scaleway · ldecarvalho-doc · Jun 5, 2025 · Jun 5, 2025 · Jun 5, 2025 · Jun 5, 2025
diff --git a/menu/navigation.json b/menu/navigation.json
@@ -414,6 +414,10 @@
                     "label": "Permission sets",
                     "slug": "permission-sets"
                   },
+                  {
+                    "label": "IAM Guests to Members migration",
+                    "slug": "guests-to-members-migration"
+                  },
                   {
                     "label": "Reproducing roles and Project-scoped API keys with IAM",
                     "slug": "reproduce-roles-project-api-keys"

@@ -26,7 +26,7 @@ The **notification manager** allows you to configure different types of notifica
 2. Scroll to the **User notifications** section.
 3. Check the box(es) next to the email of the user for who you want to set up the notifications. Four [types of notifications](#types-of-notifications) are available: **Incident**, **Technical**, **Security** and **Billing**.
     <Message type="important">
-      The emails displayed in the list belong to users in your Organization. To see them in the list, first you must have either [invited them as a Guest](/iam/how-to/invite-user-to-orga/), or [created a new Member](/iam/how-to/manage-members/#how-to-create-a-member).
+      The emails displayed in the list belong to users in your Organization. To see them in the list, first you must [created a new Member](/iam/how-to/manage-members/#how-to-create-a-member).
     </Message>
 
 When you check the box, the user is automatically subscribed to the notifications.

@@ -24,10 +24,9 @@ When you enable billing notifications for a user they will receive your Organiza
 
 ## How to set up notifications for internal users
 
-1. Add the intended billing contact as an IAM user. You can:
-    - [Invite them as a Guest](/iam/how-to/invite-user-to-orga/), or
-    - [Create a new Member](/iam/how-to/manage-members/#how-to-create-a-member).
-2. Follow the steps described in the "How to notify users in your Organization" section of the [How to manage notifications](/account/how-to/manage-notifications/#how-to-notify-users-in-your-organization) documentation page.
+1. Add the intended billing contact as an IAM user.
+2. [Create a new Member](/iam/how-to/manage-members/#how-to-create-a-member).
+3. Follow the steps described in the "How to notify users in your Organization" section of the [How to manage notifications](/account/how-to/manage-notifications/#how-to-notify-users-in-your-organization) documentation page.
 
 ## How to set up notifications for external users
 

@@ -48,14 +48,6 @@ The grace period is the time an [IAM Member](#members) has to comply with the se
 
 A group (also known as an IAM group) is a grouping of [users](#user) and/or [applications](#application). Creating groups allows you to attach [policies](#policy) to multiple users and/or applications at the same time.
 
-## Guest
-
-You are the [Owner](#owner) of the Organization that is created with your Scaleway account. However, when you are invited to another Organization of which you are not the Owner, you are a **Guest** in that Organization.
-
-<Message type="important">
-  Guests will be deprecated by July 2025. From then on, only Members can be created as users of your Organizations, and adding Guests to an Organization will no longer be possible.
-</Message>
-
 ## IAM
 
 **I**dentity and **A**ccess **M**anagement allows you to share access to the management of your Scaleway [resources](#resource) in a controlled and secure manner.
@@ -157,10 +149,6 @@ Keep in mind that:
 
 A user (also known as an IAM user) is a human user in an Organization. They can be of two types:
 - **Owner**: You are the Owner of the [Organization](#organization) that was created with your account.
-- **Guest**: You are a Guest when invited to another Organization of which you are not the Owner. 
-    <Message type="important">
-      Guests will be deprecated by July 2025. From then on, only Members can be created as users of your Organizations.
-    </Message>
 - **Member**: You are a Member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created.
 
 Within each Organization, different IAM users can have different rights (defined through [policies](#policy)) to perform actions on resources.
@@ -23,7 +23,7 @@ Read our dedicated page for a [general overview of IAM](/iam/reference-content/o
 
 ## How to add a Member to your Organization
 
-Invite other users as [Members](/iam/concepts/#member) to be able to give them access to your Organization. You will be able to define the exact level of access to give by creating a [policy](#how-to-give-permissions-to-users-and-applications-via-policies) for them later. In this section, we show you how to [add a Member](/iam/how-to/manage-members/#how-to-create-a-member).
+Add [Members](/iam/concepts/#member) to give them access to your Organization.. You will be able to define the exact level of access to give by creating a [policy](#how-to-give-permissions-to-users-and-applications-via-policies) for them later. In this section, we show you how to [add a Member](/iam/how-to/manage-members/#how-to-create-a-member).
 
 1. Click **IAM & API keys** on the top-right drop-down menu of the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
 2. Click **+ Add user**. A pop-up displays.

@@ -0,0 +1,90 @@
+---
+meta:
+  title: IAM Guests to Members migration
+  description: Learn how to migrate IAM Guests to Members
+content:
+  h1: IAM Guests to Members Migration
+  paragraph: This page guides you through the process of migrating IAM Guests to Members
+tags: iam migration
+categories:
+  - iam
+  - console
+---
+
+This document explains how user management changes with the migration of IAM Guests to Members.
+
+## IAM Users
+
+A user (also known as an IAM user) is a human user in an Organization. Three types currently exist:
+
+- **Owner**: You are the Owner of the [Organization](#organization) that was created with your account.
+- **Guest**: You are a Guest when invited to another Organization of which you are not the Owner. All guests have a different Scaleway Organization of their own.
+- **Member**: You are a Member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created.
+
+Whereas Owners have full rights and access to all resources and features in their Organization, Guests and Members have only the rights and permissions given to them via [policies](#policy).
+
+## IAM Guests become IAM Members
+
+From June 2025, IAM Guests will become IAM Members. The migration process will be carried out in two phases:
+
+    - **Phase 1** - Starting on the *18th of July 2025*, the [manual migration of Guests](#how-to-manually-migrate-a-user-from-guest-to-member) will be available in the Console to all Owners and users with [IAMManager permissions](/iam/reference-content/permission-sets).
+    - **Phase 2** - Starting in *July 2025*, Guests that have not yet become Members will be automatically migrated.
+
+Keep in mind that:
+
+- Members exist only within the Organizations in which they were created, and have a [dedicated login process](/iam/how-to/log-in-as-a-member).
+- Migrating a Guest to a Member does not mean that the Guest loses the Organization of which they are Owner. However, when creating Members in the future who do not already have Scaleway accounts, they will not be obliged to create their own Organization.
+- Organization admins manage Member accounts, including enforcing security requirements (MFA, password renewal).
+- Single Sign-On (SSO) remains available.
+- The management of API keys, IAM policies, and groups remains the same.
+
+### What remains the same?
+
+| Feature | for Members |
+|:--------:|----------|
+| Single Sign-On (SSO) | Available |
+| Credentials (Password, SSO, MFA) |   Members who previously existed as Guests maintain the same credentials configuration as before. |
+| Access control |   Like Guests, Members are granted permissions to the Organization by way of IAM policies.  |
+| API keys |  The processes for creating, viewing and deleting API keys remain the same.  |
+
+### What changes?
+
+The table below summarizes the key account and access management features that Scaleway offered prior to IAM, and if/how they change with the introduction of Members. For more information, see the relevant sections of this document below.
+
+| Feature | Guests | Members |
+|:--------:|:---------:|:---------:|
+| Login | Guests logged into their own accounts and could access all Organizations they were a part of via the console. | Members are identified by email address. If you are a Member in more than one Organization with the same email address, you can switch between Organizations. You must perform a first connection as a Member to remain connected and easily switch between Organizations. A first login is required for each device you use to connect to the Scaleway console. You remain logged into each device unless you clear your cookies. |
+| Enforcement of MFA | It was not possible to enforce MFA if a Guest in your Organization had not enabled MFA in their account. Organization admins could send reminder emails, but had to wait for the Guest to enable MFA, or remove them from the Organization to complete the enforce process. | When MFA is enforced in the Organization, Members have a [grace period](iam/concepts/#grace-period) to enable MFA in their accounts. This period is set by the Organization admins and starts as soon as a new Member is added. If they fail to enable MFA within this period, their accounts are locked. |
+| Password renewal | Guests were not required to renew their passwords to stay in an Organization. | As a security measure, Organization admins can require Members to renew their passwords within a grace period. If a password was attributed to Members upon their creation, they must renew this password after their first login. |
+| User management | Guest accounts and personal Organizations could not be managed by anyone other than them. Their permissions on Organizations they were invited to are the prerogative of Organization admins. | Member accounts are a 100% manageable resource - they can be created, updated, locked and deleted by Organization admins. |
+| Organizations | Guests were users who had their own personal Organizations and were invited into another. They had full management rights on their accounts and Organizations. If they were removed from an Organization, they would continue to have a Scaleway account. |   Members exist only within an Organization and they exist solely in that Organization. Members cannot own Organizations. They must [comply with the security requirements](/iam/how-to/comply-with-sec-requirements-member) set for the Organization to ensure their continuous access.  |
+
+## How to manually migrate a user from Guest to Member
+
+<Message type="important">
+  The migration does not have any impact on your production.
+</Message>
+
+<Macro id="requirements" />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAMManager permissions](/iam/concepts/#permission)
+
+1. Click **IAM & API keys** on the top-right drop-down menu of the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
+2. Click **Switch to Members** in the *Switch to IAM Members* top banner. A pop-up appears providing information about Member features.
+3. Click **Next**. More information about the changes for your users displays.
+4. Click **Next** again.
+5. Type **MIGRATE**.
+    <Message type="important">
+      Make sure you are sure of migrating before continuing. Switching to Members is a one-time irreversible action.
+    </Message>
+6. Click **Migrate**.
+    <Message type="note">
+      The migration might take up to one minute.
+    </Message>
+
+You receive an email to confirm the migration. The former Guests, now Members, also receive an email with their credentials instructions on how to log in as a member for the first time.
+
+<Message type="important">
+  If you are a Member in more than one Organization with the same email address, you can switch between Organizations. You must perform a first connection as a Member to remain connected and easily switch between Organizations. A first login is required for each device you use to connect to the Scaleway console. You remain logged into each device unless you clear your cookies.
+</Message>
diff --git a/pages/organizations-and-projects/concepts.mdx b/pages/organizations-and-projects/concepts.mdx
@@ -18,7 +18,7 @@ Each [Organization](#organization) has at least one associated [Project](#projec
 
 ## Organization
 
-An Organization is made of one or several [Projects](#project). When you create your Scaleway account, an Organization is automatically created, of which you are the Owner. You can also be added to an existing Organization as a [Guest](#guest) or as a [Member](#member).
+An Organization is made of one or several [Projects](#project). When you create your Scaleway account, an Organization is automatically created, of which you are the Owner. You can also be added to an existing Organization as a [Member](#member).
 
 When you create [IAM rules](#rule), you can set their scope at Organization level. This means you can give access to features managed at Organization level, like billing and IAM, to users, applications, and groups in your Organization.
 

diff --git a/pages/organizations-and-projects/how-to/enforce-mfa.mdx b/pages/organizations-and-projects/how-to/enforce-mfa.mdx
@@ -28,21 +28,12 @@ categories:
 5. Type **ENFORCE** in the box.
     <Message type="important">
     Keep in mind that:
-    - MFA will become mandatory for all users in the Organization. When you invite [Guests](/iam/concepts/#guest) to your Organization in the future, they must have set up MFA to be able to join. <br /><br />
-    - You can only enforce MFA if all Guests in your Organization have already set up MFA on their accounts.
+    - MFA will become mandatory for all users in the Organization.<br /><br />
     - If MFA is enforced in your Organization, all new [Members](/iam/concepts/#member) you create will have to enable MFA within the [grace period](/iam/concepts/#grace-period) you set. If they fail to do so before the grace period is over, their account will be locked. The same applies for existing members who do not yet have MFA enabled. Once you enforce MFA, they also have to comply with this [security requirement](/iam/how-to/enforce-security-requirements-members) within the grace period.
     </Message>
 6. Click **Enforce MFA**.
     - If all users in your Organization already have enabled MFA, a confirmation message appears on the top right corner of the screen.
 
-    - If at least one of the Guests does not have MFA enabled, you must send them an [MFA reminder](#how-to-send-an-mfa-reminder).
-
-## How to send an MFA reminder
-
-1. Click **IAM & API keys** on the top-right drop-down menu of the Scaleway console. The **Users** tab displays.
-2. Click <Icon name="more" /> > **Send MFA reminder** next to the name of a user that has MFA disabled.
-    The user will receive an email requesting that they enable MFA.
-
 ## How to stop enforcing MFA
 
 <Message type="requirement">