block of updates

docs/enterprise/concepts.md

@@ -73,13 +73,13 @@ An Admin user has permissions across all Namespaces. They can manage global sett
 
 ## Service Accounts
 
-Service accounts handle machine-to-machine communication from Pomerium to your Identity Provider (**IdP**) in order to retrieve and establish group membership. Configuration is largely dependent on the IdP, but is usually an API access token with sufficient privileges to read users and groups.
+Service accounts handle machine-to-machine communication through Pomerium to your Identity Provider (**IdP**) in order to retrieve and establish group membership, provide auth for monitoring services, create API integratiosn, etc. Configuration is largely dependent on the IdP, but is usually an API access token with sufficient privileges to read users and groups.
 
 <!-- @travisgroth -- could you add some context in here? I think your PRD on service accounts would be super helpful and you know this concept best-->
 
 ## Routes
 
-Unlike the open-source Pomerium configuration, access is not defined alongside routing. Instead, authorization is configured by attaching [policies](#policies) to a route.
+Routes define the connection pathway and configuration from the internet to your internal service. As a very basic level, a route sends traffic from `external-address.company.com` to `internalService-address.localdomain`, restricted by the policies associated with it, and encrypted by your TLS certificates. But more advanced configurations allow identity header pass-through, path and prefix rewrites, request and response header modification, load balancer services, and more.
 
 ## Policies
 

docs/enterprise/console-settings.yaml

@@ -174,6 +174,6 @@ settings:
           - Users or groups can be granted permission to edit access to routes within a Namespace, allowing them self-serve access to the routes critical to their work.
 postamble: |
   [route-concept]: /enterprise/concepts.md#routes
+  [route-reference]: /enterprise/reference/manage.md#routes
   [namespace-concept]: /enterprise/concepts.md#namespaces
   [namespace-reference]: /enterprise/reference/configure.md#namespaces
-  [route-reference]: /enterprise/reference/manage.md#routes

docs/enterprise/install/quickstart.md

@@ -128,7 +128,7 @@ For database uri options (especially TLS settings) see the [PostgreSQL SSL Suppo
 As a first-time setup step, you must also configure at least one administrator for console access. This user (or users) can then configure additional administrators in the console UI.
 
 ```yaml
-administrators: [you@mydomain.com]
+administrators: you@mydomain.com
 ```
 
 Once you have set permissions in the console UI, you should remove this configuration.

docs/enterprise/install/readme.md

@@ -6,7 +6,9 @@ meta:
     content: pomerium identity-access-proxy oidc docker reverse-proxy containers install enterprise console
 ---
 
-There are several ways to install Pomerium Enterprise, to suite your organization's needs. [Let us know] if you don't see an installation method compatible with your infrastructure.
+There are several ways to install Pomerium Enterprise, to suite your organization's needs. We provide open-source Pomerium and the Pomerium Enterprise Console as deb and rpm packages from an upstream repository, and as Docker images, and Helm charts. You can also build Pomerium from source.
 
-- [Quickstart](/enterprise/install/quickstart.md)
+Our docs are updated frequently, so check back if you don't see your preferred installation method here.
+
+- [Quickstart](/enterprise/install/quickstart.md) (using deb or rpm packages)
 - [Kubernetes with Helm](/enterprise/install/helm.md)

docs/enterprise/reference/configure.md

@@ -97,9 +97,12 @@ tracing_zipkin_endpoint | Url to the Zipkin HTTP endpoint. | ✅
 
 ## Namespaces
 
-A Namespace is a collection of users, groups, routes, and policies that allows system administrators to organize, manage, and delegate permissions across their infrastructure.
+A [Namespace][namespace-concept] is a collection of users, groups, routes, and policies that allows system administrators to organize, manage, and delegate permissions across their infrastructure.
 
 - Policies can be optional or enforced on a Namespace, and they can be nested to create inheritance.
 - Users or groups can be granted permission to edit access to routes within a Namespace, allowing them self-serve access to the routes critical to their work.
 
 
+[route-concept]: /enterprise/concepts.md#routes
+[namespace-concept]: /enterprise/concepts.md#namespaces
+[namespace-reference]: /enterprise/reference/configure.md#namespaces

docs/enterprise/reference/manage.md

@@ -16,7 +16,7 @@ A Route provides access to a service through Pomerium.
 
 ### General
 
-The **General** tab defines the route path, both from the internet and to the internal service, and the policies attached. Note that policies enforced on a Namespace the Route resides in will also be applied.
+The **General** tab defines the route path, both from the internet and to the internal service, and the policies attached. Note that policies enforced on a [Namespace][namespace-reference] the route resides in will also be applied.
 
 
 #### Name
@@ -359,3 +359,6 @@ certificates:
     key: "$HOME/.acme.sh/prometheus.example.com_ecc/prometheus.example.com.key"
 ```
 
+[route-concept]: /enterprise/concepts.md#routes
+[namespace-concept]: /enterprise/concepts.md#namespaces
+[namespace-reference]: /enterprise/reference/configure.md#namespaces

docs/enterprise/reference/reports.md

@@ -24,3 +24,6 @@ meta:
 ## Deployments
 
 
+[route-concept]: /enterprise/concepts.md#routes
+[namespace-concept]: /enterprise/concepts.md#namespaces
+[namespace-reference]: /enterprise/reference/configure.md#namespaces