improving the overview guide

theManikJindal · theManikJindal · commit 50a002b43ef9 · 2025-07-21T09:53:46.000+05:30
diff --git a/src/pages/guides/authentication/AdminAuthentication/index.md b/src/pages/guides/authentication/AdminAuthentication/index.md
@@ -1,11 +1,19 @@
 # Admin authentication
 
-If you are an Adobe Technology Partner Program partner and your application needs to read or modify the data of an Adobe enterprise customer, you can do so using an admin authentication credential. However, before your application can view or edit the customer's data, a customer admin would need to provide explicit 'consent' to your application.
+If you are an Adobe Technology Partner Program partner and your application needs to read or modify the data owned by an Adobe enterprise customer organization, you can do so using an admin authentication credential. Before your application can view or edit the customer's data, a customer admin would need to provide explicit 'consent' to your application.
+
+<InlineAlert slots="text"/>
+
+Note: Admin authentication and the Enterprise Web App credential is only available to Adobe Technology Partner Program (TPP) partners.
 
 
 ## Whose data can you access with Admin authentication?
 
-Admin authentication has a mix of elements from the user authentication and server to server authentication types. 
+Admin authentication enables partner-built apps to read and modify Adobe enterprise customer data. Previously, enterprise customer data could only be manipulated through server to server authentication. Therefore, a customer had to build the app themsleves or plug in their server-to-server credentials in partner-built apps. 
+
+With Admin authentication a partner application can now have a single set of credentials and multiple customers could install the app easily by providing consent to it. The customer no longer needs to supply their credentials to partner apps, thereby, strenghting their security posture.
+
+To better understand the differences and similarities of admin authenticaton, let's compare it to other supported authentication types.
 
 |                                 | Who builds the app?              | What data can the app access?  | How is data access governed?                                                                                                                                                      |
 |---------------------------------|----------------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -16,19 +24,33 @@ Admin authentication has a mix of elements from the user authentication and serv
 
 ## Enterprise Web App credential
 
-Adobe supports the Enterprise Web App credential to perform admin authentication. The Enteprise Web App credential enables Adobe Technlogoy Partner Program partners to build click-to-install applications that work with Adobe enterprise customer data.
+Adobe supports the Enterprise Web App credential to perform admin authentication, enabling partners to build click-to-install applications that work with Adobe enterprise customer data.
 
-The Enterprise Web App credential enables partner application to generate access tokens on behalf of an Adobe enterprise customer. To do so, the partner application must first obtain consent from a customer admin and then use the its client id and secret to generate access tokens. 
+Once a customer admin installs the app and provides consent to it, a technical account is set up in the customer org and linked to the partner app. The customer admin can control what data the partner app can access by managing the product profiles assigned to the technical account. Meanwhile, the partner app can generate access tokens for this technical account by using its own client id and secret.
 
-The safety & security of customer data is of utmost importance. Therefore, the partner app must have a secure backend server to implement the security features of the Enterprise Web app credential, including generating access tokens on the backend.
+To safeguard customer data, the Enterprise Web App credential requires the partner app to have a secure backend server. The backend server is responsible for implementing the security features of credential and generating access tokens.
 
-The following diagram depicts the high level workflow through which a partner app can generate access tokens on behalf of customers. 
+### How does it work?
+
+The following diagram depicts the high level workflow through which a partner app can generate access tokens for the technical accounts in customer orgs.
 
 ![](../../../images/enterprise-web-app-generate-access-token-uml.png)
 
+1. The workflow starts when the customer admin visits the partner app and clicks on the Connect with Adobe button to connect their Adobe organization to the partner app.
+2. The customer admin is redirected to the Adobe IMS consent screen to provide consent to the partner app. Once the admin consents to the partner to app to access his org's data, a technical account is created in the customer organization.
+3. After the admin provides consent, the admin is redirected back to the partner app. The redirect URL was supplied by the partner during Enterprise Web App credential set up. 
+4. The partner app receives the redirect and verifies that it came from Adobe by validating the `id_token`, `state`, and `nonce` parameters in the redirect. 
+5. If verification passes, the partner app maps the customer org to the logged in account. At this point, the partner app can use its `client_id` and `client_secret` and the customer `org_id` to generate access tokens.
+6. Finally, the customer admin has completed the consent workflow and connected their Adobe org to the partner app. The customer admin can now navigate to the [Adobe Exchange manage page](https://exchange.adobe.com/manage) and assign product profiles to the newly set up technical account.
+
+<InlineAlert slots="text"/>
+
+Note: The customer admin can visit the [Adobe Exchange manage page](https://exchange.adobe.com/manage) to revoke consent to the partner app at any time. After the admin revoked consent, the partner app can no longer generate access tokens on this customer's behalf. All existing tokens will stop working within an hour.
+
 
-## Next Steps
+## Development Next Steps
 
-1. Read our [implementation guide](implementation.md) to understand how to implement the Enterprise Web App credential.
-2. View the [API Reference](ims.md) for parameter lists and error codes.
-3. Visit the [FAQ](faq.md) for troubleshooting and advanced scenarios.
+1. Read the [implementation guide](implementation.md) to start implementing the Enterprise Web App credential.
+2. Read the [API Reference](ims.md) to view the HTTP request to generate access tokens and supported query parameters and error codes in redirect.
+3. Visit the [FAQ page](faq.md) for conceptual questions, troubleshooting your app, and advanced scenarios.
+4. Read our [submission guide](TODO) to submit you app for Adobe review.
