docker · craig-osterhout · Feb 3, 2026
diff --git a/content/manuals/enterprise/security/access-tokens.md b/content/manuals/enterprise/security/access-tokens.md
@@ -5,6 +5,8 @@ description: Create and manage organization access tokens to securely authentica
 keywords: organization access tokens, OAT, docker hub security, programmatic access, automation
 aliases:
  - /security/for-admins/access-tokens/
+ - /docker-hub/service-accounts/
+ - /manuals/docker-hub/service-accounts/
 ---
 
 {{< summary-bar feature_name="OATs" >}}
@@ -104,34 +106,6 @@ organization.
     - **Delete**
 1. Select **Save** after making changes to a token.
 
-## Migrate from service accounts
-
-[Enhanced Service Account add-ons](/manuals/docker-hub/service-accounts.md)
-are deprecated and no longer available for
-new purchases as of December 10, 2024.
-
-Organization access tokens provide a
-modern, secure replacement with additional benefits:
-
-| Feature | Service accounts | Organization access tokens |
-|---------|------------------|----------------------------|
-| Authentication | Username/password | Organization name + token |
-| Cost | Tiered add-on pricing | Included with subscription |
-| Management | Individual account-based | Organization owner managed |
-| Repository access | Full account access | Granular repository permissions |
-| Security | Basic password auth | Token-based with expiration |
-| Rate limits | Separate tiered limits | Organization subscription limits |
-
-### Migration steps
-
-To migrate from service accounts to OATs, use the following steps:
-
-1. Document current service accounts and their purposes.
-1. Generate organization access tokens with appropriate repository permissions.
-1. Replace service account credentials in your systems.
-1. Validate all automated workflows work correctly.
-1. Remove deprecated service account credentials.
-
 ## Organization access token best practices
 
 - Regular token rotation: Set reasonable expiration dates and rotate tokens regularly to minimize security risks.

diff --git a/content/manuals/retired.md b/content/manuals/retired.md
@@ -8,6 +8,8 @@ params:
   sidebar:
     group: Products
 aliases:
+  - /docker-hub/service-accounts/
+  - /manuals/docker-hub/service-accounts/
   - /cloud/
   - /cloud/aci-compose-features/
   - /cloud/aci-container-features/
@@ -156,6 +158,18 @@ which led to the retirement of the Docker for GitHub Copilot extension. If
 you're looking for AI-assisted Docker workflows, explore the Docker MCP Toolkit
 and MCP Catalog, or use Ask Gordon in Docker Desktop and the Docker CLI.
 
+### Enhanced Service Account add-ons
+
+Enhanced Service Account add-ons provided tiered pull rate limits for automated
+workflows and service accounts accessing Docker Hub.
+
+Docker recommends transitioning to [Organization Access Tokens
+(OATs)](/manuals/enterprise/security/access-tokens.md), which provide secure,
+programmatic access to Docker Hub with granular repository permissions, token
+expiration, and better security auditing. OATs are included with Docker Team
+and Business subscriptions and offer similar functionality without requiring
+separate add-on purchases.
+
 ## Open source projects
 
 Several open-source projects originally maintained by Docker have been