Merge pull request #397 from cloud-docs/tp-in-ag-go-live

tp in ag prod PR

account_overview.md

@@ -2,27 +2,24 @@
 
 copyright:
   years: 2019, 2022
-lastupdated: "2022-01-31"
+lastupdated: "2022-03-23"
 
 keywords: IBM Cloud account, account differences, account overview, account components, resource, Cloud Foundry, API key, users
 
 subcollection: account
 
 ---
 
-{:shortdesc: .shortdesc}
-{:codeblock: .codeblock}
-{:screen: .screen}
-{:tip: .tip}
+{{site.data.keyword.attribute-definition-list}}
 
 
 # What's in an account?
 {: #overview}
 
-Your {{site.data.keyword.cloud}} account includes many interacting components and systems for resource, user, and access management. Concepts like how certain components are connected or how access works help you in understanding how to set up your account.
+Your {{site.data.keyword.Bluemix}} account includes many interacting components and systems for resource, user, and access management. Concepts like how certain components are connected or how access works help you in understanding how to set up your account.
 {: shortdesc}
 
-Within the following diagram, there are two main concepts for the components in the account hierarchy that are important to understand. The use of the solid lines and the dotted lines help illustrate that some components are contained within others, for example, users are added to access groups or Cloud Foundry orgs. However, some components interact with others for providing access instead of membership. For example, users are given access to resource groups but are not members of a resource group the same way they are for access groups.
+The following diagram contains two main concepts for the components in the account hierarchy that are important to understand. The use of the solid lines and the dotted lines help illustrate that some components are contained within others, for example, users are added to access groups or Cloud Foundry orgs. However, some components interact with others for providing access instead of membership. For example, users are given access to resource groups but are not members of a resource group the same way they are for access groups.
 
 ![A diagram that shows the components in an account, including services, users, and the subcomponents of each.](images/account_diagram.svg){: caption="Figure 1. A diagram that shows the components in an account, including services, users, and the subcomponents of each." caption-side="bottom"}
 
@@ -32,14 +29,17 @@ Users
 Service IDs
 :   A service ID identifies a service or application similar to how a user ID identifies a user. You can use a service ID that you create to enable an application outside of {{site.data.keyword.Bluemix_notm}} access to your services. You can assign specific access policies to the service ID that restrict permissions for using specific services, or even combine permissions for accessing different services. Since service IDs are not tied to a specific user, if a user happens to leave an organization and is deleted from the account, the service ID remains, ensuring that your application or service stays up and running. For more information, see [Creating and working with service IDs](/docs/account?topic=account-serviceids).
 
+Trusted profiles
+:   A trusted profile is a grouping of federated users, compute resources, or both, to which the same IAM access can be granted. When applying a trusted profile, temporary security credentials are provided for the duration of a session. All identities that are allowed to apply a single profile inherit the same access. For more information, see [Creating trusted profiles](/docs/account?topic=account-create-trusted-profile).
+
 Service instances or resources
-:   Services in {{site.data.keyword.Bluemix_notm}} are either resource group- or Cloud Foundry-based. Service instances that can be added to a resource group and managed by using {{site.data.keyword.Bluemix_notm}} Identity and Access Management (IAM) are called resources. Service instances that are added to Cloud Foundry orgs and spaces have a separate access management system by using Cloud Foundry roles. For more information, see [Managing resources](/docs/account?topic=account-manage_resource).
+:   Services in {{site.data.keyword.Bluemix_notm}} are either resource group- or Cloud Foundry-based. Service instances that can be added to a resource group and managed by using {{site.data.keyword.Bluemix_notm}} Identity and Access Management (IAM) are called resources. Service instances that are added to Cloud Foundry orgs and spaces have a separate access management system by using Cloud Foundry roles. For more information, see [Creating resources](/docs/account?topic=account-manage_resource).
 
 API keys
 :   An API key is a unique code that is passed in to an API to identify the calling application or user. You can use platform API keys, which are associated with user identities, and you can create other API keys for service IDs. For more information, see [Understanding API keys](/docs/account?topic=account-manapikey).
 
 Access groups
-:   You can create an access group to organize a set of users and service IDs into a single entity and easily assign permissions. You can assign a single policy to the group instead of assigning the same access multiple times per individual user or service ID. For more information, see [Setting up access groups](/docs/account?topic=account-groups).
+:   You can create an access group to organize a set of users, service IDs, and trusted profiles into a single entity and easily assign permissions. You can assign a single policy to the group instead of assigning the same access multiple times per individual user or service ID. For more information, see [Setting up access groups](/docs/account?topic=account-groups).
 
 Resource groups
 :   You can use a resource group to organize your account resources in customizable groupings so that you can quickly assign users access to more than one resource at a time. Any account resource that is managed by using IAM access control belongs to a resource group within your account. Users are not added to resource groups, but users are provided access to the resources within or can manage the resource group. Users given access to manage the resource group can create new instances within the group, manage other user's access to work with the group, or edit the group name based on the assigned IAM role. For more information, see [Best practices for organizing resources and assigning access](/docs/account?topic=account-account_setup).
@@ -50,7 +50,6 @@ Cloud Foundry orgs
 Cloud Foundry spaces
 :   Within an organization, you can use spaces to group a set of applications, services, and users. Spaces are tied to a specific region in {{site.data.keyword.Bluemix_notm}}. You can create spaces in an org based on the delivery lifecycle. For example, you can create a dev space as a development environment, a test space as a testing environment, and a production space as a production environment. Then, you can associate your apps with spaces. For more information, see [Adding orgs and spaces](/docs/account?topic=account-orgsspacesusers).
 
-
 Another important aspect of the previous diagram is the depiction of the three types of access management systems that you can use to provide account users access to resources within the account.
 
 * You can use IAM [access roles](/docs/account?topic=account-userroles) to provide users access to all resources that belong to a resource group. You can also give users access to manage resource groups and create new service instances that are assigned to a resource group.

acct-getstart-tutorial.md

@@ -3,7 +3,7 @@
 copyright:
   years: 2020, 2022
 
-lastupdated: "2022-03-21"
+lastupdated: "2022-03-24"
 
 keywords: getting started, account, Subscription, Pay-As-You-Go, enterprise, catalog, upgrade account, IAM, access groups, invite users, notifications, email preferences, account settings, authentication, MFA, TOTP, U2F, FIDO U2F, security key
 
@@ -152,7 +152,7 @@ Complete the following steps to set your preferences for receiving various types
 
 2. To receive spending notifications, go to **Manage** > **Billing and usage** > **Spending notifications** in the {{site.data.keyword.cloud_notm}} console. Or, you can access it directly from the [Notification preferences](/user/notifications) page by clicking **Manage** in the **Billing and Usage** section.
 
-   You receive notifications when you reach 80%, 90%, and 100% of the spending thresholds that you specify. Enter the dollar amount to set a spending threshold when setting up your spending notification. For more information, see [Setting spending notifications](/docs/billing-usage?topic=billing-usage-spending). 
+   You receive notifications when you reach 80%, 90%, and 100% of the spending thresholds that you specify. Enter the dollar amount to set a spending threshold when you set up your spending notification. For more information, see [Setting spending notifications](/docs/billing-usage?topic=billing-usage-spending). 
 
 
 ## Create your resource groups
@@ -190,7 +190,7 @@ IAM access groups provide a way for you to quickly and easily assign access to m
    3. Select all roles that apply.
    4. Click **Add** > **Assign**.
 
-See [What makes a good access group strategy?](/docs/account?topic=account-account_setup#resource-group-strategy) for details about how to best set up your access groups. 
+See [What makes a good access group strategy?](/docs/account?topic=account-account_setup#resource-group-strategy) for details about how to best set-up your access groups. 
 
 ## Invite users to your account
 {: #account-gs-inviteusers}
@@ -211,6 +211,8 @@ Complete the following steps:
 
 To learn more about the invitation flow and how users can accept invitations, see [Inviting users to an account](/docs/account?topic=account-iamuserinv).
 
+You can also give users access to your account by using trusted profiles. For more information, see [What makes a good trusted profiles strategy?](/docs/account?topic=account-account_setup#trustedprofiles_strategy).
+
 ## Explore your support options
 {: #account-gs-supportcenter}
 {: step}