diff --git a/docs/pages/machine-workload-identity/machine-id/deployment/deployment.mdx b/docs/pages/machine-workload-identity/machine-id/deployment/deployment.mdx
index c1229843148d1..ec0a2214137cd 100644
--- a/docs/pages/machine-workload-identity/machine-id/deployment/deployment.mdx
+++ b/docs/pages/machine-workload-identity/machine-id/deployment/deployment.mdx
@@ -42,46 +42,129 @@ authentication methods:
## Deployment guides
-The guides in this section show you how to deploy Machine ID and join it
-to your cluster. Choose a guide based on the platform where you intend to run
-Machine ID.
+The guides in this section show you how to deploy Machine ID and join it to your cluster.
+Choose a guide based on the platform where you intend to run Machine ID.
If a specific guide does not exist for your platform, the [Linux
guide](linux.mdx) is compatible with most platforms. For
custom approaches, you can also read the [Machine ID Reference](../../../reference/machine-workload-identity/machine-id/machine-id.mdx)
and [Architecture](../../../reference/architecture/machine-id-architecture.mdx) to plan your deployment.
-### Self-hosted infrastructure
-
-Read the following guides for how to deploy Machine ID on your cloud platform or
-on-prem infrastructure.
-
-| Platform | Installation method | Join method |
-|----------------------------------------|-------------------------------------------------|-----------------------------------------------------|
-| [Linux](linux.mdx) | Package manager or TAR archive | Static join token |
-| [Linux (TPM)](linux-tpm.mdx) | Package manager or TAR archive | Attestation from TPM 2.0 |
-| [Linux (Bound Keypair)][bound-keypair] | Package manager or TAR archive | Bound Keypair |
-| [GCP](gcp.mdx) | Package manager, TAR archive, or Kubernetes pod | Identity document signed by GCP |
-| [AWS](aws.mdx) | Package manager, TAR archive, or Kubernetes pod | Identity document signed by AWS |
-| [Azure](azure.mdx) | Package manager or TAR archive | Identity document signed by Azure |
-| [Kubernetes](kubernetes.mdx) | Kubernetes pod | Identity document signed by your Kubernetes cluster |
-| [Kubernetes OIDC](kubernetes-oidc.mdx) | Kubernetes pod on a cloud provider with OIDC | Identity document signed by your cloud provider |
+,
+ to: "./aws",
+ name: "AWS",
+ },
+ {
+ icon: ,
+ to: "./azure",
+ name: "Azure",
+ },
+ {
+ icon: ,
+ to: "./azure-devops",
+ name: "Azure DevOps",
+ },
+ {
+ icon: ,
+ to: "./bitbucket",
+ name: "BitBucket Pipelines",
+ },
+ {
+ icon: ,
+ to: "./circleci",
+ name: "CircleCI",
+ },
+ {
+ icon: ,
+ to: "./gitlab",
+ name: "GitLab CI",
+ },
+ {
+ icon: ,
+ to: "./github-actions",
+ name: "GitHub Actions",
+ },
+ {
+ icon: ,
+ to: "./gcp",
+ name: "Google Cloud",
+ },
+ {
+ icon: ,
+ to: "./kubernetes",
+ name: "Kubernetes",
+ },
+ {
+ icon: ,
+ to: "./kubernetes-oidc",
+ name: "Kubernetes OIDC",
+ },
+ {
+ icon: ,
+ to: "./linux",
+ name: "Linux",
+ },
+ {
+ icon: ,
+ to: "./linux-tpm",
+ name: "Linux TPM",
+ },
+ {
+ icon: ,
+ to: "../../reference/machine-workload-identity/machine-id/bound-keypair/getting-started",
+ name: "Bound Keypair Joining",
+ }
+ ]}
+/>
### CI/CD
-Read the following guides for how to deploy Machine ID on a continuous
-integration and continuous deployment platform
-
-| Platform | Installation method | Join method |
-|--------------------------------------------------------------------------------------------------------|---------------------------------------------------------------|------------------------------------------|
-| [Azure DevOps](azure-devops.mdx) | TAR archive | Azure DevOps-signed identity document |
-| [Bitbucket Pipelines](bitbucket.mdx) | TAR archive | Bitbucket-signed identity document |
-| [CircleCI](circleci.mdx) | TAR archive | CircleCI-signed identity document |
-| [GitLab](gitlab.mdx) | TAR archive | GitLab-signed identity document |
-| [GitHub Actions](github-actions.mdx) | Teleport job available through the GitHub Actions marketplace | GitHub-signed identity document. |
-| [Jenkins](jenkins.mdx) | Package manager or TAR archive | Static join token |
-| [Spacelift](../../../zero-trust-access/infrastructure-as-code/terraform-provider/spacelift.mdx) | Docker Image | Spacelift-signed identity document |
-| [Terraform Cloud](../../../zero-trust-access/infrastructure-as-code/terraform-provider/terraform-cloud.mdx) | Teleport Terraform Provider via Teleport's Terraform Registry | Terraform Cloud-signed identity document |
-
-
-[bound-keypair]: ../../../reference/machine-workload-identity/machine-id/bound-keypair/getting-started.mdx
+Read the following guides for how to deploy Machine ID on a continuous integration and continuous deployment platform.
+
+,
+ to: "./azure-devops",
+ name: "Azure DevOps",
+ },
+ {
+ icon: ,
+ to: "./bitbucket",
+ name: "BitBucket Pipelines",
+ },
+ {
+ icon: ,
+ to: "./circleci",
+ name: "CircleCI",
+ },
+ {
+ icon: ,
+ to: "./gitlab",
+ name: "GitLab CI",
+ },
+ {
+ icon: ,
+ to: "./github-actions",
+ name: "GitHub Actions",
+ },
+ {
+ icon: ,
+ to: "./jenkins",
+ name: "Jenkins",
+ },
+ {
+ icon: ,
+ to: "../../zero-trust-access/infrastructure-as-code/terraform-provider/spacelift",
+ name: "Spacelift",
+ },
+ {
+ icon: ,
+ to: "../../zero-trust-access/infrastructure-as-code/terraform-provider/terraform-cloud",
+ name: "Terraform Cloud",
+ }
+ ]}
+/>
diff --git a/docs/pages/machine-workload-identity/workload-identity/workload-identity.mdx b/docs/pages/machine-workload-identity/workload-identity/workload-identity.mdx
index f32276a6b001e..78bfd0e46afc2 100644
--- a/docs/pages/machine-workload-identity/workload-identity/workload-identity.mdx
+++ b/docs/pages/machine-workload-identity/workload-identity/workload-identity.mdx
@@ -14,14 +14,40 @@ issues flexible short-lived identities to workloads in your infrastructure.
- [Introduction to SPIFFE](./spiffe.mdx): Learn about Secure Production Identity Framework For Everyone (SPIFFE) and how it is implemented by Teleport Workload Identity
- [Getting Started with Workload Identity](./getting-started.mdx): Getting started with Teleport Workload Identity for SPIFFE and Machine ID
-## Guides
-- [Configuring Workload Identity and AWS OIDC Federation](./aws-oidc-federation.mdx): Configuring AWS to accept Workload Identity JWTs as authentication using OIDC Federation
-- [Configuring Workload Identity and AWS Roles Anywhere](./aws-roles-anywhere.mdx): Configuring AWS to accept Workload Identity certificates as authentication using AWS Roles Anywhere
-- [Configuring Workload Identity and Azure Federated Credentials](./azure-federated-credentials.mdx): Configuring Azure to accept Workload Identity JWTs as authentication using Azure Federated Credentials
-- [Configuring Workload Identity and GCP Workload Identity Federation with JWTs](./gcp-workload-identity-federation-jwt.mdx): Configuring GCP to accept Workload Identity JWTs as authentication using Workload Identity Federation
-- [Workload Identity and tsh](./tsh.mdx): Issuing SPIFFE SVIDs using Workload Identity and tsh
+## Configuration Guides
-## Configuration & management
+,
+ to: "./aws-oidc-federation",
+ name: "AWS OIDC Federation",
+ },
+ {
+ icon: ,
+ to: "./aws-roles-anywhere",
+ name: "AWS Roles Anywhere",
+ },
+ {
+ icon: ,
+ to: "./azure-federated-credentials",
+ name: "Azure Federated Credentials",
+ },
+ {
+ icon: ,
+ to: "./gcp-workload-identity-federation-jwt",
+ name: "GCP Workload Identity Federation",
+ },
+ {
+ icon: ,
+ to: "./tsh",
+ name: "Manually issue SPIFFE SVIDs with Teleport CLI tool tsh",
+ }
+ ]}
+/>
+
+
+## Configuration management
- [Best Practices for Teleport Workload Identity](./best-practices.mdx): Answers common questions and describes best practices for using Teleport Workload Identity in production.
- [JWT SVIDs](./jwt-svids.mdx): An overview of the JWT SVIDs issued by Teleport Workload Identity
- [SPIFFE Federation](./federation.mdx): An overview of the Teleport Workload Identity SPIFFE Federation feature.