diff --git a/docs/network/getting-started/index.mdx b/docs/network/getting-started/index.mdx
index c7b0d351f..5a96789e8 100644
--- a/docs/network/getting-started/index.mdx
+++ b/docs/network/getting-started/index.mdx
@@ -1,125 +1,121 @@
---
title: Introduction to Ory Network
+sidebar_label: Introduction to Ory Network
+toc_max_heading_level: 3
+description:
+ Ory Network is the fully managed, cloud-native deployment of Ory — a global, low-latency identity and access management service
+ built on Ory's open source software.
---
-Ory is a software infrastructure provider building a global zero-trust network for humans, robots, devices, and software services.
-Ory develops open-source software on [GitHub](https://github.com/ory) and publishes open standards such as the
-[Ory Permission Language](https://github.com/ory/keto/blob/master/docs/ory_permission_language_spec.md).
-[The Ory Network](https://console.ory.com/) uses cloud-native open-source technologies (Kubernetes, Crossplane, Cockroach, Linux,
-Ory) and standards (OAuth 2.0/2.1, OpenID Connect, MITREid, WebAuthn, TOTP, FIDO3) to deliver a low-latency, planet-scale
-zero-trust infrastructure. Ory combines centuries of open source, security, operational, and industry expertise with a
-user-centric and security-first mindset.
+# Introduction to Ory Network
-Core infrastructure components of [Ory Network](https://console.ory.com) are open source to foster collaboration, reduce supply
-chain risk, broaden access to secure services, and introduce the open standard for internet security. Being open source Ory
-improves the safety of everyone:
+Ory Network is the fully managed deployment of Ory: a global, low-latency identity and access management (IAM) service delivered
+as SaaS. It runs the same open source software you can self-host, with hosting, scaling, security patching, and compliance handled
+for you — so you can add authentication, authorization, and fine-grained permissions to any application and get back to building
+your product.
-- Ory Identities offers a secure and modern central identity management solution with MFA, passwordless, WebAuthn, and more. It's
- based on the open-source [Ory Kratos Identity Server](https://github.com/ory/kratos).
-- Ory OAuth2 & OpenID Connect implements 15+ IETF and OpenID standards to facilitate single sign-on (SSO), delegation, and API
- access authorization. It's based on the open-source [Ory Hydra Federation Server](https://github.com/ory/hydra).
-- Ory Permissions is a low-latency, high-performance, relationship-based authorization system that enables fine-grained access
- control (incl. RBAC and ABAC models) in any application. It's based on the open-source
- [Ory Keto Permission Server](https://github.com/ory/keto), which implements
- [Zanzibar: Google’s Consistent, Global Authorization System](https://research.google/pubs/pub48190/).
+[Sign up](https://console.ory.com/registration) to create a free developer project, or
+[talk to an expert](https://www.ory.com/contact) about production and enterprise needs.
-Ory develops and maintains many additional open-source projects. From an Ory Zero Trust Identity & Access Proxy
-[Ory Oathkeeper](https://github.com/ory/oathkeeper) to developer tooling [Ory Dockertest](https://github.com/ory/dockertest) to
-language-specific libraries [Ory Ladon](https://github.com/ory/ladon). Ory has
-[170+ open source repositories](https://github.com/orgs/ory/repositories) and over 35.000 GitHub stars.
+## Why Ory Network
-Ory secures billions of requests each month, runs in over 50,000 live deployments, and improves hourly.
+Ory Network gives you Ory's full identity stack without the operational overhead of running it yourself:
-## Why Ory is different
+- **Fully managed infrastructure** — Ory Network operates a global edge network with multi-region availability, automatic scaling,
+ and high availability. You don't patch servers, rotate keys, or manage failover.
+- **Production-grade security and compliance** — Built-in protection against common threats, industry-standard cryptography,
+ breached-password detection, and audit-ready compliance (GDPR, SOC 2, ISO, PCI DSS, and more).
+- **Own your user experience** — Bring your own UI in any framework and language, or start with hosted screens. Ory's APIs are
+ headless, so the login, registration, and account flows are entirely yours to design.
+- **Built on open source** — Every core service in Ory Network is the same Apache 2.0 licensed software available on
+ [GitHub](https://github.com/ory). There is no open-core lock-in, and you can move between deployment models without rewriting
+ your integration.
+- **Scale without limits** — Ory Network processes billions of authentication and authorization requests, with stateless
+ horizontal scaling and smart edge caching for low latency worldwide.
-Ory differentiates from other vendors in the following key areas:
+## What's included
-- Ory core services and APIs are developed and licensed under Apache 2.0, allowing you to participate, collaborate, and understand
- the inner workings of Ory.
-- You can bring your UI, in the programming language of your choosing, with the user experience that you like.
-- From designing Identity Schemas using JSON Schema, to webhooks, to advanced configuration options - Ory is the most customizable
- platform out there.
-- Ory spans the whole authentication and authorization universe with well-designed products and APIs:
- - Identity Management with session management & flows for login, registration, recovery, verification, MFA, and more.
- - Permission and Role Management.
- - Delegation via OAuth2 and OpenID Connect.
- - Zero Trust Networking.
- - Modern API design with partial support for gRPC.
+Ory Network is composed of Ory's open source servers, managed and integrated for you, plus the console and tooling that make them
+fast to adopt. The core services each map to a focused part of the identity and access problem: identity and sessions, OAuth2 and
+OIDC, permissions, enterprise SSO, edge access control, and API key management. Around them, Ory Network adds the layer that gets
+you to production quickly:
-## Ory Network
+- **[Ory Console](https://console.ory.com/)** — The web UI for managing projects, identities, permissions, social sign-in,
+ identity schemas, account emails, and multi-tenancy. Most configuration that once required code can be done here without a code
+ editor.
+- **[Ory Account Experience](https://www.ory.com/docs/account-experience)** — Prebuilt, customizable screens for login,
+ registration, recovery, verification, and account settings, so you can ship auth before building your own UI.
+- **[Ory Elements](https://www.ory.com/docs/elements)** — An open source component library for integrating your own authentication
+ UI quickly with frameworks like React and Next.js.
+- **[Ory Actions](https://www.ory.com/docs/kratos/hooks/configure-hooks)** — Hooks that extend Ory by running custom business
+ logic and integrating with third-party services such as CRMs, payment gateways, and analytics platforms in response to identity
+ events.
+- **[Ory CLI](https://www.ory.com/docs/cli)** — A command-line tool for configuring and operating your self-hosted deployment.
+- **[SDKs and reference UIs](https://github.com/ory/sdk)** — Client SDKs for popular languages and reference UI implementations
+ for frameworks like React, Next.js, and React Native.
-The Ory Network is the commercial offering of Ory and is built on top of Ory Open Source software. The goal with Ory Network is to
-offer a planet-scale, low-latency, resilient, and secure service that's easy to use and set up.
+### Ory Kratos (Identity & AuthN)
-In short: Ory Network is the most convenient way to run Ory. [Sign up](https://console.ory.com/registration) and create a free
-developer project.
+```mdx-code-block
+import KratosDesc from "@site/src/components/Shared/deploy-intro/kratos-desc.mdx"
-## Components
+
+```
-Each project in Ory Network is an isolated tenant and uses many components providing functionality, user interfaces, and APIs
-around identities, sessions, login, OAuth2, permissions, and more. The core components of projects in Ory Network are
-[Ory Open Source servers](https://github.com/ory/).
+### Ory Hydra (Delegated AuthZ & Federated AuthN)
-### Identities and sessions
+```mdx-code-block
+import HydraDesc from "@site/src/components/Shared/deploy-intro/hydra-desc.mdx"
-Ory Network incorporates the open-source [Ory Kratos Identity Server](https://www.ory.com/kratos) and offers:
+
+```
-- Self-service flows are everything users do on their own / without the help of others:
-- Registration with passwords, social sign-in, OpenID Connect, passkeys, and more.
-- Login with passwords, social sign-in, OpenID Connect, passkeys, and more.
-- Updating the profile, email, changing the password, un/linking with social sign-in providers, and more.
-- Recovering the account by resetting the password.
-- Verifying email addresses, phone numbers, and more.
-- Multi-factor authentication flows and recovery processes.
-- Administrative identity management to get, create, update, and delete identities and their data.
-- Headless APIs and data models allow you to fully customize Identity Schemas - for example adding fields like name, accept ToS,
- phone number - and create your login, registration, profile settings, recovery, and verification screen using SDKs and REST
- APIs.
-- SCIM support for automated user provisioning and deprovisioning with supported identity providers.
+### Ory Keto (Fine-grained Permissions)
-### Permissions and relationships
+```mdx-code-block
+import KetoDesc from "@site/src/components/Shared/deploy-intro/keto-desc.mdx"
-Ory Network incorporates the open-source [Ory Keto Permission Server](https://www.ory.com/keto) and offers:
+
+```
-- Permission management to get, create, update, and delete permissions.
-- Permission checking to check if a user has a permission.
+### Ory Polis (Enterprise SSO AuthZ)
-### OAuth2 and OIDC
+```mdx-code-block
+import PolisDesc from "@site/src/components/Shared/deploy-intro/polis-desc.mdx"
-Ory Network incorporates the open-source [Ory Hydra OAuth2 & OpenID Server](https://www.ory.com/hydra) and offers:
+
+```
-- Fully featured OAuth2 & [OpenID Certified](https://openid.net/developers/certified/)® OIDC Provider
+### Ory Oathkeeper (Proxy-based access control)
-### SAML
+```mdx-code-block
+import OathkeeperDesc from "@site/src/components/Shared/deploy-intro/oathkeeper-desc.mdx"
-Ory Network incorporates the open-source [Ory Polis](https://www.ory.com/polis) and offers:
+
+```
-- Enterprise SSO integration with SAML identity providers such as Okta, Azure AD, and Google Workspace.
-- Simplified SSO flow by implementing SSO as a standard OAuth 2.0 flow, abstracting away the complexities of SAML.
-- Act as a SAML Identity Provider (IdP).
+### Ory Talos (API keys)
-### Ory Console
+```mdx-code-block
+import TalosDesc from "@site/src/components/Shared/deploy-intro/talos-desc.mdx"
-Ory Console is the management UI of Ory Network.
+
+```
-### Ory Account Experience
+## Ory Network compared to the other deployment models
-Ory Account Experience implements screens such as login, registration, account recovery, account setting, and account verification
-for fast adoption of Ory.
+Ory Network is one of three ways to run Ory. All three share the same open source core, so you can start with one and move to
+another as your needs change:
-Ory allows you to implement your own authentication UI by offering simple, headless APIs. Use the open-source
-[Ory Elements](https://github.com/ory/elements) components library for fast integration with frameworks like React and Next.js.
+```mdx-code-block
+import DeployCompare from "@site/src/components/Shared/deploy-intro/deploy-compare.mdx"
-### Ory Actions
+
+```
-[Ory Actions](../../kratos/hooks/01_configure-hooks.mdx) provide a flexible way to extend the capabilities of the Ory Network by
-defining custom business logic, automating system behavior in response to events, and integrating with third-party services such
-as CRM platforms, payment gateways, business analytics tools, and integration platforms.
+## Next steps
-## Ory Open Source
-
-Ory is the largest open-source ecosystem in the area of authentication, authorization, access control, and zero-trust networking
-in the world. Ory is not another company "greenwashing" with open source by publishing SDKs under open-source licenses. Instead,
-all Ory core systems are available as Apache 2.0 licensed software without enterprise or open-core models.
-
-Head over to the [Ory Open Source Overview](../../oss/open-source.mdx) for an introduction to the different projects.
+- [Create a free developer project](https://console.ory.com/registration)
+- [Follow a quickstart](../getting-started/overview)
+- [Learn which Ory product to use](../products/products-overview#which-ory-product)
+- [Migrate an existing user base to Ory Network](../migrate-to-ory/migrate)
diff --git a/docs/oel/getting-started/index.mdx b/docs/oel/getting-started/index.mdx
index 4a0c0193d..ccc7dd1dc 100644
--- a/docs/oel/getting-started/index.mdx
+++ b/docs/oel/getting-started/index.mdx
@@ -1,67 +1,146 @@
---
title: Introduction to Ory Enterprise License
+sidebar_label: Introduction to Ory Enterprise License
+toc_max_heading_level: 3
+description:
+ The Ory Enterprise License (OEL) is the self-hosted, commercially supported deployment of Ory — optimized builds of Ory's open
+ source software with enterprise features, SLAs, and CVE patching for production and mission-critical environments.
---
-The Ory Enterprise License (OEL) is a commercial license designed for businesses and organizations that rely on Ory's open-source
-identity and access control software (Ory Hydra, Ory Kratos, Ory Keto, Ory Oathkeeper, and Ory Polis) in production and
-mission-critical environments. It grants access to enterprise-grade features, dedicated support, and builds optimized for
-stability, security, and scalability.
+# Introduction to Ory Enterprise License
-:::info
+The Ory Enterprise License (OEL) is the self-hosted, commercially supported deployment of Ory: optimized builds of the same open
+source identity and access management (IAM) software, with enterprise features, guaranteed support, and timely security patching.
+You run Ory on your own infrastructure — in your cloud, your private cloud, or an air-gapped environment — and Ory's core
+engineering team backs it with SLAs. OEL gives you the control of self-hosting with the assurance of an enterprise vendor, so you
+can run Ory in production and mission-critical environments with confidence.
-Interested in the Ory Enterprise License?
-[Contact us to discuss your requirements.](https://www.ory.com/contact)
+[Talk to an expert](https://www.ory.com/contact) to discuss your requirements, or read the
+[OEL product brief](https://www.ory.com/resources/assets/ory-enterprise-license-product-brief) to compare OEL with Ory Open
+Source.
-:::
+## Why Ory Enterprise License
-## When to use the Ory Enterprise License
+OEL builds share the same familiar patterns as the open source software, with significant advantages for organizations running Ory
+at scale:
-You should consider the Ory Enterprise License if your organization
+- **Self-hosted control** — Run Ory entirely within your own infrastructure for full control over data residency, networking, and
+ deployment topology, including certified, regulated, and air-gapped environments.
+- **Dedicated support and SLAs** — Get 24/7 access to Ory's core engineering team with guaranteed response times based on incident
+ priority, so critical production issues are resolved quickly.
+- **Frequent, tested releases** — Ory ships enterprise builds frequently, with the latest dependencies and timely patches for
+ known CVEs in Go, third-party libraries, and other components. (Community-only updates can lag and are not tested at the same
+ scale.)
+- **Drop-in replacement** — OEL builds are direct replacements for open source installations. Moving from Ory Open Source requires
+ no special configuration or complex migration path.
+- **Zero-downtime migrations** — OEL builds support zero-downtime upgrades, and the optimized CockroachDB integration adds
+ zero-downtime schema migrations using CockroachDB's online schema changes.
+- **Multi-region deployments** — With CockroachDB, OEL supports true multi-region resilience for high availability and disaster
+ recovery, data domiciling for GDPR, CCPA, and similar regulations, and lower latency for globally distributed users.
+- **Unlocked enterprise features** — OEL activates functionality not available in the open source builds, such as B2B
+ organizations and multi-tenancy in Ory Kratos and the OAuth 2.0 Resource Owner Password Credentials (ROPC) grant in Ory Hydra.
-- operates Ory solutions in critical production environments where downtime is unacceptable.
-- requires timely patches and updates for security vulnerabilities (CVEs) within specific timeframes.
-- needs dedicated support from Ory's core engineering team with guaranteed response times (SLAs) for incident resolution.
-- handles high-traffic volumes and large datasets (100GBs scale) requiring optimized database performance and zero-downtime
+## When to choose OEL
+
+Consider the Ory Enterprise License if your organization:
+
+- Runs Ory in critical production environments where downtime is unacceptable.
+- Needs CVE patches and security updates within guaranteed timeframes.
+- Requires dedicated support with contractual response-time SLAs.
+- Handles high traffic and large datasets (100 GB scale) that benefit from optimized database performance and zero-downtime
migrations.
-- needs enterprise-specific functionalities not available in the open-source versions, such as the OAuth2 Resource Owner Password
- Credentials (ROPC) grant in Ory Hydra or multi-tenancy/organizations features in Ory Kratos.
-- requires advanced deployment patterns like multi-region for high availability, disaster recovery, and data domiciling.
-
-In contrast, open-source builds are well-suited for
-
-- individuals and researchers exploring Ory's capabilities.
-- development and testing environments.
-- deployments where occasional downtime for upgrades is acceptable and CVE patching is not required.
-
-## Benefits of Ory Enterprise License
-
-All Ory Enterprise builds share common advantages over their open-source counterparts:
-
-- Regular, up-to-date releases: Enterprise builds are released frequently and include the latest dependencies, addressing known
- CVEs in Golang, third-party libraries, and other components.
-- Dedicated support & SLAs: OEL holders receive dedicated support channels and are covered by Service Level Agreements (SLAs),
- ensuring qualified responses within defined timeframes based on incident priority.
-- Drop-in replacement: OEL is designed as direct replacements for open-source installations, requiring no special configuration or
- complex migration paths from existing OSS setups.
-- Unlocked Enterprise features: The OEL activates exclusive functionalities. Specific enterprise features for each Ory service are
- detailed in their respective documentation sections.
-- Zero-downtime migrations: Unlike open-source versions that require downtime during upgrades, enterprise builds support
- zero-downtime migrations.
-- Optimized CockroachDB integration: For deployments with large-scale databases and traffic patterns, an enhanced CockroachDB
- integration is available. This provides not only zero-downtime upgrades but also zero-downtime schema migrations by leveraging
- CockroachDB's Online schema changes feature.
-- Multi-Region deployments: Enterprise builds, when used with CockroachDB, support multi-region deployments. This enables:
- - Enhanced high-availability: Go beyond simple Availability Zone (AZ) failover with true multi-region resilience for superior
- uptime and disaster recovery.
- - Data domiciling: Comply with data privacy regulations like GDPR, CCPA, and others by keeping data in specific geographic
- regions while maintaining a global, logical view of all data within a single database.
- - Lower latency: Improve application performance for globally distributed users by locating data closer to them.
-- Seamless operation: Running, configuring, and using enterprise builds follows the same familiar patterns as the open-source
- versions.
-
-## Use cases
-
-The Ory Enterprise License is leveraged by organizations requiring robust and scalable identity infrastructure. For instance,
-OpenAI utilizes the Ory Enterprise License with Ory Hydra Enterprise to manage authentication for its 400 million weekly active
-users, ensuring reliability, massive scale, and uninterrupted service. Read more about
-[OpenAI's use of Ory](https://www.ory.com/case-studies/openai).
+- Needs enterprise-only features such as Ory Kratos multi-tenancy/organizations or the Ory Hydra ROPC grant.
+- Requires advanced deployment patterns like multi-region high availability, disaster recovery, or data domiciling.
+
+Ory Open Source remains a good fit for evaluation, prototyping, development and testing, and deployments where occasional upgrade
+downtime is acceptable and guaranteed CVE patching is not required.
+
+## What's included
+
+OEL packages Ory's open source servers as optimized, enterprise-grade builds, delivered with the tooling and support you need to
+run them in production. The core services each map to a focused part of the identity and access problem: identity and sessions,
+OAuth2 and OIDC, permissions, enterprise SSO, edge access control, and API key management. Around them, OEL adds the enterprise
+delivery layer:
+
+- **[Ory Account Experience](https://www.ory.com/docs/account-experience)** — Prebuilt, customizable screens for login,
+ registration, recovery, verification, and account settings, so you can ship auth before building your own UI.
+- **[Ory Elements](https://www.ory.com/docs/elements)** — An open source component library for integrating your own authentication
+ UI quickly with frameworks like React and Next.js.
+- **[Ory Actions](https://www.ory.com/docs/kratos/hooks/configure-hooks)** — Hooks that extend Ory by running custom business
+ logic and integrating with third-party services such as CRMs, payment gateways, and analytics platforms in response to identity
+ events.
+- **[Ory CLI](https://www.ory.com/docs/cli)** — A command-line tool for configuring and operating your self-hosted deployment.
+- **[SDKs and reference UIs](https://github.com/ory/sdk)** — Client SDKs for popular languages and reference UI implementations
+ for frameworks like React, Next.js, and React Native.
+- **Production Helm charts** — Supported Kubernetes Helm charts for deploying and operating Ory services in your own cluster.
+- **Optimized builds and database integration** — High-performance connection pooling and an enhanced CockroachDB integration for
+ large-scale traffic and datasets.
+- **Enterprise support** — Dedicated channels, onboarding, and SLAs from Ory's engineering team.
+
+### Ory Kratos (Identity & AuthN)
+
+```mdx-code-block
+import KratosDesc from "@site/src/components/Shared/deploy-intro/kratos-desc.mdx"
+
+
+```
+
+### Ory Hydra (Delegated AuthZ & Federated AuthN)
+
+```mdx-code-block
+import HydraDesc from "@site/src/components/Shared/deploy-intro/hydra-desc.mdx"
+
+
+```
+
+### Ory Keto (Fine-grained Permissions)
+
+```mdx-code-block
+import KetoDesc from "@site/src/components/Shared/deploy-intro/keto-desc.mdx"
+
+
+```
+
+### Ory Polis (Enterprise SSO AuthZ)
+
+```mdx-code-block
+import PolisDesc from "@site/src/components/Shared/deploy-intro/polis-desc.mdx"
+
+
+```
+
+### Ory Oathkeeper (Proxy-based Access Control)
+
+```mdx-code-block
+import OathkeeperDesc from "@site/src/components/Shared/deploy-intro/oathkeeper-desc.mdx"
+
+
+```
+
+### Ory Talos (API keys)
+
+```mdx-code-block
+import TalosDesc from "@site/src/components/Shared/deploy-intro/talos-desc.mdx"
+
+
+```
+
+## OEL compared to the other deployment models
+
+OEL is one of three ways to run Ory. All three share the same open source core, so you can start with one and move to another as
+your needs change:
+
+```mdx-code-block
+import DeployCompare from "@site/src/components/Shared/deploy-intro/deploy-compare.mdx"
+
+
+```
+
+OpenAI runs OEL with Ory Hydra Enterprise to manage authentication for its hundreds of millions of weekly active users — read the
+[OpenAI case study](https://www.ory.com/case-studies/openai).
+
+## Next steps
+
+- [Talk to an expert](https://www.ory.com/contact) to discuss requirements and request an OEL license.
+- [Follow a quickstart](../getting-started/overview)
+- [Learn which Ory product to use](../products/products-overview#which-ory-product)
diff --git a/docs/oss/getting-started/index.mdx b/docs/oss/getting-started/index.mdx
index a4991bf9d..50b753bdd 100644
--- a/docs/oss/getting-started/index.mdx
+++ b/docs/oss/getting-started/index.mdx
@@ -1,116 +1,132 @@
---
title: Introduction to Ory Open Source
+sidebar_label: Introduction to Ory Open Source
+toc_max_heading_level: 3
+description:
+ Ory Open Source is the Apache 2.0 licensed identity and access management software at the core of every Ory deployment —
+ modular, self-hosted servers you run on your own infrastructure.
---
-We provide an open source ecosystem of services with clear boundaries that solve authentication and authorization:
+# Introduction to Ory Open Source
-- Ory Kratos is an identity management server.
-- Ory Hydra is an OAuth 2.0 and OpenID Connect provider.
-- Ory Oathkeeper is an Identity and Access Proxy.
-- Ory Keto is an access control server.
+Ory Open Source is the Apache 2.0 licensed identity and access management (IAM) software at the core of every Ory deployment. It
+is a modular ecosystem of cloud-native servers that solve authentication, authorization, and access control, which you run on your
+own infrastructure. Each service works standalone, so you can adopt a single component or combine them into a full IAM stack — and
+because the same code powers Ory Enterprise License and Ory Network, you can move to a supported or managed deployment later
+without rewriting your integration.
-Each service works standalone but you can also combine them to get the full feature set. If you've never heard of an Identity &
-Access Proxy before, or you want to learn more about the individual services and how they play together, stick with us through the
-next paragraphs.
+[Browse the source on GitHub](https://github.com/ory) or [follow a quickstart](../getting-started/overview) to deploy your first
+service.
-Almost every application has the concept of users and permissions. An anonymous user, for example, is allowed to read blog posts
-while certain authenticated users are allowed to write blog posts. While this is the basis for most applications out there, access
-control becomes increasingly complex as an application grows. What started out with a user's username and password now shifted to
-machine-2-machine interaction, third party developers accessing your user's data, and maybe even a micro service system
-architecture.
+## Why Ory Open Source
-Our projects solve the simplest use case and give you the ability to instantly ready the system for more complex scenarios without
-painful and slow upgrade processes.
+Ory Open Source gives you a modern, fully customizable IAM foundation with no license cost and no lock-in:
-## Ory Kratos
+- **Free and open source** — Every core service is licensed under Apache 2.0 and developed in the open on
+ [GitHub](https://github.com/ory), improved by a large community of contributors.
+- **Modular by design** — Use one service or all of them. Each server has clear boundaries and a focused responsibility, so you
+ can bolt on only what your system needs.
+- **Self-hosted and fully in your control** — Run Ory on any infrastructure, in the language or framework of your choice. You own
+ your data, your networking, and your deployment topology.
+- **Cloud-native and lightweight** — Services ship as small, headless Docker images with minimal configuration, designed to run
+ well in containerized and microservice environments. Or use the open source files to compile your own binaries.
+- **Standards-based and secure** — Ory implements established security standards from NIST, the IETF, and other experts, and
+ includes an OpenID Certified® OAuth 2.0 and OpenID Connect provider.
+- **A path to supported deployments** — Ory Open Source servers share the same APIs and open standards as Ory Enterprise License
+ and Ory Network, so you can graduate to a supported or fully managed deployment whenever you need to.
-
+## When to choose Ory Open Source
-The identity management server Ory Kratos enables you to implement user management, login and registration in a secure and
-straightforward way. Don't rewrite every aspect of identity management yourself. Ory Kratos implements all common flows such as
-login and logout, account activation, mfa/2fa, profile and session management, user facing errors and account recovery methods.
-Just spin up a docker image and write a simple UI for it in the language or framework of your choice. Don't worry about GDPR,
-address verification or protecting your users data against common and frequently changing attack vectors. Ory Kratos applies
-security standards established by experts (National Institute of Sciences NIST, Internet Engineering Task Force IETF, Microsoft
-Research, Google Research, Troy Hunt, ..), so you can concentrate on building. You have custom requirements for your users
-experience? No problem, implement your own custom flows without hassle.
+Ory Open Source is a good fit if you are:
-## Ory Hydra
+- Evaluating Ory's capabilities or building a proof of concept.
+- Running development, testing, or staging environments.
+- Learning how Ory's identity and access flows work.
+- Operating deployments where occasional downtime for upgrades is acceptable and guaranteed CVE patching is not required.
+- Comfortable self-hosting and operating the software yourself.
-
+Consider [Ory Enterprise License](https://www.ory.com/docs/oel/getting-started) if you need guaranteed CVE patching, dedicated
+support with SLAs, zero-downtime migrations, multi-region deployments, or enterprise-only features. Consider
+[Ory Network](https://www.ory.com/docs/network/getting-started) if you want a fully managed platform with no infrastructure to
+operate.
-Ory Hydra enables you to become an OAuth 2.0 and OpenID Connect provider. If you're not writing a basic web app but something that
-has to work on different devices, that has machine-2-machine interaction, or enables third-party developers to use your API (and
-pay for it), then this is what you're looking for. Ory Hydra isn't identity management, though. Instead, it connects to your
-existing identity management (for example the one from the paragraph above, or your MySQL+PHP login service, or your Federated
-SAML SSO) and is capable of issuing, in a secure and OpenID Certified manner, access, refresh, and ID tokens. Of course, it's
-shipped as a 5MB Docker Image with almost no configuration required.
+## What's included
-## Ory Oathkeeper
+Ory Open Source is composed of focused servers that each solve a distinct part of the identity and access problem: identity and
+sessions, OAuth2 and OIDC, permissions, enterprise SSO, edge access control, and API key management. Alongside the servers, the
+open source ecosystem provides the tooling you need to build and operate them:
-
+- **[Ory Elements](https://www.ory.com/docs/elements)** — An open source component library for building custom UIs for Ory
+ self-service flows such as login, registration, settings, verification, recovery, and OAuth2 consent.
+- **[Ory Actions](https://www.ory.com/docs/kratos/hooks/configure-hooks)** — Hooks that extend Ory by running custom business
+ logic and integrating with third-party services such as CRMs, payment gateways, and analytics platforms in response to identity
+ events.
+- **[Ory CLI](https://www.ory.com/docs/cli)** — A command-line tool for configuring and operating your self-hosted deployment.
+- **[SDKs and reference UIs](https://github.com/ory/sdk)** — Client SDKs for popular languages and reference UI implementations
+ for frameworks like React, Next.js, and React Native.
+- **[Helm charts](https://github.com/ory/k8s)** — Kubernetes Helm charts for deploying Ory services in your own cluster.
-Now that your users access your application through, for example, a React/Angular app and a REST api, you need a way to
-authenticate the user and to check if they have the necessary permissions (we call this "access control" from now on). One way
-would be, of course, to add these checks in your code. Another is to deploy the 5MB Ory Oathkeeper Docker Image, define access
-rules for your API endpoints (for example OAuth 2.0 Access Token + certain set of permissions, a valid JSON Web Token, a valid
-SAML assertion, ...) and put it - like a firewall - in front of your services.
+### Ory Kratos (Identity & AuthN)
-## Ory Keto
+```mdx-code-block
+import KratosDesc from "@site/src/components/Shared/deploy-intro/kratos-desc.mdx"
-
+
+```
-You might start out with a simple permission system. You've got different roles: anonymous users (not logged in), authenticated
-users (logged in), and administrators. At some point however, the system gets more complex. You want to distinguish permissions
-based on the user's organization, the access time (think time lock in banking), or the billing plan he/she's on. Big cloud
-providers such as Amazon Web Services or Google solve this using "Access Control Policies". These policies represent flexible
-rules and allow you to express complex access control scenarios. You could, of course, write your own system or spend a bit of
-time educating yourself about RBAC, ACL, ABAC, ACP - or (you probably already guessed it) - boot up the 5MB Ory Keto Docker Image.
-Ory Keto is able to authenticate different types of credentials (for example OAuth 2.0 Access Tokens, SAML Assertions, JSON Web
-Tokens, ...) and allows you to define advanced permission rules ("Access Control Policies"). And there's of course an endpoint
-that tells you if a certain set of credentials (for example an OAuth 2.0 Access Token) is allowed to modify that blog post.
+### Ory Hydra (Delegated AuthZ & Federated AuthN)
-## Ory Polis
+```mdx-code-block
+import HydraDesc from "@site/src/components/Shared/deploy-intro/hydra-desc.mdx"
+
+
+```
-
+### Ory Keto (Fine-grained Permissions)
+
+```mdx-code-block
+import KetoDesc from "@site/src/components/Shared/deploy-intro/keto-desc.mdx"
+
+
+```
-Ory Polis is your trusted solution for enterprise Single Sign-On (SSO) without the headaches of SAML and OIDC. If you're building
-a multi-tenant SaaS platform and your B2B customers need to sign in with their corporate identity providers—like Entra ID, Okta or
-Google Workspace - Ory Polis makes it simple. Instead of creating custom SSO flows for each customer and wrestling with complex
-SAML configurations, you can deploy the Ory Polis Docker image and be ready in minutes. Ory Polis abstracts away the protocol
-complexity by translating SAML into a standard OAuth 2.0 or OIDC flow, creating a seamless bridge between your application and
-enterprise identity providers. It’s modular, supports your preferred database, and can be self-hosted for complete control over
-data and privacy. Built for flexibility and scale, Ory Polis handles as many tenants and identity providers as your business
-demands. If you're delivering enterprise-grade SaaS and need SSO that just works, Ory Polis is the missing link.
+### Ory Polis (Enterprise SSO AuthZ)
-## Ory Elements
+```mdx-code-block
+import PolisDesc from "@site/src/components/Shared/deploy-intro/polis-desc.mdx"
-
+
+```
-Ory Elements is a component library that allows you to build custom user interfaces for Ory self-service flows. It provides a set
-of pre-built components that can be easily integrated into your application, enabling you to create a seamless user experience
-while leveraging Ory's powerful authentication and identity management capabilities. Ory Elements is designed to work with Ory
-Kratos' self-service flows, such as login, registration, settings, verification, and recovery, as well as the OAuth2 consent flow.
-It allows you to customize the look and feel of your UI to match your brand and user experience requirements. You can use Ory
-Elements to build a custom UI that fits your application's design and user experience.
+### Ory Oathkeeper (Proxy-based Access Control)
-## Find Your Ory Stack
+```mdx-code-block
+import OathkeeperDesc from "@site/src/components/Shared/deploy-intro/oathkeeper-desc.mdx"
-Not sure which Ory products you need? Use our [Product Selector](/welcome) to answer a few questions and discover the right Ory
-products for your use case.
+
+```
-## All of Ory Open Source
+### Ory Talos (API keys)
```mdx-code-block
-import { ProjectOverviewGraph } from "@site/src/pages/_assets/project-overview-graph"
+import TalosDesc from "@site/src/components/Shared/deploy-intro/talos-desc.mdx"
-
+
```
-If you were to use the full Ory Ecosystem, it would probably look something like this. Keep in mind that any component shown here
-can be replaced or removed, depending on your use case.
+## Ory Open Source compared to the other deployment models
+
+Ory Open Source is one of three ways to run Ory. All three share the same open source core, so you can start with one and move to
+another as your needs change:
+
+```mdx-code-block
+import DeployCompare from "@site/src/components/Shared/deploy-intro/deploy-compare.mdx"
+
+
+```
-Now you know what this ecosystem has to offer you. To get some more information on the services, read the developer guide by
-selecting the software of your choice from the navigation on the left!
+## Next steps
-Contact us at [support@ory.com](mailto:support@ory.com) if you need consulting with your specific project.
+- [Download a binary or browse the source on GitHub](https://github.com/ory)
+- [Follow a quickstart](../getting-started/overview)
+- [Learn which Ory product to use](../products/products-overview#which-ory-product)
diff --git a/src/components/Shared/deploy-intro/deploy-compare.mdx b/src/components/Shared/deploy-intro/deploy-compare.mdx
new file mode 100644
index 000000000..e08b40c0e
--- /dev/null
+++ b/src/components/Shared/deploy-intro/deploy-compare.mdx
@@ -0,0 +1,10 @@
+| | Ory Open Source | Ory Enterprise License | Ory Network |
+| -------------------------------------------------- | ------------------------------------------------------ | ------------------------------------------------- | ----------------------------------------------------------- |
+| **Hosting** | Self-hosted | Self-hosted | Fully managed (SaaS) |
+| **Who operates the infrastructure** | You | You | Ory |
+| **License** | Apache 2.0 | Commercial | Commercial |
+| **Management** | CLI | CLI | CLI, GUI (Ory Console), and Terraform |
+| **Support** | Community | Dedicated, 24/7 with SLAs | Included with the platform |
+| **CVE patching** | Self-managed | Guaranteed timeframes | Handled by Ory |
+| **Enterprise features** (e.g. multi-tenancy, ROPC) | Not included | Included | Included |
+| **Best for** | Evaluation, prototyping, and full-control self-hosting | Regulated, air-gapped, or high-control production | The fastest path to production with no operational overhead |
diff --git a/src/components/Shared/deploy-intro/hydra-desc.mdx b/src/components/Shared/deploy-intro/hydra-desc.mdx
new file mode 100644
index 000000000..3207f7854
--- /dev/null
+++ b/src/components/Shared/deploy-intro/hydra-desc.mdx
@@ -0,0 +1,6 @@
+Ory Hydra is a fully featured,
+[OpenID Certified®](https://openid.net/developers/certified/) OAuth 2.0 and
+OpenID Connect provider. It handles single sign-on, API access authorization,
+token issuance, and delegation, with support for stateless JWT access tokens,
+token exchange, and credential rotation. Learn more in the
+[Ory Hydra documentation](./hydra).
diff --git a/src/components/Shared/deploy-intro/keto-desc.mdx b/src/components/Shared/deploy-intro/keto-desc.mdx
new file mode 100644
index 000000000..e75910329
--- /dev/null
+++ b/src/components/Shared/deploy-intro/keto-desc.mdx
@@ -0,0 +1,4 @@
+Ory Keto provides low-latency, relationship-based authorization for fine-grained
+access control. It implements Google's Zanzibar model and supports RBAC and ABAC
+patterns, letting you define and check permissions across any application. Learn
+more in the [Ory Keto documentation](./keto).
diff --git a/src/components/Shared/deploy-intro/kratos-desc.mdx b/src/components/Shared/deploy-intro/kratos-desc.mdx
new file mode 100644
index 000000000..9abbee709
--- /dev/null
+++ b/src/components/Shared/deploy-intro/kratos-desc.mdx
@@ -0,0 +1,7 @@
+Ory Kratos manages identities, credentials, and sessions. It powers self-service
+flows for registration, login, account recovery, email and phone verification,
+profile settings, and multi-factor authentication. It supports passwords, social
+sign-in, OpenID Connect, and passkeys, and it uses customizable JSON Schema
+identity models (SCIM) so you control exactly what data each identity holds.
+SCIM support enables automated user provisioning and deprovisioning. Learn more
+in the [Ory Kratos documentation](./kratos/intro).
diff --git a/src/components/Shared/deploy-intro/oathkeeper-desc.mdx b/src/components/Shared/deploy-intro/oathkeeper-desc.mdx
new file mode 100644
index 000000000..53d004c0d
--- /dev/null
+++ b/src/components/Shared/deploy-intro/oathkeeper-desc.mdx
@@ -0,0 +1,4 @@
+Ory Oathkeeper provides identity and policy-aware access control at the network
+edge. It acts as a zero-trust proxy that authenticates and authorizes requests
+before they reach your services. Learn more in the
+[Ory Oathkeeper documentation](./oathkeeper).
diff --git a/src/components/Shared/deploy-intro/polis-desc.mdx b/src/components/Shared/deploy-intro/polis-desc.mdx
new file mode 100644
index 000000000..eff8e3e45
--- /dev/null
+++ b/src/components/Shared/deploy-intro/polis-desc.mdx
@@ -0,0 +1,5 @@
+Ory Polis adds enterprise single sign-on through SAML and OIDC. It connects to
+identity providers such as Okta, Microsoft Entra ID, and Google Workspace,
+supports directory sync, and can also act as a SAML Identity Provider —
+abstracting SAML complexity behind a standard OAuth 2.0 flow. Learn more in the
+[Ory Polis documentation](./polis).
diff --git a/src/components/Shared/deploy-intro/talos-desc.mdx b/src/components/Shared/deploy-intro/talos-desc.mdx
new file mode 100644
index 000000000..66d227d71
--- /dev/null
+++ b/src/components/Shared/deploy-intro/talos-desc.mdx
@@ -0,0 +1,8 @@
+Ory Talos manages the full lifecycle of API credentials for machine-to-machine
+and AI agent access: issuing keys, verifying them, deriving short-lived tokens,
+and revoking access. It replaces static, over-privileged API keys with
+programmable macaroon tokens that enforce least privilege — permissions can only
+be narrowed, never widened — and supports token derivation, IP allowlists, and
+time-to-live limits. Commercial builds add multi-tenancy, PostgreSQL, MySQL, and
+CockroachDB backends, Redis caching, rate-limit enforcement, and edge proxy
+nodes. Learn more in the [Ory Talos documentation](/talos).