[CF1] IA revamp: move service providers

public/__redirects

@@ -2390,7 +2390,7 @@
 /cloudflare-one/policies/access/* /cloudflare-one/access-controls/policies/:splat 301
 /cloudflare-one/identity/one-time-pin/ /cloudflare-one/integrations/identity-providers/one-time-pin/ 301
 /cloudflare-one/identity/idp-integration/* /cloudflare-one/integrations/identity-providers/:splat 301
-
+/cloudflare-one/identity/devices/service-providers/* /cloudflare-one/integrations/service-providers/:splat 301
 
 # Learning paths
 

src/content/docs/cloudflare-one/changelog/risk-score.mdx

@@ -17,4 +17,4 @@ import { ProductChangelog, Render } from "~/components";
 
 **SentinelOne signal ingestion**
 
-You can now configure a [predefined risk behavior](/cloudflare-one/insights/risk-score/#predefined-risk-behaviors) to evaluate user risk score using device posture attributes from the [SentinelOne integration](/cloudflare-one/identity/devices/service-providers/sentinelone/).
+You can now configure a [predefined risk behavior](/cloudflare-one/insights/risk-score/#predefined-risk-behaviors) to evaluate user risk score using device posture attributes from the [SentinelOne integration](/cloudflare-one/integrations/service-providers/sentinelone/).

src/content/docs/cloudflare-one/identity/devices/access-integrations/tanium.mdx

@@ -11,7 +11,7 @@ head:
 import { Render } from "~/components";
 
 :::note
-Not recommended for new deployments. We recommend using the [Tanium service-to-service integration](/cloudflare-one/identity/devices/service-providers/taniums2s/) to get device posture signals from Tanium.
+Not recommended for new deployments. We recommend using the [Tanium service-to-service integration](/cloudflare-one/integrations/service-providers/taniums2s/) to get device posture signals from Tanium.
 :::
 
 Cloudflare Access can use endpoint data from [Tanium™](https://www.tanium.com/) to determine if a request should be allowed to reach a protected resource. When users attempt to connect to a resource protected by Access with a Tanium rule, Cloudflare Access will validate the user's identity, and the browser will connect to the Tanium agent before making a decision to grant access.

src/content/docs/cloudflare-one/identity/devices/index.mdx

@@ -14,7 +14,7 @@ With Cloudflare Zero Trust, you can configure Zero Trust policies that rely on a
 Setup instructions and requirements vary depending on the device posture attribute. Refer to the links below to view the setup guide for your provider.
 
 - [WARP client checks](/cloudflare-one/identity/devices/warp-client-checks/) are performed by the Cloudflare WARP client.
-- [Service-to-service checks](/cloudflare-one/identity/devices/service-providers/) are performed by third-party device posture providers.
+- [Service-to-service checks](/cloudflare-one/integrations/service-providers/) are performed by third-party device posture providers.
 - [Access integration checks](/cloudflare-one/identity/devices/access-integrations/) are only configurable for Access applications. These attributes cannot be used in Gateway policies.
 
 ## 2. Verify device posture checks
@@ -37,7 +37,7 @@ Gateway does not support device posture checks for the [Tanium Access integratio
 
 ## 4. Ensure traffic is going through WARP
 
-[WARP client](/cloudflare-one/identity/devices/warp-client-checks/) and [service-to-service](/cloudflare-one/identity/devices/service-providers/) posture checks rely on traffic going through WARP to detect posture information for a device. In your [Split Tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/), ensure that the following domains are included in WARP:
+[WARP client](/cloudflare-one/identity/devices/warp-client-checks/) and [service-to-service](/cloudflare-one/integrations/service-providers/) posture checks rely on traffic going through WARP to detect posture information for a device. In your [Split Tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/), ensure that the following domains are included in WARP:
 
 - The IdP used to authenticate to Cloudflare Zero Trust if posture check is part of an Access policy.
 - `<your-team-name>.cloudflareaccess.com` if posture check is part of an Access policy.
@@ -77,4 +77,4 @@ By default, the WARP client polls the device for status changes every five minut
 
 #### Service provider checks
 
-When setting up a [service-to-service integration](/cloudflare-one/identity/devices/service-providers/), you will choose a polling frequency to determine how often Cloudflare will query the third-party API. To set the polling frequency via the API, use the [`interval`](/api/resources/zero_trust/subresources/devices/subresources/posture/subresources/integrations/methods/edit/) parameter.
+When setting up a [service-to-service integration](/cloudflare-one/integrations/service-providers/), you will choose a polling frequency to determine how often Cloudflare will query the third-party API. To set the polling frequency via the API, use the [`interval`](/api/resources/zero_trust/subresources/devices/subresources/posture/subresources/integrations/methods/edit/) parameter.

src/content/docs/cloudflare-one/identity/index.mdx

@@ -3,16 +3,10 @@ pcx_content_type: navigation
 title: Identity
 sidebar:
   order: 4
+  group:
+    hideIndex: true
 ---
 
-import { DirectoryListing, Render } from "~/components";
-
-Cloudflare Zero Trust integrates with your organization's identity provider to apply Zero Trust and Secure Web Gateway policies. If you work with partners, contractors, or other organizations, you can integrate multiple identity providers simultaneously.
-
-As an alternative to configuring an identity provider, Cloudflare Zero Trust can send a [one-time PIN (OTP)](/cloudflare-one/integrations/identity-providers/one-time-pin/) to approved email addresses. No configuration needed — simply add a user's email address to an [Access policy](/cloudflare-one/access-controls/policies/) and to the group that allows your team to reach the application.
-
-You can simultaneously configure an OTP and an identity provider to allow users to use their own authentication method.
-
-Additionally, Cloudflare Zero Trust can integrate with [endpoint protection providers](/cloudflare-one/identity/devices/) to check requests for device posture. This allows you to configure security policies that rely on additional signals from endpoint security providers to allow or deny connections to your applications.
+import { DirectoryListing} from "~/components";
 
 <DirectoryListing />

src/content/docs/cloudflare-one/insights/logs/posture-logs.mdx

@@ -37,7 +37,7 @@ Enterprise users can generate more detailed logs with [Logpush](/cloudflare-one/
 | Field               | Description                                                                                                                                                         |
 | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | **Name**            | Name of the [device posture check](/cloudflare-one/identity/devices).                                                                                               |
-| **Type**            | Type of [WARP client check](/cloudflare-one/identity/devices/warp-client-checks/) or [service provider check](/cloudflare-one/identity/devices/service-providers/). |
+| **Type**            | Type of [WARP client check](/cloudflare-one/identity/devices/warp-client-checks/) or [service provider check](/cloudflare-one/integrations/service-providers/). |
 | **Rule ID**         | UUID of the device posture check.                                                                                                                                   |
 | **Conditions met**  | Whether the device passed or failed the posture check criteria. Evaluates to `true` if the **Received values** match the **Expected values**.                       |
 | **Expected values** | Values required to pass the device posture check.                                                                                                                   |

src/content/docs/cloudflare-one/insights/risk-score.mdx

@@ -54,7 +54,7 @@ By default, all predefined behaviors are disabled. When a behavior is enabled, Z
 | -------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | Impossible travel                      | [A configured Access application](/cloudflare-one/applications/)                                            | User has a successful login from two different locations that they could not have traveled between in that period of time. Matches will appear in your [Access audit logs](/cloudflare-one/insights/logs/audit-logs/). |
 | High number of DLP policies triggered  | [A configured DLP profile](/cloudflare-one/data-loss-prevention/dlp-profiles/)                     | User has created a high number of DLP policy matches within a narrow frame of time. Matches will appear in your [Gateway activity logs](/cloudflare-one/insights/logs/gateway-logs/).                                  |
-| SentinelOne threat detected on machine | [SentinelOne service provider integration](/cloudflare-one/identity/devices/service-providers/sentinelone/) | SentinelOne returns one or more configured [device posture attributes](/cloudflare-one/identity/devices/service-providers/sentinelone/#device-posture-attributes) for a user.                                          |
+| SentinelOne threat detected on machine | [SentinelOne service provider integration](/cloudflare-one/integrations/service-providers/sentinelone/) | SentinelOne returns one or more configured [device posture attributes](/cloudflare-one/integrations/service-providers/sentinelone/#device-posture-attributes) for a user.                                          |
 
 ## Manage risk behaviors
 

src/content/docs/cloudflare-one/integrations/identity-providers/index.mdx

@@ -7,7 +7,10 @@ tags:
 
 import { Render } from "~/components";
 
-Cloudflare Zero Trust allows you to integrate your organization's identity providers (IdPs) with Cloudflare Access. Your team can simultaneously use multiple providers, reducing friction when working with partners or contractors.
+
+Cloudflare Zero Trust integrates with your organization's identity provider to apply Zero Trust and Secure Web Gateway policies. If you work with partners, contractors, or other organizations, you can integrate multiple identity providers simultaneously.
+
+As an alternative to configuring an identity provider, Cloudflare Zero Trust can send a [one-time PIN (OTP)](/cloudflare-one/integrations/identity-providers/one-time-pin/) to approved email addresses. No configuration needed — simply add a user's email address to an [Access policy](/cloudflare-one/access-controls/policies/) and to the group that allows your team to reach the application. You can simultaneously configure an OTP and an identity provider to allow users to use their own authentication method.
 
 Adding an identity provider as a login method requires configuration both in [Zero Trust](https://one.dash.cloudflare.com) and with the identity provider itself. Consult our IdP-specific documentation to learn more about what you need to set up.
 

src/content/docs/cloudflare-one/identity/devices/service-providers/crowdstrike.mdx → src/content/docs/cloudflare-one/integrations/service-providers/crowdstrike.mdx

@@ -24,7 +24,7 @@ Device posture with Crowdstrike requires:
   	product="cloudflare-one"
   	params={{
   		name: "Service providers",
-  		link: "/cloudflare-one/identity/devices/service-providers/",
+  		link: "/cloudflare-one/integrations/service-providers/",
   	}}
   />
 

src/content/docs/cloudflare-one/integrations/service-providers/index.mdx

@@ -0,0 +1,27 @@
+---
+pcx_content_type: navigation
+title: Service providers
+sidebar:
+  order: 3
+---
+
+Service-to-service integrations allow the WARP client to get device posture data from a third-party API. To use this feature, you must [deploy the WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/) to your devices and enable the desired posture checks.
+
+## Supported WARP modes
+
+- Gateway with WARP
+- Secure Web Gateway without DNS filtering
+- Device Information Only
+
+## Supported operating systems
+
+| Device posture check                                                                        | macOS | Windows | Linux | iOS | Android/ChromeOS |
+| ------------------------------------------------------------------------------------------- | ----- | ------- | ----- | --- | ---------------- |
+| [Custom integration](/cloudflare-one/integrations/service-providers/custom/)            | ✅    | ✅      | ✅    | ✅  | ✅               |
+| [Crowdstrike](/cloudflare-one/integrations/service-providers/crowdstrike/)              | ✅    | ✅      | ✅    | ❌  | ❌               |
+| [Kolide](/cloudflare-one/integrations/service-providers/kolide/)                        | ✅    | ✅      | ✅    | ❌  | ❌               |
+| [Microsoft Endpoint Manager](/cloudflare-one/integrations/service-providers/microsoft/) | ✅    | ✅      | ❌    | ❌  | ❌               |
+| [SentinelOne](/cloudflare-one/integrations/service-providers/sentinelone/)              | ✅    | ✅      | ❌    | ❌  | ❌               |
+| [Tanium](/cloudflare-one/integrations/service-providers/taniums2s/)                     | ✅    | ✅      | ✅    | ❌  | ❌               |
+| [Uptycs](/cloudflare-one/integrations/service-providers/uptycs/)                        | ✅    | ✅      | ✅    | ❌  | ❌               |
+| [Workspace ONE](/cloudflare-one/integrations/service-providers/workspace-one/)          | ✅    | ✅      | ✅    | ❌  | ❌               |

src/content/docs/cloudflare-one/identity/devices/service-providers/kolide.mdx → src/content/docs/cloudflare-one/integrations/service-providers/kolide.mdx

@@ -21,7 +21,7 @@ import { Render } from "~/components";
   	product="cloudflare-one"
   	params={{
   		name: "Service providers",
-  		link: "/cloudflare-one/identity/devices/service-providers/",
+  		link: "/cloudflare-one/integrations/service-providers/",
   	}}
   />
 

src/content/docs/cloudflare-one/identity/devices/service-providers/microsoft.mdx → src/content/docs/cloudflare-one/integrations/service-providers/microsoft.mdx

@@ -24,7 +24,7 @@ Device posture with Microsoft Endpoint Manager requires:
   	product="cloudflare-one"
   	params={{
   		name: "Service providers",
-  		link: "/cloudflare-one/identity/devices/service-providers/",
+  		link: "/cloudflare-one/integrations/service-providers/",
   	}}
   />
 

src/content/docs/cloudflare-one/identity/devices/service-providers/sentinelone.mdx → src/content/docs/cloudflare-one/integrations/service-providers/sentinelone.mdx

@@ -24,7 +24,7 @@ import { Render } from "~/components";
   	product="cloudflare-one"
   	params={{
   		name: "Service providers",
-  		link: "/cloudflare-one/identity/devices/service-providers/",
+  		link: "/cloudflare-one/integrations/service-providers/",
   	}}
   />
 

src/content/docs/cloudflare-one/identity/devices/service-providers/taniums2s.mdx → src/content/docs/cloudflare-one/integrations/service-providers/taniums2s.mdx

@@ -25,7 +25,7 @@ import { Render } from "~/components";
   	product="cloudflare-one"
   	params={{
   		name: "Service providers",
-  		link: "/cloudflare-one/identity/devices/service-providers/",
+  		link: "/cloudflare-one/integrations/service-providers/",
   	}}
   />
 

src/content/docs/cloudflare-one/identity/devices/service-providers/uptycs.mdx → src/content/docs/cloudflare-one/integrations/service-providers/uptycs.mdx

@@ -21,7 +21,7 @@ import { Render } from "~/components";
   	product="cloudflare-one"
   	params={{
   		name: "Service providers",
-  		link: "/cloudflare-one/identity/devices/service-providers/",
+  		link: "/cloudflare-one/integrations/service-providers/",
   	}}
   />
 

src/content/docs/cloudflare-one/identity/devices/service-providers/workspace-one.mdx → src/content/docs/cloudflare-one/integrations/service-providers/workspace-one.mdx

@@ -21,7 +21,7 @@ import { Render } from "~/components";
   	product="cloudflare-one"
   	params={{
   		name: "Service providers",
-  		link: "/cloudflare-one/identity/devices/service-providers/",
+  		link: "/cloudflare-one/integrations/service-providers/",
   	}}
   />
 

src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx

@@ -37,7 +37,7 @@ If you plan to grant access to services based on group membership, [view the use
 
 #### Device posture
 
-Most customers will also build policies that are contingent on the use of a corporate device. For example, all users on corporate devices can access `*.jira.internal.com`, but users on personal devices can only access `dev.internal.jira.com`. In order for this to be effective, we recommend defining a source of truth for your corporate devices. This is sometimes the presence of a specific [issued certificate](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/), the presence of a [process with a matched hash](/cloudflare-one/identity/devices/warp-client-checks/application-check/), or an API integration with a supported [thirty-party endpoint security provider](/cloudflare-one/identity/devices/service-providers/) like Crowdstrike or SentinelOne.
+Most customers will also build policies that are contingent on the use of a corporate device. For example, all users on corporate devices can access `*.jira.internal.com`, but users on personal devices can only access `dev.internal.jira.com`. In order for this to be effective, we recommend defining a source of truth for your corporate devices. This is sometimes the presence of a specific [issued certificate](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/), the presence of a [process with a matched hash](/cloudflare-one/identity/devices/warp-client-checks/application-check/), or an API integration with a supported [thirty-party endpoint security provider](/cloudflare-one/integrations/service-providers/) like Crowdstrike or SentinelOne.
 
 :::note
 

src/content/docs/reference-architecture/architectures/cloudflare-sase-with-sentinelone.mdx

@@ -22,7 +22,7 @@ This reference architecture is designed for IT and security professionals who ar
 
 Recommended resources for a stronger understanding of Cloudflare's SentinelOne integration:
 
-- [SentinelOne device posture integration](/cloudflare-one/identity/devices/service-providers/sentinelone/)
+- [SentinelOne device posture integration](/cloudflare-one/integrations/service-providers/sentinelone/)
 
 ## Integration overview
 
@@ -82,7 +82,7 @@ Next, SentinelOne must be configured as a service provider in the Cloudflare Zer
 - Setting an appropriate polling frequency
 - Testing the connection to ensure proper communication
 
-Finally, device posture checks must be configured to define the security requirements for access. For detailed setup instructions, refer to [SentinelOne device posture integration](/cloudflare-one/identity/devices/service-providers/sentinelone/).
+Finally, device posture checks must be configured to define the security requirements for access. For detailed setup instructions, refer to [SentinelOne device posture integration](/cloudflare-one/integrations/service-providers/sentinelone/).
 
 ## Security capabilities