RELEASE: Multiple Issues (#647)

Closes #639 
Closes #635 
Partially Addresses #590 

- MINIO #16026 https://github.com/minio/minio/pull/16026
- MINIO #16044 https://github.com/minio/minio/pull/16044
- MINIO #16035 https://github.com/minio/minio/pull/16035
- CONSOLE #2428 https://github.com/minio/console/pull/2428

Other Fixes:

- Removes admonition about IDP interactions (multi-IDP support)
- Update Console screenshots and overview page to cover layout changes
- Partial fix for DOCS #590 (Policy now under Identity section)

source/includes/common-minio-external-auth.rst

@@ -143,7 +143,7 @@ Specify the Distinguished Name (DN) for an AD/LDAP account MinIO uses when
 querying the AD/LDAP server. Enables :ref:`Lookup-Bind
 <minio-external-identity-management-ad-ldap-lookup-bind>` authentication to the AD/LDAP server.
 
-The DN account should be a read-only service account with sufficient
+The DN account should be a read-only access keys with sufficient
 privileges to support querying performing user and group lookups.
 
 .. end-minio-ad-ldap-lookup-bind-dn

source/includes/common-replication.rst

@@ -74,7 +74,7 @@ Bucket replication requires specific permissions on the source and destination d
          mc admin user add TARGET ReplicationAdmin LongRandomSecretKey
          mc admin policy set TARGET ReplicationAdminPolicy user=ReplicationAdmin
 
-      MinIO deployments configured for :ref:`Active Directory/LDAP <minio-external-identity-management-ad-ldap>` or :ref:`OpenID Connect <minio-external-identity-management-openid>` user management should instead create a dedicated :ref:`service account <minio-idp-service-account>` for bucket replication.
+      MinIO deployments configured for :ref:`Active Directory/LDAP <minio-external-identity-management-ad-ldap>` or :ref:`OpenID Connect <minio-external-identity-management-openid>` user management should instead create a dedicated :ref:`access keys <minio-idp-service-account>` for bucket replication.
 
    .. tab-item:: Replication Remote User
 
@@ -101,9 +101,9 @@ Bucket replication requires specific permissions on the source and destination d
          mc admin user add TARGET ReplicationRemoteUser LongRandomSecretKey
          mc admin policy set TARGET ReplicationRemoteUserPolicy user=ReplicationRemoteUser
 
-      MinIO deployments configured for :ref:`Active Directory/LDAP <minio-external-identity-management-ad-ldap>` or :ref:`OpenID Connect <minio-external-identity-management-openid>` user management should instead create a dedicated :ref:`service account <minio-idp-service-account>` for bucket replication.
+      MinIO deployments configured for :ref:`Active Directory/LDAP <minio-external-identity-management-ad-ldap>` or :ref:`OpenID Connect <minio-external-identity-management-openid>` user management should instead create a dedicated :ref:`access keys <minio-idp-service-account>` for bucket replication.
 
-See :mc:`mc admin user`, :mc:`mc admin user svcacct`, and :mc:`mc admin policy` for more complete documentation on adding users, service accounts, and policies to a MinIO deployment.
+See :mc:`mc admin user`, :mc:`mc admin user svcacct`, and :mc:`mc admin policy` for more complete documentation on adding users, access keys, and policies to a MinIO deployment.
 
 .. end-replication-required-permissions
 
@@ -121,7 +121,7 @@ Each MinIO deployment ("peer site") synchronizes the following changes across th
 
 - Creation and deletion of IAM users, groups, policies, and policy mappings to users or groups (for LDAP users or groups)
 - Creation of Security Token Service (STS) credentials for session tokens verifiable from the local ``root`` credentials
-- Creation and deletion of :ref:`service accounts <minio-mc-admin-user-svcacct>` (except those owned by the ``root`` user)
+- Creation and deletion of :ref:`access keys <minio-mc-admin-user-svcacct>` (except those owned by the ``root`` user)
 
 Site replication enables :ref:`bucket versioning <minio-bucket-versioning>` for all new and existing buckets on all replicated sites.
 

source/includes/common/installation.rst

@@ -41,7 +41,7 @@ You can deploy MinIO using one of the following topologies:
 Site Replication
 ----------------
 
-Site replication expands the features of bucket replication to include IAM, security tokens, service accounts, and bucket features the same across all sites.
+Site replication expands the features of bucket replication to include IAM, security tokens, access keys, and bucket features the same across all sites.
 
 :ref:`Site replication <minio-site-replication-overview>` links multiple MinIO deployments together and keeps the buckets, objects, and Identity and Access Management (IAM) settings in sync across all connected sites.
 

source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst

@@ -107,9 +107,9 @@ Enter the user's AD/LDAP credentials and log in to access the Console.
 
 Once logged in, you can perform any action for which the authenticated user is :ref:`authorized <minio-external-identity-management-ad-ldap-access-control>`. 
 
-You can also create :ref:`service accounts <minio-idp-service-account>` for supporting applications which must perform operations on MinIO. 
-Service accounts are long-lived credentials which inherit their privileges from the parent user.
-The parent user can further restrict those privileges while creating the service account. 
+You can also create :ref:`access keys <minio-idp-service-account>` for supporting applications which must perform operations on MinIO. 
+Access Keys are long-lived credentials which inherit their privileges from the parent user.
+The parent user can further restrict those privileges while creating the access keys. 
 
 5) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

source/includes/k8s/steps-configure-openid-external-identity-management.rst

@@ -125,9 +125,9 @@ Enter the user's OIDC credentials and log in to access the Console.
 
 Once logged in, you can perform any action for which the authenticated user is :ref:`authorized <minio-external-identity-management-openid-access-control>`. 
 
-You can also create :ref:`service accounts <minio-idp-service-account>` for supporting applications which must perform operations on MinIO. 
-Service accounts are long-lived credentials which inherit their privileges from the parent user.
-The parent user can further restrict those privileges while creating the service account. 
+You can also create :ref:`access keys <minio-idp-service-account>` for supporting applications which must perform operations on MinIO. 
+Access Keys are long-lived credentials which inherit their privileges from the parent user.
+The parent user can further restrict those privileges while creating the access keys. 
 
 5) Generate S3-Compatible Temporary Credentials using OIDC Credentials
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~