Merge pull request #251271 from garrodonnell/godonnell-update-portal-instructions

[B2B] Update steps from Azure portal to Entra admin center - 147894

Author: v-dirichards

articles/active-directory/develop/howto-create-service-principal-portal.md

@@ -38,9 +38,8 @@ You must have sufficient permissions to register an application with your Azure
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Search for and Select **Azure Active Directory**.
-1. Select **App registrations**, then select **New registration**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator). 
+1. Browse to **Identity** > **Applications** > **App registrations** then select **New registration**.
 1. Name the application, for example "example-app". 
 1. Select a supported account type, which determines who can use the application. 
 1. Under **Redirect URI**, select **Web** for the type of application you want to create. Enter the URI where the access token is sent to.
@@ -76,8 +75,7 @@ The next section shows how to get values that are needed when signing in program
 
 When programmatically signing in, pass the tenant ID and the application ID in your authentication request. You also need a certificate or an authentication key. To obtain the directory (tenant) ID and application ID:
 
-1. Search for select **Azure Active Directory**.
-1. From **App registrations** in Azure AD, select your application.
+1. Browse to **Identity** > **Applications** > **App registrations**, then select your application.
 1. On the app's overview page, copy the Directory (tenant) ID value and store it in your application code.
 1. Copy the Application (client) ID value and store it in your application code.
 
@@ -89,8 +87,7 @@ There are two types of authentication available for service principals: password
 
 To upload the certificate file:
 
-1. Search for and select **Azure Active Directory**.
-1. From **App registrations** in Azure AD, select your application.
+1. Browse to **Identity** > **Applications** > **App registrations**, then select your application.
 1. Select **Certificates & secrets**.
 1. Select **Certificates**, then select **Upload certificate** and then select the certificate file to upload.
 1. Select **Add**. Once the certificate is uploaded, the thumbprint, start date, and expiration values are displayed.
@@ -114,8 +111,7 @@ Export this certificate to a file using the [Manage User Certificate](/dotnet/fr
 
 To upload the certificate:
 
-1. Search for and select **Azure Active Directory**.
-1. From **App registrations** in Azure AD, select your application.
+1. Browse to **Identity** > **Applications** > **App registrations**, then select your application.
 1. Select **Certificates & secrets**.
 1. Select **Certificates**, then select **Upload certificate** and then select the certificate (an existing certificate or the self-signed certificate you exported).
 1. Select **Add**.
@@ -126,8 +122,7 @@ After registering the certificate with your application in the application regis
 
 If you choose not to use a certificate, you can create a new application secret.
 
-1. Search for and select **Azure Active Directory**.
-1. Select **App registrations** and select your application from the list.
+1. Browse to **Identity** > **Applications** > **App registrations**, then select your application.
 1. Select **Certificates & secrets**.
 1. Select **Client secrets**, and then Select **New client secret**.
 1. Provide a description of the secret, and a duration.

articles/active-directory/external-identities/reset-redemption-status.md

@@ -36,13 +36,13 @@ To reset a user's redemption status, you'll need one of the following roles:
 - [User Administrator](../roles/permissions-reference.md#user-administrator)
 - [Global Administrator](../roles/permissions-reference.md#global-administrator)
 
-## Use the Azure portal to reset redemption status
+## Use the Microsoft Entra admin center to reset redemption status
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using a Global administrator or User administrator account for the directory.
-1. Search for and select **Azure Active Directory**.
-1. Select **Users**.
+
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **Users** > **All users**.
 1. In the list, select the user's name to open their user profile.
 1. (Optional) If the user wants to sign in using a different email:
    1. Select the **Edit properties** icon.

articles/active-directory/external-identities/self-service-sign-up-add-api-connector.md

@@ -27,20 +27,19 @@ To use an [API connector](api-connectors-overview.md), you first create the API
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Under **Azure services**, select **Azure Active Directory**.
-3. In the left menu, select **External Identities**.
-4. Select **All API connectors**, and then select **New API connector**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **External Identities** > **Overview**.
+1. Select **All API connectors**, and then select **New API connector**.
 
     :::image type="content" source="media/self-service-sign-up-add-api-connector/api-connector-new.png" alt-text="Screenshot of adding a new API connector to External Identities.":::
 
-5. Provide a display name for the call. For example, **Check approval status**.
-6. Provide the **Endpoint URL** for the API call.
-7. Choose the **Authentication type** and configure the authentication information for calling your API. Learn how to [Secure your API Connector](self-service-sign-up-secure-api-connector.md).
+1. Provide a display name for the call. For example, **Check approval status**.
+1. Provide the **Endpoint URL** for the API call.
+1. Choose the **Authentication type** and configure the authentication information for calling your API. Learn how to [Secure your API Connector](self-service-sign-up-secure-api-connector.md).
 
     :::image type="content" source="media/self-service-sign-up-add-api-connector/api-connector-config.png" alt-text="Screenshot of configuring an API connector.":::
 
-8. Select **Save**.
+1. Select **Save**.
 
 ## The request sent to your API
 An API connector materializes as an **HTTP POST** request, sending user attributes ('claims') as key-value pairs in a JSON body. Attributes are serialized similarly to [Microsoft Graph](/graph/api/resources/user#properties) user properties. 
@@ -93,9 +92,8 @@ Additionally, the claims are typically sent in all request:
 
 Follow these steps to add an API connector to a self-service sign-up user flow.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
-2. Under **Azure services**, select **Azure Active Directory**.
-3. In the left menu, select **External Identities**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **External Identities** > **Overview**.
 4. Select **User flows**, and then select the user flow you want to add the API connector to.
 5. Select **API connectors**, and then select the API endpoints you want to invoke at the following steps in the user flow:
 

articles/active-directory/external-identities/self-service-sign-up-add-approvals.md

@@ -36,17 +36,16 @@ This article gives an example of how to integrate with an approval system. In th
 
 You need to register your approval system as an application in your Azure AD tenant so it can authenticate with Azure AD and have permission to create users. Learn more about [authentication and authorization basics for Microsoft Graph](/graph/auth/auth-concepts).
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
-2. Under **Azure services**, select **Azure Active Directory**.
-3. In the left menu, select **App registrations**, and then select **New registration**.
-4. Enter a **Name** for the application, for example, _Sign-up Approvals_.
-5. Select **Register**. You can leave other fields at their defaults.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **Applications** > **App registrations**, and then select **New registration**.
+1. Enter a **Name** for the application, for example, _Sign-up Approvals_.
+1. Select **Register**. You can leave other fields at their defaults.
 
 :::image type="content" source="media/self-service-sign-up-add-approvals/register-approvals-app.png" alt-text="Screenshot that highlights the Register button.":::
 
-6. Under **Manage** in the left menu, select **API permissions**, and then select **Add a permission**.
-7. On the **Request API permissions** page, select **Microsoft Graph**, and then select **Application permissions**.
-8. Under **Select permissions**, expand **User**, and then select the **User.ReadWrite.All** check box. This permission allows the approval system to create the user upon approval. Then select **Add permissions**.
+1. Under **Manage** in the left menu, select **API permissions**, and then select **Add a permission**.
+1. On the **Request API permissions** page, select **Microsoft Graph**, and then select **Application permissions**.
+1. Under **Select permissions**, expand **User**, and then select the **User.ReadWrite.All** check box. This permission allows the approval system to create the user upon approval. Then select **Add permissions**.
 
 :::image type="content" source="media/self-service-sign-up-add-approvals/request-api-permissions.png" alt-text="Screenshot of requesting API permissions.":::
 
@@ -77,19 +76,17 @@ To create these connectors, follow the steps in [create an API connector](self-s
 
 Now you'll add the API connectors to a self-service sign-up user flow with these steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
-2. Under **Azure services**, select **Azure Active Directory**.
-3. In the left menu, select **External Identities**.
-4. Select **User flows**, and then select the user flow you want to enable the API connector for.
-5. Select **API connectors**, and then select the API endpoints you want to invoke at the following steps in the user flow:
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **External identities** > **User flows**, and then select the user flow you want to enable the API connector for.
+1. Select **API connectors**, and then select the API endpoints you want to invoke at the following steps in the user flow:
 
    - **After federating with an identity provider during sign-up**: Select your approval status API connector, for example _Check approval status_.
    - **Before creating the user**: Select your approval request API connector, for example _Request approval_.
 
 :::image type="content" source="media/self-service-sign-up-add-approvals/api-connectors-user-flow-api.png" alt-text="Screenshot of API connector in a user flow.":::
 
 
-6. Select **Save**.
+1. Select **Save**.
 
 ## Control the sign-up flow with API responses
 

articles/active-directory/external-identities/self-service-sign-up-secure-api-connector.md

@@ -33,9 +33,8 @@ HTTP basic authentication is defined in [RFC 2617](https://tools.ietf.org/html/r
 
 To configure an API Connector with HTTP basic authentication, follow these steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Under **Azure services**, select **Azure AD**.
-1. In the left menu, select **External Identities**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **External Identities** > **Overview**.
 1. Select **All API connectors**, and then select the **API Connector** you want to configure.
 1. For the **Authentication type**, select **Basic**.
 1. Provide the **Username**, and **Password** of your REST API endpoint.
@@ -71,9 +70,8 @@ You can then [export the certificate](../../key-vault/certificates/how-to-export
 
 To configure an API Connector with client certificate authentication, follow these steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Under **Azure services**, select **Azure AD**.
-1. In the left menu, select **External Identities**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **External Identities** > **Overview**.
 1. Select **All API connectors**, and then select the **API Connector** you want to configure.
 1. For the **Authentication type**, select **Certificate**.
 1. In the **Upload certificate** box, select your certificate's .pfx file with a private key.

articles/active-directory/external-identities/self-service-sign-up-user-flow.md

@@ -51,10 +51,8 @@ Before you can add a self-service sign-up user flow to your applications, you ne
 > [!NOTE]
 > This setting can also be configured with the [authenticationFlowsPolicy](/graph/api/resources/authenticationflowspolicy?view=graph-rest-1.0&preserve-view=true) resource type in the Microsoft Graph API.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
-2. Under **Azure services**, select **Azure Active Directory**.
-1. Under **Manage** in the left menu, select **Users**.
-1. Select **User settings**, and then under **External users**, select **Manage external collaboration settings**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **Users** > **User settings**, and then under **External users**, select **Manage external collaboration settings**.
 1. Set the **Enable guest self-service sign up via user flows** toggle to **Yes**.
 
    :::image type="content" source="media/self-service-sign-up-user-flow/enable-self-service-sign-up.png" alt-text="Screenshot of the enable guest self-service sign up toggle.":::
@@ -64,32 +62,30 @@ Before you can add a self-service sign-up user flow to your applications, you ne
 
 Next, you'll create the user flow for self-service sign-up and add it to an application.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
-2. Under **Azure services**, select **Azure Active Directory**.
-3. In the left menu, select **External Identities**.
-4. Select **User flows**, and then select **New user flow**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **External Identities** > **User flows**, and then select **New user flow**.
 
    :::image type="content" source="media/self-service-sign-up-user-flow/new-user-flow.png" alt-text="Screenshot of the new user flow button.":::
 
-5. Select the user flow type (for example, **Sign up and sign in**), and then select the version (**Recommended** or **Preview**).
-6. On the **Create** page, enter a **Name** for the user flow. The name is automatically prefixed with **B2X_1_**.
-7. In the **Identity providers** list, select one or more identity providers that your external users can use to log into your application. **Azure Active Directory Sign up** is selected by default. (See [Before you begin](#before-you-begin) earlier in this article to learn how to add identity providers.)
-8. Under **User attributes**, choose the attributes you want to collect from the user. For more attributes, select **Show more**. For example, select **Show more**, and then choose attributes and claims for **Country/Region**, **Display Name**, and **Postal Code**. Select **OK**.
+1. Select the user flow type (for example, **Sign up and sign in**), and then select the version (**Recommended** or **Preview**).
+1. On the **Create** page, enter a **Name** for the user flow. The name is automatically prefixed with **B2X_1_**.
+1. In the **Identity providers** list, select one or more identity providers that your external users can use to log into your application. **Azure Active Directory Sign up** is selected by default. (See [Before you begin](#before-you-begin) earlier in this article to learn how to add identity providers.)
+1. Under **User attributes**, choose the attributes you want to collect from the user. For more attributes, select **Show more**. For example, select **Show more**, and then choose attributes and claims for **Country/Region**, **Display Name**, and **Postal Code**. Select **OK**.
 
    :::image type="content" source="media/self-service-sign-up-user-flow/create-user-flow.png" alt-text="Screenshot of the new user flow creation page. ":::
 
    > [!NOTE]
    > You can only collect attributes when a user signs up for the first time. After a user signs up, they will no longer be prompted to collect attribute information, even if you change the user flow.
 
-8. Select **Create**.
-9. The new user flow appears in the **User flows** list. If necessary, refresh the page.
+1. Select **Create**.
+1. The new user flow appears in the **User flows** list. If necessary, refresh the page.
 
 ## Select the layout of the attribute collection form
 
 You can choose order in which the attributes are displayed on the sign-up page. 
 
-1. Sign in to the [Azure portal](https://portal.azure.com), then select **Azure Active Directory**.
-2. Select **External Identities**, select **User flows**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **External Identities** > **User flows**.
 3. Select the self-service sign-up user flow from the list.
 4. Under **Customize**, select **Page layouts**.
 5. The attributes you chose to collect are listed. To change the order of display, select an attribute, and then select **Move up**, **Move down**, **Move to top**, or **Move to bottom**.
@@ -99,18 +95,17 @@ You can choose order in which the attributes are displayed on the sign-up page.
 
 Now you'll associate applications with the user flow to enable sign-up for those applications. New users who access the associated applications will be presented with your new self-service sign-up experience.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
-2. Under **Azure services**, select **Azure Active Directory**.
-3. In the left menu, select **External Identities**.
-4. Under **Self-service sign up**, select **User flows**.
-5. Select the self-service sign-up user flow from the list.
-6. In the left menu, under **Use**, select **Applications**.
-7. Select **Add application**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).
+1. Browse to **Identity** > **External Identities** > **User flows**
+1. Under **Self-service sign up**, select **User flows**.
+1. Select the self-service sign-up user flow from the list.
+1. In the left menu, under **Use**, select **Applications**.
+1. Select **Add application**.
 
    :::image type="content" source="media/self-service-sign-up-user-flow/assign-app-to-user-flow.png" alt-text="Screenshot of adding an application to the user flow.":::
 
-8. Select the application from the list. Or use the search box to find the application, and then select it.
-9. Click **Select**.
+1. Select the application from the list. Or use the search box to find the application, and then select it.
+1. Click **Select**.
 
 ## Next steps