Fixed Entra IDs in the how-to

Author: niklarin

articles/cosmos-db/postgresql/how-to-configure-authentication.md

@@ -14,36 +14,36 @@ ms.date: 11/06/2023
 [!INCLUDE [PostgreSQL](../includes/appliesto-postgresql.md)]
 
 > [!IMPORTANT]
-> Microsoft Entra authentication in Azure Cosmos DB for PostgreSQL is currently in preview.
+> Microsoft Entra ID authentication in Azure Cosmos DB for PostgreSQL is currently in preview.
 > This preview version is provided without a service level agreement, and it's not recommended
 > for production workloads. Certain features might not be supported or might have constrained
 > capabilities.
 >
 > You can see a complete list of other new features in [preview features](product-updates.md#features-in-preview).
 
-In this article, you configure authentication methods for Azure Cosmos DB for PostgreSQL. You manage Microsoft Entra admin users and native PostgreSQL roles for authentication with Azure Cosmos DB for PostgreSQL. You also learn how to use a Microsoft Entra token with Azure Cosmos DB for PostgreSQL.
+In this article, you configure authentication methods for Azure Cosmos DB for PostgreSQL. You manage Microsoft Entra ID admin users and native PostgreSQL roles for authentication with Azure Cosmos DB for PostgreSQL. You also learn how to use a Microsoft Entra ID token with Azure Cosmos DB for PostgreSQL.
 
 An Azure Cosmos DB for PostgreSQL cluster is created with one built-in native PostgreSQL role named 'citus'. You can add more native PostgreSQL roles after cluster provisioning is completed.
 
-You can also configure Microsoft Entra authentication for Azure Cosmos DB for PostgreSQL. You can enable Microsoft Entra authentication in addition or instead of the native PostgreSQL authentication on your cluster. You can change authentication methods enabled on cluster at any point after the cluster is provisioned. When Microsoft Entra authentication is enabled, you can add multiple Microsoft Entra users to an Azure Cosmos DB for PostgreSQL cluster and make any of them administrators. Microsoft Entra user can be a user or a service principal.
+You can also configure Microsoft Entra ID authentication for Azure Cosmos DB for PostgreSQL. You can enable Microsoft Entra ID authentication in addition or instead of the native PostgreSQL authentication on your cluster. You can change authentication methods enabled on cluster at any point after the cluster is provisioned. When Microsoft Entra ID authentication is enabled, you can add multiple Microsoft Entra ID users to an Azure Cosmos DB for PostgreSQL cluster and make any of them administrators. Microsoft Entra ID user can be a user or a service principal.
 
 ## Choose authentication method
 You need to use Azure portal to configure authentication methods on an Azure Cosmos DB for PostgreSQL cluster.
 
-Complete the following items on your Azure Cosmos DB for PostgreSQL cluster to enable or disable Microsoft Entra authentication and native PostgreSQL authentication.
+Complete the following items on your Azure Cosmos DB for PostgreSQL cluster to enable or disable Microsoft Entra ID authentication and native PostgreSQL authentication.
 
 1. On the cluster page, under the **Cluster management** heading, choose **Authentication** to open authentication management options.
-1. In **Authentication methods** section, choose **PostgreSQL authentication only**, **Microsoft Entra authentication (preview)**, or **PostgreSQL and Microsoft Entra authentication (preview)** as the authentication method based on your requirements.
+1. In **Authentication methods** section, choose **PostgreSQL authentication only**, **Microsoft Entra ID authentication (preview)**, or **PostgreSQL and Microsoft Entra ID authentication (preview)** as the authentication method based on your requirements.
 
-Once done proceed with [configuring Microsoft Entra authentication](#configure-azure-active-directory-authentication) or [adding native PostgreSQL roles](#configure-native-postgresql-authentication) on **Authentication** page.
+Once done proceed with [configuring Microsoft Entra ID authentication](#configure-azure-active-directory-authentication) or [adding native PostgreSQL roles](#configure-native-postgresql-authentication) on **Authentication** page.
 
 <a name='configure-azure-active-directory-authentication'></a>
 
 ## Configure Microsoft Entra ID authentication
 
 ### Prerequisites
 
-Users need to be allowed to sign in to Azure Cosmos DB for PostgreSQL in the Microsoft Entra tenant. These steps should be performed once for the Microsoft Entra ID tenant that is going to be used for authentication on Azure Cosmos DB for PostgreSQL clusters.
+Users need to be allowed to sign in to Azure Cosmos DB for PostgreSQL in the Microsoft Entra ID tenant. These steps should be performed once for the Microsoft Entra ID tenant that is going to be used for authentication on Azure Cosmos DB for PostgreSQL clusters.
 
 > [!IMPORTANT]
 > Microsoft Entra ID tenant administrator permissions are needed to make the change. See [guidance for troubleshooting permissions](/entra/identity/enterprise-apps/add-application-portal-configure#prerequisites).
@@ -64,12 +64,12 @@ az ad sp update --id b4fa09d8-5da5-4352-83d9-05c2a44cf431 --set accountEnabled=t
 ```
 ---
 
-### Add Microsoft Entra admins to Azure Cosmos DB for PostgreSQL cluster
+### Add Microsoft Entra ID admins to Azure Cosmos DB for PostgreSQL cluster
 
-To add or remove Microsoft Entra roles on cluster, follow these steps on **Authentication** page:
+To add or remove Microsoft Entra ID roles on cluster, follow these steps on **Authentication** page:
 
-1. In **Microsoft Entra authentication (preview)** section, select **Add Microsoft Entra admins**.
-1. In **Select Microsoft Entra Admins** panel, select one or more valid Microsoft Entra user or enterprise application in the current AD tenant to be a Microsoft Entra administrator on your Azure Cosmos DB for PostgreSQL cluster.
+1. In **Microsoft Entra ID authentication (preview)** section, select **Add Microsoft Entra ID admins**.
+1. In **Select Microsoft Entra ID Admins** panel, select one or more valid Microsoft Entra ID user or enterprise application in the current AD tenant to be a Microsoft Entra ID administrator on your Azure Cosmos DB for PostgreSQL cluster.
 1. Use **Select** to confirm your choice.
 1. In the **Authentication** page, select **Save** in the toolbar to save changes or proceed with adding native PostgreSQL roles.
 
@@ -79,15 +79,15 @@ To add Postgres roles on cluster, follow these steps on **Authentication** page:
 
 1. In **PostgreSQL authentication** section, select **Add PostgreSQL role**.
 1. Enter the role name and password. Select **Save**.
-1. In the **Authentication** page, select **Save** in the toolbar to save changes or proceed with adding Microsoft Entra admin users.
+1. In the **Authentication** page, select **Save** in the toolbar to save changes or proceed with adding Microsoft Entra ID admin users.
 
 The native PostgreSQL user is created on the coordinator node of the cluster, and propagated to all the worker nodes. Roles created through the Azure portal have the LOGIN attribute, which means they’re true users who can sign in to the database.
 
 <a name='connect-to-azure-cosmos-for-postgresql-by-using-azure-ad-authentication'></a>
 
-## Connect to Azure Cosmos for PostgreSQL by using Microsoft Entra authentication
+## Connect to Azure Cosmos for PostgreSQL by using Microsoft Entra ID authentication
 
-Microsoft Entra integration works with standard PostgreSQL client tools like **psql**, which aren't Microsoft Entra aware and support only specifying the username and password when you're connecting to PostgreSQL. In such cases, the Microsoft Entra token is passed as the password.
+Microsoft Entra ID integration works with standard PostgreSQL client tools like **psql**, which aren't Microsoft Entra ID aware and support only specifying the username and password when you're connecting to PostgreSQL. In such cases, the Microsoft Entra ID token is passed as the password.
 
 We've tested the following clients:
 
@@ -105,13 +105,13 @@ Start by authenticating with Microsoft Entra ID by using the Azure CLI. This ste
 az login
 ```
 
-The command opens a browser window to the Microsoft Entra authentication page. It requires you to give your Microsoft Entra user ID and password.
+The command opens a browser window to the Microsoft Entra ID authentication page. It requires you to give your Microsoft Entra ID user name and password.
 
 <a name='retrieve-the-azure-ad-access-token'></a>
 
-### Retrieve the Microsoft Entra access token
+### Retrieve the Microsoft Entra ID access token
 
-Use the Azure CLI to acquire an access token for the Microsoft Entra authenticated user to access Azure Cosmos for PostgreSQL. Here's an example:
+Use the Azure CLI to acquire an access token for the Microsoft Entra ID authenticated user to access Azure Cosmos for PostgreSQL. Here's an example:
 
 ```azurecli-interactive
 az account get-access-token --resource https://postgres.cosmos.azure.com
@@ -161,8 +161,8 @@ export PGPASSWORD=$(az account get-access-token --resource-type oss-rdbms --quer
 
 
 > [!NOTE]
-> Make sure PGPASSWORD variable is set to the Microsoft Entra access token for your
-> subscription for Microsoft Entra authentication. If you need to do Postgres role authentication
+> Make sure PGPASSWORD variable is set to the Microsoft Entra ID access token for your
+> subscription for Microsoft Entra ID authentication. If you need to do Postgres role authentication
 > from the same session you can set PGPASSWORD to the Postgres role password
 > or clear the PGPASSWORD variable value to enter the password interactively.
 > Authentication would fail with the wrong value in PGPASSWORD.
@@ -175,22 +175,22 @@ psql "host=mycluster.[uniqueID].postgres.cosmos.azure.com [email protected]
 
 ### Use a token as a password for signing in with PgAdmin
 
-To connect by using a Microsoft Entra token with PgAdmin, follow these steps:
+To connect by using a Microsoft Entra ID token with PgAdmin, follow these steps:
 
 1. Clear the **Connect now** option at server creation.
 1. Enter your server details on the **Connection** tab and save.
-    1. Make sure a valid Microsoft Entra user is specified in **Username**.
+    1. Make sure a valid Microsoft Entra ID user is specified in **Username**.
 1. From the pgAdmin **Object** menu, select **Connect Server**.
 1. Enter the Active Directory token password when you're prompted.
 
 Here are some essential considerations when you're connecting:
 
-- `[email protected]` is the name of the Microsoft Entra user.
-- Be sure to use the exact way the Azure user is spelled. Microsoft Entra user and group names are case-sensitive.
+- `[email protected]` is the name of the Microsoft Entra ID user.
+- Be sure to use the exact way the Azure user is spelled. Microsoft Entra ID user and group names are case-sensitive.
 - If the name contains spaces, use a backslash (`\`) before each space to escape it.
 - The access token's validity is 5 minutes to 90 minutes. You should get the access token before initiating the sign-in to Azure Cosmos for PostgreSQL.
 
-You're now authenticated to your Azure Cosmos for PostgreSQL server through Microsoft Entra authentication.
+You're now authenticated to your Azure Cosmos for PostgreSQL server through Microsoft Entra ID authentication.
 
 ## Manage native PostgreSQL roles
 
@@ -202,7 +202,7 @@ To update a user, visit the **Authentication** page for your cluster,
 and select the ellipses **...** next to the user. The ellipses open a menu
 to delete the user or reset their password.
 
-The `citus` role is privileged and can't be deleted. However, `citus` role would be disabled, if 'Microsoft Entra authentication only' authentication method is selected for the cluster.
+The `citus` role is privileged and can't be deleted. However, `citus` role would be disabled, if 'Microsoft Entra ID authentication only' authentication method is selected for the cluster.
 
 ## How to modify privileges for user roles
 
@@ -216,7 +216,7 @@ For example, to allow PostgreSQL `db_user` to read `mytable`, grant the permissi
 GRANT SELECT ON mytable TO db_user;
 ```
 
-To grant the same permissions to Microsoft Entra role `[email protected]` use the following command:
+To grant the same permissions to Microsoft Entra ID role `[email protected]` use the following command:
 
 ```sql
 GRANT SELECT ON mytable TO "[email protected]";
@@ -231,7 +231,7 @@ system-wide (for example, for all tables in a schema):
 GRANT SELECT ON ALL TABLES IN SCHEMA public TO db_user;
 ```
 
-Or for Microsoft Entra role
+Or for Microsoft Entra ID role
 
 ```sql
 -- applies to the coordinator node and propagates to worker nodes for Azure AD role [email protected]
@@ -243,5 +243,5 @@ GRANT SELECT ON ALL TABLES IN SCHEMA public TO "[email protected]";
 
 - Learn about [authentication in Azure Cosmos DB for PostgreSQL](./concepts-authentication.md)
 - Check out [Microsoft Entra ID limits and limitations in Azure Cosmos DB for PostgreSQL](./reference-limits.md#azure-active-directory-authentication)
-- Review [Microsoft Entra fundamentals](./../../active-directory/fundamentals/active-directory-whatis.md)
+- Review [Microsoft Entra ID fundamentals](/entra/fundamentals/whatis)
 - [Learn more about SQL GRANT in PostgreSQL](https://www.postgresql.org/docs/current/sql-grant.html)