You can
 
 ### 1. Create a service token for the account
 
-Each Cloudflare account can only have one active Access [service token](/cloudflare-one/identity/service-tokens/) authorized for DNS over HTTPS (DoH) at a time.
+Each Cloudflare account can only have one active Access [service token](/cloudflare-one/access-controls/service-credentials/service-tokens/) authorized for DNS over HTTPS (DoH) at a time.
 
 ```bash
 curl "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/service_tokens" \