Skip to content

Commit 8eac846

Browse files
NataliaIvakinaNataliaIvakina
committed
Rewrite the instructions
1 parent fb893f8 commit 8eac846

File tree

1 file changed

+33
-25
lines changed

1 file changed

+33
-25
lines changed

modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc

Lines changed: 33 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -132,29 +132,49 @@ image::sso-configuration-tutorials/okta-sign-on-tab.svg[title="Okta's sign-on ta
132132

133133
This example shows how to configure Entra ID for authentication and authorization using an access token.
134134

135-
. Set parameters to be `access_token`:
135+
. It is assumed that you have already created and registered your SSO application in Azure.
136+
137+
. Configure a token by navigating to the **Token configuration** tab.
138+
139+
. To configure Neo4j, you need to know your Essentials.
140+
You can find them in the GUID -- Globally Unique Identifier.
141+
+
142+
[NOTE]
143+
====
144+
The GUID is used to identify specific resources or instances within Azure.
145+
You can find it on the app registration page:
146+
147+
image::sso-configuration-tutorials/azure-id.svg[]
148+
====
149+
150+
. In Microsoft Entra ID, go to the **Expose an API** tab and click the **Add a Scope** button.
151+
+
152+
If you click this button for the first time, you see a new window stating that you need to add an _Application ID URI_ before proceeding:
153+
+
154+
[source]
155+
----
156+
api://4376dc8b-b5af-424f-9ada-c1c1b2d416b9/access-token
157+
----
158+
159+
. Next fill in all mandatory fields in the panel **Add a scope** and copy your scope which will be used for _neo4j.conf_ file.
160+
161+
. Configure Neo4j by adjusting the following settings in the _neo4j.conf_ file:
162+
163+
.. Set parameters to be `access_token`:
136164
+
137165
[source, properties]
138166
----
139167
dbms.security.oidc.azure.config=principal=unique_name;code_challenge_method=S256;token_type_principal=access_token;token_type_authentication=access_token
140168
----
141169

142-
. Add the following parameter:
170+
.. Add the following parameter:
143171
+
144172
[source, properties]
145173
----
146174
dbms.security.oidc.azure.token_endpoint=https://login.microsoftonline.com/54e85725-ed2a-49a4-a19e-11c8d29f9a0f/oauth2/v2.0/token
147175
----
148-
+
149-
[NOTE]
150-
====
151-
The GUID is the directory (tenant) ID.
152-
You can find it on the app registration page:
153-
154-
image::sso-configuration-tutorials/azure-id.svg[]
155-
====
156176

157-
. Include the issuer:
177+
.. Include the issuer:
158178
+
159179
[source, properties]
160180
----
@@ -163,23 +183,11 @@ dbms.security.oidc.azure.issuer=https://sts.windows.net/54e85725-ed2a-49a4-a19e-
163183
+
164184
[NOTE]
165185
====
166-
As previously mentioned, the GUID here is also the directory (tenant) ID.
186+
As previously mentioned, the GUID here is also the Directory (tenant) ID.
167187
Make sure you add the trailing slash (`/`) at the end or this operation might fail.
168188
====
169189

170-
. Go to the "Expose an API" tab and click the "Add a Scope" button.
171-
+
172-
If you click this button for the first time, you see a new window stating that you need to add an _Application ID URI_ before proceeding:
173-
+
174-
[source]
175-
----
176-
api://4376dc8b-b5af-424f-9ada-c1c1b2d416b9/access-token
177-
----
178-
179-
. Next fill in all mandatory fields in the panel _Add a scope_.
180-
181-
. Copy your scope which will be used for _neo4j.conf_ file.
182-
Include the following statement:
190+
.. Include the following statement:
183191
+
184192
[source, properties]
185193
----

0 commit comments

Comments
 (0)