Improve a few steps configuring SSO on Azure

modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc

@@ -132,29 +132,49 @@ image::sso-configuration-tutorials/okta-sign-on-tab.svg[title="Okta's sign-on ta
 
 This example shows how to configure Entra ID for authentication and authorization using an access token.
 
-. Set parameters to be `access_token`:
+. It is assumed that you have already created and registered your SSO application in Azure.
+
+. Configure a token by navigating to the **Token configuration** tab.
+
+. To configure Neo4j, you need to know your Essentials.
+You can find them in the GUID -- Globally Unique Identifier. 
++
+[NOTE]
+====
+The GUID is used to identify specific resources or instances within Azure.
+You can find it on the app registration page:
+
+image::sso-configuration-tutorials/azure-id.svg[]
+====
+
+. In Microsoft Entra ID, go to the **Expose an API** tab and click the **Add a Scope** button. 
++
+If you click this button for the first time, you see a new window stating that you need to add an _Application ID URI_ before proceeding:
++
+[source]
+----
+api://4376dc8b-b5af-424f-9ada-c1c1b2d416b9/access-token
+----
+
+. Next fill in all mandatory fields in the panel **Add a scope** and copy your scope which will be used for _neo4j.conf_ file.
+
+. Configure Neo4j by adjusting the following settings in the _neo4j.conf_ file: 
+
+.. Set parameters to be `access_token`:
 +
 [source, properties]
 ----
 dbms.security.oidc.azure.config=principal=unique_name;code_challenge_method=S256;token_type_principal=access_token;token_type_authentication=access_token
 ----
 
-. Add the following parameter:
+.. Add the following parameter:
 +
 [source, properties]
 ----
 dbms.security.oidc.azure.token_endpoint=https://login.microsoftonline.com/54e85725-ed2a-49a4-a19e-11c8d29f9a0f/oauth2/v2.0/token
 ----
-+
-[NOTE]
-====
-The GUID is the directory (tenant) ID.
-You can find it on the app registration page:
-
-image::sso-configuration-tutorials/azure-id.svg[]
-====
 
-. Include the issuer:
+.. Include the issuer:
 +
 [source, properties]
 ----
@@ -163,20 +183,20 @@ dbms.security.oidc.azure.issuer=https://sts.windows.net/54e85725-ed2a-49a4-a19e-
 +
 [NOTE]
 ====
-As previously mentioned, the GUID here is also the directory (tenant) ID.
+As previously mentioned, the GUID here is also the Directory (tenant) ID.
 Make sure you add the trailing slash (`/`) at the end or this operation might fail.
 ====
 
-. Go to the "Expose an API" tab and click "Add a Scope" to include the following statement:
+.. Include the following statement:
 +
 [source, properties]
 ----
 dbms.security.oidc.azure.params=client_id=4376dc8b-b5af-424f-9ada-c1c1b2d416b9;response_type=code;scope=openid profile email api://4376dc8b-b5af-424f-9ada-c1c1b2d416b9/access-token
 ----
-
-. Add the value in the scope column to the scopes in the configuration.
++
 Note that the audience parameter for access tokens are typically set with` api://` at the front.
 
+
 === ID token
 
 This example shows how to configure Entra ID for authentication and authorization using ID tokens.