AgentCore Identity: Entra ID inbound Auth. Gave clarity to the variables customers need to save from Entra and use for configuration

03-integrations/IDP-examples/EntraID/Step_by_Step_Entra_ID_for_Inbound_Auth.ipynb

@@ -91,16 +91,37 @@
     "### Step 2: Setup Application\n",
     "1. Go to portal.azure.com and search for \"EntraID\" in the search bar at the top of the screen\n",
     "<img src=\"images/entraid.jpg\" width=\"75%\">\n",
+    "\n",
     "2. Got to manage --> App Registrations\n",
+    "\n",
     "<img src=\"images/app.registration.png\" width=\"75%\">\n",
+    "\n",
     "3. Click \"New Registration\" and fill in the details. Make sure you select the multi tenant option\n",
     "- Use \"https://bedrock-agentcore.us-west-2.amazonaws.com/identities/oauth2/callback\" or \"https://bedrock-agentcore.us-east-1.amazonaws.com/identities/oauth2/callback\" as the redirect URL depending on which regiion you will have your agent running.\n",
+    "\n",
     "<img src=\"images/app.registration.form.png\" width=\"75%\">\n",
-    "4. Create a client secret. Copy the client secret and client ID for use in AgentCore.\n",
-    "<img src=\"images/gather.client.info.png\" width=\"75%\">\n",
-    "5. Create SCopes for OAuth. Go to Expose an API --> Add Scope. Copy and save full scope. \n",
+    "\n",
+    "4. In **Certificates and secrets**, create a new secret. Copy the secret value (this is {client_secret})\n",
+    "\n",
+    "Go back to Overview and copy the following:\n",
+    "\n",
+    "- Application (client) ID: this is {client_id}\n",
+    "- Directory (tenant) ID: this is {tenant_id}\n",
+    "\n",
+    "These values will be used in configuring AgentCore Identity later.\n",
+    "\n",
+    "<img src=\"images/app-client-values.png\" width=\"75%\">\n",
+    "\n",
+    "5. Create Scopes for OAuth. Go to Expose an API → Add Scope. For this sample we will create a Read scope. You can give it your preferred name too, or even create other scopes for different use cases.\n",
+    "\n",
+    "Copy and save full scope under Scope name (*api://{tenant id}/{scope}*). This will be your {scopes}\n",
+    "\n",
+    "Copy the Application ID URI. This will be your {app_id_uri}\n",
+    "\n",
     "<img src=\"images/expose.api.png\" width=\"75%\">\n",
+    "\n",
     "6. Enable decice code flow.\n",
+    "\n",
     "<img src=\"images/device.code.flow.png\" width=\"75%\"/>"
    ]
   },
@@ -159,7 +180,7 @@
    "metadata": {},
    "source": [
     "#### Setting environment variables for some key information we will need throughout this notebook. \n",
-    "Please note that the audience will be same as the \"Application ID URI\" from Step 2.5 above."
+    "Configure the following environment variables with the values you saved previously in the Entra ID set up"
    ]
   },
   {
@@ -169,11 +190,11 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "#os.environ[\"client_id\"] = \"73XXXXXX-CCCC-VVVV-BBBB-NNNNNN1645b6\" # Replace with your client ID\n",
-    "#os.environ[\"secret\"] = \"bft8Q~XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_ccFb\" # Replace with your secret\n",
-    "#os.environ[\"scope\"] = \"openid profile https://graph.microsoft.com/Notes.ReadWrite.All https://graph.microsoft.com/Notes.Create\" # Replace with your scope\n",
-    "#os.environ[\"tenant_id\"] = \"bc244f8c-CCCC-VVVV-BBBB-aa7ab5df1f19\"\n",
-    "#os.environ[\"audience\"] = \"https://graph.microsoft.com\""
+    "os.environ[\"client_id\"] = \"aaa-bbbb-cccc-ddd\" # your {client_id}\n",
+    "os.environ[\"secret\"] = \"ABC~DEF~123_fid9X_xxx.yyyy\" # your {client_secret}\n",
+    "os.environ[\"scope\"] = \"api://abcd-efgh-132134-isdffs/<scope>\" # your {scope}, should look liie api://abcd-efgh-132134-isdffs/read\n",
+    "os.environ[\"tenant_id\"] = \"d1234-vbdksodf-23r43-121\" # your {tenant_id}\n",
+    "os.environ[\"audience\"] = \"api://abcd-efgh-132134-isdffs\" # your {app_id_uri}"
    ]
   },
   {

CONTRIBUTORS.md

@@ -53,3 +53,4 @@
 - sunkavar
 - joseanavarrom
 - spencer-zepelin
+- yingtingng