elastic
diff --git a/‎.github/workflows/docs-build.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/docs-build.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/label-community-issues.yml‎
Lines changed: 64 additions & 0 deletions b/‎.github/workflows/label-community-issues.yml‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎cloud-account/multifactor-authentication.md‎
Lines changed: 8 additions & 0 deletions b/‎cloud-account/multifactor-authentication.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎deploy-manage/api-keys/elastic-cloud-api-keys.md‎
Lines changed: 2 additions & 2 deletions b/‎deploy-manage/api-keys/elastic-cloud-api-keys.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎deploy-manage/api-keys/elasticsearch-api-keys.md‎
Lines changed: 27 additions & 9 deletions b/‎deploy-manage/api-keys/elasticsearch-api-keys.md‎
Lines changed: 27 additions & 9 deletions
diff --git a/‎deploy-manage/api-keys/serverless-project-api-keys.md‎
Lines changed: 2 additions & 2 deletions b/‎deploy-manage/api-keys/serverless-project-api-keys.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎deploy-manage/autoscaling/autoscaling-in-ece-and-ech.md‎
Lines changed: 1 addition & 1 deletion b/‎deploy-manage/autoscaling/autoscaling-in-ece-and-ech.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎deploy-manage/cloud-organization/billing/add-billing-details.md‎
Lines changed: 4 additions & 3 deletions b/‎deploy-manage/cloud-organization/billing/add-billing-details.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎deploy-manage/cloud-organization/billing/billing-faq.md‎
Lines changed: 1 addition & 1 deletion b/‎deploy-manage/cloud-organization/billing/billing-faq.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎deploy-manage/cloud-organization/billing/manage-subscription.md‎
Lines changed: 5 additions & 4 deletions b/‎deploy-manage/cloud-organization/billing/manage-subscription.md‎
Lines changed: 5 additions & 4 deletions
@@ -16,4 +16,4 @@ jobs:
       deployments: write
       id-token: write
       contents: read
-      pull-requests: read
+      pull-requests: write
@@ -0,0 +1,64 @@
+name: Label Community Issues
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  label-community-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      contents: read
+    
+    steps:
+        # Adding this step for debug purposes
+        # If this works as expected, we can simplify this workflow
+        # and replace it with the `check-membership` step
+      - name: Check organization membership (test)
+        run: echo "${{ github.event.issue.author_association == 'MEMBER' }}"
+      - name: Check organization membership
+        id: check-membership
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.ORG_MEMBER_READ_TOKEN }}
+          result-encoding: string
+          script: |
+            const issueAuthor = '${{ github.event.issue.user.login }}';
+            const orgName = 'elastic';
+            
+            try {
+              await github.rest.orgs.getMembershipForUser({
+                org: orgName,
+                username: issueAuthor
+              });
+              
+              console.log(`${issueAuthor} is a member of ${orgName} organization`);
+              return 'member';
+              
+            } catch (error) {
+              if (error.status === 404) {
+                console.log(`${issueAuthor} is not a member of ${orgName} organization`);
+                return 'non-member';
+              } else {
+                console.log('Error checking organization membership:', error);
+                return 'error';
+              }
+            }
+
+      - name: Add community label
+        if: steps.check-membership.outputs.result == 'non-member'
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const issueAuthor = '${{ github.event.issue.user.login }}';
+            
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              labels: ['community']
+            });
+            
+            console.log(`Added "community" label to issue by ${issueAuthor}`);
@@ -106,4 +106,12 @@ The only secure and recommended approach is to use one Elastic account for each
 
 For now, you will need to answer an MFA challenge on every login, but we are working on adding a **Trust this device** option, which will "silence" the MFA challenge for one month per user session.
 
+**Can I use multiple email addresses for MFA?**
+
+No, only one email address can be used for MFA verification. In alignment with security best practices, Elastic Cloud is designed to use only one designated email address for MFA purposes. This email is used to send your one-time verification codes during login. If you need to update your MFA email address, review [Update your email address](update-your-email-address.md) for more information.
+
+
+
+
+
 
@@ -27,8 +27,8 @@ These keys provides access to the API that enables you to manage your deployment
 
 1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
 2. Go to your avatar in the upper right corner and choose **Organization**.
-3. On the API keys tab of the **Organization** page, click **Create API Key**.
-4. From the **Create API Key** page, you can configure your new key by adding a name, set expiration, or assign [roles](../users-roles/cloud-organization/user-roles.md).
+3. On the **API keys** tab of the **Organization** page, click **Create API key**.
+4. On the **Create API key** flyout, you can configure your new key by adding a name, set expiration, or assign [roles](../users-roles/cloud-organization/user-roles.md).
 
     By default, API keys expire after three months. You can set the expiration to a different preset value or to a specific date, up to one year. If you need the key to work indefinitely, you can also set its expiration to Never. In this case, the key won’t expire.
 
 
@@ -15,7 +15,7 @@ Several types of {{es}} API keys exist:
 * **Cross-cluster** API key: allows other clusters to connect to this cluster.
 * **Managed** API key: created and managed by {{kib}} to run background tasks.
 
-To manage API keys in {{kib}}, go to the **API Keys** management page using the navigation menu or the [global search field](../../explore-analyze/find-and-organize/find-apps-and-objects.md).
+To manage API keys in {{kib}}, go to **Management > Stack Management > API Keys** from the navigation menu or use the [global search field](../../explore-analyze/find-and-organize/find-apps-and-objects.md).
 
 ![API Keys UI](/deploy-manage/images/kibana-api-keys.png "")
 
@@ -33,23 +33,41 @@ To manage roles, go to the **Roles** management page using the navigation menu o
 
 ## Create an API key [create-api-key]
 
-To create an API key, go to the **API Keys** management page using the navigation menu or the [global search field](../../explore-analyze/find-and-organize/find-apps-and-objects.md), and select **Create API key**.
+Two methods are available to create an API key:
 
-![Create API Key UI](/deploy-manage/images/kibana-create-ccr-api-key.png "")
+* As a quick option to create a personal API key from anywhere in {{kib}}:
+  1. From the **Help menu** (![help icon](/deploy-manage/images/help-icon.svg)), select **Connection details > API key**.  
+  1. Give the key a name.
+  1. Select **Create API key**.
+  
+  Your personal API key is created with a default expiration of 90 days from the time of creation. You can manage the key from the **API Keys** page.
 
-Refer to the [Create API key](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-api-key) documentation to learn more about creating user API keys.
+* To create a personal or cross-cluster API key with configurable options, go to **Management > Stack Management > API Keys** from the navigation menu or use the [global search field](../../explore-analyze/find-and-organize/find-apps-and-objects.md), and select **Create API key**.
 
-Refer to the [Create cross-cluster API key](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) documentation to learn more about creating cross-cluster API keys.
+  ![Create API Key UI](/deploy-manage/images/kibana-create-user-api-key.png "")
 
+  1. Choose to create either a user or a cross-cluster API key.
+  2. Optionally, set an expiry date. By default the API key will not expire, but it's a good security practice to give the key a limited lifespan.
+  3. Configure access:
+      * For a user API key, you can opt to configure access to specific {{es}} APIs and resources by assigning the key with predefined roles or custom privileges. Refer to [Defining roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md) and the [Create API key](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-api-key) API documentation to learn more.
+      * For a cross-cluster API key, you can control the indices that other clusters have access to. Refer to the [Create cross-cluster API key](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) API documentation to learn more.
+  4. Add any additional metadata about the API as one or more key-value pairs. Refer to the [Create API key](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-api-key) API documentation for examples.
 
 ## Update an API key [update-api-key]
 
-To update an API key, go to the **API Keys** management page using the navigation menu or the [global search field](../../explore-analyze/find-and-organize/find-apps-and-objects.md), and then click on the name of the key. You cannot update the name or the type of API key.
+To update an API key, go to **Management > Stack Management > API Keys** from the navigation menu or use the [global search field](../../explore-analyze/find-and-organize/find-apps-and-objects.md), and then click on the name of the key. You cannot update the name or the type of an API key.
 
-Refer to the [Update API key](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-update-api-key) documentation to learn more about updating user API keys.
-
-Refer to the [Update cross-cluster API key](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-update-cross-cluster-api-key) documentation to learn more about updating cross-cluster API keys.
+* For a user API key, you can update:
+  * The API key's access to {{es}} APIs and resources.
+  * The metadata associated with the key.
+ 
+  Refer to the [Update API key](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-update-api-key) API documentation to learn more.
 
+* For a cross-cluster API key, you can update:
+  * The indices that other clusters have access to.
+  * The metadata associated with the key.
+ 
+  Refer to the [Update cross-cluster API key](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-update-cross-cluster-api-key) API documentation to learn more.
 
 ## View and delete API keys [view-api-keys]
 
 
@@ -46,9 +46,9 @@ API keys are intended for programmatic access. Don’t use API keys to authentic
 
 
 
-### Restrict privileges [api-keys-restrict-privileges]
+### Control security privileges [api-keys-restrict-privileges]
 
-When you create or update an API key, use **Restrict privileges** to limit the permissions. Define the permissions using a JSON `role_descriptors` object, where you specify one or more roles and the associated privileges.
+When you create or update an API key, use **Control security privileges** to configure access to specific {{es}} APIs and resources. Define the permissions using a JSON `role_descriptors` object, where you specify one or more roles and the associated privileges.
 
 For example, the following `role_descriptors` object defines a `books-read-only` role that limits the API key to `read` privileges on the `books` index.
 
 
@@ -43,7 +43,7 @@ Currently, autoscaling behavior is as follows:
 * **Data tiers**
 
     * Each {{es}} [data tier](../../manage-data/lifecycle/data-tiers.md) scales upward based on the amount of available storage. When we detect more storage is needed, autoscaling will scale up each data tier independently to ensure you can continue and ingest more data to your hot and content tier, or move data to the warm, cold, or frozen data tiers.
-    * In addition to scaling up existing data tiers, a new data tier will be automatically added when necessary, based on your [index lifecycle management policies](https://www.elastic.co/guide/en/cloud-enterprise/current/ece-configure-index-management.html).
+    * In addition to scaling up existing data tiers, a new data tier will be automatically added when necessary, based on your [index lifecycle management policies](/manage-data/lifecycle/index-lifecycle-management.md).
     * To control the maximum size of each data tier and ensure it will not scale above a certain size, you can use the maximum size per zone field.
     * Autoscaling based on memory or CPU, as well as autoscaling downward, is not currently supported. In case you want to adjust the size of your data tier to add more memory or CPU, or in case you deleted data and want to scale it down, you can set the current size per zone of each data tier manually.
 
 
@@ -24,8 +24,9 @@ Trials get converted to paid subscriptions and billing starts when you add a cre
 To add your billing details:
 
 1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-2. Select the user icon on the header bar and select **Billing** from the menu.
-3. On the **Overview** page, select **Add billing information**.
-4. If prompted, complete the multifactor authentication (MFA) required by your bank.
+2. From a deployment or project on the home page, select **Manage**.
+3. From the lower navigation menu, select **Billing and Subscription**.
+4. On the **Overview** page, select **Add billing information**.
+5. If prompted, complete the multifactor authentication (MFA) required by your bank.
 
 If you want, you can stop new charges by [deleting your project or deployment](/deploy-manage/uninstall/delete-a-cloud-deployment.md).
@@ -99,7 +99,7 @@ $$$faq-included$$$What is included in my paid {{ech}} deployment?
 
     * Free 1GB RAM {{kib}} instance
     * Free 1GB RAM Machine Learning node
-    * Free 1GB RAM APM server
+    * Free 1GB RAM APM / Integrations Server instance
     * A free allowance for [data transfer and snapshot storage costs](#faq-dts)
 
     Note that if you go above the free tier of Kibana/ML/APM (for example, a 2GB {{kib}} instance), you will be charged in full for the size of that instance.
 
@@ -33,10 +33,11 @@ If, at any time during your monthly subscription with {{ecloud}}, you decide you
 To change your subscription level:
 
 1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-2. Select the user icon on the header bar and select **Billing** from the menu.
-3. On the **Overview** page, select **Update subscription**.
-4. Choose a new subscription level.
-5. Save your changes.
+2. From a deployment or project on the home page, select **Manage**.
+3. From the lower navigation menu, select **Billing and Subscription**.
+4. On the **Overview** page, select **Update subscription**.
+5. Choose a new subscription level.
+6. Save your changes.
 
 ::::{important}
 * Changing to a higher subscription level takes place immediately. Moving to a lower subscription level takes effect 30 days after you most recently changed to a higher subscription level. In the interim, you pay the current rate. If you haven’t performed a self-service change in the past 30 days, then the change to the lower subscription level is immediate.