Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42

19 files changed, 219 insertions, 200 deletions

diff --git a/doc/user/group/contribution_analytics/index.md b/doc/user/group/contribution_analytics/index.md
index 76a8eb77e72..3b866c4a1b0 100644
--- a/doc/user/group/contribution_analytics/index.md
+++ b/doc/user/group/contribution_analytics/index.md
@@ -11,8 +11,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 With Contribution Analytics, you can get an overview of the [contribution events](../../index.md#user-contribution-events) in your
 group.
 
-- Analyze your team's contributions over a period of time, and offer a bonus for the top
-  contributors.
+- Analyze your team's contributions over a period of time.
 - Identify opportunities for improvement with group members who may benefit from additional
   support.
 
diff --git a/doc/user/group/custom_project_templates.md b/doc/user/group/custom_project_templates.md
index 2214a18475a..00e6bc671c1 100644
--- a/doc/user/group/custom_project_templates.md
+++ b/doc/user/group/custom_project_templates.md
@@ -24,7 +24,7 @@ You can also configure [custom templates for the instance](../admin_area/custom_
 
 Prerequisite:
 
-- You must have the [Owner role for the group](../permissions.md#group-members-permissions).
+- You must have the Owner role for the group.
 
 To set up custom project templates in a group, add the subgroup that contains the
 project templates to the group settings:
diff --git a/doc/user/group/devops_adoption/index.md b/doc/user/group/devops_adoption/index.md
index 4151745189d..333bef84dcc 100644
--- a/doc/user/group/devops_adoption/index.md
+++ b/doc/user/group/devops_adoption/index.md
@@ -6,7 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Group DevOps Adoption **(ULTIMATE)**
 
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/321083) in GitLab 13.11 as a [Beta feature](https://about.gitlab.com/handbook/product/gitlab-the-product/#beta).
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/321083) in GitLab 13.11 as a [Beta feature](../../../policy/alpha-beta-support.md#beta-features).
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/333556) in GitLab 14.1.
 > - The Overview tab [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/330401) in GitLab 14.1.
 > - DAST and SAST metrics [added](https://gitlab.com/gitlab-org/gitlab/-/issues/328033) in GitLab 14.1.
@@ -32,7 +32,7 @@ how to use those features.
 
 Prerequisite:
 
-- You must have at least the [Reporter role](../../permissions.md) for the group.
+- You must have at least the Reporter role for the group.
 
 To view DevOps Adoption:
 
diff --git a/doc/user/group/epics/epic_boards.md b/doc/user/group/epics/epic_boards.md
index d184030718a..f03a56d8a00 100644
--- a/doc/user/group/epics/epic_boards.md
+++ b/doc/user/group/epics/epic_boards.md
@@ -24,7 +24,7 @@ To view an epic board:
 
 Prerequisites:
 
-- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
+- You must have at least the Reporter role for a group.
 
 To create a new epic board:
 
@@ -49,7 +49,7 @@ To change these options later, [edit the board](#edit-the-scope-of-an-epic-board
 
 Prerequisites:
 
-- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
+- You must have at least the Reporter role for a group.
 - A minimum of two boards present in a group.
 
 To delete the active epic board:
@@ -73,7 +73,7 @@ To delete the active epic board:
 
 Prerequisites:
 
-- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
+- You must have at least the Reporter role for a group.
 
 To create a new list:
 
@@ -91,7 +91,7 @@ list view that's removed. You can always create it again later if you need.
 
 Prerequisites:
 
-- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
+- You must have at least the Reporter role for a group.
 
 To remove a list from an epic board:
 
@@ -106,7 +106,7 @@ To remove a list from an epic board:
 
 Prerequisites:
 
-- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
+- You must have at least the Reporter role for a group.
 - You must have [created a list](#create-a-new-list) first.
 
 To create an epic from a list in epic board:
@@ -147,7 +147,7 @@ You can move epics and lists by dragging them.
 
 Prerequisites:
 
-- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
+- You must have at least the Reporter role for a group.
 
 To move an epic, select the epic card and drag it to another position in its current list or
 into another list. Learn about possible effects in [Dragging epics between lists](#dragging-epics-between-lists).
@@ -170,7 +170,7 @@ and the target list.
 
 Prerequisites:
 
-- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
+- You must have at least the Reporter role for a group.
 
 To edit the scope of an epic board:
 
diff --git a/doc/user/group/epics/manage_epics.md b/doc/user/group/epics/manage_epics.md
index caca10a05a2..3350b0f1169 100644
--- a/doc/user/group/epics/manage_epics.md
+++ b/doc/user/group/epics/manage_epics.md
@@ -83,7 +83,7 @@ To edit an epic's start date, due date, or labels:
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7250) in GitLab 12.2.
 
-Users with at least the [Reporter role](../../permissions.md) can manage epics.
+Users with at least the Reporter role can manage epics.
 
 When bulk editing epics in a group, you can edit their labels.
 
@@ -98,8 +98,7 @@ To update multiple epics at the same time:
 ## Delete an epic
 
 NOTE:
-To delete an epic, you must be an [Owner](../../permissions.md#group-members-permissions) of a group
-or subgroup.
+To delete an epic, you must be an Owner of a group or subgroup.
 
 To delete the epic:
 
@@ -165,6 +164,7 @@ than 1000. The cached value is rounded to thousands or millions and updated ever
 > - Sorting by epic titles [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/331625) in GitLab 14.1.
 > - Searching by milestone and confidentiality [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/268372) in GitLab 14.2 [with a flag](../../../administration/feature_flags.md) named `vue_epics_list`. Disabled by default.
 > - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/276189) in GitLab 14.7.
+> - [Feature flag `vue_epics_list`](https://gitlab.com/gitlab-org/gitlab/-/issues/327320) removed in GitLab 14.8.
 
 You can search for an epic from the list of epics using filtered search bar based on following
 parameters:
diff --git a/doc/user/group/import/index.md b/doc/user/group/import/index.md
index 70406cfe8e8..cdc3fe02a53 100644
--- a/doc/user/group/import/index.md
+++ b/doc/user/group/import/index.md
@@ -10,20 +10,81 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/249160) in GitLab 13.7 [with a flag](../../feature_flags.md) named `bulk_import`. Disabled by default.
 > - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/338985) in GitLab 14.3.
 
+FLAG:
+On self-managed GitLab, by default this feature is available. To hide the feature, ask an administrator to [disable the feature flag](../../../administration/feature_flags.md) named `bulk_import`. On GitLab.com, this feature is available.
+
+You can migrate your existing top-level groups to any of the following:
+
+- Another GitLab instance, including GitLab.com.
+- Another top-level group.
+- The subgroup of any existing top-level group.
+
+Migrating groups is not the same as [group import/export](../settings/import_export.md).
+
+- Group import/export requires you to export a group to a file and then import that file in
+  another GitLab instance.
+- Group migration automates this process.
+
+## Import your groups into GitLab
+
+When you migrate a group, you connect to your GitLab instance and then choose
+groups to import. Not all the data is migrated. View the
+[Migrated resources](#migrated-resources) list for details.
+
+Leave feedback about group migration in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/284495).
+
 NOTE:
-The importer migrates **only** the group data listed on this page. To leave feedback on this
-feature, see [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/284495).
+You might need to reconfigure your firewall to prevent blocking the connection on the self-managed
+instance.
+
+### Connect to the remote GitLab instance
 
-Using GitLab Group Migration, you can migrate existing top-level groups from GitLab.com or a self-managed instance. Groups can be migrated to a target instance, as a top-level group, or as a subgroup of any existing top-level group.
+Before you begin, ensure that the target GitLab instance can communicate with the source over HTTPS
+(HTTP is not supported). You might need to reconfigure your firewall to prevent blocking the connection on the self-managed
+instance.
 
-The following resources are migrated to the target instance:
+Then create the group you want to import into, and connect:
+
+1. Create a new group or subgroup:
+
+   - On the top bar, select `+` and then **New group**.
+   - Or, on an existing group's page, in the top right, select **New subgroup**.
+
+1. Select **Import group**.
+1. Enter the source URL of your GitLab instance.
+1. Generate or copy a [personal access token](../../../user/profile/personal_access_tokens.md)
+   with the `api` and `read_repository` scopes on your remote GitLab instance.
+1. Enter the [personal access token](../../../user/profile/personal_access_tokens.md) for your remote GitLab instance.
+1. Select **Connect instance**.
+
+### Select the groups to import
+
+After you have authorized access to the GitLab instance, you are redirected to the GitLab Group
+Migration importer page. The remote groups you have the Owner role for are listed.
+
+1. By default, the proposed group namespaces match the names as they exist in remote instance, but based on your permissions, you can choose to edit these names before you proceed to import any of them.
+1. Next to the groups you want to import, select **Import**.
+1. The **Status** column shows the import status of each group. If you leave the page open, it updates in real-time.
+1. After a group has been imported, select its GitLab path to open its GitLab URL.
+
+![Group Importer page](img/bulk_imports_v14_1.png)
+
+## Automate group and project import **(PREMIUM)**
+
+For information on automating user, group, and project import API calls, see
+[Automate group and project import](../../project/import/index.md#automate-group-and-project-import).
+
+## Migrated resources
+
+Only the following resources are migrated to the target instance. Any other items are **not**
+migrated:
 
 - Groups ([Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4374) in 13.7)
   - description
   - attributes
   - subgroups
   - avatar ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/322904) in 14.0)
-- Group Labels ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/292429) in 13.9)
+- Group labels ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/292429) in 13.9)
   - title
   - description
   - color
@@ -71,67 +132,3 @@ The following resources are migrated to the target instance:
   - image URL
 - Boards
 - Board Lists
-
-Any other items are **not** migrated.
-
-## Enable or disable GitLab Group Migration
-
-GitLab Migration is deployed behind the `bulk_import` feature flag, which is **enabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
-can disable it.
-
-To disable it:
-
-```ruby
-Feature.disable(:bulk_import)
-```
-
-To enable it:
-
-```ruby
-Feature.enable(:bulk_import)
-```
-
-## Import your groups into GitLab
-
-Before you begin, ensure that the target instance of GitLab can communicate with the source
-over HTTPS (HTTP is not supported).
-
-NOTE:
-This might involve reconfiguring your firewall to prevent blocking connection on the side of self-managed instance.
-
-### Connect to the remote GitLab instance
-
-1. Go to the New Group page:
-
-   - On the top bar, select `+` and then **New group**.
-   - Or, on an existing group's page, in the top right, select **New subgroup**.
-
-   ![Navigation paths to create a new group](img/new_group_navigation_v13_8.png)
-
-1. On the New Group page, select **Import group**.
-
-   ![Fill in import details](img/import_panel_v14_1.png)
-
-1. Enter the source URL of your GitLab instance.
-1. Generate or copy a [personal access token](../../../user/profile/personal_access_tokens.md)
-   with the `api` and `read_repository` scopes on your remote GitLab instance.
-1. Enter the [personal access token](../../../user/profile/personal_access_tokens.md) for your remote GitLab instance.
-1. Select **Connect instance**.
-
-### Selecting which groups to import
-
-After you have authorized access to the GitLab instance, you are redirected to the GitLab Group
-Migration importer page. The remote groups you have the Owner role for are listed.
-
-1. By default, the proposed group namespaces match the names as they exist in remote instance, but based on your permissions, you can choose to edit these names before you proceed to import any of them.
-1. Next to the groups you want to import, select **Import**.
-1. The **Status** column shows the import status of each group. If you leave the page open, it updates in real-time.
-1. After a group has been imported, select its GitLab path to open its GitLab URL.
-
-![Group Importer page](img/bulk_imports_v14_1.png)
-
-## Automate group and project import **(PREMIUM)**
-
-For information on automating user, group, and project import API calls, see
-[Automate group and project import](../../project/import/index.md#automate-group-and-project-import).
diff --git a/doc/user/group/index.md b/doc/user/group/index.md
index 8aa9b8e799d..ec76dc52516 100644
--- a/doc/user/group/index.md
+++ b/doc/user/group/index.md
@@ -1,7 +1,7 @@
 ---
 type: reference, howto
 stage: Manage
-group: Authentication & Authorization
+group: Authentication and Authorization
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
@@ -68,19 +68,9 @@ To create a group:
    - Select **Menu > Groups**, and on the right, select **Create group**.
    - To the left of the search box, select the plus sign and then **New group**.
 1. Select **Create group**.
-1. For the **Group name**, use only:
-   - Alphanumeric characters
-   - Emojis
-   - Underscores
-   - Dashes, dots, spaces, and parentheses (however, it cannot start with any of these characters)
-
-   For a list of words that cannot be used as group names, see [reserved names](../reserved_names.md).
-
-1. For the **Group URL**, which is used for the [namespace](#namespaces),
-   use only:
-   - Alphanumeric characters
-   - Underscores
-   - Dashes and dots (it cannot start with dashes or end in a dot)
+1. Enter a name for the group in **Group name**. For a list of words that cannot be used as group names, see
+   [reserved names](../reserved_names.md).
+1. Enter a path for the group in **Group URL**, which is used for the [namespace](#namespaces).
 1. Choose the [visibility level](../../public_access/public_access.md).
 1. Personalize your GitLab experience by answering the following questions:
    - What is your role?
@@ -138,7 +128,7 @@ your group.
 ## Change the owner of a group
 
 You can change the owner of a group. Each group must always have at least one
-member with the [Owner role](../permissions.md#group-members-permissions).
+member with the Owner role.
 
 - As an administrator:
   1. Go to the group and from the left menu, select **Group information > Members**.
@@ -153,7 +143,7 @@ member with the [Owner role](../permissions.md#group-members-permissions).
 
 Prerequisites:
 
-- You must have the [Owner role](../permissions.md#group-members-permissions).
+- You must have the Owner role.
 - The member must have direct membership in the group. If
   membership is inherited from a parent group, then the member can be removed
   from the parent group only.
@@ -250,7 +240,7 @@ There are two different ways to add a new project to a group:
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/2534) in GitLab 10.5.
 > - [Moved](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/25975) from GitLab Premium to GitLab Free in 11.10.
 
-By default, [Developers and Maintainers](../permissions.md#group-members-permissions) can create projects under a group.
+By default, users with at least the Developer role can create projects under a group.
 
 To change this setting for a specific group:
 
@@ -290,10 +280,15 @@ To view the activity feed in Atom format, select the
 
 ## Share a group with another group
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/18328) in GitLab 12.7.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/18328) in GitLab 12.7.
+> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/247208) in GitLab 13.11 from a form to a modal window [with a flag](../feature_flags.md). Disabled by default.
+> - Modal window [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/247208) in GitLab 14.8.
 
-NOTE:
-In GitLab 13.11, you can [replace this form with a modal window](#share-a-group-modal-window).
+FLAG:
+On self-managed GitLab, by default the modal window feature is available.
+To hide the feature, ask an administrator to [disable the feature flag](../../administration/feature_flags.md)
+named `invite_members_group_modal`.
+On GitLab.com, this feature is available.
 
 Similar to how you [share a project with a group](../project/members/share_project_with_groups.md),
 you can share a group with another group. Members get direct access
@@ -303,35 +298,14 @@ To share a given group, for example, `Frontend` with another group, for example,
 `Engineering`:
 
 1. Go to the `Frontend` group.
-1. From the left menu, select **Group information > Members**.
-1. Select the **Invite group** tab.
+1. On the left sidebar, select **Group information > Members**.
+1. Select **Invite a group**.
 1. In the **Select a group to invite** list, select `Engineering`.
-1. For the **Max role**, select a [role](../permissions.md).
+1. Select a [role](../permissions.md).
 1. Select **Invite**.
 
 All the members of the `Engineering` group are added to the `Frontend` group.
 
-### Share a group modal window
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/247208) in GitLab 13.11.
-> - [Deployed behind a feature flag](../feature_flags.md), disabled by default.
-> - Enabled on GitLab.com.
-> - Recommended for production use.
-> - Replaces the existing form with buttons to open a modal window.
-> - To use in GitLab self-managed instances, ask a GitLab administrator to [enable it](../project/members/index.md#enable-or-disable-modal-window).
-
-WARNING:
-This feature might not be available to you. Check the **version history** note above for details.
-
-In GitLab 13.11, you can optionally replace the sharing form with a modal window.
-To share a group after enabling this feature:
-
-1. Go to your group's page.
-1. On the left sidebar, go to **Group information > Members**, and then select **Invite a group**.
-1. Select a group, and select a **Max role**.
-1. Optional. Select an **Access expiration date**.
-1. Select **Invite**.
-
 ## Manage group memberships via LDAP **(PREMIUM SELF)**
 
 Group syncing allows LDAP groups to be mapped to GitLab groups. This provides more control over per-group user management. To configure group syncing, edit the `group_base` **DN** (`'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=org'`). This **OU** contains all groups that will be associated with GitLab groups.
@@ -432,10 +406,22 @@ for the group's projects to meet your group's needs.
 
 To remove a group and its contents:
 
-1. Go to your group's **Settings > General** page.
-1. Expand the **Path, transfer, remove** section.
+1. On the top bar, select **Menu > Groups** and find your group.
+1. On the left sidebar, select **Settings > General**.
+1. Expand the **Advanced** section.
+1. In the **Remove group** section, select **Remove group**.
+1. Type the group name.
+1. Select **Confirm**.
+
+A group can also be removed from the groups dashboard:
+
+1. On the top bar, select **Menu > Groups**.
+1. Select **Your Groups**.
+1. Select (**{ellipsis_v}**) for the group you want to delete.
+1. Select **Delete**.
 1. In the Remove group section, select **Remove group**.
-1. Confirm the action.
+1. Type the group name.
+1. Select **Confirm**.
 
 This action removes the group. It also adds a background job to delete all projects in the group.
 
@@ -534,7 +520,7 @@ disabled for the group and its subgroups.
 
 Prerequisite:
 
-- You must be assigned the [Owner role](../permissions.md#group-members-permissions) for the group.
+- You must be assigned the Owner role) for the group.
 
 To specify a user cap:
 
@@ -556,7 +542,7 @@ You can remove the user cap, so there is no limit on the number of members you c
 
 Prerequisite:
 
-- You must be assigned the [Owner role](../permissions.md#group-members-permissions) for the group.
+- You must be assigned the Owner role) for the group.
 
 To remove the user cap:
 
@@ -575,7 +561,7 @@ and must be approved.
 
 Prerequisite:
 
-- You must be assigned the [Owner role](../permissions.md#group-members-permissions) for the group.
+- You must be assigned the Owner role) for the group.
 
 To approve members that are pending because they've exceeded the user cap:
 
@@ -651,7 +637,7 @@ To restrict group access by IP address:
 
 1. Go to the group's **Settings > General** page.
 1. Expand the **Permissions and group features** section.
-1. In the **Allow access to the following IP addresses** field, enter IP address ranges in CIDR notation.
+1. In the **Allow access to the following IP addresses** field, enter IPv4 or IPv6 address ranges in CIDR notation.
 1. Select **Save changes**.
 
    ![Domain restriction by IP address](img/restrict-by-ip.gif)
@@ -803,7 +789,7 @@ Existing forks are not removed.
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/224129) in GitLab 13.4.
 
 Group push rules allow group maintainers to set
-[push rules](../../push_rules/push_rules.md) for newly created projects in the specific group.
+[push rules](../project/repository/push_rules.md) for newly created projects in the specific group.
 
 To configure push rules for a group:
 
diff --git a/doc/user/group/iterations/index.md b/doc/user/group/iterations/index.md
index 8a79effba15..c0bd6f1a672 100644
--- a/doc/user/group/iterations/index.md
+++ b/doc/user/group/iterations/index.md
@@ -52,7 +52,7 @@ With iteration cadences enabled, you must first
 
 Prerequisites:
 
-- You must have at least the [Developer role](../../permissions.md) for a group.
+- You must have at least the Developer role for a group.
 
 To create an iteration cadence:
 
@@ -65,7 +65,7 @@ To create an iteration cadence:
 
 Prerequisites:
 
-- You must have at least the [Developer role](../../permissions.md) for a group.
+- You must have at least the Developer role for a group.
 
 Deleting an iteration cadence also deletes all iterations within that cadence.
 
@@ -86,7 +86,7 @@ From there you can create a new iteration or select an iteration to get a more d
 
 Prerequisites:
 
-- You must have at least the [Developer role](../../permissions.md) for a group.
+- You must have at least the Developer role for a group.
 
 For manually scheduled iteration cadences, you create and add iterations yourself.
 
@@ -104,7 +104,7 @@ To create an iteration:
 
 Prerequisites:
 
-- You must have at least the [Developer role](../../permissions.md) for a group.
+- You must have at least the Developer role for a group.
 
 To edit an iteration, select the three-dot menu (**{ellipsis_v}**) > **Edit**.
 
@@ -114,7 +114,7 @@ To edit an iteration, select the three-dot menu (**{ellipsis_v}**) > **Edit**.
 
 Prerequisites:
 
-- You must have at least the [Developer role](../../permissions.md) for a group.
+- You must have at least the Developer role for a group.
 
 To delete an iteration, select the three-dot menu (**{ellipsis_v}**) > **Delete**.
 
diff --git a/doc/user/group/planning_hierarchy/img/view-project-work-item-hierarchy_v14_8.png b/doc/user/group/planning_hierarchy/img/view-project-work-item-hierarchy_v14_8.png
new file mode 100644
index 00000000000..2ddd551ee46
--- /dev/null
+++ b/doc/user/group/planning_hierarchy/img/view-project-work-item-hierarchy_v14_8.png
diff --git a/doc/user/group/planning_hierarchy/index.md b/doc/user/group/planning_hierarchy/index.md
index 5887328abe4..934421e8a9a 100644
--- a/doc/user/group/planning_hierarchy/index.md
+++ b/doc/user/group/planning_hierarchy/index.md
@@ -5,7 +5,7 @@ group: Product Planning
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
-# Planning hierarchies **(PREMIUM)**
+# Planning hierarchies **(FREE)**
 
 Planning hierarchies are an integral part of breaking down your work in GitLab.
 To understand how you can use epics and issues together in hierarchies, remember the following:
@@ -20,7 +20,21 @@ To learn about hierarchies in general, common frameworks, and using GitLab for
 portfolio management, see
 [How to use GitLab for Agile portfolio planning and project management](https://about.gitlab.com/blog/2020/11/11/gitlab-for-agile-portfolio-planning-project-management/).
 
-## Hierarchies with epics
+## View planning hierarchies
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/340844/) in GitLab 14.8.
+
+To view the planning hierarchy in a project:
+
+1. On the top bar, select **Menu > Projects** and find your project.
+1. On the left sidebar, select **Project information > Planning hierarchy**.
+
+Under **Current structure**, you can see a hierarchy diagram that matches your current planning hierarchy.
+The work items outside your subscription plan show up below **Unavailable structure**.
+
+![Screenshot showing hierarchy page](img/view-project-work-item-hierarchy_v14_8.png)
+
+## Hierarchies with epics **(PREMIUM)**
 
 With epics, you can achieve the following hierarchy:
 
@@ -54,14 +68,14 @@ Epic "1"*-- "0..*" Issue
 
 ![Diagram showing possible relationships of multi-level epics](img/hierarchy_with_multi_level_epics.png)
 
-## View ancestry of an epic
-
-In an epic, you can view the ancestors as parents in the right sidebar under **Ancestors**.
-
-![epics state dropdown](img/epic-view-ancestors-in-sidebar_v14_6.png)
-
 ## View ancestry of an issue
 
 In an issue, you can view the parented epic above the issue in the right sidebar under **Epic**.
 
 ![epics state dropdown](img/issue-view-parent-epic-in-sidebar_v14_6.png)
+
+## View ancestry of an epic **(PREMIUM)**
+
+In an epic, you can view the ancestors as parents in the right sidebar under **Ancestors**.
+
+![epics state dropdown](img/epic-view-ancestors-in-sidebar_v14_6.png)
diff --git a/doc/user/group/repositories_analytics/index.md b/doc/user/group/repositories_analytics/index.md
index 2487ab188e8..6e3ea7d6c0f 100644
--- a/doc/user/group/repositories_analytics/index.md
+++ b/doc/user/group/repositories_analytics/index.md
@@ -1,7 +1,6 @@
 ---
-type: reference
 stage: Verify
-group: Testing
+group: Pipeline Insights
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
diff --git a/doc/user/group/roadmap/index.md b/doc/user/group/roadmap/index.md
index 7d489bc5b2d..f10dc3bc22a 100644
--- a/doc/user/group/roadmap/index.md
+++ b/doc/user/group/roadmap/index.md
@@ -72,6 +72,26 @@ You can also filter epics in the Roadmap view by the epics':
 
 Roadmaps can also be [visualized inside an epic](../epics/index.md#roadmap-in-epics).
 
+### Roadmap settings
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345158) in GitLab 14.8 [with a flag](../../../administration/feature_flags.md) named `roadmap_settings`. Enabled by default.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `roadmap_settings`.
+On GitLab.com, this feature is available but can be configured by GitLab.com administrators only.
+
+When you enable the roadmap settings sidebar, you can use it to refine epics shown in the roadmap.
+
+You can configure the following:
+
+- Select date range.
+- Turn milestones on or off and select whether to show all, group, sub-group, or project milestones.
+- Show all, open, or closed epics.
+- Turn progress tracking for child issues on or off and select whether
+  to use issue weights or counts.
+
+  The progress tracking setting is not saved in user preferences but is saved or shared using URL parameters.
+
 ## Timeline duration
 
 > - Introduced in GitLab 11.0.
diff --git a/doc/user/group/saml_sso/group_managed_accounts.md b/doc/user/group/saml_sso/group_managed_accounts.md
index 06e666f4d24..aeb7db923a9 100644
--- a/doc/user/group/saml_sso/group_managed_accounts.md
+++ b/doc/user/group/saml_sso/group_managed_accounts.md
@@ -1,7 +1,7 @@
 ---
 type: reference, howto
 stage: Manage
-group: Authentication & Authorization
+group: Authentication and Authorization
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md
index 20ff4a201f5..14c4447c5c6 100644
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -1,7 +1,7 @@
 ---
 type: reference, howto
 stage: Manage
-group: Authentication & Authorization
+group: Authentication and Authorization
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
@@ -21,7 +21,7 @@ SAML SSO is only configurable at the top-level group.
 
 If required, you can find [a glossary of common terms](../../../integration/saml.md#glossary-of-common-terms).
 
-## Configuring your identity provider
+## Configure your identity provider
 
 1. On the top bar, select **Menu > Groups** and find your group.
 1. On the left sidebar, select **Settings > SAML SSO**.
@@ -32,7 +32,7 @@ If required, you can find [a glossary of common terms](../../../integration/saml
 1. Configure the required [user attributes](#user-attributes), ensuring you include the user's email address.
 1. While the default is enabled for most SAML providers, please ensure the app is set to have service provider
    initiated calls in order to link existing GitLab accounts.
-1. Once the identity provider is set up, move on to [configuring GitLab](#configuring-gitlab).
+1. Once the identity provider is set up, move on to [configuring GitLab](#configure-gitlab).
 
 ![Issuer and callback for configuring SAML identity provider with GitLab.com](img/group_saml_configuration_information.png)
 
@@ -82,7 +82,7 @@ GitLab provides metadata XML that can be used to configure your identity provide
 1. Copy the provided **GitLab metadata URL**.
 1. Follow your identity provider's documentation and paste the metadata URL when it's requested.
 
-## Configuring GitLab
+## Configure GitLab
 
 After you set up your identity provider to work with GitLab, you must configure GitLab to use it for authentication:
 
@@ -108,7 +108,9 @@ The certificate [fingerprint algorithm](../../../integration/saml.md#notes-on-co
 > - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/9152) in GitLab 13.11 with enforcing open SSO session to use Git if this setting is switched on.
 > - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/339888) in GitLab 14.7 to not enforce SSO checks for Git activity originating from CI/CD jobs.
 
-With this option enabled, users (except users with the Owner role) must access GitLab using your group GitLab single sign-on URL to access group resources. Users added manually as members can't access group resources.
+With this option enabled, users must access GitLab using your group GitLab single sign-on URL to access group resources.
+Users can't be added as new members manually.
+Users with the Owner role can use the standard sign in process to make necessary changes to top-level group settings.
 
 SSO enforcement does not affect sign in or access to any resources outside of the group. Users can view which groups and projects they are a member of without SSO sign in.
 
@@ -116,7 +118,7 @@ However, users are not prompted to sign in through SSO on each visit. GitLab che
 has authenticated through SSO. If it's been more than 1 day since the last sign-in, GitLab
 prompts the user to sign in again through SSO.
 
-We intend to add a similar SSO requirement for [API activity](https://gitlab.com/gitlab-org/gitlab/-/issues/297389).
+An [issue exists](https://gitlab.com/gitlab-org/gitlab/-/issues/297389) to add a similar SSO requirement for API activity.
 
 SSO has the following effects when enabled:
 
@@ -127,7 +129,6 @@ SSO has the following effects when enabled:
 - Git activity originating from CI/CD jobs do not have the SSO check enforced.
 - Credentials that are not tied to regular users (for example, access tokens and deploy keys) do not have the SSO check enforced.
 - Users must be signed-in through SSO before they can pull images using the [Dependency Proxy](../../packages/dependency_proxy/index.md).
-<!-- Add bullet for API activity when https://gitlab.com/gitlab-org/gitlab/-/issues/9152 is complete -->
 
 When SSO is enforced, users are not immediately revoked. If the user:
 
@@ -139,7 +140,7 @@ When SSO is enforced, users are not immediately revoked. If the user:
 
 The SAML standard means that you can use a wide range of identity providers with GitLab. Your identity provider might have relevant documentation. It can be generic SAML documentation or specifically targeted for GitLab.
 
-When [configuring your identity provider](#configuring-your-identity-provider), please consider the notes below for specific providers to help avoid common issues and as a guide for terminology used.
+When [configuring your identity provider](#configure-your-identity-provider), please consider the notes below for specific providers to help avoid common issues and as a guide for terminology used.
 
 For providers not listed below, you can refer to the [instance SAML notes on configuring an identity provider](../../../integration/saml.md#notes-on-configuring-your-identity-provider)
 for additional guidance on information your identity provider may require.
@@ -293,12 +294,16 @@ convert the information to XML. An example SAML response is shown here.
 
 ### Role
 
-Starting from [GitLab 13.3](https://gitlab.com/gitlab-org/gitlab/-/issues/214523), group owners can set a 'Default membership role' other than 'Guest'. To do so, [configure the SAML SSO for the group](#configuring-gitlab). That role becomes the starting access level of all users added to the group.
+Starting from [GitLab 13.3](https://gitlab.com/gitlab-org/gitlab/-/issues/214523), group owners can set a
+"Default membership role" other than Guest. To do so, [configure the SAML SSO for the group](#configure-gitlab).
+That role becomes the starting access level of all users added to the group.
 
 Existing members with appropriate privileges can promote or demote users, as needed.
 
 If a user is already a member of the group, linking the SAML identity does not change their role.
 
+Users given a "minimal access" role have [specific restrictions](../../permissions.md#users-with-minimal-access).
+
 ### Blocking access
 
 To rescind a user's access to the group when only SAML SSO is configured, either:
@@ -336,6 +341,13 @@ For example, to unlink the `MyOrg` account:
 
 ## Group Sync
 
+WARNING:
+Changing Group Sync configuration can remove users from the relevant GitLab group.
+Removal happens if there is any mismatch between the group names and the list of `groups` in the SAML response.
+If changes must be made, ensure either the SAML response includes the `groups` attribute
+and the `AttributeValue` value matches the **SAML Group Name** in GitLab,
+or that all groups are removed from GitLab to disable Group Sync.
+
 <i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
 For a demo of Group Sync using Azure, see [Demo: SAML Group Sync](https://youtu.be/Iqvo2tJfXjg).
 
@@ -353,10 +365,6 @@ Ensure your SAML identity provider sends an attribute statement named `Groups` o
 </saml:AttributeStatement>
 ```
 
-WARNING:
-Setting up Group Sync can disconnect users from SAML IDP if there is any mismatch in the configuration. Ensure the
-`Groups` attribute is included in the SAML response, and the **SAML Group Name** matches the `AttributeValue` attribute.
-
 Other attribute names such as `http://schemas.microsoft.com/ws/2008/06/identity/claims/groups`
 are not accepted as a source of groups.
 See the [SAML troubleshooting page](../../../administration/troubleshooting/group_saml_scim.md)
@@ -533,7 +541,7 @@ This can then be compared to the [NameID](#nameid) being sent by the identity pr
 If you receive a `404` during setup when using "verify configuration", make sure you have used the correct
 [SHA-1 generated fingerprint](../../../integration/saml.md#notes-on-configuring-your-identity-provider).
 
-If a user is trying to sign in for the first time and the GitLab single sign-on URL has not [been configured](#configuring-your-identity-provider), they may see a 404.
+If a user is trying to sign in for the first time and the GitLab single sign-on URL has not [been configured](#configure-your-identity-provider), they may see a 404.
 As outlined in the [user access section](#linking-saml-to-your-existing-gitlabcom-account), a group Owner needs to provide the URL to users.
 
 ### Message: "SAML authentication failed: Extern UID has already been taken"
diff --git a/doc/user/group/saml_sso/scim_setup.md b/doc/user/group/saml_sso/scim_setup.md
index d7d663f4115..d1e9ba29378 100644
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -1,7 +1,7 @@
 ---
 type: howto, reference
 stage: Manage
-group: Authentication & Authorization
+group: Authentication and Authorization
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
@@ -49,22 +49,21 @@ Once [Group Single Sign-On](index.md) has been configured, we can:
 
 ### Azure configuration steps
 
-The SAML application that was created during [Single sign-on](index.md) setup for [Azure](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/view-applications-portal) now needs to be set up for SCIM.
+The SAML application that was created during [Single sign-on](index.md) setup for [Azure](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/view-applications-portal) now needs to be set up for SCIM. You can refer to [Azure SCIM setup documentation](https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#getting-started).
 
-1. Enable automatic provisioning and administrative credentials by following the
-   [Azure's SCIM setup documentation](https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#provisioning-users-and-groups-to-applications-that-support-scim).
+1. In your app, go to the Provisioning tab, and set the **Provisioning Mode** to **Automatic**. 
+   Then fill in the **Admin Credentials**, and save. The **Tenant URL** and **secret token** are the items
+   retrieved in the [previous step](#gitlab-configuration).
 
-During this configuration, note the following:
+1. After saving, two more tabs appear:
 
-- The `Tenant URL` and `secret token` are the items retrieved in the
-  [previous step](#gitlab-configuration).
-- We recommend setting a notification email and selecting the **Send an email notification when a failure occurs** checkbox.
-- For mappings, we only leave `Synchronize Azure Active Directory Users to AppName` enabled.
-  `Synchronize Azure Active Directory Groups to AppName` is usually disabled. However, this
-  does not mean Azure AD users cannot be provisioned in groups. Leaving it enabled does not break
-  the SCIM user provisioning, but causes errors in Azure AD that may be confusing and misleading.
+    - **Settings**: We recommend setting a notification email and selecting the **Send an email notification when a failure occurs** checkbox.
+      You also control what is actually synced by selecting the **Scope**. For example, **Sync only assigned users and groups** only syncs the users and groups assigned to the application. Otherwise, it syncs the whole Active Directory.
 
-You can then test the connection by clicking on **Test Connection**. If the connection is successful, be sure to save your configuration before moving on. See below for [troubleshooting](#troubleshooting).
+    - **Mappings**: We recommend keeping **Provision Azure Active Directory Users** enabled, and disable **Provision Azure Active Directory Groups**. 
+      Leaving **Provision Azure Active Directory Groups** enabled does not break the SCIM user provisioning, but it causes errors in Azure AD that may be confusing and misleading.
+
+1. You can then test the connection by selecting **Test Connection**. If the connection is successful, save your configuration before moving on. See below for [troubleshooting](#troubleshooting).
 
 #### Configure attribute mapping
 
@@ -93,11 +92,6 @@ For guidance, you can view [an example configuration in the troubleshooting refe
 1. Save all changes.
 1. In the **Provisioning** step, set the `Provisioning Status` to `On`.
 
-   NOTE:
-   You can control what is actually synced by selecting the `Scope`. For example,
-   `Sync only assigned users and groups` only syncs the users assigned to
-   the application (`Users and groups`), otherwise, it syncs the whole Active Directory.
-
 Once enabled, the synchronization details and any errors appears on the
 bottom of the **Provisioning** screen, together with a link to the audit events.
 
diff --git a/doc/user/group/settings/group_access_tokens.md b/doc/user/group/settings/group_access_tokens.md
index 816edb629f5..769943cd5d8 100644
--- a/doc/user/group/settings/group_access_tokens.md
+++ b/doc/user/group/settings/group_access_tokens.md
@@ -1,6 +1,6 @@
 ---
 stage: Manage
-group: Authentication & Authorization
+group: Authentication and Authorization
 info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments"
 type: reference, howto
 ---
@@ -140,8 +140,11 @@ To enable or disable group access token creation for all sub-groups in a top-lev
 
 Even when creation is disabled, you can still use and revoke existing group access tokens.
 
-## Bot users
+## Bot users for groups
 
 Each time you create a group access token, a bot user is created and added to the group.
-These bot users are similar to [project bot users](../../project/settings/project_access_tokens.md#project-bot-users), but are added to groups instead of projects. For more information, see
-[Project bot users](../../project/settings/project_access_tokens.md#project-bot-users).
+These bot users are similar to [bot users for projects](../../project/settings/project_access_tokens.md#bot-users-for-projects),
+except they are added to groups instead of projects.
+These bot users do not count as licensed seats.
+
+For more information, see [Bot users for projects](../../project/settings/project_access_tokens.md#bot-users-for-projects).
diff --git a/doc/user/group/settings/import_export.md b/doc/user/group/settings/import_export.md
index 5745c499c5c..7b63466656d 100644
--- a/doc/user/group/settings/import_export.md
+++ b/doc/user/group/settings/import_export.md
@@ -16,7 +16,7 @@ You can also [export projects](../../project/settings/import_export.md).
 
 Prerequisite:
 
-- You must have the [Owner role](../../permissions.md) for the group.
+- You must have the Owner role for the group.
 
 To enable import and export for a group:
 
@@ -69,7 +69,7 @@ in GitLab 14.6 and replaced by [GitLab Migration](../import/).
 
 Prerequisites:
 
-- You must have the [Owner role](../../permissions.md) for the group.
+- You must have the Owner role for the group.
 
 To export the contents of a group:
 
diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md
index ef984a76a7d..46dea81ae9f 100644
--- a/doc/user/group/subgroups/index.md
+++ b/doc/user/group/subgroups/index.md
@@ -1,6 +1,6 @@
 ---
 stage: Manage
-group: Authentication & Authorization
+group: Authentication and Authorization
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 type: reference, howto, concepts
 ---
@@ -158,7 +158,7 @@ added to), add the user to the new subgroup again with a higher set of permissio
 
 For example, if User 1 was first added to group `one/two` with Developer
 permissions, then they inherit those permissions in every other subgroup
-of `one/two`. To give them the [Maintainer role](../../permissions.md) for group `one/two/three/four`,
+of `one/two`. To give them the Maintainer role for group `one/two/three/four`,
 you would add them again in that group as Maintainer. Removing them from that group,
 the permissions fall back to those of the ancestor group.
 
diff --git a/doc/user/group/value_stream_analytics/index.md b/doc/user/group/value_stream_analytics/index.md
index 4663cfc8bfd..ccf77f79fd9 100644
--- a/doc/user/group/value_stream_analytics/index.md
+++ b/doc/user/group/value_stream_analytics/index.md
@@ -117,16 +117,15 @@ production environment for all merge requests deployed in the given time period.
 The "Recent Activity" metrics near the top of the page are measured as follows:
 
 - **New Issues:** the number of issues created in the date range.
-- **Deploys:** the number of deployments <sup>1</sup> to production <sup>2</sup> in the date range.
-- **Deployment Frequency:** the average number of deployments <sup>1</sup> to production <sup>2</sup>
+- **Deploys:** the number of deployments to production in the date range.
+- **Deployment Frequency:** the average number of deployments to production
    per day in the date range.
 
-1. To give a more accurate representation of deployments that actually completed successfully,
-   the calculation for these two metrics changed in GitLab 13.9 from using the time a deployment was
-   created to the time a deployment finished. If you were referencing this metric prior to 13.9, please
-   keep this slight change in mind.
-1. To see deployment metrics, you must have a
-   [production environment configured](../../../ci/environments/index.md#deployment-tier-of-environments).
+To see deployment metrics, you must have a [production environment configured](../../../ci/environments/index.md#deployment-tier-of-environments).
+
+NOTE:
+In GitLab 13.9 and later, deployment metrics are calculated based on when the deployment was finished.
+In GitLab 13.8 and earlier, deployment metrics are calculated based on when the deployment was created.
 
 You can learn more about these metrics in our [analytics definitions](../../analytics/index.md).