diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/createidpnote.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/createidpnote.md deleted file mode 100644 index 18c292f84b1..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/createidpnote.md +++ /dev/null @@ -1,3 +0,0 @@ -> **Note:** These steps configure Azure AD as the IdP with the OIDC protocol. To configure the connection with the SAML protocol, see [Make Azure Active Directory an Identity Provider](https://help.okta.com/okta_help.htm?type=oie&id=ext-azure-idp-setup). - -> **Note:** See the [Identity Providers API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider) for request and response examples of creating an IdP in Okta using the API. diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/idp.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/idp.md deleted file mode 100644 index 2f2813708c9..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/idp.md +++ /dev/null @@ -1 +0,0 @@ -Entra ID diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/idpaccount.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/idpaccount.md deleted file mode 100644 index 8ab89bf9959..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/idpaccount.md +++ /dev/null @@ -1 +0,0 @@ -with [Azure AD](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/accountlink.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/accountlink.md similarity index 100% rename from packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/accountlink.md rename to packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/accountlink.md diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/accountlinking2.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/accountlinking2.md similarity index 100% rename from packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/accountlinking2.md rename to packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/accountlinking2.md diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/afterappidpinokta.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/afterappidpinokta.md similarity index 100% rename from packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/afterappidpinokta.md rename to packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/afterappidpinokta.md diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/appatidp.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/appatidp.md similarity index 60% rename from packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/appatidp.md rename to packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/appatidp.md index 40df6e4b3c2..bad6f0a8632 100644 --- a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/appatidp.md +++ b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/appatidp.md @@ -1,16 +1,20 @@ -1. Create an Azure AD app using these [instructions](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app). +At the Microsoft identity platform, set up a tenant and register the client app that you want to use for authenticating and authorizing your users. -2. In the **Redirect URI** section of the page, paste the Okta redirect URI. The redirect URI sent in the authorize request from the client needs to match the redirect URI in the IdP. This is the URL where the IdP returns the authentication response (the access token and the ID token). It needs to be a secure domain that you own. This URL has the same structure for most IdPs in Okta and is constructed using your Okta subdomain and then the callback endpoint. +1. Set up a [Microsoft Entra tenant](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-create-new-tenant). - For example, if your Okta subdomain is called `company`, then the URL would be: `https://company.okta.com/oauth2/v1/authorize/callback`. If you’ve configured a custom domain in your Okta Org, use that value to construct your redirect URI, such as `https://login.company.com/oauth2/v1/authorize/callback`. +1. Register an [app in Microsoft Entra admin center](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app). + +1. In the **Redirect URI** section of the page, paste the Okta redirect URI. The redirect URI sent in the authorize request from the client needs to match the redirect URI in the IdP. This is the URL where the IdP returns the authentication response (the access token and the ID token). It needs to be a secure domain that you own. This URL has the same structure for most IdPs in Okta and is constructed using your Okta subdomain and then the callback endpoint. + + For example, if your Okta subdomain is called `company`, then the URL would be: `https://company.okta.com/oauth2/v1/authorize/callback`. If you've configured a custom domain in your Okta Org, use that value to construct your redirect URI, such as `https://login.company.com/oauth2/v1/authorize/callback`. Include all base domains (Okta domain and custom domain) that your users interact with in the allowed redirect URI list. -3. Copy the Azure application ID value so that you can add it to the Okta configuration in the next section. +3. Copy the **Application (client) ID** value so that you can add it to the Okta configuration in the next section. 4. Under **Certificates & secrets**, click **New client secret** to generate a client secret for your app. Copy the value so that you can add it to the Okta configuration in the next section. This is the secret that corresponds to your Azure application ID. - > **Note:** There may be other settings for the app that you can configure. The steps in this guide address the quickest route to setting up Azure AD as an IdP with Okta. See the Azure AD documentation for more information on other configuration settings. + > **Note:** There may be other settings for the app that you can configure. The steps in this guide address the quickest route to setting up Microsoft Entra ID as an IdP with Okta. See the [Microsoft Entra ID documentation](https://learn.microsoft.com/en-us/entra/external-id/) for more information on other configuration settings. For use in the next section, do the following: diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/appidpinokta.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/appidpinokta.md new file mode 100644 index 00000000000..502a36d1c14 --- /dev/null +++ b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/appidpinokta.md @@ -0,0 +1,15 @@ +* **Name**: Enter a name for the Identity Provider configuration. +* **Client Id**: Paste the client ID that you obtained from Microsoft Entra ID when you configured the Identity Provider in the previous section. +* **Client Secret**: Paste the secret that you obtained in the previous section. +* **Scopes**: Leave the defaults. These scopes are included when Okta makes an OpenID Connect request to Microsoft Entra ID. + + > **Note:** By default, Okta requires the `email` attribute for a user. The `email` scope is required to create and link the user to Okta's Universal Directory. + +In the **Endpoints** section: + +Add the following endpoint URLs for the Microsoft Entra ID IdP that you are configuring. You obtained these in the previous section. + +* **Issuer**: The identifier of the Microsoft Entra ID IdP: `https://login.microsoftonline.com/{Directory(tenant)ID}/v2.0` +* **Authorization endpoint**: The URL of the Microsoft Entra ID OAuth 2.0 authorization endpoint. For example: `https://login.microsoftonline.com/{Directory(tenant)ID}/oauth2/v2.0/authorize` +* **Token endpoint**: The URL of the Microsoft Entra ID token endpoint for obtaining access and ID tokens. For example: `https://login.microsoftonline.com/{Directory(tenant)ID}/oauth2/v2.0/token` +* **JWKS endpoint**: The URL of the Microsoft Entra ID JSON Web Key Set document. This document contains signing keys that are used to validate the signatures from the provider. For example: `https://login.microsoftonline.com/{Directory(tenant)ID}/discovery/v2.0/keys` diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/createidpnote.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/createidpnote.md new file mode 100644 index 00000000000..8edfaebd1a8 --- /dev/null +++ b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/createidpnote.md @@ -0,0 +1,3 @@ +> **Notes:** +> * These steps configure Microsoft Entra ID as the IdP with the OIDC protocol. To configure the connection with the SAML protocol, see [Make Azure Active Directory an Identity Provider](https://help.okta.com/okta_help.htm?type=oie&id=ext-azure-idp-setup). +> * See the [Identity Providers API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider) for request and response examples of creating an IdP in Okta using the API. diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/idp.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/idp.md new file mode 100644 index 00000000000..add8cbd828c --- /dev/null +++ b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/idp.md @@ -0,0 +1 @@ +Microsoft Entra ID diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/idpaccount.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/idpaccount.md new file mode 100644 index 00000000000..90e16a35044 --- /dev/null +++ b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/idpaccount.md @@ -0,0 +1 @@ +with [Azure](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) that has an active subscription to access the [Microsoft Entra admin center](https://entra.microsoft.com/) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/idpoption.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/idpoption.md similarity index 100% rename from packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/idpoption.md rename to packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/idpoption.md diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/useidpsignin.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/useidpsignin.md similarity index 100% rename from packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/azure/useidpsignin.md rename to packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/entra/useidpsignin.md diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/index.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/index.md index 958111f9459..87d9880bdfe 100644 --- a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/index.md @@ -31,8 +31,6 @@ Okta manages the connection to the IdP for your app. The connection sits between ## Create an app at the IdP -At the IdP, create the client application that you want to use for authenticating and authorizing your users. - ## Create an IdP in Okta diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/oktatookta/appatidp.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/oktatookta/appatidp.md index 2e6a0ffc7dd..167a6298b55 100644 --- a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/oktatookta/appatidp.md +++ b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/oktatookta/appatidp.md @@ -1,4 +1,4 @@ -When you're configuring federation between two Okta orgs, use OpenID Connect as the sign-in method: +In the Okta org that functions as the IdP, create a client app that you want to use for authenticating and authorizing your users. When you're configuring federation between two Okta orgs, use OpenID Connect as the sign-in method: 1. In the Admin Console for the Okta org that represents the IdP, go to **Applications** > **Applications**. 1. Click **Create App Integration**. diff --git a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/openidconnect/appatidp.md b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/openidconnect/appatidp.md index e41767cb0bb..90f3bfcc5dd 100644 --- a/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/openidconnect/appatidp.md +++ b/packages/@okta/vuepress-site/docs/guides/add-an-external-idp/main/openidconnect/appatidp.md @@ -1,4 +1,4 @@ -Use the documentation of the IdP to create a client application. +At the OpenID Connect IdP, create the client app that you want to use for authenticating and authorizing your users. Use the IdP's documentation to create a client app. You also need to add the redirect URI to the appropriate section. The redirect URI sent in the authorize request from the client needs to match the redirect URI in the OIDC IdP. This is the URL where the IdP returns the authentication response (the access token and the ID token). It needs to be a secure domain that you own. This URL has the same structure for most IdPs in Okta and is constructed using your Okta subdomain and then the callback endpoint. diff --git a/packages/@okta/vuepress-site/docs/guides/identity-providers/index.md b/packages/@okta/vuepress-site/docs/guides/identity-providers/index.md index 934c0c76fe4..19198905efe 100644 --- a/packages/@okta/vuepress-site/docs/guides/identity-providers/index.md +++ b/packages/@okta/vuepress-site/docs/guides/identity-providers/index.md @@ -12,7 +12,7 @@ Not sure what an Identity Provider is? See [External Identity Providers](/docs/c ## Enterprise Identity Providers - Entra ID + Microsoft Entra ID Okta to Okta OpenID Connect SAML 2.0 diff --git a/packages/@okta/vuepress-site/docs/guides/social-login/main/index.md b/packages/@okta/vuepress-site/docs/guides/social-login/main/index.md index 259a0187c11..5489424c129 100644 --- a/packages/@okta/vuepress-site/docs/guides/social-login/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/social-login/main/index.md @@ -62,7 +62,7 @@ To remove an existing account link or validate account linking with every sign-i If **Account Link Policy** is disabled, no account linking occurs. You can manually create an account link without a transaction by making a `POST` call to the `/api/v1/idps/{idps}/users/{userId}` [endpoint](/docs/reference/api/idps/#link-a-user-to-a-social-provider-without-a-transaction). -See [Add an Identity Provider](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider) for API examples of account linking JSON payloads. +See [Create an Identity Provider](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/createIdentityProvider) for API examples of account linking JSON payloads. For security best practices, consider disabling account linking after all existing users from the external IdP have signed in to your Okta org. At this point, all links have been created. After you disable linking, and JIT provisioning is enabled, Okta adds new users that are created in the external IdP. diff --git a/packages/@okta/vuepress-site/docs/guides/social-login/main/microsoft/appidpinokta.md b/packages/@okta/vuepress-site/docs/guides/social-login/main/microsoft/appidpinokta.md index defccd8eed7..4a8e0d52308 100644 --- a/packages/@okta/vuepress-site/docs/guides/social-login/main/microsoft/appidpinokta.md +++ b/packages/@okta/vuepress-site/docs/guides/social-login/main/microsoft/appidpinokta.md @@ -1,5 +1,5 @@ * **Name**: Enter a name for the Identity Provider configuration. -* **Client Id**: Paste the app ID or client ID that you obtained from the Identity Provider in the previous section. +* **Client ID**: Paste the app ID or client ID that you obtained from the Identity Provider in the previous section. * **Client Secret**: Paste the secret that you obtained from the Identity Provider in the previous section. * **Scopes**: Leave the defaults. diff --git a/packages/@okta/vuepress-theme-prose/assets/css/okta/icons/classes.scss b/packages/@okta/vuepress-theme-prose/assets/css/okta/icons/classes.scss index 7d9ac8e4c86..2864948edcd 100755 --- a/packages/@okta/vuepress-theme-prose/assets/css/okta/icons/classes.scss +++ b/packages/@okta/vuepress-theme-prose/assets/css/okta/icons/classes.scss @@ -1997,7 +1997,7 @@ h1 { background-image: url("/img/icons/amazon-universal-gray-small.png"); } -.icon.azure::before { +.icon.entra::before { content: ""; background-image: url("/img/idp-logos/entraID.svg"); diff --git a/packages/@okta/vuepress-theme-prose/util/frameworks.js b/packages/@okta/vuepress-theme-prose/util/frameworks.js index 4f7c8b07711..99237645ddb 100644 --- a/packages/@okta/vuepress-theme-prose/util/frameworks.js +++ b/packages/@okta/vuepress-theme-prose/util/frameworks.js @@ -11,7 +11,7 @@ const FRAMEWORK_TO_COMMON_NAME = { const COMMON_NAME_TO_FANCY_NAME = { apple: 'Apple', - azure: 'Entra ID', + entra: 'Microsoft Entra ID', javascript: 'JS', angular: 'Angular', amazon: 'Amazon',