pull base content,head:wwlpublishsync,into:79c993fc66b71b3f82a9ad2324362d640b80c7add645962ae176a6d234eb05f5-live

Author: wwlpublish

learn-pr/advocates/configure-entra-external-native-authentication/1-introduction.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.configure-entra-external-native-auth.introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: Guided project where you complete an end-to-end project by following step-by-step instructions.
+  ms.date: 04/10/2025
+  author: S2FrdQ
+  ms.author: joylynnkirui
+  ms.topic: unit
+durationInMinutes: 5
+content: |
+  [!include[](includes/1-introduction.md)]

learn-pr/advocates/configure-entra-external-native-authentication/2-create-external-tenant.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.configure-entra-external-native-auth.create-external-tenant
+title: Create an external tenant
+metadata:
+  title: Create an external tenant
+  description: Create an external tenant
+  ms.date: 04/10/2025
+  author: S2FrdQ
+  ms.author: joylynnkirui
+  ms.topic: unit
+durationInMinutes: 4
+content: |
+  [!include[](includes/2-create-external-tenant.md)]

learn-pr/advocates/configure-entra-external-native-authentication/3-enable-public-client-native-authentication-flows.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.configure-entra-external-native-auth.enable-public-client-native-authentication-flows
+title: Enable public client and native authentication flows
+metadata:
+  title: Enable public client and native authentication flows
+  description: Enable public client and native authentication flows.
+  ms.date: 04/10/2025
+  author: S2FrdQ
+  ms.author: joylynnkirui
+  ms.topic: unit
+durationInMinutes: 1
+content: |
+  [!include[](includes/3-enable-public-client-native-authentication-flows.md)]

learn-pr/advocates/configure-entra-external-native-authentication/4-prepare-app-native-authentication.yml

@@ -0,0 +1,14 @@
+### YamlMime:ModuleUnit
+uid: learn.configure-entra-external-native-auth.prepare-app-native-authentication
+title: Prepare your app for native authentication
+metadata:
+  title: Prepare your app for native authentication
+  description: Learn how to ready your app for native authentication
+  ms.date: 04/10/2025
+  author: S2FrdQ
+  ms.author: joylynnkirui
+  ms.topic: unit
+  zone_pivot_groups: mobile-os-android-ios
+durationInMinutes: 8
+content: |
+  [!include[](includes/4-prepare-app-native-authentication.md)]

learn-pr/advocates/configure-entra-external-native-authentication/5-add-mobile-app-native-authentication.yml

@@ -0,0 +1,14 @@
+### YamlMime:ModuleUnit
+uid: learn.configure-entra-external-native-auth.add-mobile-app-native-authentication
+title: Add sign-up in a mobile app using native authentication
+metadata:
+  title: Add sign-up in a mobile app using native authentication
+  description: Understand how to add user sign-up in a mobile app using native authentication.
+  ms.date: 04/10/2025
+  author: S2FrdQ
+  ms.author: joylynnkirui
+  ms.topic: unit
+  zone_pivot_groups: mobile-os-android-ios
+durationInMinutes: 17
+content: |
+  [!include[](includes/5-add-mobile-app-native-authentication.md)]

learn-pr/advocates/configure-entra-external-native-authentication/6-add-credential-mobile-app-using-native-authentication.yml

@@ -0,0 +1,14 @@
+### YamlMime:ModuleUnit
+uid: learn.configure-entra-external-native-auth.add-credential-mobile-app-using-native-authentication
+title: Add sign-in and sign out in a mobile app by using native authentication
+metadata:
+  title: Add sign-in and sign out in a mobile app by using native authentication
+  description: Learn how to configure sign-in and sign out in a mobile app by using native authentication.
+  ms.date: 04/10/2025
+  author: S2FrdQ
+  ms.author: joylynnkirui
+  ms.topic: unit
+  zone_pivot_groups: mobile-os-android-ios
+durationInMinutes: 16
+content: |
+  [!include[](includes/6-add-credential-mobile-app-using-native-authentication.md)]

learn-pr/advocates/configure-entra-external-native-authentication/7-knowledge-check.yml

@@ -0,0 +1,48 @@
+### YamlMime:ModuleUnit
+uid: learn.configure-entra-external-native-auth.knowledge-check
+title: Knowledge check
+metadata:
+  title: Knowledge check
+  description: Display your knowledge
+  ms.date: 04/10/2025
+  author: S2FrdQ
+  ms.author: joylynnkirui
+  ms.topic: unit
+durationInMinutes: 4
+content: Choose the best response for each question. 
+quiz:
+  questions:
+    - content: "What is the primary purpose of Microsoft Entra's native authentication in mobile and desktop applications?"
+      choices:
+        - content: "To provide a secure, seamless sign-in experience for users."
+          isCorrect: true
+          explanation: "The primary purpose of Microsoft Entra's native authentication is to provide a secure, seamless sign-in experience for users by allowing full control over the design and user experience of authentication within mobile and desktop applications."
+        - content: "To redirect users to a system browser for authentication."
+          isCorrect: false
+          explanation: "Redirecting users to a system browser for authentication is a characteristic of browser-delegated authentication, not native authentication."
+        - content: "To manage user interactions through a web-based solution."
+          isCorrect: false
+          explanation: "Managing user interactions through a web-based solution isn't the primary purpose of native authentication."
+    - content: "What authentication methods does native authentication in Microsoft Entra External ID support?"
+      choices:
+        - content: "Email with one-time passcode (OTP) sign-in."
+          isCorrect: true
+          explanation: "Email with one-time passcode (OTP) sign-in is supported."
+        - content: "SSL Certificate."
+          isCorrect: false
+          explanation: "SSL certificate isn't an authentication method supported by Microsoft Entra External ID."
+        - content: "Voice recognition."
+          isCorrect: false
+          explanation: "Voice recognition isn't an authentication method supported by Microsoft Entra External ID."
+    - content: "Which method is used to initiate the user sign-up process in an Android or iOS/macOS app using Microsoft Entra's native authentication? "
+      choices:
+        - content: "signUp(parameters:delegate)"
+          isCorrect: true
+          explanation: "The signUp(parameters:delegate) method is used to initiate the user sign-up process in an Android and iOS/macOS app using Microsoft Entra's native authentication."
+        - content: "signIn(parameters:delegate)"
+          isCorrect: false
+          explanation: "signIn(parameters:delegate) method is used to initiate the user sign-in process, not the sign-up process."
+        - content: "createNativeAuthPublicClientApplication()"
+          isCorrect: false
+          explanation: "The createNativeAuthPublicClientApplication() method is used to create an MSAL instance for authentication, but it doesn't initiate the sign-up process."
+    

learn-pr/advocates/configure-entra-external-native-authentication/8-summary.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.configure-entra-external-native-auth.summary
+title: Summary
+metadata:
+  title: Summary
+  description: A summary of information
+  ms.date: 04/10/2025
+  author: S2FrdQ
+  ms.author: joylynnkirui
+  ms.topic: unit
+durationInMinutes: 2
+content: |
+  [!include[](includes/8-summary.md)]

learn-pr/advocates/configure-entra-external-native-authentication/includes/1-introduction.md

@@ -0,0 +1,33 @@
+## Introduction to Native authentication in Microsoft Entra External ID
+
+Microsoft Entra's native authentication allows you to have full control over the design of your mobile and desktop application sign-in experiences. Unlike browser-based solutions, native authentication enables you to create visually appealing, pixel-perfect authentication screens that seamlessly blend into your app's interface. With this approach, you can fully customize the user interface, including design elements, logo placement, and layout, ensuring a consistent and branded look.
+
+The standard app sign-in process, which relies on browser-delegated authentication, often results in a disruptive transition during authentication. Users are temporarily redirected to a system browser for authentication, only to be brought back to the app once the sign-in is complete.
+
+## Available authentication methods
+
+Currently, native authentication supports local account identity provider for two authentications methods:
+
+- Email with one-time passcode (OTP) sign-in.
+- Email and password sign-in with support for self-service password reset (SSPR).
+
+## When to use native authentication
+
+When it comes to implementing authentication for mobile and desktop apps on External ID, you have two options:
+
+- Microsoft-hosted browser-delegated authentication.
+- Fully custom SDK based native authentication.
+
+Whether you choose native authentication or browser-delegated authentication, Microsoft Entra External ID supports both.
+
+The following table compares the two authentication methods to help you decide the right option for your app.
+
+| | **Browser-delegated authentication** | **Native authentication** |
+|---|---|---|
+| **User authentication experience** | Users are taken to a system browser or embedded browser for authentication only to be redirected back to the app when the sign-in is complete. This method is recommended if the redirection doesn't negatively affect the end user experience. | Users have a rich, native sign-up and sign-in journey without ever leaving the app. |
+| **Customization experience** | Managed [branding and customization options](/entra/external-id/customers/how-to-customize-branding-customers) are available as an out-of-the-box feature. | This API-centric approach offers a high level of customization, providing extensive flexibility in design and the ability to create tailored interactions and flows. |
+| **Applicability** | Suitable for workforce, B2B, and B2C apps, it can be used for native apps, single-page applications, and web apps. | For customer first-party apps, when the same entity operates the authorization server and the app and the user perceives them both as the same entity. |
+| **Go live effort** | Low. Use it straight out of the box. | High. The developer builds, owns, and maintains the authentication experience. |
+| **Maintenance effort** | Low. | High. For each feature that Microsoft releases, you need to update the SDK to use it. |
+| **Security** | Most secure option. | Security responsibility is shared with developers, and best practices need to be followed. It's prone to phishing attacks. |
+| **Supported languages and frameworks** | ASP.NET Core, Android (Kotlin, Java), iOS/macOS (Swift, Objective-C), JavaScript, React, Angular, Nodejs, Python, Java | Android (Kotlin, Java), iOS/macOS (Swift, Objective-C). For other languages and platforms, you can use the [native authentication API](/entra/identity-platform/reference-native-authentication-overview). |

learn-pr/advocates/configure-entra-external-native-authentication/includes/2-create-external-tenant.md

@@ -0,0 +1,19 @@
+To create a tenant within an existing Azure subscription, perform the following steps:
+
+1. In the [Microsoft Entra admin center](https://entra.microsoft.com/), browse to **Identity** > **Overview** . Then, select **Manage tenants**.
+
+    ![Screenshot of the Identity Overview page. The toolbar button titled Manage tenants is highlighted.](../media/manage-tenant.png)
+
+1. On the **Manage tenants** page, select **Create**.
+1. Select **External**, and then select **Continue**.
+
+    ![Screenshot of Choose a configuration for your tenant. The External choice group is selected.](../media/external-tenant.png)
+
+1. On the **Basics** tab, in the **Create a tenant** page, enter the following information: Type your desired **Tenant Name** (for example Woodgrove live demo). Type your desired **Domain Name** (for example woodgrovelive). Select your desired **Location**. This selection can't be changed later. Then, select **Next: Add a subscription**.
+1. On the **Add a subscription** tab, enter the following information: Next to **Subscription**, select your subscription from the menu. Next to **Resource group**, select a resource group from the menu. If there are no available resource groups, select **Create new**, add a name, and then select **OK**. If **Resource group location** appears, select the geographic location of the resource group from the menu. Then, select **Review + Create**.
+1. If the information that you entered is correct, select **Create**. The tenant creation process can take up to 30 minutes.
+1. You can monitor the progress of the tenant creation process in the **Notifications** pane. Once the tenant is created, you can access it in both the Microsoft Entra admin center and the Azure portal.
+1. Use the **Settings** icon in the top menu to **Switch** to your customer tenant you created from the **Directories + subscriptions** menu. If the tenant you created doesn't appear in the list, refresh the page (using the web browser refresh button).
+1. Browse to **Home** > **Tenant overview** to start configuring your tenant.
+
+The Microsoft Entra External ID tenant is ready to use.