diff --git a/docs/access/index.md b/docs/access/index.md
index 3e223538..9b6eaf5b 100644
--- a/docs/access/index.md
+++ b/docs/access/index.md
@@ -1,22 +1,11 @@
-# Access and Accounting
+# Connecting to Alps
-Users at CSCS typically have one account that can be used to access all services at CSCS.
+This documentation guides users through the process of accessing CSCS systems and services.
-
+!!! info
+ Before accessing CSCS, you need to have an account at CSCS, and be part of a project that has been allocated resources.
+ More information on how to get an account is available in [accounts and projects][account-management].
-- :fontawesome-solid-mountain-sun: __Multi Factor Authetification (MFA)__
-
- A guide to setting up and using MFA.
-
- [:octicons-arrow-right-24: Setting up and use MFA][mfa]
-
-- :fontawesome-solid-mountain-sun: __Getting Access__
-
- A project is required to get access to resources on Alps.
- Instructions on how to submit a project proposal is available on the main CSCS web site.
-
- [:octicons-arrow-right-24: Applying for an Alps project](https://www.cscs.ch/user-lab/applying-for-accounts)
-
There are different ways to authenticate your identity in order to access services at CSCS, using a password set by the user. Currently users can be authenticated with:
diff --git a/docs/access/mfa.md b/docs/access/mfa.md
new file mode 100644
index 00000000..0ae416b8
--- /dev/null
+++ b/docs/access/mfa.md
@@ -0,0 +1,86 @@
+[](){#mfa}
+# Multi Factor Authentification
+
+To access CSCS services and systems users are required to authenticate using multi-factor authentication (MFA).
+MFA is implemented as a two-factor authentication, where one factor is the login and password pair ("the thing you know") and the other factor is the device which generates one-time passwords (OTPs, "the thing you have").
+In this way security is significantly improved compared to single-factor (password only) authentication.
+
+The MFA workflow uses a time-based one-time password (OTP) to verify identity.
+An OTP is a six-digit number which changes every 30 seconds.
+OTPs are generated using a tool installed on a device other than the one used to access CSCS services and infrastructure.
+We recommend to use a smartphone with an application such as Google Authenticator to obtain the OTPs.
+
+[](){#mfa-setup}
+## Getting Started
+
+When you first log in to any of the CSCS web applications such as UMP, Jupyter, etc., you will be asked to register your device.
+
+Firstly, you will be asked to provide a code that you received by email.
+After this validation step, you will need to scan a QR code with your mobile phone using an application such as Google Authenticator.
+Lastly, you will need to enter the OTP from the authenticator application to complete the registration of your device.
+From then on, two-factor authrentication will be required to access CSCS services and systems.
+A more detailed explanation of the registration process is provided in the next section.
+
+!!! warning
+ It is not possible to log in to CSCS systems using SSH without registering a device and creating certified SSH keys.
+ See below for details on generating certified SSH keys.
+
+### Authenticator Application
+
+CSCS supports authenticators that follow an open standard called [TOTP](https://en.wikipedia.org/wiki/Time-based_one-time_password).
+The recommended way to access such an authenticator is to install an application on your mobile phone.
+Google Authenticator and FreeOTP have been tested successfully; however, if you are using a different mobile application for OTPs, feel free to continue using it - given it supports the TOTP standard.
+
+You can download Google Authenticator for your phone:
+
+* :fontawesome-brands-android: Android: on the [Google Play Store](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2).
+* :fontawesome-brands-apple: iOS: on the [Apple Store](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2).
+
+[](){#mfa-configure-otp}
+### Configure the Authenticator
+
+Before starting, ensure that the following pre-requisites are satisfied
+
+1. You have an invitation email from CSCS for MFA enrollment
+ * a notification email will be sent atleast one week before we sent the invitation email.
+2. You have installed an OTP Authenticator app on your mobile device (see above).
+
+!!! note
+ If you try access any of our web applications without setting up MFA, you will be redirected to enroll for MFA.
+
+!!! warning
+ If you try to SSH to CSCS systems without setting up MFA, you will be prompted with permission denied error, for example:
+ ```
+ > ssh ela.cscs.ch
+ bobsmith@ela.cscs.ch: Permission denied (publickey).
+ Connection closed by UNKNOWN port 65535
+ ```
+
+Steps:
+
+1. Access any of the CSCS Web applications such as [`account.cscs.ch`](https://account.cscs.ch), Jupyter, etc., on a new browser session which will redirects you to the CSCS login page.
+2. Log in with your username and password.
+3. You will be asked to key in a code which CSCS Authentication system sent to you by email.
+ After successfaul validation of the code you will be redirected to the next page which present a QR code.
+4. Scan the QR code with the authenticator app that was installed on your mobile device.
+ After scanning the QR code the authenticator app will start generating a new 6 digit OTP every 60 seconds.
+5. To complete the OTP registration process, please enter the 6 digit OTP from the authenticator app at the bottom of the the same QR code page. Optionally, you can input your device name where you imported the OTP seed by scanning the QR code
+6. On successful registration you will be logged into the CSCS web application that you accessed in step-1
+
+!!! todo
+ do we need the images from KB?
+
+### Resetting the Authenticator
+
+In case users lose access to their mobile device/Authenticator OTP, users can reset their OTP by following the below self-service process.
+
+1. Access any CSCS web application like: [account.cscs.ch](https://account.cscs.ch/) which redirects you to the CSCS Login page.
+2. From the login screen, click the "Reset OTP" link below the "LOG IN" button
+3. Enter your username and password.
+4. On successful validation of user credentials, users will receive an email with a reset credentials link like the one below, click on the link in the email
+5. The steps are the same as for the first time you [configured the authenticator][mfa-configure-otp].
+
+!!! warning
+ When replacing your smartphone remember to sync the authenticator app before resetting the old smartphone.
+ Otherwise, you will have to follow this process.
+
diff --git a/docs/access/mfa/index.md b/docs/access/mfa/index.md
deleted file mode 100644
index d2ccb28c..00000000
--- a/docs/access/mfa/index.md
+++ /dev/null
@@ -1,250 +0,0 @@
-[](){#mfa}
-# Multi Factor Authentification
-
-!!! todo
- These docs have been mostly cut and paste, with some small changes.
-
- I did some refactoring to make them a bit easier to read, and more logical for linking to other docs.
-
- But they should be more user friendly, because they will often be the first docs that users interact with as they acccess CSCS.
-
-To access CSCS services and systems users are required to authenticate using multi-factor authentication (MFA).
-MFA is implemented as a two-factor authentication, where one factor is the login and password pair ("the thing you know") and the other factor is the device which generates one-time passwords (OTPs, "the thing you have").
-In this way security is significantly improved compared to single-factor (password only) authentication.
-
-The MFA workflow uses a time-based one-time password (OTP) to verify identity.
-An OTP is a six-digit number which changes every 30 seconds.
-OTPs are generated using a tool installed on a device other than the one used to access CSCS services and infrastructure.
-We recommend to use a smartphone with an application such as Google Authenticator to obtain the OTPs.
-
-
-
-- :fontawesome-solid-headset: [__Getting Started__][mfa-setup]
-
- Get the authenticator app set up on your phone.
-
-- :fontawesome-regular-comments: [__Log in to a cluster__][mfa-ssh]
-
- Use SSH to log into a cluster.
-
-- :fontawesome-regular-comments: [__Access a CSCS web app__][mfa-web]
-
- MFA is required to log into CSCS web services.
-
-
-
-[](){#mfa-setup}
-## Getting Started
-
-When you first log in to any of the CSCS web applications such as UMP, Jupyter, etc., you will be asked to register your device.
-
-Firstly, you will be asked to provide a code that you received by email.
-After this validation step, you will need to scan a QR code with your mobile phone using an application such as Google Authenticator.
-Lastly, you will need to enter the OTP from the authenticator application to complete the registration of your device.
-From then on, two-factor authrentication will be required to access CSCS services and systems.
-A more detailed explanation of the registration process is provided in the next section.
-
-!!! warning
- It is not possible to log in to CSCS systems using SSH without registering a device and creating certified SSH keys.
- See below for details on generating certified SSH keys.
-
-### Authenticator Application
-
-CSCS supports authenticators that follow an open standard called [TOTP](https://en.wikipedia.org/wiki/Time-based_one-time_password).
-The recommended way to access such an authenticator is to install an application on your mobile phone.
-Google Authenticator and FreeOTP have been tested successfully; however, if you are using a different mobile application for OTPs, feel free to continue using it - given it supports the TOTP standard.
-
-You can download Google Authenticator for your phone:
-
-* :fontawesome-brands-android: Android: on the [Google Play Store](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2).
-* :fontawesome-brands-apple: iOS: on the [Apple Store](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2).
-
-[](){#configure-otp}
-### Configure the Authenticator
-
-Before starting, ensure that the following pre-requisites are satisfied
-
-1. You have an invitation email from CSCS for MFA enrollment
- * a notification email will be sent atleast one week before we sent the invitation email.
-2. You have installed an OTP Authenticator app on your mobile device (see above).
-
-!!! note
- If you try access any of our web applications without setting up MFA, you will be redirected to enroll for MFA.
-
-!!! warning
- If you try to SSH to CSCS systems without setting up MFA, you will be prompted with permission denied error, for example:
- ```
- > ssh ela.cscs.ch
- bobsmith@ela.cscs.ch: Permission denied (publickey).
- Connection closed by UNKNOWN port 65535
- ```
-
-Steps:
-
-1. Access any of the CSCS Web applications such as [`account.cscs.ch`](https://account.cscs.ch), Jupyter, etc., on a new browser session which will redirects you to the CSCS login page.
-2. Log in with your username and password.
-3. You will be asked to key in a code which CSCS Authentication system sent to you by email.
- After successfaul validation of the code you will be redirected to the next page which present a QR code.
-4. Scan the QR code with the authenticator app that was installed on your mobile device.
- After scanning the QR code the authenticator app will start generating a new 6 digit OTP every 60 seconds.
-5. To complete the OTP registration process, please enter the 6 digit OTP from the authenticator app at the bottom of the the same QR code page. Optionally, you can input your device name where you imported the OTP seed by scanning the QR code
-6. On successful registration you will be logged into the CSCS web application that you accessed in step-1
-
-!!! todo
- do we need the images from KB?
-
-### Resetting the Authenticator
-
-In case users lose access to their mobile device/Authenticator OTP, users can reset their OTP by following the below self-service process.
-
-1. Access any CSCS web application like: [account.cscs.ch](https://account.cscs.ch/) which redirects you to the CSCS Login page.
-2. From the login screen, click the "Reset OTP" link below the "LOG IN" button
-3. Enter your username and password.
-4. On successful validation of user credentials, users will receive an email with a reset credentials link like the one below, click on the link in the email
-5. The steps are the same as for the first time you [configured the authenticator][configure-otp].
-
-!!! warning
- When replacing your smartphone remember to sync the authenticator app before resetting the old smartphone.
- Otherwise, you will have to follow this process.
-
-[](){#mfa-web}
-## Using MFA to acccess web-based services
-
-After having completed the setup of your authenticator, you will be asked to enter your login/password and the OTP to access all web-based services.
-
-1. Enter username and password.
- * if the wrong username / password combination is entered, you will see an error.
- 
-2. Then you will be prompted to enter the 6-digit code obtained from your device.
- 
-
-[](){#mfa-ssh}
-## Using MFA with SSH
-
-It is not possible to authenticate with a username/password and user-created SSH keys: it is necessary to use a certified SSH key created by a CSCS SSHService.
-
-!!! note
- Keys are valid for 24 hours, after which a new key must be generated.
-
-!!! warning
- The number of certified SSH keys is limited to **five per day**.
- Once you have reached this number you will not be able to generate new keys until at least one of these key expires or keys are revoked.
-
-### Step 1: generate SSH keys
-
-There are two methods for generating SSH keys using the SSHService, the [SSHService web app](https://sshservice.cscs.ch/) or by using a [command-line script](https://github.com/eth-cscs/sshservice-cli).
-
-#### Getting keys via the command line
-
-On Linux and MacOS, the SSH keys can be generated and automatically installed using a command-line script.
-This script is provided in pure Bash and in Python.
-Python 3 is required together with packages listed in `requirements.txt` provided with the scripts.
-
-!!! note
- We recommend to using a [virtual environment](https://user.cscs.ch/tools/interactive/python/#python-virtual-environments) for Python.
-
-If this is the first time, download the ssh service from CSCS GitHub:
-
-```bash
-git clone https://github.com/eth-cscs/sshservice-cli
-cd sshservice-cli
-```
-
-The next step is to use either the bash or python scripts:
-
-=== "bash"
- Run the bash script in the `sshservice-cli` path:
-
- ```
- ./cscs-keygen.sh
- ```
-
-=== "python"
-
- The first time you use the script, you can set up a python virtual environment with the dependencies installed:
-
- ```bash
- python3 -m venv mfa
- source mfa/bin/activate
- pip install -r requirements.txt
- ```
-
- Therafter, activate the venv before using the script:
-
- ```bash
- source mfa/bin/activate
- python cscs-keygen.py
- ```
-
-For both approaches, follow the on screen instructions that require you to enter your username, password and the six-digit OTP from the authentifactor app on your phone.
-The script generates the key pair (`cscs-key` and `cscs-key-cert.pub`) in your `~/.ssh` path:
-
-```bash
-> ls ~/.ssh/cscs-key*
-/home/bobsmith/.ssh/cscs-key /home/bobsmith/.ssh/cscs-key-cert.pub
-```
-
-#### Getting keys via the web app
-
-Access the SSHService web application by accessing the URL, [sshservice.cscs.ch](https://sshservice.cscs.ch).
-
-1. Sign in with username, password and OTP
-2. Select "Signed key" on the left tab and click on "Get a signed key"
-3. On the next page a key pair is generated and ready to be downloaded. Download or copy/paste both keys.
-
-Once generated, the keys need to be copied from where your browser downloaded them to your `~/.ssh` path, for example:
-```bash
-mv /download/location/cscs-key-cert.pub ~/.ssh/cscs-key-cert.pub
-mv /download/location/cscs-key ~/.ssh/cscs-key
-chmod 0600 ~/.ssh/cscs-key
-```
-
-### Step 2: log in with the generated keys
-
-Set up a passphrase on the private key:
-```
-ssh-keygen -f ~/.ssh/cscs-key -p
-```
-
-Add the key to the SSH agent:
-```
-ssh-add -t 1d ~/.ssh/cscs-key
-```
-
-??? warning "Could not open a connection to your authentification agent"
- If you see this error message, the ssh agent is not running.
- You can start it with the following command:
- ```
- eval $(ssh-agent)
- ```
-
-Once the key has been configured, you can log in to CSCS' login system Ela:
-```bash
-# log in to ela.cscs.ch
-> ssh -A cscs_username@ela.cscs.ch
-
-# then jump to a cluster
-> ssh clariden
-```
-
-#### Frequently encountered issues
-
-??? warning "too many authentification failures"
- You may have too many keys in your ssh agent.
- Remove the unused keys from the agent or flush them all with the following command:
- ```bash
- ssh-add -D
- ```
-
-??? warning "Permission denied"
- This might indicate that they key has expired.
-
-
-??? warning "Could not open a connection to your authentication agent"
- If you see this error when adding keys to the ssh-agent, please make sure the agent is up, and if not bring up the agent using the following command:
- ```bash
- eval $(ssh-agent)
- ```
-
-!!! todo
- We need a "best practices"/"hints and tips" section for setthing up `~/.ssh/config`
diff --git a/docs/access/mfa/windows.md b/docs/access/mfa/windows.md
deleted file mode 100644
index 71dab674..00000000
--- a/docs/access/mfa/windows.md
+++ /dev/null
@@ -1,11 +0,0 @@
-# Using MFA with Windows
-[](){#mfa-windows}
-
-!!! todo
- copy over the MFA with windows docs from [Confluence](https://confluence.cscs.ch/display/KB/Connecting+to+CSCS+systems+through+MFA+on+Windows).
-
-!!! todo
- the windows docs are pretty terrible, and they just repeat the same steps as the main docs, but in WSL or MobaXterm.
- Can't we just have a helpful expandable tab in the main docs that says "use WSL on windows"?
-
- The workarounds for MobaXterm issues etc. can be added to the "common problems" list
diff --git a/docs/access/ssh.md b/docs/access/ssh.md
new file mode 100644
index 00000000..0d5ef8ca
--- /dev/null
+++ b/docs/access/ssh.md
@@ -0,0 +1,161 @@
+[](){#ssh}
+# Using SSH
+
+Before accessing CSCS clusters using SSH, first ensure that you have [created a user account][account-management] that is part of a project that has access to the cluster, and have [multi factor authentification][mfa] configured.
+
+It is not possible to authenticate with a username/password and user-created SSH keys: it is necessary to use a certified SSH key created using the CSCS SSHService, which is documented below.
+
+!!! note
+ Keys are valid for 24 hours, after which a new key must be generated.
+
+!!! warning
+ The number of certified SSH keys is limited to **five per day**.
+ Once you have reached this number you will not be able to generate new keys until at least one of these key expires or keys are revoked.
+
+## Generating Keys with SSHService
+
+There are two methods for generating SSH keys using the SSHService, the [SSHService web app](https://sshservice.cscs.ch/) or by using a [command-line script](https://github.com/eth-cscs/sshservice-cli).
+
+### Getting keys via the command line
+
+On Linux and MacOS, the SSH keys can be generated and automatically installed using a command-line script.
+This script is provided in pure Bash and in Python.
+Python 3 is required together with packages listed in `requirements.txt` provided with the scripts.
+
+!!! note
+ We recommend to using a [virtual environment](https://user.cscs.ch/tools/interactive/python/#python-virtual-environments) for Python.
+
+If this is the first time, download the ssh service from CSCS GitHub:
+
+```bash
+git clone https://github.com/eth-cscs/sshservice-cli
+cd sshservice-cli
+```
+
+The next step is to use either the bash or python scripts:
+
+=== "bash"
+ Run the bash script in the `sshservice-cli` path:
+
+ ```
+ ./cscs-keygen.sh
+ ```
+
+=== "python"
+
+ The first time you use the script, you can set up a python virtual environment with the dependencies installed:
+
+ ```bash
+ python3 -m venv mfa
+ source mfa/bin/activate
+ pip install -r requirements.txt
+ ```
+
+ Therafter, activate the venv before using the script:
+
+ ```bash
+ source mfa/bin/activate
+ python cscs-keygen.py
+ ```
+
+For both approaches, follow the on screen instructions that require you to enter your username, password and the six-digit OTP from the authentifactor app on your phone.
+The script generates the key pair (`cscs-key` and `cscs-key-cert.pub`) in your `~/.ssh` path:
+
+```bash
+> ls ~/.ssh/cscs-key*
+/home/bobsmith/.ssh/cscs-key /home/bobsmith/.ssh/cscs-key-cert.pub
+```
+
+### Getting keys via the web app
+
+Access the SSHService web application by accessing the URL, [sshservice.cscs.ch](https://sshservice.cscs.ch).
+
+1. Sign in with username, password and OTP
+2. Select "Signed key" on the left tab and click on "Get a signed key"
+3. On the next page a key pair is generated and ready to be downloaded. Download or copy/paste both keys.
+
+Once generated, the keys need to be copied from where your browser downloaded them to your `~/.ssh` path, for example:
+```bash
+mv /download/location/cscs-key-cert.pub ~/.ssh/cscs-key-cert.pub
+mv /download/location/cscs-key ~/.ssh/cscs-key
+chmod 0600 ~/.ssh/cscs-key
+```
+
+## Logging in with the generated keys
+
+Set up a passphrase on the private key:
+```
+ssh-keygen -f ~/.ssh/cscs-key -p
+```
+
+Add the key to the SSH agent:
+```
+ssh-add -t 1d ~/.ssh/cscs-key
+```
+
+??? warning "Could not open a connection to your authentification agent"
+ If you see this error message, the ssh agent is not running.
+ You can start it with the following command:
+ ```
+ eval $(ssh-agent)
+ ```
+
+Once the key has been configured, you can log in to CSCS' login system Ela:
+```bash
+# log in to ela.cscs.ch
+> ssh -A cscs_username@ela.cscs.ch
+
+# then jump to a cluster
+> ssh clariden
+```
+
+### Set up SSH Config
+
+To simplify logging in, you can edit (or create) the SSH configuration file `$HOME/.ssh/config` on your laptop or PC.
+A simple configuration for that simplifies logging into [Clariden][clariden] is:
+
+```
+Host ela
+ HostName ela.cscs.ch
+ ForwardAgent yes
+ # replace with your CSCS username
+ User username
+
+Host clariden
+ HostName clariden.alps.cscs.ch
+ ProxyJump ela
+ # replace with your CSCS username
+ User username
+
+Host daint
+ HostName daint.alps.cscs.ch
+ ProxyJump ela
+ # replace with your CSCS username
+ User username
+```
+
+With this configuration, you can log into Clariden directly using the name clariden that was defined in `Host clariden`.
+
+```bash
+ssh clariden
+```
+
+## Frequently encountered issues
+
+??? warning "too many authentification failures"
+ You may have too many keys in your ssh agent.
+ Remove the unused keys from the agent or flush them all with the following command:
+ ```bash
+ ssh-add -D
+ ```
+
+??? warning "Permission denied"
+ This might indicate that they key has expired.
+
+
+??? warning "Could not open a connection to your authentication agent"
+ If you see this error when adding keys to the ssh-agent, please make sure the agent is up, and if not bring up the agent using the following command:
+ ```bash
+ eval $(ssh-agent)
+ ```
+
diff --git a/docs/access/vscode.md b/docs/access/vscode.md
new file mode 100644
index 00000000..bb0676d7
--- /dev/null
+++ b/docs/access/vscode.md
@@ -0,0 +1,8 @@
+[](){#vscode}
+# Connecting with VSCode
+
+!!! todo
+ how to connect VSCode
+
+ * with a container
+ * with a uenv
diff --git a/docs/access/web.md b/docs/access/web.md
new file mode 100644
index 00000000..c2146ddf
--- /dev/null
+++ b/docs/access/web.md
@@ -0,0 +1,19 @@
+# Accessing CSCS Web Portals
+
+Most services at CSCS are connected to the CSCS Single Sign-On gate.
+This gives users the comfort of not having to sign in multiple times in each individual service connected to this gate and increases security.
+Furthermore, the Single Sign-On gate allow users to recover their forgotten passwords and authenticate using a third-party account. The login page looks like
+
+[](){#web-mfa}
+## Using MFA to acccess web-based services
+
+After having completed the setup of [MFA][mfa], you will be asked to enter your login/password and the OTP to access all web-based services.
+
+Enter username and password.
+
+
+
+Then you will be prompted to enter the 6-digit code obtained from your device.
+
+
+
diff --git a/docs/accounts/index.md b/docs/accounts/index.md
new file mode 100644
index 00000000..90400418
--- /dev/null
+++ b/docs/accounts/index.md
@@ -0,0 +1,59 @@
+[](){#account-management}
+# Getting and Managing Accounts
+
+Users at CSCS have one account that can be used to access all services and systems at CSCS.
+To get an account you must be invited by a member of CSCS project adminstration or by a the principle investigator (PI) of a current project at CSCS.
+
+!!! note "Getting a project at CSCS for PIs"
+ In order to get an account at CSCS, or to request access for the members of your team, you first need to get a project at CSCS.
+ CSCS issues calls for proposals that are announced via the CSCS website and e-mails.
+ More information about upcoming calls is available on [the CSCS web site](https://www.cscs.ch/user-lab/allocation-schemes).
+
+New PIs who have sucessfully applied for a preparatory project will receive an invitation from CSCS to get an account at CSCS.
+PIs can then invite members of their groups to join their project.
+
+!!! info
+ It is possible for users to be part of multiple projects by being invited separately by the PI of each project.
+
+!!! note
+ Accounts are bound to projects, and accounts will be closed with the project unless the account is also part of another open project.
+
+## Tools for managing accounts and projects
+
+The tool used to manage projects and accounts depends on the platform on which the project was granted:
+
+* The [HPC Platform][hpcp] and [Climate and Weather Platform][cwp] use the [account and resources management tool][ump] at [account.cscs.ch](https://account.cscs.ch)
+* The [Machine Learning Platform][mlp] uses the [project and resources management tool][waldur] at [portal.cscs.ch](https://portal.cscs.ch).
+
+!!! note
+ The [portal.cscs.ch][waldur] site will be used to manage all projects in the future.
+
+## Signing up for a new account
+
+New users who do not already have an account at CSCS, including PIs, need to provide the following information before CSCS can open their account:
+
+* a scanned copy of your passport or recognised id card.
+ * this will be deleted by CSCS immediately after the account has been created.
+* an institutional email address (gmail, hotmail, etc. will not be accepted)
+* correct information (title, name, etc.)
+
+New accounts are usually opened within 48 hours.
+
+## Using different accounts
+
+In order to use a different account, log out of the Single Sign-On gate by going to the Account and Resources Tool and selecting "Log out of CSCS" on the upper-right profile icon with the tool used to manage your project, [account.cscs.ch](https://portal.cscs.ch) or [portal.cscs.ch](https://portal.cscs.ch).
+
+## Signing in with a third-part account
+
+All users at CSCS need to go through the standard registration process and get a CSCS account. In addition, they can also link their CSCS account to an external account, e.g. the one from their home institution.
+In this case, they can sign into the CSCS services using his/her home institution credentials instead of the CSCS username/password.
+This process happens only during the Single Sign-On procedure described above, and from that time on and for all purposes, and until the user logs out, the user identifier that presents itself to all CSCS services is the CSCS username, not the external one.
+The number of external institutions that are allowed to link their accounts is limited and displayed in the login page.
+
+Linking an external account can be done in the Profile section (upper-right corner) of your account page at the tool used to manage your project, [account.cscs.ch](https://portal.cscs.ch) or [portal.cscs.ch](https://portal.cscs.ch).
+
+
+## Regulations and Policies
+
+Please note that as soon as you receive and accept an invitation to get an account at CSCS, you agree to the [CSCS/ETHZ regulations](https://rechtssammlung.sp.ethz.ch/Dokumente/203.21en.pdf).
+
diff --git a/docs/access/ump.md b/docs/accounts/ump.md
similarity index 100%
rename from docs/access/ump.md
rename to docs/accounts/ump.md
diff --git a/docs/access/waldur.md b/docs/accounts/waldur.md
similarity index 94%
rename from docs/access/waldur.md
rename to docs/accounts/waldur.md
index 49224b27..09de6329 100644
--- a/docs/access/waldur.md
+++ b/docs/accounts/waldur.md
@@ -1,11 +1,11 @@
[](){#waldur}
-# User Management with Waldur
+# The Project and Resources Management Tool
CSCS Account Managers, PIs and deputy PIs can invite users to the respective projects following the below steps on CSCS's new project management portal.
!!! info
The new user project management portal is currently only used by the [Machine Learning Platform][mlp]
- All other platforms use the [user management portal (UMP)](ump.md)
+ All other platforms use the old [user management portal](ump.md)
## log in to the portal
diff --git a/docs/index.md b/docs/index.md
index a3cb328d..b7d01c5f 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -41,13 +41,13 @@ Welcome to the techincal documentation for Alps.
CSCS uses multifactor authentification for secure connection to our services and systems
- [:octicons-arrow-right-24: Setting up MFA](./access/mfa/index.md)
+ [:octicons-arrow-right-24: Setting up MFA][mfa]
- [:octicons-arrow-right-24: Logging into vClusters][mfa-ssh]
+ [:octicons-arrow-right-24: Logging into vClusters][ssh]
Manage your project and team in the user management portal
- [:octicons-arrow-right-24: User management portal](./access/ump.md)
+ [:octicons-arrow-right-24: User management portal][ump]
diff --git a/mkdocs.yml b/mkdocs.yml
index 3b659487..ee86e48f 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -15,13 +15,16 @@ plugins:
- autorefs
nav:
- Welcome: index.md
- - 'Access':
+ - 'Accounts and Projects':
+ - accounts/index.md
+ - 'Account and Resources Management Tool': accounts/ump.md
+ - 'Project and Resources Management Tool': accounts/waldur.md
+ - 'Connecting to Alps':
- access/index.md
- - 'MFA':
- - access/mfa/index.md
- - 'using windows': access/mfa/windows.md
- - 'UMP': access/ump.md
- - 'Waldur': access/waldur.md
+ - 'Multi Factor Authentification (MFA)': access/mfa.md
+ - 'Web Services': access/web.md
+ - 'SSH': access/ssh.md
+ - 'VSCode': access/vscode.md
- 'Alps':
- alps/index.md
- 'Platforms': alps/platforms.md