fix(iam): members gros

Author: ldecarvalho-doc

menu/navigation.json

@@ -52,10 +52,6 @@
                     "label": "Configure support plans",
                     "slug": "configure-support-plans"
                   },
-                  {
-                    "label": "Enforce multifactor authentication",
-                    "slug": "enforce-mfa"
-                  },
                   {
                     "label": "Use multifactor authentication",
                     "slug": "use-2fa"
@@ -279,6 +275,14 @@
                     "label": "Generate an SSH key",
                     "slug": "create-ssh-key"
                   },
+                  {
+                    "label": "Enforce multifactor authentication",
+                    "slug": "enforce-mfa"
+                  },
+                  {
+                    "label": "Enforce security requirements for IAM members",
+                    "slug": "enforce-security-requirements-members"
+                  },
                   {
                     "label": "Add resources to a Project",
                     "slug": "add-resources-project"

pages/iam/concepts.mdx

@@ -62,6 +62,10 @@ Similarly, you may participate as a Guest in someone else's Organization, where
 
 You can also create non-human users in your Organization, called [IAM applications](#application), in order to give applications programmatic access to your Scaleway resources.
 
+## Member
+
+You are a member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created. As a member you are subject to [complying with the security requirements]() in effect in your Organization.
+
 ## Organization
 
 An Organization is made of one or several [Projects](#project). When you create your Scaleway account, an Organization is automatically created, of which you are the Owner. When you create [IAM rules](#rule), you can set their scope at Organization level.
@@ -79,8 +83,6 @@ The Organization ID identifies the [Organization](#organization) created with yo
 
 You are the [Owner](#owner) of the Organization that is created with your Scaleway account. Owners have full rights and access to all resources and features in their Organization. See also [Guest](#guest).
 
-<Lightbox src="scaleway-iam-owners-guests.webp" alt="" />
-
 ## Permission
 
 A permission is a granular right, which is checked to determine whether to give access to an API endpoint. Permissions are grouped into [permission sets](#permission-set) to facilitate access management within [policies](#policy).
@@ -158,7 +160,7 @@ Keep in mind that:
 A user (also known as an IAM user) is a human user in an Organization. They can be of two types:
 - **Owner**: You are the Owner of the [Organization](#organization) that was created with your account.
 - **Guest**: You are a Guest when invited to another Organization of which you are not the Owner. Similarly, you can invite other users to be Guests in your Organization.
+- **Member**: You are a member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created.
 
 Within each Organization, different IAM users can have different rights (defined through [policies](#policy)) to perform actions on resources.
 
-<Lightbox src="scaleway-iam-owners-guests.webp" alt="" />

pages/iam/how-to/accept-invitation-to-orga.mdx

@@ -22,7 +22,7 @@ When you [create a Scaleway account](/account/how-to/create-an-account/), an Org
 When someone invites you to join their Organization, you receive an email to inform you.
 
 <Message type="important">
-  If the Organization you were invited to [enforces MFA](/account/how-to/enforce-mfa/), make sure you have [activated MFA](/account/how-to/use-2fa/) before accepting the invitation.
+  If the Organization you were invited to [enforces MFA](/organizations-and-projects/how-to/enforce-mfa/), make sure you have [activated MFA](/account/how-to/use-2fa/) before accepting the invitation.
 </Message>
 
 ## If you already have a Scaleway account

pages/iam/how-to/log-in-as-a-member.mdx

@@ -11,11 +11,13 @@ dates:
 ---
 
 
+If [Multifactor Authentication (MFA) is enforced](/organizations-and-projects/how-to/enforce-mfa) at the Organization level, when new members are added they receive a [grace period](/iam/concepts#grace-period) to [enable MFA](/account/how-to/use-2fa) for their accounts.
+
+## How to log in
 
 ## How to comply with security requirements
 
-1. Enter new password
+1. Reset password
 2. Set up MFA
 
-
 ## Generate an API key

pages/iam/how-to/manage-members.mdx

@@ -10,6 +10,11 @@ dates:
   posted: 2025-06-02
 ---
 
+<Macro id="requirements" />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+
 ## How to create a member
 
 1. Click **Identity and Access Management (IAM)** from the top-right of your [Organization Dashboard](https://console.scaleway.com/organization) in the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
@@ -29,14 +34,91 @@ If you did not send an invitation email to the member, make sure you give them t
 
 ## How to lock a member
 
+As an Owner or user with IAM Manager permissions, you can lock a member anytime.
+
+<Message type="important">
+  Locking is an action that only applies to IAM members. Once a member is locked, they cannot log into the Organization, but are not removed from it.
+</Message>
+
+1. Click **Identity and Access Management (IAM)** on the top-right corner of your [Organization Dashboard](https://console.scaleway.com/organization) in the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
+2. Click the name of the member you want to lock. Alternatively, click <Icon name="more" /> next to the member, and select **Overview**. Either way, you are taken to the user's **Overview** tab.
+3. Scroll to the **Lock member** section.
+4. Click **Lock member**. A pop-up appears.
+5. Type **LOCK** in the box and click **Confirm**.
 
+The member is locked and their name is displayed in red and their status is marked as `Locked` in the IAM users list.
 
 
 ## How to unlock a member
 
-## How to delete a member
+If a member is locked you can unlock them anytime as an Owner or user with IAM Manager permissions. Their name is displayed in red and their status is marked as `Locked` in the IAM users list.
+
+<Message type="important">
+  If a member fails to [comply with security requirements]() by the end of the [grace period](/organizations-and-projects/concepts), they are automatically locked and are not able to connect to the Organization until they are manually unlocked.
+</Message>
+
+1. Click **Identity and Access Management (IAM)** on the top-right corner of your [Organization Dashboard](https://console.scaleway.com/organization) in the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
+2. Click the name of the member you want to unlock. Alternatively, click <Icon name="more" /> next to the member, and select **Overview**. Either way, you are taken to the user's **Overview** tab.
+3. Scroll to the **Unlock member** section.
+4. Click **Unlock member**. A pop-up appears.
+    <Message type="important">
+      Be aware that the member will regain access to the Organization.
+    </Message>
+5. Type **UNLOCK** in the box and click **Confirm**.
+
+The member is unlocked.
 
 ## How edit a member's information
 
-## How to deactivate a member's MFA
+You can edit a member's username, email address and password.
+
+1. Click **Identity and Access Management (IAM)** on the top-right corner of your [Organization Dashboard](https://console.scaleway.com/organization) in the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
+2. Click the name of the member you want to delete. Alternatively, click <Icon name="more" /> next to the member, and select **Overview**. Either way, you are taken to the user's **Overview** tab.
+3. Click the **Credentials** tab.
+4. Click **Edit** next to the information you want to update in the **Sign in credentials** section. For each credential a different pop-up appears.
+5. Enter the new information in the box.
+    <Message type="important">
+      Passwords are optional. When you can create or update a password for a member, you can opt to send the password to the member via email. Once a new password is created, it is not stored or shown in the Scaleway console. Copy and safely store the before leaving the **Edit password** pop-up.
+    </Message>
+5. Click **Confirm**.
+
+The updated information appears in the credentials tab.
+
+## How to disable a member's MFA
+
+If [Multifactor Authentication (MFA) is enabled](/account/how-to/use-2fa) for a member you can disable it anytime. Disabling MFA is useful if the member lost access to their authentication app and needs to reset MFA.
+
+1. Click **Identity and Access Management (IAM)** on the top-right corner of your [Organization Dashboard](https://console.scaleway.com/organization) in the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
+2. Click the name of the member you want to delete. Alternatively, click <Icon name="more" /> next to the member, and select **Overview**. Either way, you are taken to the user's **Overview** tab.
+3. Click the **Credentials** tab.
+4. Scroll to the **Disable multifactor authentication** section.
+5. Click **Disable MFA**. A pop-up appears
+    <Message type="important">
+      Keep in mind that disabling MFA means a member will no longer be required to sign in with MFA. If [MFA is enforced](/organizations-and-projects/how-to/enforce-mfa) at the Organization level, the member will have a grace period allowing them to enable it again.
+    </Message>
+6. Type **DISABLE** in the box and click **Confirm**.
+
+## How to enforce security requirements for a member
+
+
+## How to delete a member
+
+<Message type="important">
+  A member can delete their own account. The procedure is the same as described below.
+</Message>
+
+1. Click **Identity and Access Management (IAM)** on the top-right corner of your [Organization Dashboard](https://console.scaleway.com/organization) in the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
+2. Click the name of the member you want to delete. Alternatively, click <Icon name="more" /> next to the member, and select **Overview**. Either way, you are taken to the user's **Overview** tab.
+3. Scroll to the **Delete member** section.
+4. Click **Delete member**. A pop-up appears.
+    <Message type="important">
+      Keep in mind that when you delete a member:
+        - All of their API keys will be deleted
+        - Their username will become available for other members to use
+        - All logs of their actions will be kept
+    </Message>
+5. Type **DELETE** in the box and click **Confirm**.
+
+The member is deleted. If you wish to check the member's previous logs from this point on, keep in mind that they will appear as "Deleted user" in the IAM logs. The user ID remains visible.
+
 

pages/iam/how-to/manage-users.mdx

@@ -17,6 +17,10 @@ You can manage IAM users of an Organization if you are the [Owner](/iam/concepts
 - A Scaleway account logged into the [console](https://console.scaleway.com)
 - [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
 
+<Message type="note">
+  The procedures described below, except [How to remove a user from the Organization](#how-to-remove-a-user-from-the-organization), apply to all types of IAM users: Owners, Guests and Members. [IAM members](/iam/concepts#members), however, have extra features that apply only to them. Refer to the [How to manage members](/iam/how-to/manage-members) documentation page to find the procedures specific to members.
+</Message>
+
 ## How to access the user overview
 
 1. Click **Identity and Access Management (IAM)** from the top-right of your [Organization Dashboard](https://console.scaleway.com/organization) in the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
@@ -111,4 +115,3 @@ A user may be attached to multiple policies.
     <Lightbox src="scaleway-remove-user-popup.webp" alt="A pop up box displaying a warning: Removing a user from this Organization automatically deletes their API keys, and any policies directly attached to them become orphaned" />
 3. Type **REMOVE** to confirm, and click **Remove user** to validate.
 
-

pages/organizations-and-projects/concepts.mdx

@@ -16,6 +16,10 @@ categories:
 
 Each [Organization](#organization) has at least one associated [Project](#project). Upon account creation, this Project is called **default**. The [Project name can be changed](/organizations-and-projects/how-to/change-project-name/) later. The default Project takes on the Organization ID. Therefore, the default status cannot be transferred to other Projects.
 
+## Grace Period
+
+The grace period is the time an [IAM members](/iam/concepts#members) has to comply with the security requirements that are enforced in your Organization before their account is automatically locked. The accounts can be manually unlocked by an Owner or IAM Manager. Upon regaining access, the grace period resets, giving IAM members another chance to meet security requirements.
+
 ## Organization
 
 An Organization is made of one or several [Projects](#project). When you create your Scaleway account, an Organization is automatically created, of which you are the Owner.

pages/account/how-to/enforce-mfa.mdx renamed to pages/organizations-and-projects/how-to/enforce-mfa.mdx

@@ -0,0 +1,66 @@
+---
+meta:
+  title: How to enforce security requirements for IAM members in your Organization
+  description: This page shows you how to edit the grace period IAM members have to comply with security requirements, enforce password renewal and define a maximum number of login attempts.
+content:
+  h1: How to enforce security requirements for IAM members
+  paragraph: This page shows you how to edit the grace period IAM members have to comply with security requirements, enforce password renewal and define a maximum number of login attempts.
+dates:
+  validation: 2025-02-11
+  posted: 2025-02-11
+categories:
+  - console
+---
+
+For the increased security of your Organization, you can enforce different security measures for your IAM members.
+
+<Message type="important">
+  The security measures listed on this page, except enforcing MFA, apply only to [IAM members](/iam/concepts#members).
+</Message>
+
+<Macro id="requirements" />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+
+## How to enforce password renewal
+
+1. Click the **Security** tab of the [Organization Dashboard](https://console.scaleway.com/organization).
+2. Scroll to the **Password renewal** section.
+3. Click **Enforce renewal**. A pop-up displays.
+    <Message type="important">
+      Enforcing password renewal means that all members with a password in the Organization will be request to reset it upon their first login.
+    </Message>
+4. Type **ENFORCE** in the box and click **Confirm**.
+
+## How to stop enforcing password renewal
+
+1. Click the **Security** tab of the [Organization Dashboard](https://console.scaleway.com/organization).
+2. Scroll to the **Password renewal** section.
+3. Click **Stop enforcing renewal**. A pop-up displays.
+4. Type **STOP** in the box and click **Confirm**.
+
+## How to edit the grace period of your Organization
+
+From their first login, members have a default grace period of seven days to comply with security requirements before their access to the Organization is automatically locked. You can extend or reduce the grace period in the console.
+
+<Message type="important">
+  Locked members cannot connect to the Organization until they are [manually unlocked](/iam/how-to/manage-members#how-to-unlock-a-member). Upon regaining access, the grace period resets, giving them another chance to meet security requirements.
+</Message>
+
+1. Click the **Security** tab of the [Organization Dashboard](https://console.scaleway.com/organization).
+2. Scroll to the **Grace period** section.
+3. Click **Define grace period**. A pop-up displays.
+4. Define the grace period in hours or days.
+5. Click **Define grace period** to confirm.
+
+## How to set a maximum number of login attempts
+
+Currently, a default number of maximum 5 login attempts is set up for your Organization automatically.
+
+## How to enforce MFA for a member
+
+You can enforce MFA for all users in your Organization, including members.
+
+Refer to the [How to enforce MFA](/pages/organizations-and-projects/how-to/enforce-mfa) documentation page for more information.
+

pages/organizations-and-projects/how-to/enforce-security-requirements-members.mdx

@@ -20,7 +20,7 @@ categories:
 
 ## How to view Organization quotas
 
-1. Click the **Quotas** tab from the [Organization Dashboard](https://console.scaleway.com/organization). A list of all quotas displays.
+1. Click the **Quotas** tab of the [Organization Dashboard](https://console.scaleway.com/organization). A list of all quotas displays.
 2. Click the name of the resource you want to view the quotas for.
 3. Click <Icon name="more" /> > **More info** next to the name of your resource of choice. A pop-up appears.