authentication posture

Author: patriciasantaana

src/content/docs/api-shield/security/authentication-posture.mdx

@@ -7,13 +7,13 @@ sidebar:
 
 ---
 
-import { GlossaryTooltip, Render, Steps } from "~/components"
+import { GlossaryTooltip, Render, Steps, Tabs, TabItem } from "~/components"
 
 Authentication Posture helps users identify authentication misconfigurations for APIs and alerts of their presence.
 
 For example, a security team member may believe that their API hosted at `/api/v1/users` and `/api/v1/orders` are guarded by the fact that only authenticated users can interact with the endpoints. However, bugs in origin API authentication policies may lead to broken authentication vulnerabilities. Authentication Posture with API Shield details the authentication status of successful requests to your API endpoints, alerting to potential misconfigurations.
 
-Consider a typical e-commerce application. Users can browse items and prices without being logged in. However, to retrieve order details with the `GET /api/v1/orders/{order_id}` endpoint, this example application requires users to log in to their account and pass the subsequent Authorization HTTP header in all requests. Cloudflare will alert via [Security Center Insights](/security-center/security-insights/) and [Endpoint Management labels](/api-shield/management-and-monitoring/endpoint-labels/) if successful requests are sent to the `GET /api/v1/orders/{order_id}` endpoint or any other endpoint without authentication when <GlossaryTooltip term="session identifier">session identifiers</GlossaryTooltip> are configured.
+Consider a typical e-commerce application. Users can browse items and prices without being logged in. However, to retrieve order details with the `GET /api/v1/orders/{order_id}` endpoint, this example application requires users to log in to their account and pass the subsequent Authorization HTTP header in all requests. Cloudflare will alert via [Security Center Insights](/security-center/security-insights/) and [Endpoint labels](/api-shield/management-and-monitoring/endpoint-labels/) if successful requests are sent to the `GET /api/v1/orders/{order_id}` endpoint or any other endpoint without authentication when <GlossaryTooltip term="session identifier">session identifiers</GlossaryTooltip> are configured.
 
 ## Process
 
@@ -23,13 +23,26 @@ After configuring [session identifiers](/api-shield/get-started/#session-identif
 
 ### Examine an endpoint's authentication details
 
-<Steps>
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **API Shield** > **Endpoint Management**.
-3. Filter Endpoint Management by the `cf-risk-missing-auth` or `cf-risk-mixed-auth` labels.
-4. Select an endpoint to see its authentication posture details on the endpoint details page.
-5. Choose between the 24-hour and 7-day view options, and note any authentication changes over time.
-</Steps>
+<Tabs syncKey="dashNewNav">
+  <TabItem label="Old dashboard">
+    <Steps>
+      1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+      2. Go to **Security** > **API Shield** > **Endpoint Management**.
+      3. Filter Endpoint Management by the `cf-risk-missing-auth` or `cf-risk-mixed-auth` labels.
+      4. Select an endpoint to see its authentication posture details on the endpoint details page.
+      5. Choose between the 24-hour and 7-day view options, and note any authentication changes over time.
+    </Steps>
+  </TabItem> 
+  <TabItem label="New dashboard" icon="rocket">
+    <Steps>
+      1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login), and select your account and domain.
+      2. Go to **Security** > **Web assets** > **Endpoints**.
+      3. Filter your endpoints by the `cf-risk-missing-auth` or `cf-risk-mixed-auth` labels.
+      4. Select an endpoint to see its authentication posture details on the endpoint details page.
+      5. Choose between the 24-hour and 7-day view options, and note any authentication changes over time.
+    </Steps>
+  </TabItem>
+</Tabs>
 
 The main authentication widget displays how many successful requests over the last seven days had session identifiers included with them, and which identifiers were included with the traffic.