fast follows (#24832)

Fast follow ups:

- Returned aliases with new alias to one doc
- Updated provision index page to accurately reflect different methods
- reorganized table to reflect popularity of methods based off sme info
(scim is the vogue, then JIT, then auto provision)
  - Updated grid to link correctly to auto provisioning doc
- Created more opinionated left nav to reflect recommendations around
security SCIM > JIT > auto
- Fixed `*`s to be `-`s
- Updated Migrate doc heading levels

Author: akristen

content/manuals/enterprise/security/domain-management.md

@@ -118,8 +118,8 @@ CSV file. For more information on bulk inviting users, see
 
 [Auto-provisioning](/manuals/enterprise/security/provisioning/auto-provisioning.md) uses verified domains to associate organization members with email address that match the verified domains. To override auto-provisioning, you can configure one of the two alternative methods:
 
-* [Just-in-Time (JIT)](/manuals/enterprise/security/provisioning/just-in-time.md) provisioning
-* [System for Cross-domain Identity Management (SCIM)](/manuals/enterprise/security/provisioning/scim/_index.md)
+- [Just-in-Time (JIT)](/manuals/enterprise/security/provisioning/just-in-time.md) provisioning
+- [System for Cross-domain Identity Management (SCIM)](/manuals/enterprise/security/provisioning/scim/_index.md)
 
 ## Delete a domain
 

content/manuals/enterprise/security/provisioning/_index.md

@@ -7,10 +7,6 @@ weight: 20
 aliases:
  - /security/for-admins/provisioning/
 grid:
-  - title: "Auto-provisioning"
-    description: "Associate members to an organization when email addresses match a verified domain."
-    icon: "group"
-    link: "scim/group-mapping/"
   - title: "SCIM provisioning"
     description: "Enable continuous user data synchronization between your IdP and Docker. Best for larger organizations."
     icon: "sync"
@@ -19,6 +15,10 @@ grid:
     description: "Set up automatic user creation on first sign-in. Ideal for smaller teams with minimal setup requirements."
     icon: "schedule"
     link: "just-in-time/"
+  - title: "Auto-provisioning"
+    description: "Associate members to an organization when email addresses match a verified domain."
+    icon: "group"
+    link: "auto-provisioning/"
 ---
 
 {{< summary-bar feature_name="SSO" >}}
@@ -29,13 +29,14 @@ This page provides an overview of user provisioning and the supported provisioni
 
 ## What is provisioning?
 
-Provisioning helps manage users by automating tasks like account creation, updates, and deactivation based on data from your identity provider (IdP). There are three methods for user provisioning, each offering benefits for different organizational needs:
+Provisioning helps manage users by automating tasks like account creation, updates, and deactivation based on data from your identity provider (IdP). There are several methods for user provisioning, each offering benefits for different organizational needs:
 
 | Provisioning method | Description | Default setting in Docker | Recommended for |
 | :--- | :--- | :------------- | :--- |
-| Just-in-Time (JIT) | Automatically creates and provisions user accounts when they first sign in via SSO | Enabled by default | Organizations needing minimal setup, smaller teams, or low-security environments |
 | System for Cross-domain Identity Management (SCIM) | Continuously syncs user data between your IdP and Docker, ensuring user attributes remain updated without manual intervention | Disabled by default | Larger organizations or environments with frequent changes in user information or roles |
 | Group mapping | Maps user groups from your IdP to specific roles and permissions within Docker, enabling fine-grained access control based on group membership | Disabled by default | Organizations requiring strict access control and role-based user management |
+| Just-in-Time (JIT) | Automatically creates and provisions user accounts when they first sign in via SSO | Enabled by default | Organizations needing minimal setup, smaller teams, or low-security environments |
+| Auto-provision | Adds users when email addresses match a verified domain | Disabled by default | Orgs without SSO that need to add existing Docker users by domain |
 
 ## Default provisioning setup
 

content/manuals/enterprise/security/provisioning/auto-provisioning.md

@@ -3,7 +3,7 @@ title: Auto-provisioning
 linkTitle: Auto-provision
 description: Auto-provision users by associating members to your organization when email addresses match a verified domain.
 keywords: user provisioning, just-in-time provisioning, JIT, autoprovision, Docker Admin, admin, security
-weight: 10
+weight: 30
 ---
 
 Auto-provisioning automatically adds users to your organization when they sign in with email addresses that match your verified domains. You must verify a domain before enabling auto-provisioning.

content/manuals/enterprise/security/provisioning/just-in-time.md

@@ -3,7 +3,7 @@ description: Learn how Just-in-Time provisioning works with your SSO connection.
 keywords: user provisioning, just-in-time provisioning, JIT, autoprovision, Docker Admin, admin, security
 title: Just-in-Time provisioning
 linkTitle: Just-in-Time
-weight: 30
+weight: 20
 aliases:
   - /security/for-admins/provisioning/just-in-time/
 ---

content/manuals/enterprise/security/provisioning/scim/_index.md

@@ -1,7 +1,7 @@
 ---
 title: SCIM overview
 linkTitle: SCIM
-weight: 20
+weight: 10
 description: Learn how System for Cross-domain Identity Management works and how to set it up.
 keywords: SCIM, SSO, user provisioning, de-provisioning, role mapping, assign users
 aliases:

content/manuals/enterprise/security/provisioning/scim/migrate-scim.md

@@ -5,14 +5,12 @@ description: Learn how to migrate from just-in-time (JIT) to SCIM.
 weight: 30
 ---
 
-## Migrate existing JIT users to SCIM
-
 If you already have users provisioned through Just-in-Time (JIT) and want to
 enable full SCIM lifecycle management, you need to migrate them. Users
 originally created by JIT cannot be automatically de-provisioned through SCIM,
 even after SCIM is enabled.
 
-### Why migrate
+## Why migrate
 
 Organizations using JIT provisioning may encounter limitations with user
 lifecycle management, particularly around de-provisioning. Migrating to SCIM
@@ -35,7 +33,7 @@ provides:
 This migration is most critical for larger organizations that require fully
 automated user de-provisioning when employees leave the company.
 
-### Prerequisites for migration
+## Prerequisites
 
 Before migrating, ensure you have:
 
@@ -48,9 +46,9 @@ Before migrating, ensure you have:
 > migration during a low-usage window and communicate the timeline to affected
 > users.
 
-### Prepare for migration
+## Prepare for migration
 
-#### Transfer ownership
+### Transfer ownership
 
 Before removing users, ensure that any repositories, teams, or organization
 resources they own are transferred to another administrator or service account.
@@ -67,7 +65,7 @@ become inaccessible.
 > become inaccessible when the user is removed. Ensure all critical resources
 > are transferred before proceeding.
 
-#### Verify identity provider configuration
+### Verify identity provider configuration
 
 1. Confirm all JIT-provisioned users are assigned to the Docker application in
    your identity provider.
@@ -77,7 +75,7 @@ become inaccessible.
 Users not assigned to the Docker application in your identity provider are not
 re-created by SCIM after removal.
 
-#### Export user records
+### Export user records
 
 Export a list of JIT-provisioned users from Docker Admin Console:
 
@@ -89,9 +87,9 @@ Export a list of JIT-provisioned users from Docker Admin Console:
 
 Keep this CSV list of JIT-provisioned users as a rollback reference if needed.
 
-### Complete the migration
+## Complete the migration
 
-#### Disable JIT provisioning
+### Disable JIT provisioning
 
 > [!IMPORTANT]
 >
@@ -108,7 +106,7 @@ Keep this CSV list of JIT-provisioned users as a rollback reference if needed.
 Disabling JIT prevents new users from being automatically added through SSO
 during the migration.
 
-#### Remove JIT-origin users
+### Remove JIT-origin users
 
 > [!IMPORTANT]
 >
@@ -132,7 +130,7 @@ user de-provisioning when employees leave the company.
 > SCIM was enabled with the current member list. Users who existed before SCIM
 > was enabled were likely provisioned via JIT.
 
-#### Verify SCIM re-provisioning
+### Verify SCIM re-provisioning
 
 After removing JIT users, SCIM automatically re-creates user accounts:
 
@@ -141,7 +139,7 @@ After removing JIT users, SCIM automatically re-creates user accounts:
 2. In Docker Admin Console, confirm users reappear with SCIM provisioning.
 3. Verify users are added to the correct teams via group mapping.
 
-#### Validate user access
+### Validate user access
 
 Perform post-migration validation:
 
@@ -153,7 +151,7 @@ Perform post-migration validation:
 
 Keep audit exports and logs for compliance purposes.
 
-### Migration results
+## Migration results
 
 After completing the migration:
 
@@ -162,7 +160,7 @@ After completing the migration:
 - No new JIT users are created
 - Consistent identity lifecycle management is maintained
 
-### Troubleshoot migration issues
+## Troubleshoot migration issues
 
 If a user fails to reappear after removal:
 

content/manuals/enterprise/security/provisioning/scim/provision-scim.md

@@ -1,8 +1,13 @@
 ---
 title: Set up SCIM provisioning
-linkTitle: Set up
+linkTitle: Setup
 description: Learn how System for Cross-domain Identity Management works and how to set it up.
 weight: 10
+aliases:
+  - /security/for-admins/scim/
+  - /docker-hub/scim/
+  - /security/for-admins/provisioning/scim/
+  - /enterprise/security/provisioning/scim/
 ---
 
 {{< summary-bar feature_name="SSO" >}}