RHIDP-7833 Follow more logical user flow for authenticating with Azure

[themr0c]

Reorganize the content in a more logical way, for consistency with #1224 (consistent user flow, consistent formatting and sentences).

IMPORTANT: Do Not Merge - To be merged by Docs Team Only

Version(s): 1.7

Issue:
https://issues.redhat.com/browse/RHIDP-7833
https://issues.redhat.com/browse/RHIDP-7636

Preview: https://redhat-developer.github.io/red-hat-developers-documentation-rhdh/pr-1227/authentication/#enabling-user-authentication-with-microsoft-azure

[rhdh-bot]

Updated preview: https://redhat-developer.github.io/red-hat-developers-documentation-rhdh/pr-1227/ @ 07/04/25 12:12:09

[kim-tsao]

I think we need to specify two apps; one for auth and one for msgraph. The app for msgraph requires application level permissions only. See upstream docs. I will discuss this in the team call tomorrow and get back to you.

[themr0c]

@kim-tsao What would be the reason for two separate apps? Security and separation of concerns? Drawback for the user will be more complexity (set up two apps rather than one), I'd like to avoid it if it is not necessary.

[JessicaJHee]

@kim-tsao What would be the reason for two separate apps? Security and separation of concerns? Drawback for the user will be more complexity (set up two apps rather than one), I'd like to avoid it if it is not necessary.

@themr0c we looked into this further and found that one app is enough. When the user signs in through the authentication flow, they are provided an access token ONLY with delegated permissions, while the backend catalog plugin will have the granted application permissions. So we are good to use one app as long as the delegated/application permissions are set up correctly.

[themr0c]

@JessicaJHee @kim-tsao can you formally put your seal of approval?

[JessicaJHee]

lgtm, thank you @themr0c for all your work!

[Gerry-Forde]

Looks good to me.