Merge branch 'development' into Maria-11.2-rn

Author: MariaShaposhnikova

content/en/docs/control-center/entitlements/cloud-tokens.md

@@ -90,7 +90,10 @@ These tables show how many Mendix Cloud Tokens each CRP requires:
 | 3XL | 640 |
 
 {{% alert color="info" %}} 
-You can no longer purchase Legacy CRPs. You can now only purchase and provision Standard, Premium, and Premium Plus CRPs. Any legacy CRPs that you have already purchased will be converted into Mendix Cloud Tokens if they are deprovisioned. This will use the rate specified in the previous tables, and the Mendix Cloud Tokens will be added to your Token pool.
+
+* You can no longer purchase legacy CRPs. You can now only purchase and provision Standard, Premium, and Premium Plus CRPs. Any legacy CRPs that you have already purchased will be converted into Mendix Cloud Tokens if they are deprovisioned. This will use the rate specified in the previous tables, and the Mendix Cloud Tokens will be added to your Token pool.
+* Self-service cloud consumption capabilities are exclusively available for Standard, Premium, and Premium Plus CRPs. If you are using a legacy CRP, you may experience consumption inaccuracies in the self-service tool. For access to the latest capabilities, Mendix recommends contacting your customer success manager to transition to a Standard, Premium, or Premium Plus CRP.
+
 {{% /alert %}}
 
 ## Key Takeaways
@@ -100,3 +103,4 @@ You can no longer purchase Legacy CRPs. You can now only purchase and provision
 * You buy Tokens in advance, and can use them to obtain CRPs.
 * If you no longer need those resources, you can reuse the Token to obtain other CRPs, or keep it to be used later.
 * Mendix Cloud Tokens expire on the end date of their associated contract. To ensure continued access, please renew your contract before it expires.
+* Mendix Cloud Token balances might be incorrect if you still use a legacy CRP.

content/en/docs/deployment/general/populate-user-type.md

@@ -8,7 +8,9 @@ aliases:
 
 ## Introduction
 
-In your Mendix Pricing Plan there is a distinction between Internal and External Named Users of a Mendix App. This document helps you to set up your apps to meter External Users correctly. It describes a sample solution that can help you in External User classification for existing users of your apps.
+In the Mendix Pricing Plan, a distinction is made between Internal and External Named Users of a Mendix app. As a customer, you purchase a license for a specific number of Internal users and, optionally, for External users (which are typically cheaper). For accurate user metering, External users must be correctly classified. If they are not, your company may exceed the licensed capacity for Internal users, and Mendix may require you to acquire additional Internal user licenses.
+
+This document helps you set up your apps to ensure accurate metering for your External users. It describes different sample solutions that can help you in External User classification for existing users of your apps.
 
 {{% alert color="info"  %}}
 **Definitions** 
@@ -22,58 +24,119 @@ In your Mendix Pricing Plan there is a distinction between Internal and External
 
 ## Background
 
-Every Mendix app has a system module containing an entity `UserReportInfo`. This entity has an attribute `UserType` that is used to classify end-users as External or Internal Users. This attribute needs to be maintained for all existing and new end-users of a Mendix app. If this attribute is not set, the end-user is classified as an Internal User.
+Every Mendix app has a system module containing an entity `UserReportInfo`. This entity has an attribute `UserType` that is used to classify end-users as `External` or `Internal` Users. Your application must set the attribute for all existing and new (external) end users. If it does not, Mendix will classify those users as Internal.
 
-The *Mendix Metering* module relies on this attribute to ascertain the end-user type and report it back to us.
+The metering relies on this attribute to ascertain the end-user type and report it back to us.
 
 {{< figure src="/attachments/deployment/general/populate-user-type/user-type-enumeration.png" class="no-border" >}}
 
-## Assigning UserType for Existing Users of IAM Modules
+## Classification Options
+
+There are several approaches to classify users as `Internal` or `External`, ranging from configuration-only to custom development. These options are listed below: 
+
+### IdP-Based User Classification
 
-The simplest method to set the user type is by using the Identity and Access Management (IAM) modules, which require only configuration without the need to develop a microflow. Mendix offers you the following IAM modules:
+The simplest method to set the `UserType` is by using the Identity and Access Management (IAM) modules, which require only configuration without the need to develop a microflow. This approach leverages a connection with an Identity Provider (IdP) to classify users. The primary benefit of IdP-based classification is its efficiency, as it typically only requires configuration within the existing IAM modules. Mendix offers you the following IAM modules:
 
 * [OIDC](https://docs.mendix.com/appstore/modules/oidc/)
 * [SCIM](https://docs.mendix.com/appstore/modules/scim/)
 * [SAML](https://docs.mendix.com/appstore/modules/saml/)
 
 Alternatively, you can build a custom microflow as described in the [Populating UserType for Existing Users of an App](#using-microflow) section below.
 
-When connecting your app with an IdP, set up the user type through the capabilities of the OIDC SSO, SCIM, or SAML module. The user type is now configured in the User Provisioning, which is integrated into the OIDC SSO, SCIM, and SAML modules. This means you can directly configure end-users of your application as `internal` or `external` in the **User Provisioning** tab of your app. Based on this configuration, users are updated each time they log in. These modules allow you to set the user type per IdP as the source of your end-users, assuming that separate IdPs are used for `internal` and `external` users.
+When connecting your app with an IdP, set up the `UserType` through the capabilities of the OIDC SSO, SCIM, or SAML module. The `UserType` is now configured in the User Provisioning, which is integrated into the OIDC SSO, SCIM, and SAML modules. This means you can directly configure end-users of your application as `Internal` or `External` in the **UserProvisioning** tab of your app. Based on this configuration, users are updated each time they log in. These modules allow you to set the `UserType` per IdP as the source of your end-users, assuming that separate IdPs are used for `internal` and `external` users.
 
 For more information, refer to the User Provisioning section of the following modules:
 
 * [OIDC SSO](/appstore/modules/oidc/#custom-provisioning-rt)
 * [SCIM](/appstore/modules/scim/#user-provisioning)
 * [SAML](/appstore/modules/saml/#custom-provisioning-rt)
 
-## Assigning UserType Using a Microflow
+#### Prerequisites for IdP-Based User Classification
+
+1. Mendix and module versions: 
+    * Mx9
+        * OIDC SSO: v3.0.0 or above
+        * SCIM: v1.0.0 or above
+    * Mx10
+        * OIDC SSO: v4.0.0 or above
+        * SAML: v4.0.0 or above
+        * SCIM: v2.0.0 or above
+    * Mx11    
+        * OIDC SSO: v4.0.0 or above
+        * SAML: v4.0.0 or above
+        * SCIM: v2.0.0 or above
+        
+2. IdP Setup: Use separate IdPs for `Internal` and `External` users.
+
+    {{% alert color="info" %}}It may be possible to enhance configurations in your IdP by settting-up two separate connections between your app and your IdP. In this scenario, the IdP sees your app as two distinct clients/services. The Mendix app sees them as two distinct IdPs, each with its own provisioning configuration. This allows assigning different `UserType` values per IdP connection. Configurations in your IdP have to ensure that each client only addresses internal or external users.
+    {{% /alert %}}
+
+3. Classification on login: Classification of users happens when they log in. If your application has limited user buckets (for example, license restrictions for internal/external users), and timely classification is critical, ensure all (external) users log in before your limit on internal users is reached, as external users have not been classified as `External` users yet.
+
+### User Role-Based User Classification
+
+Role-based classification relies on the distinct user roles defined within the application itself. This method is particularly effective for scenarios where an application needs to differentiate between user types, such as internal employees versus external users, by assigning them specific roles. Mendix offers the [User Classification](https://marketplace.mendix.com/link/component/245015) module, which aims to streamline the implementation of user role-based classification, thereby minimizing the development effort required within the application.
+
+Instead of writing microflows, you can classify users as `Internal` or `External` using roles in the User Classification module. To do this:
+
+1. Define roles like `ExternalRole` or other custom roles.
+2. Use the [User Classification](/appstore/modules/user-classification/) module to map these roles to the `UserType` field in the `UserReportInfo`.
+3. When a role is assigned to a user in your Mendix app, the User Classification module automatically updates the `UserType` field in the `UserReportInfo` entity for that user.
+
+This approach is simpler, more consistent, and easier to maintain than attribute-based logic.
+
+For more information, see the [Role-based Classification](/appstore/modules/user-classification/#role-based-classification) section of *User Classification*.
+
+#### Prerequisites for Role-Based Classification
+
+1. Your app model uses distinct user roles for external and internal users.
+2. Include the User Classification module in your app model. To use it, your app must be running on one of the following Mendix versions:
+
+    * Mx9 LTS
+    * Mx10 LTS
+    * Mx11 and above
+
+### Custom Classification
+
+When the logic of your application does not allow for IdP-based or user role-based user classification, you need to build your own custom user classification logic in your app. It lets you create specific rules tailored to the unique needs of your application.
+
+#### Custom Classification Using the User Classification Module
+
+This option lets you build custom logic while still using the framework from the [User Classification](/appstore/modules/user-classification/) module. It reduces development effort by giving you a structured way to add custom classification rules.
+
+You can classify users as `Internal` or `External` using your own business rules instead of only user roles or IAM settings. With the User Classification module and a microflow, you can evaluate conditions, for example, email domain of end-users. The User Classification module makes it easy for you to implement custom logic to classify existing users as well as new users. This gives maximum flexibility to handle complex or unique scenarios and ensures accurate Mendix user metering. For more information, see the [Custom Classification](/appstore/modules/user-classification/#custom-classification) section of *User Classification*.
+
+#### Custom Classification Using Your Own Microflow
+
+For maximum control, developers can create user classification entirely from scratch using custom microflows. This gives full flexibility to define any classification rules and processes, making it the most customized approach.
 
 {{% alert color="info" %}}
-This approach is for end-users who are already set up in your app. For new end-users who onboard into your app, you can implement a similar logic to set the UserType attribute during initial end-user creation.
+This approach is for end-users who are already set up in your app. For new end-users who onboard into your app, you can implement a similar logic to set the `UserType` attribute during initial end-user creation.
 {{% /alert %}}
 
-Outlined below is an example of a module that can be used to update UserType attribute. You will need to adapt the module logic for classifying your own internal and external end-users. 
+Outlined below is an example of a module that can be used to update the `UserType` attribute. You will need to adapt the module logic for classifying your own internal and external end-users. 
 
-### Domain model
+##### Domain Model
 
-In the example below, our aim is to update UserType attribute of `UserReportInfo` entity. However, the entity `UserReportInfo` is protected in the System module and has no access rules. As a result, it cannot be exposed directly in the UI pages. 
+In the example below, our aim is to update the `UserType` attribute of the `UserReportInfo` entity. However, the entity `UserReportInfo` is protected in the System module and has no access rules. As a result, it cannot be exposed directly in the UI pages. 
 Therefore, the approach we take is to create a new non-persistable entity, `UserTypeReport`, which we will populate based on the values of `UserReportInfo` to show in the UI.
 
 {{< figure src="/attachments/deployment/general/populate-user-type/usertypereport.png" class="no-border" >}}
 
 {{< figure src="/attachments/deployment/general/populate-user-type/usertypereport-properties.png" class="no-border" >}}
 
-### Populating **UserType** for Existing Users of an App {#using-microflow}
+##### Populating `UserType` for Existing Users of an App {#using-microflow}
 
 1. Create a microflow `User_RetrieveOrCreateUserReportInfo` which will ensure that a `UserReportInfo` object exists for a given `User`.
 
     {{< figure src="/attachments/deployment/general/populate-user-type/retrieve-userreportinfo.png" alt="Microflow: User_RetrieveOrCreateUserReportInfo" class="no-border" >}}
 
 2. Create a microflow `User_EvaluateAndSetUserType` which will populate the `UserType` attribute on the `UserReportInfo` entity for a given `User`. 
 
-    In this example, we decide whether a user is `Internal` or `External` based on the email address of the user. To do that, we need to retrieve the email address of each user from the database. Note that the `System.User` entity itself does not have the email address. The email address is stored in specializations of `System.User`.
+    In this example, we decide whether a user is `Internal` or `External` based on the email address of the user. To do that, we need to retrieve the email address of each user from the database. Note that the `System.User` entity itself does not have the email address. The email address is stored in the specializations of `System.User`.
 
-    Here, we show how to do it for two specializations of the `System.User` entity, namely `Administration.Account` and `MendixSSO.MendixSSOUser`. In the `Administration.Account` entity, the email is in attribute named `Email`. And in the `MendixSSO.MendixSSOUser` entity, it’s in an attribute named `EmailAddress`. Hence we need to use an [Object Type Decision](/refguide/object-type-decision/) activity to split the `System.User` into `Administration.Account` and `MendixSSO.MendixSSOUser` and then fetch the email address according to the name of the attribute.
+    Here, we show how to do it for two specializations of the `System.User` entity, namely `Administration.Account` and `MendixSSO.MendixSSOUser`. In the `Administration.Account` entity, the email is in an attribute named `Email`. And in the `MendixSSO.MendixSSOUser` entity, it’s in an attribute named `EmailAddress`. Hence, we need to use an [Object Type Decision](/refguide/object-type-decision/) activity to split the `System.User` into `Administration.Account` and `MendixSSO.MendixSSOUser` and then fetch the email address according to the name of the attribute.
 
     {{< figure src="/attachments/deployment/general/populate-user-type/set-user-type.png" alt="Microflow: User_EvaluateAndSetUserType" class="no-border" >}}
 
@@ -92,7 +155,7 @@ Therefore, the approach we take is to create a new non-persistable entity, `User
     {{< figure src="/attachments/deployment/general/populate-user-type/grid-data-source.png" class="no-border" >}}
 
 5. Add the page to the **Navigation**.
-6. When you go to that page it will set the `UserType` as per your logic and show you the UserType report.
+6. When you go to that page, it will set the `UserType` as per your logic and show you the user type report.
 
     {{< figure src="/attachments/deployment/general/populate-user-type/user-type-report.png" class="no-border" >}}
 

content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md

@@ -18,7 +18,7 @@ We currently support deploying to the following Kubernetes cluster types:
 
 * [Amazon Elastic Kubernetes Service](https://aws.amazon.com/eks/) (EKS)
 {{% alert color="info" %}}
-If you want to deploy your app to Amazon EKS, consider using the Mendix for Amazon EKS Reference Deployment. For more information, see [Mendix for Amazon EKS—Terraform module](https://aws.amazon.com/solutions/partners/terraform-modules/mendix-eks/).
+If you want to deploy your app to Amazon EKS, consider using the Mendix for Amazon EKS Reference Deployment. For more information, see [Mendix for Amazon EKS—Terraform module](https://registry.terraform.io/modules/aws-ia/mendix-private-cloud/aws/latest).
 {{% /alert %}}
 * [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/)
 * [Red Hat OpenShift Container Platform](https://www.openshift.com/)