Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42

21 files changed, 329 insertions, 186 deletions

diff --git a/doc/user/admin_area/settings/account_and_limit_settings.md b/doc/user/admin_area/settings/account_and_limit_settings.md
index 2b60ed5345b..71e05f44ef0 100644
--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -154,7 +154,12 @@ nginx['client_max_body_size'] = "200m"
 > - It's deployed behind a feature flag, disabled by default.
 > - It's disabled on GitLab.com.
 > - It's not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](../../../security/two_factor_authentication.md#enable-or-disable-two-factor-authentication-2fa-for-git-operations)
+> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](../../../security/two_factor_authentication.md#enable-or-disable-two-factor-authentication-2fa-for-git-operations).
+
+NOTE:
+This feature is under development and not ready for production use. It is deployed
+behind a feature flag that is **disabled by default**. To use it in GitLab
+self-managed instances, ask a GitLab administrator to [enable it](../../../security/two_factor_authentication.md#enable-or-disable-two-factor-authentication-2fa-for-git-operations).
 
 GitLab administrators can choose to customize the session duration (in minutes) for Git operations when 2FA is enabled. The default is 15 and this can be set to a value between 1 and 10080.
 
diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md
index 69d86259409..3b56318e711 100644
--- a/doc/user/admin_area/settings/continuous_integration.md
+++ b/doc/user/admin_area/settings/continuous_integration.md
@@ -18,7 +18,7 @@ for all projects:
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
 1. On the left sidebar, select **Settings > CI/CD**.
 1. Check (or uncheck to disable) the box that says **Default to Auto DevOps pipeline for all projects**.
-1. Optionally, set up the [Auto DevOps base domain](../../../topics/autodevops/index.md#auto-devops-base-domain)
+1. Optionally, set up the [Auto DevOps base domain](../../../topics/autodevops/requirements.md#auto-devops-base-domain)
    which is used for Auto Deploy and Auto Review Apps.
 1. Hit **Save changes** for the changes to take effect.
 
@@ -262,10 +262,20 @@ To disable it:
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
 1. On the left sidebar, select **Settings > CI/CD**.
 1. Expand the **Package Registry** section.
-1. Uncheck **Enable forwarding of npm package requests to npmjs.org**.
-1. Click **Save changes**.
+1. Clear the checkbox **Forward npm package requests to the npm Registry if the packages are not found in the GitLab Package Registry**.
+1. Select **Save changes**.
+
+### PyPI Forwarding **(PREMIUM SELF)**
+
+GitLab administrators can disable the forwarding of PyPI requests to [pypi.org](https://pypi.org/).
+
+To disable it:
 
-![npm package requests forwarding](img/admin_package_registry_npm_package_requests_forward.png)
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Settings > CI/CD**.
+1. Expand the **Package Registry** section.
+1. Clear the checkbox **Forward PyPI package requests to the PyPI Registry if the packages are not found in the GitLab Package Registry**.
+1. Select **Save changes**.
 
 ### Package file size limits
 
diff --git a/doc/user/admin_area/settings/email.md b/doc/user/admin_area/settings/email.md
index e637408328d..236b75797a2 100644
--- a/doc/user/admin_area/settings/email.md
+++ b/doc/user/admin_area/settings/email.md
@@ -13,27 +13,40 @@ You can customize some of the content in emails sent from your GitLab instance.
 
 The logo in the header of some emails can be customized, see the [logo customization section](../appearance.md#navigation-bar).
 
-## Custom additional text **(PREMIUM SELF)**
+## Include author name in email notification email body **(PREMIUM SELF)**
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/5031) in [GitLab Premium](https://about.gitlab.com/pricing/) 10.7.
+By default, GitLab overrides the email address in notification emails with the email address
+of the issue, merge request, or comment author. Enable this setting to include the author's email
+address in the body of the email instead.
 
-The additional text appears at the bottom of any email and can be used for
-legal/auditing/compliance reasons.
+To include the author's email address in the email body:
 
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
 1. On the left sidebar, select **Settings > Preferences** (`/admin/application_settings/preferences`).
 1. Expand **Email**.
-1. Enter your text in the **Additional text** field.
-1. Click **Save**.
+1. Select the **Include author name in email notification email body** checkbox.
+1. Select **Save changes**.
+
+## Enable multipart email **(PREMIUM SELF)**
+
+GitLab can send email in multipart format (HTML and plain text) or plain text only.
+
+To enable multipart email:
+
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Settings > Preferences** (`/admin/application_settings/preferences`).
+1. Expand **Email**.
+1. Select **Enable multipart email**.
+1. Select **Save changes**.
 
-## Custom hostname for private commit emails
+## Custom hostname for private commit emails **(PREMIUM SELF)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/22560) in GitLab 11.5.
 
 This configuration option sets the email hostname for [private commit emails](../../profile/index.md#use-an-automatically-generated-private-commit-email).
  By default it is set to `users.noreply.YOUR_CONFIGURED_HOSTNAME`.
 
-In order to change this option:
+To change the hostname used in private commit emails:
 
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
 1. On the left sidebar, select **Settings > Preferences** (`/admin/application_settings/preferences`).
@@ -42,10 +55,23 @@ In order to change this option:
 1. Select **Save changes**.
 
 NOTE:
-After the hostname gets configured, every private commit email using the previous hostname is not
+After the hostname is configured, every private commit email using the previous hostname is not
 recognized by GitLab. This can directly conflict with certain [Push rules](../../../push_rules/push_rules.md) such as
 `Check whether author is a GitLab user` and `Check whether committer is the current authenticated user`.
 
+## Custom additional text **(PREMIUM SELF)**
+
+You can add additional text at the bottom of any email that GitLab sends. This additional text
+can be used for legal, auditing, or compliance reasons, for example.
+
+To add additional text to emails:
+
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Settings > Preferences** (`/admin/application_settings/preferences`).
+1. Expand **Email**.
+1. Enter your text in the **Additional text** field.
+1. Select **Save changes**.
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues
diff --git a/doc/user/admin_area/settings/floc.md b/doc/user/admin_area/settings/floc.md
index 31a626478ed..0e9d4e5d0c1 100644
--- a/doc/user/admin_area/settings/floc.md
+++ b/doc/user/admin_area/settings/floc.md
@@ -8,8 +8,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60933) in GitLab Free 13.12.
 
-Federated Learning of Conhorts (FLoC) is a feature that the Chrome browser has
-rolled out, where users are categorized into different cohorts, so that
+Federated Learning of Cohorts (FLoC) is a new feature of the Chrome browser.
+It works by categorizing users into different cohorts, so that
 advertisers can use this data to uniquely target and track users. For more
 information, visit the [FLoC repository](https://github.com/WICG/floc).
 
diff --git a/doc/user/admin_area/settings/help_page.md b/doc/user/admin_area/settings/help_page.md
index d2f99a51ec3..01516430f4f 100644
--- a/doc/user/admin_area/settings/help_page.md
+++ b/doc/user/admin_area/settings/help_page.md
@@ -5,10 +5,10 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 type: howto
 ---
 
-# Customize the Help and sign-in page messages
+# Customize the Help and sign-in page messages **(FREE SELF)**
 
 In large organizations, it is useful to have information about who to contact or where
-to go for help. You can customize and display this information on the GitLab  `/help` page and on
+to go for help. You can customize and display this information on the GitLab `/help` page and on
 the GitLab sign-in page.
 
 ## Add a help message to the Help page
@@ -17,32 +17,39 @@ You can add a help message, which is shown at the top of the GitLab `/help` page
 <https://gitlab.com/help>):
 
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
-1. In the left sidebar, select **Settings > Preferences**, then expand **Help page**.
-1. Under **Additional text to show on the Help page**, fill in the information you wish to display on `/help`.
-1. Select **Save changes**. You can now see the message on `/help`.
+1. On the left sidebar, select **Settings > Preferences**.
+1. Expand **Sign-in and Help page**.
+1. In **Additional text to show on the Help page**, enter the information you want to display on `/help`.
+1. Select **Save changes**.
+
+You can now see the message on `/help`.
 
 NOTE:
 By default, `/help` is visible to unauthenticated users. However, if the
-[**Public** visibility level](visibility_and_access_controls.md#restricted-visibility-levels)
+[**Public** visibility level](visibility_and_access_controls.md#restrict-visibility-levels)
 is restricted, `/help` is visible only to signed-in users.
 
-## Add a help message to the sign-in page **(STARTER)**
+## Add a help message to the sign-in page
 
 You can add a help message, which is shown on the GitLab sign-in page. The message appears in a new
 section titled **Need Help?**, located below the sign-in page message:
 
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
-1. In the left sidebar, select **Settings > Preferences**, then expand **Help page**.
-1. Under **Additional text to show on the sign-in page**, fill in the information you wish to
+1. On the left sidebar, select **Settings > Preferences**.
+1. Expand **Sign-in and Help page**.
+1. In **Additional text to show on the sign-in page**, enter the information you want to
    display on the sign-in page.
-1. Select **Save changes**. You can now see the message on the sign-in page.
+1. Select **Save changes**.
+
+You can now see the message on the sign-in page.
 
 ## Hide marketing-related entries from the Help page
 
 GitLab marketing-related entries are occasionally shown on the Help page. To hide these entries:
 
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
-1. In the left sidebar, select **Settings > Preferences**, then expand **Help page**.
+1. On the left sidebar, select **Settings > Preferences**.
+1. Expand **Sign-in and Help page**.
 1. Select the **Hide marketing-related entries from the Help page** checkbox.
 1. Select **Save changes**.
 
@@ -54,10 +61,48 @@ You can specify a custom URL to which users are directed when they:
 - Select **See our website for help** on the Help page.
 
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
-1. In the left sidebar, select **Settings > Preferences**, then expand **Help page**.
-1. Enter the URL in the **Support page URL** field.
+1. On the left sidebar, select **Settings > Preferences**.
+1. Expand **Sign-in and Help page**.
+1. In the **Support page URL** field, enter the URL.
 1. Select **Save changes**.
 
+## Redirect `/help` pages
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/43157) in GitLab 13.5.
+> - Enabled on GitLab.com and is ready for production use.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to
+[enable the `:help_page_documentation_redirect` flag](../../../administration/feature_flags.md).
+On GitLab.com, this feature is available but can be configured by GitLab.com administrators only.
+
+The `/help` URL of a GitLab instance displays a basic version of the documentation sourced from the
+[`doc` directory](https://gitlab.com/gitlab-org/gitlab/-/tree/master/doc) of GitLab. `/help` links
+are often used for contextual help.
+
+You can redirect these `/help` links to either:
+
+- The more navigable and searchable version published at [`docs.gitlab.com`](https://docs.gitlab.com).
+- A destination that meets [necessary requirements](#destination-requirements).
+
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > Preferences**.
+1. Expand **Sign-in and Help page**.
+1. In the **Documentation pages URL** field, enter the URL.
+1. Select **Save changes**.
+
+### Destination requirements
+
+When redirecting `/help`, GitLab:
+
+- Redirects requests to the specified URL.
+- Appends `ee`  and the documentation path to the URL.
+- Appends `.html` to the URL, and removes `.md` if necessary.
+
+For example, if the URL is set to `https://docs.gitlab.com`, requests for
+`/help/user/admin_area/settings/help_page.md` redirect to:
+`https://docs.gitlab.com/ee/user/admin_area/settings/help_page.html`.
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues
diff --git a/doc/user/admin_area/settings/img/admin_package_registry_npm_package_requests_forward.png b/doc/user/admin_area/settings/img/admin_package_registry_npm_package_requests_forward.png
deleted file mode 100644
index b6068f5d19b..00000000000
--- a/doc/user/admin_area/settings/img/admin_package_registry_npm_package_requests_forward.png
+++ /dev/null
diff --git a/doc/user/admin_area/settings/img/clone_panel_v12_4.png b/doc/user/admin_area/settings/img/clone_panel_v12_4.png
deleted file mode 100644
index 427224f5b78..00000000000
--- a/doc/user/admin_area/settings/img/clone_panel_v12_4.png
+++ /dev/null
diff --git a/doc/user/admin_area/settings/img/domain_denylist.png b/doc/user/admin_area/settings/img/domain_denylist.png
deleted file mode 100644
index a7e972b7c0a..00000000000
--- a/doc/user/admin_area/settings/img/domain_denylist.png
+++ /dev/null
diff --git a/doc/user/admin_area/settings/img/domain_denylist_v14_1.png b/doc/user/admin_area/settings/img/domain_denylist_v14_1.png
new file mode 100644
index 00000000000..c988afd75f6
--- /dev/null
+++ b/doc/user/admin_area/settings/img/domain_denylist_v14_1.png
diff --git a/doc/user/admin_area/settings/img/enforce_terms.png b/doc/user/admin_area/settings/img/enforce_terms.png
deleted file mode 100644
index de1a82275ab..00000000000
--- a/doc/user/admin_area/settings/img/enforce_terms.png
+++ /dev/null
diff --git a/doc/user/admin_area/settings/img/rate_limit_on_issues_creation_v13_1.png b/doc/user/admin_area/settings/img/rate_limit_on_issues_creation_v13_1.png
deleted file mode 100644
index 9edc916c7fb..00000000000
--- a/doc/user/admin_area/settings/img/rate_limit_on_issues_creation_v13_1.png
+++ /dev/null
diff --git a/doc/user/admin_area/settings/img/rate_limit_on_issues_creation_v14_2.png b/doc/user/admin_area/settings/img/rate_limit_on_issues_creation_v14_2.png
new file mode 100644
index 00000000000..63f4d5a4a1a
--- /dev/null
+++ b/doc/user/admin_area/settings/img/rate_limit_on_issues_creation_v14_2.png
diff --git a/doc/user/admin_area/settings/img/respond_to_terms.png b/doc/user/admin_area/settings/img/respond_to_terms.png
deleted file mode 100644
index f91480d1ce7..00000000000
--- a/doc/user/admin_area/settings/img/respond_to_terms.png
+++ /dev/null
diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md
index d21b6c36224..21ca1c573fe 100644
--- a/doc/user/admin_area/settings/index.md
+++ b/doc/user/admin_area/settings/index.md
@@ -51,10 +51,10 @@ To access the default page for Admin Area settings:
 | Option | Description |
 | ------ | ----------- |
 | [Repository's custom initial branch name](../../project/repository/branches/default.md#instance-level-custom-initial-branch-name) | Set a custom branch name for new repositories created in your instance. |
-| [Repository mirror](visibility_and_access_controls.md#allow-mirrors-to-be-set-up-for-projects) | Configure repository mirroring. |
+| [Repository mirror](visibility_and_access_controls.md#enable-project-mirroring) | Configure repository mirroring. |
 | [Repository storage](../../../administration/repository_storage_types.md) | Configure storage path settings. |
 | Repository maintenance | ([Repository checks](../../../administration/repository_checks.md) and [Housekeeping](../../../administration/housekeeping.md)). Configure automatic Git checks and housekeeping on repositories. |
-| [Repository static objects](../../../administration/static_objects_external_storage.md) | Serve repository static objects (for example, archives, blobs, ...) from an external storage (for example, a CDN). |
+| [Repository static objects](../../../administration/static_objects_external_storage.md) | Serve repository static objects (for example, archives and blobs) from an external storage (for example, a CDN). |
 
 ## Templates **(PREMIUM SELF)**
 
@@ -84,8 +84,8 @@ To access the default page for Admin Area settings:
 | ------ | ----------- |
 | [Metrics - Prometheus](../../../administration/monitoring/prometheus/gitlab_metrics.md) | Enable and configure Prometheus metrics. |
 | [Metrics - Grafana](../../../administration/monitoring/performance/grafana_configuration.md#integration-with-gitlab-ui) | Enable and configure Grafana. |
-| [Profiling - Performance bar](../../../administration/monitoring/performance/performance_bar.md#enable-the-performance-bar-via-the-admin-area) | Enable access to the Performance Bar for a given group. |
-| [Self monitoring](../../../administration/monitoring/gitlab_self_monitoring_project/index.md#creating-the-self-monitoring-project) | Enable or disable instance self monitoring. |
+| [Profiling - Performance bar](../../../administration/monitoring/performance/performance_bar.md#enable-the-performance-bar-for-non-administrators) | Enable access to the Performance Bar for non-administrator users in a given group. |
+| [Self monitoring](../../../administration/monitoring/gitlab_self_monitoring_project/index.md#create-the-self-monitoring-project) | Enable or disable instance self monitoring. |
 | [Usage statistics](usage_statistics.md) | Enable or disable version check and Service Ping. |
 | [Pseudonymizer data collection](../../../administration/pseudonymizer.md) **(ULTIMATE)** | Enable or disable the Pseudonymizer data collection. |
 
@@ -115,7 +115,7 @@ To access the default page for Admin Area settings:
 | [What's new](../../../administration/whats-new.md) | Configure What's new drawer and content. |
 | [Help page](help_page.md) | Help page text and support page URL. |
 | [Pages](../../../administration/pages/index.md#custom-domain-verification) | Size and domain settings for static websites |
-| [Real-time features](../../../administration/polling.md) | Change this value to influence how frequently the GitLab UI polls for updates. |
+| [Polling interval multiplier](../../../administration/polling.md) | Configure how frequently the GitLab UI polls for updates. |
 | [Gitaly timeouts](gitaly_timeouts.md) | Configure Gitaly timeouts. |
 | Localization | [Default first day of the week](../../profile/preferences.md) and [Time tracking](../../project/time_tracking.md#limit-displayed-units-to-hours). |
 
diff --git a/doc/user/admin_area/settings/project_integration_management.md b/doc/user/admin_area/settings/project_integration_management.md
index 3140eecfa53..3b949b638d8 100644
--- a/doc/user/admin_area/settings/project_integration_management.md
+++ b/doc/user/admin_area/settings/project_integration_management.md
@@ -1,6 +1,6 @@
 ---
-stage: Create
-group: Ecosystem
+stage: Ecosystem
+group: Integrations
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
@@ -61,6 +61,18 @@ integration on all non-configured groups and projects by default.
 
 Resetting an instance-level default setting removes the integration from all projects that have the integration set to use default settings.
 
+### View projects that override the default settings
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/218252) in GitLab 14.2.
+
+You can view which projects in your instance use custom settings that [override the instance-level default settings](#use-custom-settings-for-a-group-or-project-integration)
+for an integration.
+
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > Integrations**.
+1. Select an integration.
+1. Select the **Projects using custom settings** tab.
+
 ## Manage group-level default settings for a project integration
 
 > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2543) in GitLab 13.6.
diff --git a/doc/user/admin_area/settings/rate_limit_on_issues_creation.md b/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
index ef2b8ad80cd..bba61a7b913 100644
--- a/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
+++ b/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
@@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28129) in GitLab 12.10.
 
-This setting allows you to rate limit the requests to the issue creation endpoint.
+This setting allows you to rate limit the requests to the issue and epic creation endpoints.
 To can change its value:
 
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
@@ -22,7 +22,9 @@ For example, if you set a limit of 300, requests using the
 [Projects::IssuesController#create](https://gitlab.com/gitlab-org/gitlab/raw/master/app/controllers/projects/issues_controller.rb)
 action exceeding a rate of 300 per minute are blocked. Access to the endpoint is allowed after one minute.
 
-![Rate limits on issues creation](img/rate_limit_on_issues_creation_v13_1.png)
+When using [epics](../../group/epics/index.md), epic creation will share this rate limit with issues.
+
+![Rate limits on issues creation](img/rate_limit_on_issues_creation_v14_2.png)
 
 This limit is:
 
diff --git a/doc/user/admin_area/settings/rate_limit_on_notes_creation.md b/doc/user/admin_area/settings/rate_limit_on_notes_creation.md
index 193f39542cf..7615ad6f81d 100644
--- a/doc/user/admin_area/settings/rate_limit_on_notes_creation.md
+++ b/doc/user/admin_area/settings/rate_limit_on_notes_creation.md
@@ -17,7 +17,7 @@ To change the note creation rate limit:
 1. On the left sidebar, select **Settings > Network**.
 1. Expand **Notes Rate Limits**.
 1. Under **Max requests per minute per user**, enter the new value.
-1. Optional. Under **List of users to be excluded from the limit**, list users to be excluded fromt the limit.
+1. Optional. Under **List of users to be excluded from the limit**, list users to be excluded from the limit.
 1. Select **Save changes**.
 
 This limit is:
diff --git a/doc/user/admin_area/settings/sign_up_restrictions.md b/doc/user/admin_area/settings/sign_up_restrictions.md
index 1098c7060f8..c774ae2eecc 100644
--- a/doc/user/admin_area/settings/sign_up_restrictions.md
+++ b/doc/user/admin_area/settings/sign_up_restrictions.md
@@ -31,7 +31,10 @@ To disable sign ups:
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4491) in GitLab 13.5.
 > - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/267568) in GitLab 13.6.
 
-When this setting is enabled, any user visiting your GitLab domain and signing up for a new account must be explicitly [approved](../approving_users.md#approve-or-reject-a-user-sign-up) by an administrator before they can start using their account. In GitLab 13.6 and later, this setting is enabled by default for new GitLab instances. It is only applicable if sign ups are enabled.
+When this setting is enabled, any user visiting your GitLab domain and signing up for a new account
+must be explicitly [approved](../moderate_users.md#approve-or-reject-a-user-sign-up) by an
+administrator before they can start using their account. In GitLab 13.6 and later, this setting is
+enabled by default for new GitLab instances. It is only applicable if sign ups are enabled.
 
 To require administrator approval for new sign ups:
 
@@ -59,7 +62,7 @@ To enforce confirmation of the email address used for new sign ups:
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/292600) in GitLab 13.9.
 
 When the number of billable users reaches the user cap, any user who is added or requests access must be
-[approved](../approving_users.md#approve-or-reject-a-user-sign-up) by an administrator before they can start using
+[approved](../moderate_users.md#approve-or-reject-a-user-sign-up) by an administrator before they can start using
 their account.
 
 If an administrator [increases](#set-the-user-cap-number) or [removes](#remove-the-user-cap) the
@@ -145,7 +148,7 @@ To create an email domain allowlist or denylist:
 domains ending in `.io`. Domains must be separated by a whitespace,
 semicolon, comma, or a new line.
 
-   ![Domain Denylist](img/domain_denylist.png)
+   ![Domain Denylist](img/domain_denylist_v14_1.png)
 
 ### Enable or disable soft email confirmation
 
diff --git a/doc/user/admin_area/settings/terms.md b/doc/user/admin_area/settings/terms.md
index 46e85ffc9c0..21805ef771f 100644
--- a/doc/user/admin_area/settings/terms.md
+++ b/doc/user/admin_area/settings/terms.md
@@ -5,59 +5,35 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 type: reference
 ---
 
-# Enforce accepting Terms of Service **(FREE SELF)**
+# Terms of Service and Privacy Policy **(FREE SELF)**
 
-An administrator can enforce acceptance of a terms of service and privacy policy. When this option is enabled, new and existing users must accept the terms.
+An administrator can enforce acceptance of a terms of service and privacy policy.
+When this option is enabled, new and existing users must accept the terms.
 
-If configured, the Terms of Service page can be viewed via `https://your-instance.com/-/users/terms` at anytime.
+When enabled, you can view the Terms of Service at the `-/users/terms` page on the instance,
+for example `https://gitlab.example.com/-/users/terms`.
 
-## Configuration
+## Enforce a Terms of Service and Privacy Policy
 
 To enforce acceptance of a Terms of Service and Privacy Policy:
 
-1. Log in to the GitLab instance as an admin user.
 1. On the top bar, select **Menu >** **{admin}** **Admin**.
 1. In the left sidebar, select **Settings > General**.
 1. Expand the **Terms of Service and Privacy Policy** section.
-1. Check the **Require all users to accept Terms of Service and Privacy Policy when they access
-   GitLab.** checkbox.
-1. Input the text of the **Terms of Service and Privacy Policy**. Markdown formatting can be used in this input box.
+1. Check the **All users must accept the Terms of Service and Privacy Policy to access GitLab** checkbox.
+1. Input the text of the **Terms of Service and Privacy Policy**. You can use [Markdown](../../markdown.md)
+   in this text box.
 1. Click **Save changes**.
-1. When you are presented with the **Terms of Service** statement, click **Accept terms**.
-
-![Enable enforcing Terms of Service](img/enforce_terms.png)
 
 For each update to the terms, a new version is stored. When a user accepts or declines the terms,
 GitLab records which version they accepted or declined.
 
-## New users
-
-When this feature is enabled, a checkbox is added to the sign-up form.
+When enabled, it adds a mandatory checkbox to the sign up page for new users:
 
 ![Sign up form](img/sign_up_terms.png)
 
-This checkbox is required during sign up.
-
-Users can review the terms entered in the admin panel before
-accepting. The page is opened in a new window so they can
-continue their registration afterwards.
-
-## Accepting terms
-
-When this feature is enabled, the users that have not accepted the
-terms of service are presented with a screen where they can either
-accept or decline the terms.
-
-![Respond to terms](img/respond_to_terms.png)
-
-If the user accepts the terms, they are directed to where they
-were going. After a sign-in or sign-up this is most likely the
-dashboard.
-
-If the user was already logged in when the feature was turned on,
-they are asked to accept the terms on their next interaction.
-
-If a user declines the terms, they are signed out.
+Existing users must accept the terms on their next GitLab interaction.
+If a logged-in user declines the terms, they are signed out.
 
 <!-- ## Troubleshooting
 
diff --git a/doc/user/admin_area/settings/usage_statistics.md b/doc/user/admin_area/settings/usage_statistics.md
index c12b720edd2..89c6be9608b 100644
--- a/doc/user/admin_area/settings/usage_statistics.md
+++ b/doc/user/admin_area/settings/usage_statistics.md
@@ -10,25 +10,24 @@ type: reference
 GitLab Inc. periodically collects information about your instance in order
 to perform various actions.
 
-All statistics are opt-out. To enable or disable them:
+All usage statistics are [opt-out](#enable-or-disable-usage-statistics).
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
-1. In the left sidebar, select **Settings > Metrics and profiling**, and expand **Usage statistics**.
-1. Enable or disable **Version check** and **Service ping**.
-1. Select **Save changes**.
+## Service Ping **(FREE SELF)**
 
-## Network configuration
+Service Ping is a process that collects and sends a weekly payload to GitLab Inc.
+For more information, see the [Service Ping guide](../../../development/service_ping/index.md).
 
-Allow network traffic from your GitLab instance to IP address `104.196.17.203:443`, to send
-usage statistics to GitLab Inc.
+### Instance-level analytics availability
 
-If your GitLab instance is behind a proxy, set the appropriate [proxy configuration variables](https://docs.gitlab.com/omnibus/settings/environment-variables.html).
+When Service Ping is enabled, GitLab gathers data from other instances and
+enables certain [instance-level analytics features](../analytics/index.md)
+that are dependent on Service Ping.
 
-## Version Check **(FREE SELF)**
+## Version check **(FREE SELF)**
 
 If enabled, version check informs you if a new version is available and the
-importance of it through a status. This is shown on the help page (i.e. `/help`)
-for all signed in users, and on the admin pages. The statuses are:
+importance of it through a status. The status displays on the help pages (`/help`)
+for all signed-in users, and on the Admin Area pages. The statuses are:
 
 - Green: You are running the latest version of GitLab.
 - Orange: An updated version of GitLab is available.
@@ -44,17 +43,12 @@ This information is used, among other things, to identify to which versions
 patches must be backported, making sure active GitLab instances remain
 secure.
 
-If you disable version check, this information isn't collected. To enable or disable it:
-
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
-1. In the left sidebar, select **Settings > Metrics and profiling**, and expand **Usage statistics**.
-1. Enable or disable **Version check**.
-1. Select **Save changes**.
+If you [disable version check](#enable-or-disable-usage-statistics), this information isn't collected.
 
 ### Request flow example
 
-The following example shows a basic request/response flow between the self-managed GitLab instance
-and the GitLab Version Application:
+The following example shows a basic request/response flow between a
+self-managed GitLab instance and the GitLab Version Application:
 
 ```mermaid
 sequenceDiagram
@@ -67,14 +61,22 @@ sequenceDiagram
     Version Application->>GitLab instance: Response (PNG/SVG)
 ```
 
-## Service Ping **(FREE SELF)**
+## Configure your network
+
+To send usage statistics to GitLab Inc., you must allow network traffic from your
+GitLab instance to the IP address `104.196.17.203:443`.
+
+If your GitLab instance is behind a proxy, set the appropriate
+[proxy configuration variables](https://docs.gitlab.com/omnibus/settings/environment-variables.html).
 
-See [Service Ping guide](../../../development/service_ping/index.md).
+## Enable or disable usage statistics
 
-## Instance-level analytics availability
+To enable or disable Service Ping and version check:
 
-After Service Ping is enabled, GitLab gathers data from other instances and
-enables certain [instance-level analytics features](../analytics/index.md) that are dependent on Service Ping.
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > Metrics and profiling**, and expand **Usage statistics**.
+1. Select or clear the **Version check** and **Service ping** checkboxes.
+1. Select **Save changes**.
 
 <!-- ## Troubleshooting
 
diff --git a/doc/user/admin_area/settings/visibility_and_access_controls.md b/doc/user/admin_area/settings/visibility_and_access_controls.md
index 4af33c133a4..c46aec76e57 100644
--- a/doc/user/admin_area/settings/visibility_and_access_controls.md
+++ b/doc/user/admin_area/settings/visibility_and_access_controls.md
@@ -5,9 +5,10 @@ info: "To determine the technical writer assigned to the Stage/Group associated
 type: reference
 ---
 
-# Visibility and access controls **(FREE SELF)**
+# Control access and visibility **(FREE SELF)**
 
-GitLab allows administrators to enforce specific controls.
+GitLab enables users with the [Administrator role](../../permissions.md) to enforce
+specific controls on branches, projects, snippets, groups, and more.
 
 To access the visibility and access control options:
 
@@ -16,59 +17,95 @@ To access the visibility and access control options:
 1. In the left sidebar, select **Settings > General**.
 1. Expand the **Visibility and access controls** section.
 
-## Default branch protection
+## Protect default branches
 
-This global option defines the branch protection that applies to every repository's
-[default branch](../../project/repository/branches/default.md).
-[Branch protection](../../project/protected_branches.md) specifies which roles can push
-to branches and which roles can delete branches. In this case _Default_ refers to a
-repository's [default branch](../../project/repository/branches/default.md).
+With this option, you can define [branch protections](../../project/protected_branches.md)
+to apply to every repository's [default branch](../../project/repository/branches/default.md).
+These protections specify the user roles with permission to:
 
-This setting applies only to each repositories' default branch. To protect other branches, you must configure branch protection in repository. For details, see [protected branches](../../project/protected_branches.md).
+- Push to branches.
+- Delete branches.
 
-To change the default branch protection:
+This setting applies only to each repository's default branch. To protect other branches,
+you must configure [branch protection in the repository](../../project/protected_branches.md),
+or configure [branch protection for groups](../../group/index.md#change-the-default-branch-protection-of-a-group).
 
-1. Select the desired option.
-1. Click **Save changes**.
-
-For more details, see [Protected branches](../../project/protected_branches.md).
+To change the default branch protection for the entire instance:
 
-To change this setting for a specific group, see [Default branch protection for groups](../../group/index.md#change-the-default-branch-protection-of-a-group)
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
+1. Select a **Default branch protection**:
+   - **Not protected** - Both developers and maintainers can push new commits,
+     force push, or delete the branch.
+   - **Protected against pushes** - Developers cannot push new commits, but are
+     allowed to accept merge requests to the branch. Maintainers can push to the branch.
+   - **Partially protected** - Both developers and maintainers can push new commits,
+     but cannot force push or delete the branch.
+   - **Fully protected** - Developers cannot push new commits, but maintainers can.
+     No one can force push or delete the branch.
+1. To allow group owners to override the instance's default branch protection, select
+   [**Allow owners to manage default branch protection per group**](#prevent-overrides-of-default-branch-protection).
+1. Select **Save changes**.
 
-### Disable group owners from updating default branch protection **(PREMIUM SELF)**
+### Prevent overrides of default branch protection **(PREMIUM SELF)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/211944) in GitLab 13.0.
 
-By default, group owners are allowed to override the branch protection set at the global level.
-
-In [GitLab Premium or higher](https://about.gitlab.com/pricing/), GitLab administrators can disable this privilege of group owners.
-
-To do this:
+Instance-level protections for [default branch](../../project/repository/branches/default.md)
+can be overridden on a per-group basis by the group's owner. In
+[GitLab Premium or higher](https://about.gitlab.com/pricing/), GitLab administrators can
+disable this privilege for group owners, enforcing the instance-level protection rule:
 
-1. Uncheck the **Allow owners to manage default branch protection per group** checkbox.
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
+1. Deselect the **Allow owners to manage default branch protection per group** checkbox.
+1. Select **Save changes**.
 
 NOTE:
 GitLab administrators can still update the default branch protection of a group.
 
-## Default project creation protection
+## Define which roles can create projects
 
-Project creation protection specifies which roles can create projects.
+Instance-level protections for project creation define which roles can
+[add projects to a group](../../group/index.md#specify-who-can-add-projects-to-a-group)]
+on the instance. To alter which roles have permission to create projects:
 
-To change the default project creation protection:
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
+1. For **Default project creation protection**, select the desired roles:
+   - No one.
+   - Maintainers.
+   - Developers and Maintainers.
+1. Select **Save changes**.
 
-1. Select the desired option.
-1. Click **Save changes**.
+## Restrict project deletion to Administrators **(PREMIUM SELF)**
+
+Anyone with the **Owner** role, either at the project or group level, can
+delete a project. To allow only users with the Administrator role to delete projects:
 
-For more details, see [Specify who can add projects to a group](../../group/index.md#specify-who-can-add-projects-to-a-group).
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
+1. Scroll to **Default project deletion protection**, and select **Only admins can delete project**.
+1. Select **Save changes**.
 
-## Default project deletion protection **(PREMIUM SELF)**
+## Default delayed project deletion **(PREMIUM SELF)**
 
-By default, a project can be deleted by anyone with the **Owner** role, either at the project or
-group level.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/255449) in GitLab 14.2.
 
-To ensure only Administrator users can delete projects:
+Projects in a group (but not a personal namespace) can be deleted after a delayed period, by
+[configuring in Group Settings](../../group/index.md#enable-delayed-project-removal).
 
-1. Check the **Default project deletion protection** checkbox.
+To enable delayed project deletion by default in new groups:
+
+1. Check the **Default delayed project deletion** checkbox.
 1. Click **Save changes**.
 
 ## Default deletion delay **(PREMIUM SELF)**
@@ -92,7 +129,7 @@ To change this period:
 1. Select the desired option.
 1. Click **Save changes**.
 
-### Override default deletion delayed period
+### Override defaults and delete immediately
 
 Alternatively, projects that are marked for removal can be deleted immediately. To do so:
 
@@ -100,107 +137,132 @@ Alternatively, projects that are marked for removal can be deleted immediately.
 1. Delete the project as described in the
    [Administering Projects page](../../admin_area/#administering-projects).
 
-## Default project visibility
-
-To set the default visibility levels for new projects:
+## Configure project visibility defaults
 
-1. Select the desired default project visibility.
-1. Click **Save changes**.
+To set the default [visibility levels for new projects](../../../public_access/public_access.md):
 
-For more details on project visibility, see
-[Project visibility](../../../public_access/public_access.md).
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
+1. Select the desired default project visibility:
+   - **Private** - Project access must be granted explicitly to each user. If this
+     project is part of a group, access will be granted to members of the group.
+   - **Internal** - The project can be accessed by any logged in user except external users.
+   - **Public** - The project can be accessed without any authentication.
+1. Select **Save changes**.
 
-## Default snippet visibility
+## Configure snippet visibility defaults
 
-To set the default visibility levels for new snippets:
+To set the default visibility levels for new [snippets](../../snippets.md):
 
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
 1. Select the desired default snippet visibility.
-1. Click **Save changes**.
+1. Select **Save changes**.
 
-For more details on snippet visibility, see
+For more details on snippet visibility, read
 [Project visibility](../../../public_access/public_access.md).
 
-## Default group visibility
+## Configure group visibility defaults
 
 To set the default visibility levels for new groups:
 
-1. Select the desired default group visibility.
-1. Click **Save changes**.
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
+1. Select the desired default group visibility:
+   - **Private** - The group and its projects can only be viewed by members.
+   - **Internal** - The group and any internal projects can be viewed by any logged in user except external users.
+   - **Public** - The group and any public projects can be viewed without any authentication.
+1. Select **Save changes**.
 
 For more details on group visibility, see
 [Group visibility](../../group/index.md#group-visibility).
 
-## Restricted visibility levels
+## Restrict visibility levels
 
-To set the restricted visibility levels for projects, snippets, and selected pages:
+To restrict visibility levels for projects, snippets, and selected pages:
 
-1. Select the desired visibility levels to restrict.
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
+1. In the **Restricted visibility levels** section, select the desired visibility levels to restrict.
 1. Select **Save changes**.
 
 For more details on project visibility, see
 [Project visibility](../../../public_access/public_access.md).
 
-## Import sources
-
-To specify from which hosting sites users can [import their projects](../../project/import/index.md):
-
-1. Check the checkbox beside the name of each hosting site.
-1. Click **Save changes**.
+## Configure allowed import sources
 
-## Project export
+You can specify from which hosting sites users can [import their projects](../../project/import/index.md):
 
-To enable project export:
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
+1. Select each of **Import sources** to allow.
+1. Select **Save changes**.
 
-1. Check the **Project export enabled** checkbox.
-1. Click **Save changes**.
+## Enable project export
 
-For more details, see [Exporting a project and its data](../../../user/project/settings/import_export.md#exporting-a-project-and-its-data).
+To enable the export of
+[projects and their data](../../../user/project/settings/import_export.md#export-a-project-and-its-data):
 
-## Enabled Git access protocols
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
+1. Select **Project export enabled**.
+1. Select **Save changes**.
 
-With GitLab access restrictions, you can select with which protocols users can communicate with
-GitLab.
+## Configure enabled Git access protocols
 
-Disabling an access protocol does not block access to the server itself by using those ports. The ports
-used for the protocol, SSH or HTTP(S), are still accessible. The GitLab restrictions apply at the
-application level.
+With GitLab access restrictions, you can select the protocols users can use to
+communicate with GitLab. Disabling an access protocol does not block port access to the
+server itself. The ports used for the protocol, SSH or HTTP(S), are still accessible.
+The GitLab restrictions apply at the application level.
 
 To specify the enabled Git access protocols:
 
-1. Select the desired Git access protocols from the dropdown:
+1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. In the left sidebar, select **Settings > General**.
+1. Expand the **Visibility and access controls** section.
+1. Select the desired Git access protocols:
    - Both SSH and HTTP(S)
    - Only SSH
    - Only HTTP(S)
-1. Click **Save changes**.
+1. Select **Save changes**.
 
 When both SSH and HTTP(S) are enabled, users can choose either protocol.
-
-When only one protocol is enabled:
+If only one protocol is enabled:
 
 - The project page shows only the allowed protocol's URL, with no option to
   change it.
-- A tooltip is shown when you hover over the URL's protocol, if an action
-  on the user's part is required. For example, adding an SSH key or setting a password.
+- GitLab shows a tooltip when you hover over the URL's protocol, if user action
+  (such as adding a SSH key or setting a password) is required:
 
-![Project URL with SSH only access](img/restricted_url.png)
+  ![Project URL with SSH only access](img/restricted_url.png)
 
-On top of these UI restrictions, GitLab denies all Git actions on the protocol
-not selected.
+GitLab only allows Git actions for the protocols you select.
 
 WARNING:
 GitLab versions [10.7 and later](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/18021),
 allow the HTTP(S) protocol for Git clone or fetch requests done by GitLab Runner
-from CI/CD jobs, even if **Only SSH** was selected.
+from CI/CD jobs, even if you select **Only SSH**.
 
-## Custom Git clone URL for HTTP(S)
+## Customize Git clone URL for HTTP(S)
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18422) in GitLab 12.4.
 
 You can customize project Git clone URLs for HTTP(S), which affects the clone
 panel:
 
-![Clone panel](img/clone_panel_v12_4.png)
-
 For example, if:
 
 - Your GitLab instance is at `https://example.com`, then project clone URLs are like
@@ -219,7 +281,7 @@ NOTE:
 SSH clone URLs can be customized in `gitlab.rb` by setting `gitlab_rails['gitlab_ssh_host']` and
 other related settings.
 
-## RSA, DSA, ECDSA, ED25519 SSH keys
+## Configure defaults for RSA, DSA, ECDSA, ED25519 SSH keys
 
 These options specify the permitted types and lengths for SSH keys.
 
@@ -230,7 +292,7 @@ To specify a restriction for each key type:
 
 For more details, see [SSH key restrictions](../../../security/ssh_keys_restrictions.md).
 
-## Allow mirrors to be set up for projects
+## Enable project mirroring
 
 This option is enabled by default. By disabling it, both
 [pull and push mirroring](../../project/repository/repository_mirroring.md) no longer