camunda · felix-mueller · Sep 17, 2025
diff --git a/docs/reference/announcements-release-notes/850/850-release-notes.md b/docs/reference/announcements-release-notes/850/850-release-notes.md
@@ -40,7 +40,7 @@ Note that the actual values shown in this screenshot don't correspond to any act
 
 <!-- https://github.com/camunda/product-hub/issues/2162 -->
 
-You can now use Role-Based Access Control (RBAC) with your own OIDC Identity provider (such as Entra ID) and Web Modeler without relying on Keycloak. [This extends RBAC and role mapping support](/self-managed/installation-methods/helm/configure/connect-to-an-oidc-provider.md#component-specific-configuration) that is available for other components to Web Modeler.
+You can now use Role-Based Access Control (RBAC) with your own OIDC Identity provider (such as Entra ID) and Web Modeler without relying on Keycloak. [This extends RBAC and role mapping support](/self-managed/components/management-identity/configuration/configure-external-identity-provider.md#component-specific-configuration) that is available for other components to Web Modeler.
 
 ### Introductory UI header for processes page
 

diff --git a/docs/reference/announcements-release-notes/870/870-announcements.md b/docs/reference/announcements-release-notes/870/870-announcements.md
@@ -64,7 +64,7 @@ With this version, we ship a breaking change to how Web Modeler **Deploy diagram
 The following authentication methods for a [configured cluster in Web Modeler](/self-managed/components/modeler/web-modeler/configuration/configuration.md#clusters) are now being deprecated and will no longer be supported in version 8.8:
 
 - `OAUTH`: This method was replaced by `BEARER_TOKEN`.
-- `CLIENT_CREDENTIALS`: This method was introduced as a temporary solution to support deployments from Web Modeler when using [Microsoft Entra ID or a generic OIDC provider](/self-managed/installation-methods/helm/configure/connect-to-an-oidc-provider.md).
+- `CLIENT_CREDENTIALS`: This method was introduced as a temporary solution to support deployments from Web Modeler when using [Microsoft Entra ID or a generic OIDC provider](/self-managed/components/management-identity/configuration/configure-external-identity-provider.md).
   It is marked for removal in 8.8 as the `BEARER_TOKEN` authentication will be supported for Entra ID and generic providers as well.
 
 ### Breaking changes in Camunda Process Test

diff --git a/docs/reference/announcements-release-notes/870/870-release-notes.md b/docs/reference/announcements-release-notes/870/870-release-notes.md
@@ -596,7 +596,7 @@ The deployment experience is further simplified for Enterprise customers running
 - You no longer need to enter a client ID and secret in the deploy modal. Instead, simply choose a cluster (or stage for process applications) and deploy.
 
 :::note
-The simplified deployment experience is not supported when [Microsoft Entra ID is used as OIDC provider](/self-managed/installation-methods/helm/configure/connect-to-an-oidc-provider.md?authPlatform=microsoftEntraId#configuration).
+The simplified deployment experience is not supported when [Microsoft Entra ID is used as OIDC provider](/self-managed/components/management-identity/configuration/configure-external-identity-provider.md?authPlatform=microsoftEntraId#configuration).
 You still need to enter a client ID and secret in this case.
 Support is targeted for [Camunda 8.8](../870-announcements/#deprecated-web-modeler-cluster-authentication-oauth-and-client_credentials-self-managed).
 :::

diff --git a/docs/self-managed/components/console/configuration/configuration.md b/docs/self-managed/components/console/configuration/configuration.md
@@ -211,7 +211,7 @@ console:
 ## Using a different OpenID Connect (OIDC) authentication provider than Keycloak
 
 By default, Console uses Keycloak to provide authentication.
-You can use a different OIDC provider by following the steps described in the [OIDC connection guide](/self-managed/installation-methods/helm/configure/connect-to-an-oidc-provider.md).
+You can use a different OIDC provider by following the steps described in the [OIDC connection guide](/self-managed/components/management-identity/configuration/configure-external-identity-provider.md).
 
 ## Monitoring
 

diff --git a/docs/self-managed/components/modeler/web-modeler/configuration/identity.md b/docs/self-managed/components/modeler/web-modeler/configuration/identity.md
@@ -7,4 +7,4 @@ description: "Read details on how to connect Web Modeler to a custom OIDC provid
 ## Using a different OpenID Connect (OIDC) authentication provider than Keycloak
 
 By default, Web Modeler uses Keycloak for providing authentication.
-You can use a different OIDC provider by following the steps described in the [OIDC connection guide](/self-managed/installation-methods/helm/configure/connect-to-an-oidc-provider.md).
+You can use a different OIDC provider by following the steps described in the [OIDC connection guide](/self-managed/components/management-identity/configuration/configure-external-identity-provider.md).
diff --git a/...self-managed/components/orchestration-cluster/operate/operate-authentication.md b/...self-managed/components/orchestration-cluster/operate/operate-authentication.md
@@ -152,7 +152,7 @@ export SPRING_PROFILES_ACTIVE=identity-auth
 Identity requires the following parameters:
 
 :::danger
-These configuration variables are deprecated. To connect using the updated values, see [connecting to an OpenID Connect provider](/self-managed/installation-methods/helm/configure/connect-to-an-oidc-provider.md).
+These configuration variables are deprecated. To connect using the updated values, see [connecting to an OpenID Connect provider](/self-managed/components/management-identity/configuration/configure-external-identity-provider.md).
 :::
 
 | Property name                                       | Description                                                                                                                                   | Example value                                                                     |

diff --git a/...lf-managed/components/orchestration-cluster/tasklist/tasklist-authentication.md b/...lf-managed/components/orchestration-cluster/tasklist/tasklist-authentication.md
@@ -81,7 +81,7 @@ export SPRING_PROFILES_ACTIVE=identity-auth
 ## Configure Identity
 
 :::danger
-These configuration variables are deprecated. To connect using the updated values, see [Connecting to an OpenID Connect provider](/self-managed/installation-methods/helm/configure/connect-to-an-oidc-provider.md).
+These configuration variables are deprecated. To connect using the updated values, see [Connecting to an OpenID Connect provider](/self-managed/components/management-identity/configuration/configure-external-identity-provider.md).
 :::
 
 Identity requires the following parameters: