Skip to content

Commit

Permalink
Merge pull request #5391 from MicrosoftDocs/main
Browse files Browse the repository at this point in the history
Publish to Live Wednesday 4AM PST, 10/2
  • Loading branch information
PMEds28 authored Oct 2, 2024
2 parents 8cedc3c + edd5296 commit 2343d3a
Show file tree
Hide file tree
Showing 100 changed files with 1,430 additions and 496 deletions.
10 changes: 10 additions & 0 deletions .openpublishing.redirection.json
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,11 @@
"redirect_url": "/entra/identity/monitoring-health/howto-analyze-activity-logs-with-microsoft-graph",
"redirect_document_id": false
},
{
"source_path_from_root": "/docs/identity/monitoring-health/overview-flagged-sign-ins.md",
"redirect_url": "/entra/identity/monitoring-health/concept-flagged-sign-ins",
"redirect_document_id": false
},
{
"source_path_from_root": "/docs/identity/monitoring-health/howto-enable-microsoft-graph-activity-logs.md",
"redirect_url": "/entra/identity/monitoring-health/howto-analyze-activity-logs-with-microsoft-graph",
Expand Down Expand Up @@ -1046,6 +1051,11 @@
"source_path_from_root": "/docs/identity-platform/quickstart-v2-netcore-daemon.md",
"redirect_url": "/entra/identity-platform/quickstart-daemon-dotnet-acquire-token",
"redirect_document_id": false
},
{
"source_path_from_root": "/docs/identity/saas-apps/concur-provisioning-tutorial.md",
"redirect_url": "/entra/identity/saas-apps/sap-concur-provisioning-tutorial",
"redirect_document_id": false
}
]
}
18 changes: 13 additions & 5 deletions docs/id-governance/apps.md
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,6 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
| [Communifire](~/identity/saas-apps/communifire-tutorial.md) | ||
| [Community Spark](~/identity/saas-apps/community-spark-tutorial.md) | ||
| [Compliance Genie](~/identity/saas-apps/compliance-genie-tutorial.md) | ||
| [Concur](~/identity/saas-apps/concur-provisioning-tutorial.md) |||
| [Condeco](~/identity/saas-apps/condeco-tutorial.md) | ||
| [Confirmit Horizons](~/identity/saas-apps/confirmit-horizons-tutorial.md) | ||
| [Connecter](~/identity/saas-apps/connecter-provisioning-tutorial.md) || |
Expand Down Expand Up @@ -261,7 +260,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
| [Directory Services](~/identity/saas-apps/directory-services-tutorial.md) | ||
| [directprint.io Cloud Print Administration](~/identity/saas-apps/directprint-io-cloud-print-administration-tutorial.md) | ||
| [Directprint.io](~/identity/saas-apps/directprint-io-provisioning-tutorial.md) |||
| [Docker](~/identity/saas-apps/docker-tutorial.md) | ||
| [Docker Business](~/identity/saas-apps/docker-tutorial.md) | ||
| [Documo](~/identity/saas-apps/documo-provisioning-tutorial.md) |||
| [DocuSign](~/identity/saas-apps/docusign-provisioning-tutorial.md) |||
| [Domo](~/identity/saas-apps/domo-tutorial.md) | ||
Expand Down Expand Up @@ -332,6 +331,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
| [Freshservice Provisioning](~/identity/saas-apps/freshservice-provisioning-tutorial.md) |||
| [FTAPI](~/identity/saas-apps/ftapi-tutorial.md) | ||
| [Fulcrum](~/identity/saas-apps/fulcrum-tutorial.md) | ||
| [Fullstory SAML](~/identity/saas-apps/fullstory-saml-tutorial.md) | ||
| [Funnel Leasing](~/identity/saas-apps/funnel-leasing-provisioning-tutorial.md) |||
| [Fuze](~/identity/saas-apps/fuze-provisioning-tutorial.md) |||
| [G Suite](~/identity/saas-apps/g-suite-provisioning-tutorial.md) || |
Expand All @@ -356,6 +356,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
| [GoProfiles](~/identity/saas-apps/goprofiles-tutorial.md) | ||
| [GoSearch](~/identity/saas-apps/gosearch-tutorial.md) | ||
| [GoToMeeting](~/identity/saas-apps/citrixgotomeeting-provisioning-tutorial.md) |||
| [Graebel Single Sign On with globalCONNECT](~/identity/saas-apps/graebel-single-sign-on-with-globalconnect-tutorial.md) | ||
| [Grammarly](~/identity/saas-apps/grammarly-provisioning-tutorial.md) |||
| [Granite](~/identity/saas-apps/granite-tutorial.md) | ||
| [GreenOrbit](~/identity/saas-apps/greenorbit-tutorial.md) | ||
Expand Down Expand Up @@ -492,9 +493,11 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
| [Mailosaur](~/identity/saas-apps/mailosaur-tutorial.md) | ||
| [Mapiq](~/identity/saas-apps/mapiq-tutorial.md) | ||
| [Maptician](~/identity/saas-apps/maptician-provisioning-tutorial.md) |||
| [Marker.io](~/identity/saas-apps/marker-io-tutorial.md) | ||
| [Markit Procurement Service](~/identity/saas-apps/markit-procurement-service-provisioning-tutorial.md) || |
| [MDComune Business](~/identity/saas-apps/mdcomune-business-tutorial.md) | ||
| [MediusFlow](~/identity/saas-apps/mediusflow-provisioning-tutorial.md) || |
| [Mend.io](~/identity/saas-apps/mend-io-tutorial.md) | ||
| [Mercell](~/identity/saas-apps/mercell-tutorial.md) | ||
| [MerchLogix](~/identity/saas-apps/merchlogix-provisioning-tutorial.md) |||
| [Meta Networks Connector](~/identity/saas-apps/meta-networks-connector-provisioning-tutorial.md) |||
Expand Down Expand Up @@ -603,6 +606,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
| [Podbean](~/identity/saas-apps/podbean-tutorial.md) | ||
| [PolicyStat](~/identity/saas-apps/policystat-tutorial.md) | ||
| [PoliteMail - SSO](~/identity/saas-apps/politemail-sso-tutorial.md) | ||
| [Postman](~/identity/saas-apps/postman-provisioning-tutorial.md) |||
| [Preciate](~/identity/saas-apps/preciate-provisioning-tutorial.md) || |
| [PressReader](~/identity/saas-apps/pressreader-tutorial.md) | ||
| [PrinterLogic SaaS](~/identity/saas-apps/printer-logic-saas-provisioning-tutorial.md) |||
Expand Down Expand Up @@ -675,12 +679,12 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
| [SAP Business Technology Platform](~/identity/saas-apps/sap-hana-cloud-platform-tutorial.md) | ||
| [SAP Cloud for Customer](~/identity/saas-apps/sap-customer-cloud-tutorial.md) | ||
| [SAP Cloud Identity Services](~/identity/saas-apps/sap-cloud-platform-identity-authentication-provisioning-tutorial.md) |||
| [SAP Concur Travel and Expense](~/identity/saas-apps/concur-travel-and-expense-tutorial.md) | ||
| [SAP Concur](~/identity/saas-apps/sap-concur-provisioning-tutorial.md) | ||
| [SAP Fieldglass](~/identity/saas-apps/fieldglass-tutorial.md) | ||
| [SAP Fiori](~/identity/saas-apps/sap-fiori-tutorial.md) | ||
| [SAP HANA](~/identity/saas-apps/saphana-tutorial.md) | ||
| [SAP HANA](~/identity/saas-apps/sap-hana-provisioning-tutorial.md) | ||
| [SAP Litmos](~/identity/saas-apps/litmos-tutorial.md) | ||
| [SAP NetWeaver](~/identity/app-provisioning/on-premises-sap-connector-configure.md) |||
| [SAP NetWeaver](~/identity/app-provisioning/on-premises-sap-connector-configure.md) | ||
| [SAP R/3 and ERP](~/identity/app-provisioning/on-premises-sap-connector-configure.md) |||
| [SAP SuccessFactors to Active Directory](~/identity/saas-apps/sap-successfactors-inbound-provisioning-tutorial.md) |||
| [SAP SuccessFactors to Microsoft Entra ID](~/identity/saas-apps/sap-successfactors-inbound-provisioning-cloud-only-tutorial.md) |||
Expand All @@ -699,6 +703,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
| [ScreenPal](~/identity/saas-apps/screencast-tutorial.md) | ||
| [ScreenSteps](~/identity/saas-apps/screensteps-provisioning-tutorial.md) |||
| [SDS & Chemical Information Management](~/identity/saas-apps/sds-chemical-information-management-tutorial.md) | ||
| [Second Nature AI](~/identity/saas-apps/second-nature-ai-tutorial.md) | ||
| [Secure Deliver](~/identity/saas-apps/securedeliver-tutorial.md) | ||
| [SecureLogin](~/identity/saas-apps/secure-login-provisioning-tutorial.md) || |
| [SeekOut](~/identity/saas-apps/seekout-tutorial.md) | ||
Expand Down Expand Up @@ -791,10 +796,12 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
| [Terraform Enterprise](~/identity/saas-apps/terraform-enterprise-tutorial.md) | ||
| [TerraTrue](~/identity/saas-apps/terratrue-provisioning-tutorial.md) |||
| [tesma](~/identity/saas-apps/tesma-tutorial.md) | ||
| [TestingBot](~/identity/saas-apps/testingbot-tutorial.md) | ||
| [TextExpander](~/identity/saas-apps/textexpander-tutorial.md) | ||
| [Textline](~/identity/saas-apps/textline-tutorial.md) | ||
| [TextMagic](~/identity/saas-apps/textmagic-tutorial.md) | ||
| [TheOrgWiki](~/identity/saas-apps/theorgwiki-provisioning-tutorial.md) || |
| [Thoropass](~/identity/saas-apps/thoropass-tutorial.md) | ||
| [ThousandEyes](~/identity/saas-apps/thousandeyes-provisioning-tutorial.md) |||
| [ThreatQ Platform](~/identity/saas-apps/threatq-platform-tutorial.md) | ||
| [Thrive LXP](~/identity/saas-apps/thrive-lxp-provisioning-tutorial.md) |||
Expand Down Expand Up @@ -836,6 +843,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
| [Velpic SAML](~/identity/saas-apps/velpicsaml-tutorial.md) | ||
| [Velpic](~/identity/saas-apps/velpic-provisioning-tutorial.md) |||
| [Vera Suite](~/identity/saas-apps/vera-suite-tutorial.md) | ||
| [Verity](~/identity/saas-apps/verity-tutorial.md) | ||
| [Veza](~/identity/saas-apps/veza-tutorial.md) | ||
| [VIDA](~/identity/saas-apps/vida-tutorial.md) | ||
| [Vidyard](~/identity/saas-apps/vidyard-tutorial.md) | ||
Expand Down
6 changes: 3 additions & 3 deletions docs/identity-platform/TOC.yml
Original file line number Diff line number Diff line change
Expand Up @@ -713,6 +713,9 @@
href: /entra/msal/python/
- name: Protocol reference (OAuth, OIDC, SAML)
items:
- name: OAuth 2.0 application types
displayName: App types, OAuth
href: v2-app-types.md
- name: OAuth 2.0 and OpenID Connect (OIDC)
items:
- name: Token grant flows
Expand All @@ -733,9 +736,6 @@
href: v2-oauth-ropc.md
- name: OpenID Connect
href: v2-protocols-oidc.md
- name: OAuth 2.0 application types
displayName: App types, OAuth
href: v2-app-types.md
- name: Certificate credentials
href: certificate-credentials.md
- name: Signing key rollover
Expand Down
4 changes: 2 additions & 2 deletions docs/identity-platform/app-objects-and-service-principals.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ author: rwike77
manager: CelesteDG
ms.author: ryanwi
ms.custom: has-azure-ad-ps-ref
ms.date: 04/26/2024
ms.date: 10/01/2024
ms.reviewer: sureshja
ms.service: identity-platform

Expand Down Expand Up @@ -70,7 +70,7 @@ The application object is the *global* representation of your application for us
An application object has:

- A one-to-one relationship with the software application, and
- A one-to-many relationship with its corresponding service principal object(s)
- A one-to-many relationship with its corresponding service principal objects

A service principal must be created in each tenant where the application is used, enabling it to establish an identity for sign-in and/or access to resources being secured by the tenant. A single-tenant application has only one service principal (in its home tenant), created and consented for use during application registration. A multitenant application also has a service principal created in each tenant where a user from that tenant has consented to its use.

Expand Down
10 changes: 5 additions & 5 deletions docs/identity-platform/federation-metadata.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ author: rwike77
manager: CelesteDG
ms.author: ryanwi
ms.custom:
ms.date: 09/07/2023
ms.date: 10/01/2024
ms.reviewer: ludwignick
ms.service: identity-platform
ms.topic: concept-article
Expand Down Expand Up @@ -51,7 +51,7 @@ The following metadata shows a sample tenant-specific `EntityDescriptor` element
<EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
ID="_00aa00aa-bb11-cc22-dd33-44ee44ee44ee"
entityID="https://sts.windows.net/11bb11bb-cc22-dd33-ee44-55ff55ff55ff/">
entityID="https://sts.windows.net/aaaabbbb-0000-cccc-1111-dddd2222eeee/">
```

You can replace the tenant ID in the tenant-independent endpoint with your tenant ID to create a tenant-specific `EntityID` value. The resulting value will be the same as the token issuer. The strategy allows a multitenant application to validate the issuer for a given tenant.
Expand All @@ -61,7 +61,7 @@ The following metadata shows a sample tenant-independent `EntityID` element. Ple
```xml
<EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
ID="="_11bb11bb-cc22-dd33-ee44-55ff55ff55ff"
ID="="_aaaabbbb-0000-cccc-1111-dddd2222eeee"
entityID="https://sts.windows.net/{tenant}/">
```
Expand All @@ -78,7 +78,7 @@ The following metadata shows a sample `KeyDescriptor` element with a signing key
<KeyInfo xmlns="https://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
A1bC2dE3fH4iJ5...kL6mN7oP8qR9sT0u
aB1cD2eF-3gH4i...J5kL6-mN7oP8qR=
</X509Certificate>
</X509Data>
</KeyInfo>
Expand Down Expand Up @@ -144,7 +144,7 @@ The following metadata shows a sample `PassiveResistorEndpoint` for a tenant-spe
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/contoso.onmicrosoft.com/saml2" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/contoso.onmicrosoft.com /saml2" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/contoso.onmicrosoft.com/saml2" />
</IDPSSODescriptor>
```
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ ms.reviewer: ludwignick
ms.custom:
---

This article describes how to program directly against the protocol in your application to request tokens from Microsoft Entra ID. When possible, we recommend you use the supported Microsoft Authentication Libraries (MSAL) instead to [acquire tokens and call secured web APIs](../authentication-flows-app-scenarios.md#scenarios-and-supported-authentication-flows). Also take a look at the [sample apps that use MSAL](../sample-v2-code.md).
This article describes how to program directly against the protocol in your application to request tokens from Microsoft Entra ID. When possible, we recommend you use the supported Microsoft Authentication Libraries (MSAL) instead to [acquire tokens and call secured web APIs](../authentication-flows-app-scenarios.md#scenarios-and-supported-authentication-flows). For a list of code samples that use MSAL refer to the [Microsoft identity platform code samples](../sample-v2-code.md).
4 changes: 2 additions & 2 deletions docs/identity-platform/quickstart-create-new-tenant.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ author: OwenRichards1
manager: CelesteDG
ms.author: ryanwi
ms.custom: fasttrack-edit, mode-other
ms.date: 01/10/2024
ms.date: 10/01/2024
ms.reviewer: jmprieur
ms.service: identity-platform

Expand Down Expand Up @@ -77,7 +77,7 @@ You'll provide the following information to create your new tenant:
## Social and local accounts

To begin building external facing applications that sign in social and local accounts, create a tenant with customer configurations. To begin, see [Create a tenant with customer configuration (preview)](../external-id/customers/quickstart-tenant-setup.md).
To begin building external facing applications that sign in social and local accounts, create a tenant with external configurations. To begin, see [Create a tenant with external configuration](../external-id/customers/quickstart-tenant-setup.md).

## Next steps

Expand Down
2 changes: 1 addition & 1 deletion docs/identity-platform/v2-app-types.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ The app types supported by the Microsoft identity platform are;

## Single-page apps

Many modern apps have a single-page app (SPA) front end written primarily in JavaScript, often with a framework like Angular, React, or Vue. The Microsoft identity platform supports these apps by using the [OpenID Connect](v2-protocols-oidc.md) protocol for authentication and one of two types of authorization grants defined by OAuth 2.0. Use the [authorization code flow with PKCE](https://devblogs.microsoft.com/identity/migrate-to-auth-code-flow/) when developing SPAs. Do not use the implicit flow.
Many modern apps have a single-page app (SPA) front end written primarily in JavaScript, often with a framework like Angular, React, or Vue. The Microsoft identity platform supports these apps by using the [OpenID Connect](v2-protocols-oidc.md) protocol for authentication and one of two types of authorization grants defined by OAuth 2.0. Use the [authorization code flow with PKCE](https://devblogs.microsoft.com/identity/migrate-to-auth-code-flow/) when developing SPAs. This flow is more secure than the implicit flow, which is no longer recommended. For more information, see [prefer the auth code flow](v2-oauth2-implicit-grant-flow.md#prefer-the-auth-code-flow).

The flow diagram demonstrates the OAuth 2.0 authorization code grant flow (with details around PKCE omitted), where the app receives a code from the Microsoft identity platform `authorize` endpoint, and redeems it for an access token and a refresh token using cross-site web requests. For SPAs, the access token is valid for 1 hour, and once expired, must request another code using the refresh token. In addition to the access token, an `id_token` that represents the signed-in user to the client application is typically also requested through the same flow and/or a separate OpenID Connect request (not shown here).

Expand Down
Loading

0 comments on commit 2343d3a

Please sign in to comment.