diff --git a/docs/components/custom-apps/web-app/header.md b/docs/components/custom-apps/web-app/header.md
index 52df1129fa7de016cc656faf64bfa4aa25fd8772..7fb71a9c60ec2efd8078cf22108b21c26a1ffc9f 100644
--- a/docs/components/custom-apps/web-app/header.md
+++ b/docs/components/custom-apps/web-app/header.md
@@ -50,4 +50,4 @@ This button can have different behaviors. If the user is anonymous, a click will
 
 * access to the user profil page
 * access to the user data accesses page
-* sign out
\ No newline at end of file
+* sign out
diff --git a/docs/components/custom-apps/web-app/sign-up-in-out.md b/docs/components/custom-apps/web-app/sign-up-in-out.md
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/docs/components/custom-apps/web-app/user-management.md b/docs/components/custom-apps/web-app/user-management.md
new file mode 100644
index 0000000000000000000000000000000000000000..13facb3dd549f5276867d081c196341aba40ed80
--- /dev/null
+++ b/docs/components/custom-apps/web-app/user-management.md
@@ -0,0 +1,29 @@
+# User management
+
+## Sign up
+
+There are two steps to create an account on data.grandlyon.com.
+
+First of all the user must go to the sign up page accessible from the login page and fill the form. A few information are required such as the firstname, the lastname and the email. A password also has to be entered. It must:
+
+* have at least 6 characters
+* contain at least one special character
+* contain at least one uppercased character
+* contain at least one lowercased character
+* contain at least one number
+
+Passwords are always encrypted with a public key retrieved from the `legacy auth middleware` before they are sent accross the network. Only the legacy auth middleware knows the private key that allow the decryption of the password.
+
+Before being able to submit the form, the user has to accept the general terms of use and the processing of its information.
+
+When the form is submitted, the account is not directly created. In fact, a request is made to the [legacy auth middleware](../../middlewares/legacy-auth.md). The service stores temporarily the user account information in a Redis database and send an email to the user's email address through the [email service](../../services/mailer.md). The purpose of this email is to confirm the validity of the user's email address. Indeed the email contains a unique link which expires after 24h.
+
+The link is actually a link to the login page of our application that includes a `token` query param. When the `LoginComponent` of the Angular app detects a `token` param in the url, it sends an HTTP request to the `Legacy auth middleware` including the token. If the token is still valid the user account associated with this token is created in the real user database of the [legacy auth service](../../core/legacy-auth.md).
+
+For more information about this process read [this](../../../miscellaneous/authentication&authorization.md) section of the documentation.
+
+## Sign in
+
+## Sign out
+
+## Account deletion