One more attempt

NataliaIvakina · web-flow · commit ad4181734e96 · 2024-08-30T14:11:28.000+02:00
diff --git a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc
@@ -132,61 +132,43 @@ image::sso-configuration-tutorials/okta-sign-on-tab.svg[title="Okta's sign-on ta
 
 This example shows how to configure Entra ID for authentication and authorization using an access token.
 
-. Assuming that you have already created and registered your SSO application in Azure, you should now configure a token in Entra ID using the *Token configuration* tab.
+. After the successful creation of your SSO application in Azure, open the *Token configuration* tab to configure a token.
+.. In the Manage section, click *Token configuration* and then *Add groups claim*.
+.. Select *Security groups* to include in your access token.
+.. Save your changes.
 
-. Next step is to go to the **Expose an API** tab and click the **Add a Scope** button. 
-+
-You need to know your Essentials located in the GUID -- Globally Unique Identifier. 
+. Next step is to open the **Expose an API** tab and click the **Add a Scope** button.
+..If you click the **Add a Scope** button for the first time, you see a new window stating that you need to add an _Application ID URI_ before proceeding
+You can find it on your app *Overview* page. 
 +
 .The GUID is used to identify specific resources or instances within Azure. You can find it on the app registration page.
 image::sso-configuration-tutorials/azure-id.svg[]
 +
-If you click the **Add a Scope** button for the first time, you see a new window stating that you need to add an _Application ID URI_ before proceeding:
-+
-[source]
-----
-api://4376dc8b-b5af-424f-9ada-c1c1b2d416b9/access-token
-----
-
-. Next fill in all mandatory fields in the panel **Add a scope** and copy your scope which will be used for _neo4j.conf_ file.
-
-. Configure Neo4j by adjusting the following settings in the _neo4j.conf_ file: 
+Click *Save and continue*.
 
-.. Set parameters to be `access_token`:
+. Fill in all mandatory fields in the window **Add a scope** and make a note of them.
+. Configure Neo4j to use Entra ID for authentication by configuring the following settings in the _neo4j.conf_ file:
 +
 [source, properties]
 ----
+# Configure the access_token
 dbms.security.oidc.azure.config=principal=unique_name;code_challenge_method=S256;token_type_principal=access_token;token_type_authentication=access_token
-----
-
-.. Add the following parameter:
-+
-[source, properties]
-----
+# Configure the OIDC token endpoint with the Directory (tenant) ID
 dbms.security.oidc.azure.token_endpoint=https://login.microsoftonline.com/54e85725-ed2a-49a4-a19e-11c8d29f9a0f/oauth2/v2.0/token
-----
-
-.. Include the issuer:
-+
-[source, properties]
-----
+# Configure the iss claim in the id token with the Directory (tenant) ID
+# Make sure you add the trailing slash (`/`) at the end of the URL, or this operation might fail.
 dbms.security.oidc.azure.issuer=https://sts.windows.net/54e85725-ed2a-49a4-a19e-11c8d29f9a0f/
+# Provide the Entra ID parameters, such as client_id, response_type, scope, etc.
+dbms.security.oidc.azure.params=client_id=4376dc8b-b5af-424f-9ada-c1c1b2d416b9;response_type=code;scope=openid profile email api://4376dc8b-b5af-424f-9ada-c1c1b2d416b9/access-token
 ----
 +
 [NOTE]
 ====
 As previously mentioned, the GUID here is also the Directory (tenant) ID.
 Make sure you add the trailing slash (`/`) at the end or this operation might fail.
-====
 
-.. Include the following statement:
-+
-[source, properties]
-----
-dbms.security.oidc.azure.params=client_id=4376dc8b-b5af-424f-9ada-c1c1b2d416b9;response_type=code;scope=openid profile email api://4376dc8b-b5af-424f-9ada-c1c1b2d416b9/access-token
-----
-+
-Note that the audience parameter for access tokens are typically set with` api://` at the front.
+The audience parameter for access tokens are typically set with` api://` at the front.
+====
 
 
 === ID token
