xref

Author: shainaraskas

deploy-manage/users-roles/cluster-or-deployment-auth/active-directory.md

@@ -15,6 +15,14 @@ navigation_title: "Active Directory"
 
 You can configure {{stack}} {{security-features}} to communicate with Active Directory to authenticate users.
 
+:::{{tip}}
+This topic describes implementing Active Directory at the cluster or deployment level, for the purposes of authenticating with {{es}}. 
+
+You can also configure an {{ece}} installation to use an Active Directory to authenticate users. [Learn more](/deploy-manage/users-roles/cloud-enterprise-orchestrator/active-directory.md).
+:::
+
+## How it works
+
 The {{security-features}} use LDAP to communicate with Active Directory, so `active_directory` realms are similar to [`ldap` realms](/deploy-manage/users-roles/cluster-or-deployment-auth/ldap.md). Like LDAP directories, Active Directory stores users and groups hierarchically. The directory’s hierarchy is built from containers such as the *organizational unit* (`ou`), *organization* (`o`), and *domain component* (`dc`).
 
 The path to an entry is a *Distinguished Name* (DN) that uniquely identifies a user or group. User and group names typically have attributes such as a *common name* (`cn`) or *unique ID* (`uid`). A DN is specified as a string, for example `"cn=admin,dc=example,dc=com"` (white spaces are ignored).

deploy-manage/users-roles/cluster-or-deployment-auth/ldap.md

@@ -15,14 +15,22 @@ navigation_title: LDAP
 
 You can configure the {{stack}} {{security-features}} to communicate with a Lightweight Directory Access Protocol (LDAP) server to authenticate users. See [Configuring an LDAP realm](../../../deploy-manage/users-roles/cluster-or-deployment-auth/ldap.md#ldap-realm-configuration).
 
+To integrate with LDAP, you configure an `ldap` realm and map LDAP groups to user roles.
+
+:::{{tip}}
+This topic describes implementing LDAP at the cluster or deployment level, for the purposes of authenticating with {{es}}. 
+
+You can also configure an {{ece}} installation to use an LDAP server to authenticate users. [Learn more](/deploy-manage/users-roles/cloud-enterprise-orchestrator/ldap.md).
+:::
+
+## How it works
+
 LDAP stores users and groups hierarchically, similar to the way folders are grouped in a file system. An LDAP directory’s hierarchy is built from containers such as the *organizational unit* (`ou`), *organization* (`o`), and *domain component* (`dc`).
 
 The path to an entry is a *Distinguished Name* (DN) that uniquely identifies a user or group. User and group names typically have attributes such as a *common name* (`cn`) or *unique ID* (`uid`). A DN is specified as a string, for example  `"cn=admin,dc=example,dc=com"` (white spaces are ignored).
 
 The `ldap` realm supports two modes of operation, a user search mode and a mode with specific templates for user DNs.
 
-To integrate with LDAP, you configure an `ldap` realm and map LDAP groups to user roles.
-
 ::::{important} 
 When you configure realms in `elasticsearch.yml`, only the realms you specify are used for authentication. If you also want to use the `native` or `file` realms, you must include them in the realm chain.
 ::::

deploy-manage/users-roles/cluster-or-deployment-auth/native.md

@@ -19,6 +19,16 @@ The easiest way to manage and authenticate users is with the internal `native` r
 
 In self-managed {{es}} clusters, you can also reset passwords for users in the native realm [using the command line](#reset-pw-cmd-line).
 
+:::{{tip}}
+This topic describes using the native realm at the cluster or deployment level, for the purposes of authenticating with {{es}}. 
+
+You can also manage and authenticate users natively at the following levels:
+
+* For an [{{ece}} installation](/deploy-manage/users-roles/cloud-enterprise-orchestrator/native-user-authentication.md).
+* For an [{{ecloud}} organization](/deploy-manage/users-roles/cloud-organization/manage-users.md).
+:::
+
+
 ## Configure a native realm [native-realm-configuration]
 
 The native realm is available and enabled by default. You can disable it explicitly with the following setting.

deploy-manage/users-roles/cluster-or-deployment-auth/pki.md

@@ -1,6 +1,12 @@
 ---
 mapped_pages:
   - https://www.elastic.co/guide/en/elasticsearch/reference/current/pki-realm.html
+applies_to:
+  deployment:
+    self:
+    ess:
+    ece:
+    eck:
 ---
 
 # PKI [pki-realm]