Merge pull request #250877 from omondiatieno/fed-okta

prmerger-automator[bot] · web-flow · commit 03c481bf4abd · 2023-09-11T15:00:04.000Z
okta fed -UI updates
diff --git a/articles/active-directory/manage-apps/f5-integration.md b/articles/active-directory/manage-apps/f5-integration.md
@@ -36,7 +36,7 @@ When Azure AD pre-authenticates access to BIG-IP published services, there are m
 Other benefits include:
 
 - One control plane to govern identity and access
-  - The [Azure portal](https://azure.microsoft.com/features/azure-portal/)
+  - The [Microsoft Entra admin center](https://entra.microsoft.com)
 - Preemptive [Conditional Access](../conditional-access/overview.md)
 - [Azure AD Multi-Factor Authentication (MFA)](../authentication/concept-mfa-howitworks.md)
 - Adaptive protection through user and session risk profiling
diff --git a/articles/active-directory/manage-apps/migrate-okta-federation.md b/articles/active-directory/manage-apps/migrate-okta-federation.md
@@ -23,6 +23,7 @@ You can migrate federation to Azure Active Directory (Azure AD) in a staged mann
 
 - An Office 365 tenant federated to Okta for SSO
 - An Azure AD Connect server or Azure AD Connect cloud provisioning agents configured for user provisioning to Azure AD
+- One of the following roles: Global Administrator, Application Administrator, Cloud Application Administrator, or Hybrid Identity Administrator.
 
 ## Configure Azure AD Connect for authentication
 
@@ -59,7 +60,7 @@ For this tutorial, you configure password hash synchronization and seamless SSO.
 
    ![Screenshot of the Azure AD Connect app with the page for changing user sign-in.](media/migrate-okta-federation/change-user-signin.png)
 
-5. Enter Global Administrator credentials.
+5. Enter the credentials of the Global Administrator of the Azure AD Connect server.
 
    ![Screenshot of the Azure A D Connect app that shows where to enter Global Administrator credentials.](media/migrate-okta-federation/global-admin-credentials.png)
 
@@ -89,11 +90,8 @@ Learn more: [Migrate to cloud authentication using Staged Rollout](../hybrid/con
 
 After you enable password hash sync and seamless SSO on the Azure AD Connect server, configure a staged rollout:
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then select **View** or **Manage Azure Active Directory**.
-
-   ![Screenshot of the Azure portal with welcome message.](media/migrate-okta-federation/portal.png)
-
-2. On the **Azure Active Directory** menu, select **Azure AD Connect**. 
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Hybrid Identity Administrator](../roles/permissions-reference.md#hybrid-identity-administrator).
+2. Browse to **Identity** > **Hybrid management** > **Azure AD Connect** > **Connect Sync**. 
 3. Confirm **Password Hash Sync** is enabled in the tenant.
 4. Select **Enable staged rollout for managed user sign-in**.
 
@@ -104,11 +102,11 @@ After you enable password hash sync and seamless SSO on the Azure AD Connect ser
 7. **Seamless single sign-on** is **Off**. If you enable it, an error appears because it's enabled in the tenant.
 8. Select **Manage groups**.
 
-   ![Screenshot of the Enable staged rollout features page in the Azure portal. A Manage groups button appears.](media/migrate-okta-federation/password-hash-sync.png)
+   ![Screenshot of the Enable staged rollout features page in the Microsoft Entra admin center. A Manage groups button appears.](media/migrate-okta-federation/password-hash-sync.png)
 
 9. Add a group to the password hash sync rollout. In the following example, the security group starts with 10 members.
 
-   ![Screenshot of the Manage groups for Password Hash Sync page in the Azure portal. A group is in a table.](media/migrate-okta-federation/example-security-group.png)
+   ![Screenshot of the Manage groups for Password Hash Sync page in the Microsoft Entra admin center. A group is in a table.](media/migrate-okta-federation/example-security-group.png)
 
 10. Wait about 30 minutes for the feature to take effect in your tenant. 
 11. When the feature takes effect, users aren't redirected to Okta when attempting to access Office 365 services.
@@ -125,14 +123,14 @@ Users that converted to managed authentication might need access to applications
 
 Configure the enterprise application registration for Okta.
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then under **Manage Azure Active Directory**, select **View**.
-2. On the left menu, under **Manage**, select **Enterprise applications**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). 
+2. Browse to **Identity** > **Applications** > **Enterprise applications** > **All applications**.
 
-   ![Screenshot of the left menu of the Azure portal.](media/migrate-okta-federation/enterprise-application.png)
+   ![Screenshot of the left menu of the Microsoft Entra admin center.](media/migrate-okta-federation/enterprise-application.png)
 
-3. On the **All applications** menu, select **New application**.
+3. Select **New application**.
 
-   ![Screenshot that shows the All applications page in the Azure portal. A new application is visible.](media/migrate-okta-federation/new-application.png)
+   ![Screenshot that shows the All applications page in the Microsoft Entra admin center. A new application is visible.](media/migrate-okta-federation/new-application.png)
 
 4. Select **Create your own application**. 
 5. On the menu, name the Okta app.
@@ -146,14 +144,14 @@ Configure the enterprise application registration for Okta.
 10. On the Azure AD menu, select **App registrations**. 
 11. Open the created registration.
 
-   ![Screenshot of the App registrations page in the Azure portal. The new app registration appears.](media/migrate-okta-federation/app-registration.png)
+   ![Screenshot of the App registrations page in the Microsoft Entra admin center. The new app registration appears.](media/migrate-okta-federation/app-registration.png)
 
 12. Record the Tenant ID and Application ID.
 
    >[!Note]
    >You need the Tenant ID and Application ID to configure the identity provider in Okta.
 
-   ![Screenshot of the Okta Application Access page in the Azure portal. The Tenant ID and Application ID appear.](media/migrate-okta-federation/record-ids.png)
+   ![Screenshot of the Okta Application Access page in the Microsoft Entra admin center. The Tenant ID and Application ID appear.](media/migrate-okta-federation/record-ids.png)
 
 13. On the left menu, select **Certificates & secrets**. 
 14. Select **New client secret**. 
@@ -181,7 +179,7 @@ Configure the enterprise application registration for Okta.
 27. On the left menu, select **Branding**. 
 28. For **Home page URL**, add your user application home page.
 
-    ![Screenshot of the Branding page in the Azure portal.](media/migrate-okta-federation/add-branding.png)
+    ![Screenshot of the Branding page in the Microsoft Entra admin center.](media/migrate-okta-federation/add-branding.png)
 
 29. In the Okta administration portal, to add a new identity provider, select **Security** then **Identity Providers**. 
 30. Select **Add Microsoft**.
@@ -218,7 +216,7 @@ You created the identity provider (IDP). Send users to the correct IDP.
 8. Add the redirect URI you recorded in the IDP in Okta. 
 9. Select **Access tokens** and **ID tokens**.
 
-    ![Screenshot of the Configure Web page in the Azure portal. A redirect URI appears. The access and I D tokens are selected.](media/migrate-okta-federation/access-id-tokens.png)
+    ![Screenshot of the Configure Web page in the Microsoft Entra admin center. A redirect URI appears. The access and I D tokens are selected.](media/migrate-okta-federation/access-id-tokens.png)
 
 10. In the admin console, select **Directory**.
 11. Select **People**. 
@@ -234,15 +232,15 @@ You created the identity provider (IDP). Send users to the correct IDP.
 
 After you configure the Okta app in Azure AD and configure the IDP in the Okta portal, assign the application to users.
 
-1. In the Azure portal, select **Azure Active Directory** then **Enterprise applications**.
+1. In the Microsoft Entra admin center, browse to **Identity** > **Applications** > **Enterprise applications**.
 2. Select the app registration you created.
 3. Go to **Users and groups**. 
 4. Add the group that correlates with the managed authentication pilot.
 
    >[!NOTE]
    >You can add users and groups from the **Enterprise applications** page. You can't add users from the **App registrations** menu.
 
-   ![Screenshot of the Users and groups page of the Azure portal. A group called Managed Authentication Staging Group appears.](media/migrate-okta-federation/add-group.png)
+   ![Screenshot of the Users and groups page of the Microsoft Entra admin center. A group called Managed Authentication Staging Group appears.](media/migrate-okta-federation/add-group.png)
 
 5. Wait about 15 minutes.
 6. Sign in as a managed authentication pilot user.
