Merge pull request #3392 from Scalingo/fix/IRQ-446/SNC-domain-whitelist-availability

[IRQ-446] Answering the need to clarify allow-listing domain procedure

Author: SC-Jerome-S

src/_posts/security/procedures/2000-01-01-secnumcloud.md

@@ -1,7 +1,7 @@
 ---
 title: Getting access to SecNumCloud Region
 nav: SecNumCloud
-modified_at: 2025-02-12 00:00:00
+modified_at: 2025-10-23 00:00:00
 tags: security procedures secnumcloud
 ---
 
@@ -24,23 +24,38 @@ tags: security procedures secnumcloud
    - Reason of requesting the access
 3. A first answer will be provided under 7 business days
 4. _First-time domain or project registration only:_ an identity verification will be conducted.
-Have the Identity Document of the new app owner ready or use official tools like [France Identité](https://france-identite.gouv.fr/justificatif/)).
+Have the Identity Document of the new app owner ready or use official tools like [France Identité](https://france-identite.gouv.fr/justificatif/).
 If the requester is not the owner, the owner will have to also contact directly the support.
 
 Note: this identity verification will take place each time a new domain is added to the SecNumCloud region.
 
 ## Can my user get access to the `osc-secnum-fr1` region?
 
-A standard user cannot access `osc-secnum-fr1`, your user has to be allow-listed first.
+A standard user cannot directly access `osc-secnum-fr1`: your user account must first be allow-listed.
 
 ### Pre-conditions
 
-- The user must have a legitimate reason to access the `osc-secnum-fr1` region:
-  create or collaborate an application hosted in this region
-- The user must act as an employee of a company, using his/her company email (domain verification  ensures that the organization controls the specified domain, allowing us to authenticate email communications sent on behalf of the company)
+- The user must have a legitimate reason to access the `osc-secnum-fr1` region, such as creating or collaborating on an application hosted there.
+- The user must act as an employee of a company, using a verified company email address (domain verification ensures that the organization controls the specified domain, allowing us to authenticate communications sent on its behalf).
+- The company domain must already be associated with at least one existing application in the `osc-secnum-fr1` region, or be declared as owned by the organization.
 
 ### Procedure
 
-1. The owner of the application must invite you as a collaborator
-2. You must contact the support using standard means (email or chat)
-3. An answer will be provided within 2 business days
+#### Access through an existing application
+
+- If your company already hosts one or more applications in the `osc-secnum-fr1` region, the application owner can invite you directly as a collaborator.
+- If your company domain is not yet allow-listed, you may ask the support team to register it. Once validated, all users from that domain will be eligible to access the region without further access confirmation needed from the support.
+
+#### Access without allow-listed domain
+
+- If your company domain has not been declared or allow-listed, the request must still come from the application owner.
+- The owner of the application must invite the user as a collaborator.
+- The user must contact the support using standard means (email or chat) to request access.
+- The support team will need the owner to confirm the request before granting access.
+
+#### Domain declaration and regularization
+
+- To simplify future user additions or removals, a company may request domain allow-listing (or submit a list of specific users) through the support channel (email or chat).
+- The domain must already be associated with an existing Scalingo account or application; we do not pre-register unregistered domains from Scalingo services.
+
+An answer will be provided within two business days.