docs: add Manage guides for app entrances and user creation

docs/.vitepress/en.ts

@@ -119,6 +119,10 @@ const side = {
             },
           ],
         },
+        {
+          text: "Join an Olares",
+          link: "/manual/get-started/join-olares",
+        },
         {
           text: "Back up mnemonics",
           link: "/manual/larepass/back-up-mnemonics"

docs/.vitepress/one.en.ts

@@ -80,19 +80,19 @@ export const oneSidebar: DefaultTheme.Sidebar = {
 
       ]
     },
-//     {
-//       text: "Manage",
-//       items: [
-//         {
-//           text: "Set up app entrances",
-//           link: "/one/app-entrances",
-//         },
-//         {
-//           text: "Create users",
-//           link: "/one/users",
-//         },
-//       ]
-//     },
+     {
+       text: "Manage",
+       items: [
+        {
+          text: "Create and manage users",
+          link: "/one/create-users",
+        },
+         {
+           text: "Set up app entrances",
+           link: "/one/set-app-entrance",
+         },
+       ]
+     },
     {
       text: "Monitor",
       items: [

docs/.vitepress/one.zh.ts

@@ -80,19 +80,19 @@ export const oneSidebar: DefaultTheme.Sidebar = {
 
       ]
     },
-//     {
-//       text: "Manage",
-//       items: [
-//         {
-//           text: "Set up app entrances",
-//           link: "/zh/one/app-entrances",
-//         },
-//         {
-//           text: "Create users",
-//           link: "/zh/one/users",
-//         },
-//       ]
-//     },
+     {
+       text: "Manage",
+       items: [
+         {
+           text: "Set up app entrances",
+           link: "/zh/one/app-entrances",
+         },
+         {
+           text: "Create users",
+           link: "/zh/one/users",
+         },
+       ]
+     },
     {
       text: "Monitor",
       items: [

docs/.vitepress/zh.ts

@@ -118,6 +118,10 @@ const side = {
             },
           ],
         },
+        {
+          text: "加入 Olares",
+          link: "/zh/manual/get-started/join-olares",
+        },
         {
           text: "备份助记词",
           link: "/zh/manual/larepass/back-up-mnemonics",

docs/manual/get-started/create-olares-id.md

@@ -55,7 +55,7 @@ To install and activate Olares as an administrator:
 - [Install Olares](./install-olares)
 
 If your team already has Olares, and you're joining as a member:
-- [Activate Olares](./activate-olares)
+- [Join an Olares](./join-olares)
 
 If you wish to log in to Olares Space, or creating a cloud-based Olares:
 - [Manage accounts in Olares Space](../../space/manage-accounts) 

docs/manual/get-started/index.md

@@ -17,6 +17,16 @@ If you prefer to try the cloud version of Olares instead of self-hosting, refer
   </a>
 </div>
 
+<div class="cta">
+  <a href="./join-olares">
+    <div class="content">
+      <h3>Joining an existing Olares?</h3>
+      <p>Create your Olares ID and activate your account using the link from your admin.</p>
+    </div>
+    <div class="arrow">→</div>
+  </a>
+</div>
+
 <div class="cta">
   <a href="../olares/">
     <div class="content">

docs/manual/get-started/join-olares.md

@@ -0,0 +1,32 @@
+---
+outline: [2, 3]
+description: Learn how to join an existing Olares as a new member using a wizard URL and one-time password shared by your admin.
+---
+
+# Join an Olares
+
+If an admin invites you to use an existing Olares device, follow this guide to set up your Olares ID and activate your account. You do not need physical access to the device.
+
+## Step 1: Create your Olares ID
+
+An Olares ID is your identity across the Olares ecosystem. You need one before you can activate your account.
+
+See [Create an Olares ID](./create-olares-id.md) for instructions.
+
+:::tip
+The domain of your Olares ID must match the domain of the Olares device you are joining. Check with your admin if you are unsure which domain to use.
+:::
+
+## Step 2: Activate your account
+
+Once your Olares ID is ready, use the wizard URL and one-time password shared by your admin to complete activation. This process connects the Olares device with your Olares ID using LarePass.
+
+<!--@include: ./activate-olares.md{8,39}-->
+
+## Step 3: Log in to Olares
+
+<!--@include: ./log-in-to-olares.md{6,17}-->
+
+## Resources
+
+- [Roles and permissions](/manual/olares/settings/roles-permissions.md): Learn more about what you can do as a member.

docs/one/create-users.md

@@ -0,0 +1,90 @@
+---
+outline: [2, 3]
+description: Learn how to add users to Olares One, assign roles and resource limits, and manage existing accounts.
+---
+
+# Create and manage users <Badge text="5 min"/>
+
+On Olares One, you can create multiple user accounts to share the device securely. Each user has their own space, applications, and resource limits.
+
+## Before you begin
+
+User permissions and resource usage depend on the assigned role.
+
+|  | **Super admin** | **Admin** | **Members** |
+|--|--|--|--|
+| Create | Admin and Members | Members | — |
+| Remove | Admin and Members | Members | — |
+| Resources | Use all resources | Use allocated resources | Use allocated resources |
+
+## Prerequisites
+
+**Hardware**<br>
+- Your Olares One has sufficient available CPU and memory resources.
+
+**User permissions**<br>
+- You are logged in as **Super admin** or **Admin**.
+
+**Olares ID**<br>
+- The new user has a valid Olares ID that is not already activated on another Olares device.
+- The domain part of the new user's Olares ID matches the current domain.
+
+## Create a new user
+
+1. Go to **Settings** > **Users**.
+2. Click **Create account**.
+3. In the dialog, fill in the required information:
+
+   - **Olares ID**: Enter only the username (the part before `@`).
+   - **Role**: Choose **Members** or **Admin**.
+   - **CPU**: Allocate CPU cores. Minimum 1 core.
+   - **Memory**: Allocate memory. Minimum 3 GB.
+
+4. Click **Save**.
+
+   Once the account is created, the system generates a temporary activation wizard URL and a one-time password.
+
+5. Click **Copy** to copy the activation credentials, and share them with the user.
+
+:::tip Remote activation
+New users do not need physical access to Olares One. They can complete the setup entirely using the activation URL. Share [Join an Olares](/manual/get-started/join-olares) with them for the full steps.
+:::
+
+You can check whether the user has completed activation on the **Users** page.
+![View user lists](/images/one/settings-create-users.png#bordered){width=85%}
+
+## Manage existing users
+
+After users are created, you can adjust their resource limits or remove access as needed.
+
+1. Go to **Settings** > **Users**.
+2. Select a user to open the **Account info** page.
+
+![Manage users](/images/one/settings-manage-user.png#bordered){width=90%}
+
+### Adjust resource limits
+
+1. Click **Modify limits**.
+2. Adjust CPU and memory values, then click **OK**.
+
+### Reset password
+
+:::tip Forgot your password
+If a user forgets the password, a higher-level role can reset it. Super admins can reset passwords for Admins and Members. Admins can reset passwords for Members.
+:::
+
+1. Click **Reset password**.
+2. Share the generated password with the user.
+
+### Remove a user
+
+:::warning
+Deleting a user permanently removes their data. Proceed with caution.
+:::
+
+1. Click **Delete user**.
+2. Click **OK** to confirm the deletion.
+
+## Resources
+
+- [Roles and permissions](/manual/olares/settings/roles-permissions.md): Learn more about roles and corresponding permissions in Olares.

docs/one/set-app-entrance.md

@@ -0,0 +1,51 @@
+---
+outline: [2, 3]
+description: Control who can access your apps on Olares One by configuring authentication levels and models.
+---
+
+# Set up app entrances <Badge text="5 min"/>
+
+Each app on Olares has an entrance that controls how users access it. You can configure the authentication requirements for each entrance to match the app's sensitivity and your sharing needs.
+
+## Before you begin
+
+Understand the two settings you'll configure:
+
+- **Authentication level**: Defines when authentication is required. The app can be private, accessible over VPN without login, or fully public.
+- **Authentication model**: Defines how users authenticate. Options include password only, two-factor, or none.
+
+| Authentication level | Available authentication models | Access behavior |
+| -- | -- | -- |
+| **Private** | System, One factor, Two factor | All users must authenticate before accessing the app. |
+| **Internal** | System, One factor, Two factor | Authentication is bypassed only with LarePass VPN enabled. All other access requires authentication. |
+| **Public** | **None** (fixed) | Anyone can access the app without logging in. |
+
+## Set the access policy
+
+1. Go to **Settings** > **Applications**.
+2. Select the target application.
+3. In the **Entrances** section, click the entrance you want to configure.
+
+   ![Set entrance](/images/one/settings-entrance.png#bordered){width=80%}
+
+4. Under **Access policy**, select the **Authentication level**:
+   - **Private**: Require login for all access.
+   - **Internal**: Allow access without login over LarePass VPN; require login otherwise.
+   - **Public**: Allow access without login.
+
+5. Select the **Authentication model**:
+   - **System**: Use the system-wide authentication rules.
+   - **One factor**: Require the Olares login password.
+   - **Two factor**: Require the login password plus a verification code.
+   - **None**: No authentication. Only available when level is set to **Public**.
+
+   :::warning
+   Use **None** carefully, especially for apps exposed to the public internet.
+   :::
+
+6. Click **Confirm** to save your changes.
+
+## Resources
+
+- [Entrance concept](/developer/concepts/network.md#entrance): Learn more about the technical background.
+- [Activate custom domain name](/manual/olares/settings/custom-app-domain.md#custom-domain-name): Learn how to bind a custom domain to an app entrance.

docs/zh/manual/get-started/join-olares.md

@@ -0,0 +1,30 @@
+---
+outline: [2, 3]
+description: 了解如何通过管理员提供的向导链接和一次性密码加入现有的 Olares。
+---
+
+# 加入 Olares
+
+如果管理员邀请你使用已有的 Olares 设备，请按照本指南设置你的 **Olares ID** 并激活你的账户。整个过程均可远程完成，无需接触设备实体。
+
+## 创建 Olares ID
+
+Olares ID 是你在整个 Olares 生态中的专属身份标识。在激活账户之前，需要先创建一个 Olares ID。
+
+详情请参见[创建 Olares ID](./create-olares-id.md)。
+
+:::tip
+你的 Olares ID 域名必须与要加入的 Olares 设备域名一致。如果不确定应使用哪个域名，请向管理员确认。
+:::
+
+## 激活账户
+
+准备好 Olares ID 后，请使用管理员分享给你的向导 URL 和一次性密码完成最终的激活流程。
+
+<!--@include: ./activate-olares.md{8,37}-->
+
+<!--@include: ./log-in-to-olares.md-->
+
+## 了解更多
+
+- [用户角色与权限](/zh/manual/olares/settings/roles-permissions.md)：了解成员角色在系统中的权限和可执行的操作。