From 0abf861a80c639a04d37242dee790ea3d776b693 Mon Sep 17 00:00:00 2001
From: kennyj42 <73258453+kennyj42@users.noreply.github.com>
Date: Fri, 10 Jan 2025 12:25:15 -0600
Subject: [PATCH 1/2] Update entra-id.mdx

Add callout to prevent overwriting due to incomplete PUTs
---
 .../docs/cloudflare-one/identity/idp-integration/entra-id.mdx   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
index 39e82e01503008c..c95df1093f76d41 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
+++ b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
@@ -206,7 +206,7 @@ Access and Gateway policies for an Entra group will also apply to all [nested gr
 
 ## Force user interaction during WARP reauthentication
 
-You can require users to re-enter their credentials into Entra ID whenever they [re-authenticate their WARP session](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). To configure this setting, make a [`PUT` request](/api/resources/zero_trust/subresources/identity_providers/methods/update/) and set the `prompt` parameter to either `login` or `select_account`.
+You can require users to re-enter their credentials into Entra ID whenever they [re-authenticate their WARP session](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). To configure this setting, make a [`PUT` request](/api/resources/zero_trust/subresources/identity_providers/methods/update/) and set the `prompt` parameter to either `login` or `select_account`. Note: PUT methods require that all exisiting configuration is included as part of the request body. Double check the request against a GET response for the IdP to avoid overwriting any configuration unexpectedly.
 
 ## Example API Configuration
 

From 8a96bd27d1dccb7e005f3c07cb0253e3efb86775 Mon Sep 17 00:00:00 2001
From: ranbel <101146722+ranbel@users.noreply.github.com>
Date: Mon, 13 Jan 2025 15:39:11 -0500
Subject: [PATCH 2/2] Make instructions more explicit

---
 .../identity/idp-integration/entra-id.mdx     | 34 ++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
index c95df1093f76d41..fc14569cc0eb87d 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
+++ b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
@@ -206,7 +206,39 @@ Access and Gateway policies for an Entra group will also apply to all [nested gr
 
 ## Force user interaction during WARP reauthentication
 
-You can require users to re-enter their credentials into Entra ID whenever they [re-authenticate their WARP session](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). To configure this setting, make a [`PUT` request](/api/resources/zero_trust/subresources/identity_providers/methods/update/) and set the `prompt` parameter to either `login` or `select_account`. Note: PUT methods require that all exisiting configuration is included as part of the request body. Double check the request against a GET response for the IdP to avoid overwriting any configuration unexpectedly.
+You can require users to re-enter their credentials into Entra ID whenever they [re-authenticate their WARP session](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). To configure this setting:
+1. Make a `GET` request to the [Identity Providers endpoint](/api/resources/zero_trust/subresources/identity_providers/) and copy the response for the Entra ID identity provider.
+2. [Update the Entra ID identity provider](/api/resources/zero_trust/subresources/identity_providers/methods/update/) using a `PUT` request. In the request body, include all existing configurations and set the `prompt` parameter to either `login` or `select_account`. For example,
+	```curl {17}
+	curl --request PUT \
+	https://api.cloudflare.com/client/v4/accounts/{account_id}/access/identity_providers/{identity_provider_id} \
+	--header "Authorization: Bearer <API_TOKEN>" \
+	--header "Content-Type: application/json" \
+	--data '{
+			"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+			"type": "azureAD",
+			"uid": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+			"name": "Entra ID",
+			"version": "31e74e9b4f033e16b604552091a72295",
+			"config": {
+				"azure_cloud": "default",
+				"client_id": "<CLIENT_ID>",
+				"conditional_access_enabled": false,
+				"directory_id": "<AZURE_DIRECTORY_ID>",
+				"redirect_url": "https://<TEAM_NAME>.cloudflareaccess.com/cdn-cgi/access/callback",
+				"prompt": "login",
+				"support_groups": true
+			},
+			"scim_config": {
+				"enabled": true,
+				"user_deprovision": true,
+				"seat_deprovision": false,
+				"group_member_deprovision": false,
+				"identity_update_behavior": "automatic"
+			},
+			"scim_base_url": "https://<TEAM_NAME>.cloudflareaccess.com/populations/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/scim/v2"
+	}'
+	```
 
 ## Example API Configuration