docs: added machine identity group docs and API endpoints ref

backend/src/server/routes/v1/group-project-router.ts

@@ -347,7 +347,6 @@ export const registerGroupProjectRouter = async (server: FastifyZodProvider) =>
     }
   });
 
-  // Deprecated: Duplicate of /groups/:id/users, will be removed in the future
   server.route({
     method: "GET",
     url: "/:projectId/groups/:groupId/users",
@@ -356,9 +355,10 @@ export const registerGroupProjectRouter = async (server: FastifyZodProvider) =>
       rateLimit: readLimit
     },
     schema: {
-      hide: false,
+      hide: true,
+      deprecated: true,
       tags: [ApiDocsTags.ProjectGroups],
-      description: "Return project group users",
+      description: "Return project group users (Deprecated: Use /api/v1/groups/{id}/users instead)",
       params: z.object({
         projectId: z.string().trim().describe(GROUPS.LIST_USERS.projectId),
         groupId: z.string().trim().describe(GROUPS.LIST_USERS.id)

docs/api-reference/endpoints/groups/add-group-identity.mdx

@@ -0,0 +1,5 @@
+---
+title: "Add Group Identity"
+openapi: "POST /api/v1/groups/{id}/identities/{identityId}"
+---
+

docs/api-reference/endpoints/groups/list-group-identities.mdx

@@ -0,0 +1,5 @@
+---
+title: "List Group Identities"
+openapi: "GET /api/v1/groups/{id}/identities"
+---
+

docs/api-reference/endpoints/groups/list-group-members.mdx

@@ -0,0 +1,5 @@
+---
+title: "List Group Members"
+openapi: "GET /api/v1/groups/{id}/members"
+---
+

docs/api-reference/endpoints/groups/list-group-projects.mdx

@@ -0,0 +1,5 @@
+---
+title: "List Group Projects"
+openapi: "GET /api/v1/groups/{id}/projects"
+---
+

docs/api-reference/endpoints/groups/remove-group-identity.mdx

@@ -0,0 +1,5 @@
+---
+title: "Remove Group Identity"
+openapi: "DELETE /api/v1/groups/{id}/identities/{identityId}"
+---
+

docs/docs.json

@@ -874,7 +874,12 @@
                   "api-reference/endpoints/groups/get-by-id",
                   "api-reference/endpoints/groups/add-group-user",
                   "api-reference/endpoints/groups/remove-group-user",
-                  "api-reference/endpoints/groups/list-group-users"
+                  "api-reference/endpoints/groups/list-group-users",
+                  "api-reference/endpoints/groups/add-group-identity",
+                  "api-reference/endpoints/groups/remove-group-identity",
+                  "api-reference/endpoints/groups/list-group-identities",
+                  "api-reference/endpoints/groups/list-group-projects",
+                  "api-reference/endpoints/groups/list-group-members"
                 ]
               },
               {

docs/documentation/platform/groups.mdx

@@ -1,29 +1,29 @@
 ---
-title: "User Groups"
-description: "Manage user groups in Infisical."
+title: "Groups"
+description: "Manage groups containing users and machine identities in Infisical."
 ---
 
 <Info>
-    User Groups is a paid feature.
-   
-    If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
-    then you should contact team@infisical.com to purchase an enterprise license to use it.
+  Groups is a paid feature. If you're using Infisical Cloud, then it is
+  available under the **Enterprise Tier**. If you're self-hosting Infisical,
+  then you should contact team@infisical.com to purchase an enterprise license
+  to use it.
 </Info>
 
 ## Concept
 
-A (user) group is a collection of users that you can create in an Infisical organization to more efficiently manage permissions and access control for multiple users together. For example, you can have a group called `Developers` with the `Developer` role containing all the developers in your organization.
+A group is a collection of identities (users and/or machine identities) that you can create in an Infisical organization to more efficiently manage permissions and access control for multiple identities together. For example, you can have a group called `Developers` with the `Developer` role containing all the developers in your organization, or a group called `CI/CD Identities` containing all the machine identities used in your CI/CD pipelines.
 
-User groups have the following properties:
+Groups have the following properties:
 
-- If a group is added to a project under specific role(s), all users in the group will be provisioned access to the project with the role(s). Conversely, if a group is removed from a project, all users in the group will lose access to the project.
-- If a user is added to a group, they will inherit the access control properties of the group including access to project(s) under the role(s) assigned to the group. Conversely, if a user is removed from a group, they will lose access to project(s) that the group has access to.
-- If a user was previously added to a project under a role and is later added to a group that has access to the same project under a different role, then the user will now have access to the project under the composite permissions of the two roles. If the group is subsequently removed from the project, the user will not lose access to the project as they were previously added to the project separately.
-- A user can be part of multiple groups. If a user is part of multiple groups, they will inherit the composite permissions of all the groups that they are part of.
+- If a group is added to a project under specific role(s), all identities in the group will be provisioned access to the project with the role(s). Conversely, if a group is removed from a project, all identities in the group will lose access to the project.
+- If an identity is added to a group, they will inherit the access control properties of the group including access to project(s) under the role(s) assigned to the group. Conversely, if an identity is removed from a group, they will lose access to project(s) that the group has access to.
+- If an identity was previously added to a project under a role and is later added to a group that has access to the same project under a different role, then the identity will now have access to the project under the composite permissions of the two roles. If the group is subsequently removed from the project, the identity will not lose access to the project as they were previously added to the project separately.
+- An identity can be part of multiple groups. If an identity is part of multiple groups, they will inherit the composite permissions of all the groups that they are part of.
 
 ## Workflow
 
-In the following steps, we explore how to create and use user groups to provision user access to projects in Infisical.
+In the following steps, we explore how to create and use groups to provision access to projects in Infisical. Groups can contain both users and machine identities, and the workflow is the same for both types of identities.
 
 <Steps>
    <Step title="Creating a group">
@@ -32,36 +32,38 @@ In the following steps, we explore how to create and use user groups to provisio
         ![groups org](/images/platform/groups/groups-org.png)
 
         When creating a group, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
-        
+
         ![groups org create](/images/platform/groups/groups-org-create.png)
-        
+
         Now input a few details for your new group. Here’s some guidance for each field:
         - Name (required): A friendly name for the group like `Engineering`.
         - Slug (required): A unique identifier for the group like `engineering`.
         - Role (required): A role from the Organization Roles tab for the group to assume. The organization role assigned will determine what organization level resources this group can have access to.
+
    </Step>
-   <Step title="Adding users to the group">
-        Next, you'll want to assign users to the group. To do this, press on the users icon on the group and start assigning users to the group.
+   <Step title="Adding identities to the group">
+        Next, you'll want to assign identities (users and/or machine identities) to the group. To do this, click on the group row to open the group details page and click on the **+** button.
         
-        ![groups org users](/images/platform/groups/groups-org-users.png)
+        ![groups org users details](/images/platform/groups/group-details.png)
         
-        In this example, we're assigning **Alan Turing** and **Ada Lovelace** to the group **Engineering**.
+        In this example, we're assigning **Alan Turing** and **Ada Lovelace** (users) to the group **Engineering**. You can similarly add machine identities to the group by selecting them from the **Machine Identities** tab in the modal.
         
         ![groups org assign users](/images/platform/groups/groups-org-users-assign.png)
    </Step>
    <Step title="Adding the group to a project">
         To enable the group to access project-level resources such as secrets within a specific project, you should add it to that project.
 
-        To do this, head over to the project you want to add the group to and go to Project Settings > Access Control > Groups and press **Add group**.
-        
+        To do this, head over to the project you want to add the group to and go to Project Settings > Access Control > Groups and press **Add Group to Project**.
+
         ![groups project](/images/platform/groups/groups-project.png)
-        
+
         Next, select the group you want to add to the project and the project level role you want to allow it to assume. The project role assigned will determine what project level resources this group can have access to.
-        
+
         ![groups project add](/images/platform/groups/groups-project-create.png)
-        
+
         That's it!
-        
-        The users of the group now have access to the project under the role you assigned to the group.
+
+        All identities of the group now have access to the project under the role you assigned to the group.
+
    </Step>
-</Steps>
+</Steps>