Updating the name of Azure Active Directory to Microsoft Entra ID (#1… (#1200)

…187)

Cherry-picked from #1187

Co-authored-by: Lasse Heemann <[email protected]>

Author: lidiazuin

modules/ROOT/pages/authentication-authorization/index.adoc

@@ -36,7 +36,7 @@ Controls authentication and authorization through external security software suc
 A description of the LDAP plugin using Active Directory is available in xref:authentication-authorization/ldap-integration.adoc[Integration with LDAP directory services].
 
 *Single sign-on provider*::
-Integration with a single sign-on service, such as Okta, Auth0, or Azure Active Directory to provide centralized authentication and authorization for all your systems.
+Integration with a single sign-on service, such as Okta, Auth0, or Microsoft Entra ID to provide centralized authentication and authorization for all your systems.
 Neo4j supports the popular OpenID Connect mechanism for integrating with identity providers.
 The configuration steps are described in xref:authentication-authorization/sso-integration.adoc[].
 

modules/ROOT/pages/authentication-authorization/sso-integration.adoc

@@ -3,7 +3,7 @@
 = Single sign-on integration
 :description: This page describes Neo4j support for integrating with SSO identity providers using OpenID Connect.
 
-Neo4j supports OpenID Connect (OIDC), which allows for integration with many identity providers including Okta, Microsoft Azure Active Directory, and Google.
+Neo4j supports OpenID Connect (OIDC), which allows for integration with many identity providers including Okta, Microsoft Entra ID, and Google.
 This integration permits federated users, managed by the identity provider, to access Neo4j instead of, or in addition to the native users and roles.
 For examples with different providers and troubleshooting, see the xref:tutorial/tutorial-sso-configuration.adoc[SSO configuration tutorial].
 

modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc

@@ -19,7 +19,7 @@ For example:
 
 SSO works in the following way:
 
-. The server (Neo4j DBMS) contacts the identity provider (Okta, Azure, Google, etc.) and fetches the JSON Web Keys (JWKs) from the provider.
+. The server (Neo4j DBMS) contacts the identity provider (Okta, Entra ID, Google, etc.) and fetches the JSON Web Keys (JWKs) from the provider.
 . The client (e.g., Bloom, Neo4j Browser, etc.) asks the user for credentials and contacts the identity provider.
 . The identity provider responds with a JSON Web Token (JWT), a JSON file containing fields (claims) relative to the user (email, audience, groups, etc.).
 . The client provides the server with the JWT, and the server verifies its signature with the JWKs.
@@ -126,11 +126,11 @@ dbms.security.oidc.okta.config=token_type_principal=id_token;token_type_authenti
 image::sso-configuration-tutorials/okta-sign-on-tab.svg[title="Okta's sign-on tab"]
 
 
-== Azure Active Directory (AAD)
+== Microsoft Entra ID (formerly Azure Active Directory)
 
 === Access token
 
-This example shows how to configure AAD for authentication and authorization using an access token.
+This example shows how to configure Entra ID for authentication and authorization using an access token.
 
 . Set parameters to be `access_token`:
 +
@@ -179,15 +179,15 @@ Note that the audience parameter for access tokens are typically set with` api:/
 
 === ID token
 
-This example shows how to configure AAD for authentication and authorization using ID tokens.
+This example shows how to configure Entra ID for authentication and authorization using ID tokens.
 
 ==== Register the application
 
 . Log in to the https://portal.azure.com/#home[Azure portal].
-. Navigate to *Azure Active Directory > Overview*.
+. Navigate to *Microsoft Entra ID > Overview*.
 . From the *Add* dropdown menu, select *App registration* and fill in the following information to create your SSO application:
 +
-image::sso-configuration-tutorials/oidc-azure-client-creation.png[title="Azure OIDC client creation"]
+image::sso-configuration-tutorials/oidc-azure-client-creation.png[title="Entra OIDC client creation"]
 The redirect URI `http://localhost:7474/browser/?idp_id=azure&auth_flow_step=redirect_uri` is the URI that will accept returned token responses after successful authentication.
 . Click *Register*.
 
@@ -203,14 +203,14 @@ dbms.security.oidc.azure.params=client_id=c2830ff5-86d9-4e38-8a2b-9efad6f3d06d;r
 
 . Navigate to *Endpoints*, to find the OpenID Connect metadata document. Use it to configure the `well_known_discovery_uri` in the _neo4j.conf_ file.
 +
-image::sso-configuration-tutorials/oidc-azure-client-config.png[title="Azure OIDC client config"]
+image::sso-configuration-tutorials/oidc-azure-client-config.png[title="Entra OIDC client config"]
 +
 [source, properties]
 ----
 dbms.security.oidc.azure.well_known_discovery_uri=https://login.microsoftonline.com/ce976899-299d-4a01-91e5-a5fee8f98626/v2.0/.well-known/openid-configuration
 ----
 
-. Configure Neo4j to use Azure authentication by configuring the following settings in the _neo4j.conf_ file:
+. Configure Neo4j to use Entra ID authentication by configuring the following settings in the _neo4j.conf_ file:
 +
 [source, properties]
 ----
@@ -234,33 +234,33 @@ For details, see https://learn.microsoft.com/en-us/azure/active-directory/develo
 dbms.security.oidc.azure.claims.username=sub
 ----
 
-==== Map Azure groups to Neo4j roles
+==== Map Entra groups to Neo4j roles
 
-Decide whether you want to use Azure AD Groups directly or Azure App Roles.
+Decide whether you want to use Entra groups directly or Entra App Roles.
 
-Using AD Groups directly might be convenient if you already have users assigned to relevant AD Groups and want to perform Group-to-Role mapping in Neo4j settings.
+Using Entra groups directly might be convenient if you already have users assigned to those groups and want to perform Group-to-Role mapping in Neo4j settings.
 
-Azure App Roles allow a layer of separation between Neo4j roles and AD Groups.
+Entra App Roles allow a layer of separation between Neo4j roles and groups.
 When App Roles are used, only the roles relevant to Neo4j are sent in the JWT token.
 This prevents leaking permissions between applications.
 JWT tokens also have a limitation of 200 roles per token per user, which can be avoided by sending only the relevant App Roles.
 
-Details about Azure App Roles can be found in the https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps[Microsoft documentation].
+Details about Entra ID App Roles can be found in the https://learn.microsoft.com/en-us/entra/identity-platform/howto-add-app-roles-in-apps[Microsoft documentation].
 
-==== Using Azure AD Groups directly
+==== Using Entra groups directly
 
-. Configure the server to return the AD Group Object IDs in the JWT identity tokens.
+. Configure the server to return the Group Object IDs in the JWT identity tokens.
 To do this, set `groupMembershipClaims` to `SecurityGroup` in the Manifest of the registered application:
 +
-image::sso-configuration-tutorials/oidc-azure-server-claims.png[title="Azure OIDC server claims"]
+image::sso-configuration-tutorials/oidc-azure-server-claims.png[title="Entra OIDC server claims"]
 
-. Create groups in the Azure AD console and assign users to them.
+. Create groups in the Entra AD console and assign users to them.
 Take note of the Object Id column.
 In the next step, you must map these to user roles in the Neo4j settings.
 +
-image::sso-configuration-tutorials/oidc-azure-server-groups.png[title="Azure OIDC server groups"]
+image::sso-configuration-tutorials/oidc-azure-server-groups.png[title="Entra OIDC server groups"]
 
-. Configure a mapping from Azure Ad Group Object IDs to Neo4j roles.
+. Configure a mapping from Entra Group Object IDs to Neo4j roles.
 For details, see xref:authentication-authorization/sso-integration.adoc#auth-sso-map-idp-roles[Map the Identity Provider Groups to the Neo4j Roles].
 +
 [source, properties]
@@ -277,11 +277,11 @@ dbms.security.oidc.azure.authorization.group_to_role_mapping= "e8b6ddfa-688d-4ac
 dbms.security.oidc.azure.claims.groups=groups
 ----
 
-==== Using Azure App Roles
+==== Using Entra ID App Roles
 
-. On the app's home page, navigate to *App roles* and add the Neo4j roles to the Azure active directory.
+. On the app's home page, navigate to *App roles* and add the Neo4j roles to the Microsoft Entra ID.
 +
-image::sso-configuration-tutorials/oidc-azure-app-roles.png[title="Azure OIDC app roles config"]
+image::sso-configuration-tutorials/oidc-azure-app-roles.png[title="Entra OIDC app roles config"]
 
 . The *Value* column in the App roles config must either correspond to Neo4j Roles or be mapped in the _neo4j.conf_ file.
 For details, see xref:authentication-authorization/sso-integration.adoc#auth-sso-map-idp-roles[Map the Identity Provider Groups to the Neo4j Roles].
@@ -343,7 +343,7 @@ dbms.security.oidc.google.config=token_type_principal=id_token;token_type_authen
 
 . Log in with your Google SSO credentials using the email address and get the `admin` role when doing so:
 +
-image::sso-configuration-tutorials/oidc-azure-successful-login.png[title="Azure OIDC successful login"]
+image::sso-configuration-tutorials/oidc-azure-successful-login.png[title="Entra OIDC successful login"]
 +
 [NOTE]
 ====