Formatting and other

Author: sofietoft

umbraco-cloud/SUMMARY.md

@@ -18,9 +18,9 @@
   * [Migrate to Umbraco Cloud](begin-your-cloud-journey/creating-a-cloud-project/migrate-to-umbraco-cloud.md)
   * [Baselines](begin-your-cloud-journey/creating-a-cloud-project/baselines.md)
 * [The Cloud Portal](begin-your-cloud-journey/the-cloud-portal/README.md)
-  * [Organizations](begin-your-cloud-journey/the-cloud-portal/organizations.md)
+  * [Organizations](begin-your-cloud-journey/the-cloud-portal/organizations/README.md)
+    * [Organization Login Providers](begin-your-cloud-journey/the-cloud-portal/organizations/organization-login-providers.md)
   * [Payments](begin-your-cloud-journey/the-cloud-portal/payments.md)
-  * [External Login Providers](begin-your-cloud-journey/the-cloud-portal/login-providers/README.md)
 * [Project Features](begin-your-cloud-journey/project-features/README.md)
   * [Environments](begin-your-cloud-journey/project-features/environments.md)
   * [Flexible Environments](begin-your-cloud-journey/project-features/flexible-environments.md)

umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations.md renamed to umbraco-cloud/begin-your-cloud-journey/the-cloud-portal/organizations/README.md

@@ -1,15 +1,23 @@
+---
+description: Learn how to configure and use external login providers via your Umbraco Cloud organization.
+---
+
 # Organization Login Providers
 
 {% hint style="info" %}
+
 **Beta feature**. Help us improve the feature by [reporting feedback](mailto:[email protected]).
+
 {% endhint %}
 
 The External Login Providers feature in Umbraco Cloud allows you to integrate third-party authentication systems to manage Portal user logins securely and efficiently. This functionality is especially useful for teams that want to simplify login management or use their existing identity systems.
 
 Using OpenID Connect, Umbraco Cloud supports external login providers such as Microsoft Entra ID, Auth0, Google, and so on. This feature helps administrators manage backoffice access, assign user roles, and improve security.
 
 {% hint style="info" %}
+
 This is exclusively for Cloud Portal access and access to Project features only available within the portal. [You can see how to set up External Login Providers for the Backoffice on Cloud Projects in this article](../../../project-features/external-login-providers.md).
+
 {% endhint %}
 
 ## External Login Providers
@@ -27,6 +35,7 @@ This guide shows you how to set up and configure external login providers for th
 
 {% tabs %}
 {% tab title="Microsoft Entra ID" %}
+
 1. Access the Microsoft Azure Portal.
 2. Locate the Microsoft Entra ID and enter your tenant.
 3. Select **Add**.
@@ -50,13 +59,15 @@ Locate and note down the following keys:
 * **Secret ID** - needs to be generated on the **Certificates & Secrets** page.
 
 {% hint style="info" %}
-### Enterprise or custom setup
+**Enterprise or custom setup**
 
 If you're working with an enterprise or a custom setup, ensure the email claim is included in the ID token configuration.
 {% endhint %}
+
 {% endtab %}
 
 {% tab title="Auth0" %}
+
 1. Access your Auth0 dashboard.
 2. Navigate to **Applications**.
 3. Select **Create Application**.
@@ -66,12 +77,14 @@ If you're working with an enterprise or a custom setup, ensure the email claim i
 4. Give the application a name and select **Regular Web Application**.
 5. Go to the **Settings** section.
 6. Identify and note down the following keys:
-   1. **Domain URL** (Authority URL)
-   2. **Client Id**
-   3. **Client Secret**
+   * **Domain URL** (Authority URL)
+   * **Client Id**
+   * **Client Secret**
+
 {% endtab %}
 
 {% tab title="Google Authentication" %}
+
 1. Access the Google Developer Console.
 2. Select **Create Project** and give it a name.
 3. Go to the **OAuth consent screen** page.
@@ -90,22 +103,24 @@ Before you move on, take note of the following keys:
 * **Client ID** (generated through the steps above)
 * **Client Secret** (generated through the steps above)
 * **Authority URL** (`https://accounts.google.com`)
+
 {% endtab %}
 {% endtabs %}
 
 Once you have the keys from your login provider, you need to follow the next steps in the Umbraco Cloud Portal.
 
 Keep the configuration for your login provider open, as you will come back to it later in the guide.
+
 ### Register the login provider in the Cloud Portal
 
 1. Access the Umbraco Cloud Portal.
 2. Navigate to your Organization
-2. Navigate to **External Login Providers** page under the **Login Provider** section.
+3. Navigate to **External Login Providers** page under the **Login Provider** section.
 
 <figure><img src="../../../.gitbook/assets/organization-external-login-provider.png" alt=""><figcaption></figcaption></figure>
 
-3. Select **Add Configuration**.
-4. Fill out the fields.
+4. Select **Add Configuration**.
+5. Fill out the fields.
    - [Learn how to fill out the form](#how-to-fill-in-the-external-login-provider-configuration).
 
 <figure><img src="../../../.gitbook/assets/organization-external-login-provider-configuration.png" alt=""><figcaption></figcaption></figure>
@@ -118,81 +133,88 @@ Keep the configuration for your login provider open, as you will come back to it
 
 {% tabs %}
 {% tab title="Microsoft Entra ID" %}
-1) Click on **Authentication**.
-2) Select **Add a platform**.
-3) Select **Web** and add the Redirect URI.
-4) Add more Redirects URIs if needed.
-5) Under **Implicit grant and hybrid flows** check the following options:
-   1. Access Tokens (used for implicit flows)
-   2. ID tokens (used for implicit and hybrid flows)
-6) Click **Configure** to complete the configuration.
+
+1. Click on **Authentication**.
+2. Select **Add a platform**.
+3. Select **Web** and add the Redirect URI.
+4. Add more Redirects URIs if needed.
+5. Under **Implicit grant and hybrid flows** check the following options:
+   * Access Tokens (used for implicit flows)
+   * ID tokens (used for implicit and hybrid flows)
+6. Click **Configure** to complete the configuration.
 
 
 {% endtab %}
 
 {% tab title="Auth0" %}
+
 1. Navigate to the **Settings** section.
 2. Scroll down to find the **Application URIs**.
 3. Add the Redirect URI to the **Allowed Callback URLs**.
 4. Also add the Redirect URI to the **Allowed Logout URLs**
 
 ![Add the Redirect URI to the Allowed Callback URLs](../../../.gitbook/assets/auth0-portal-callback.png)
 
-13. Add more Redirect URIs if needed.
+5. Add more Redirect URIs if needed.
+
 {% endtab %}
 
 {% tab title="Google Authentication" %}
+
 1. Open the **Credentials** created earlier through this guide.
 2. Select **Add URI**.
 3. Add the Redirect URI.
 4. Click **Save** to complete the configuration.
+
 {% endtab %}
 {% endtabs %}
 
-### How to fill in the External Login Provider Configuration
+## How to fill in the External Login Provider Configuration
+
 Learn about what type of data and information you need for each field in the configuration form.
 
-**Display Name**
+### Display Name
 
 A Friendly name for the Login Provider
 
-**Alias (required)** 
+### Alias (required)
 
 A unique alias for the provider in the Organization. 
 Use only lower-case. 
 Spaces are not allowed. 
 
-**Client Id (required)** 
+### Client Id (required)
 
 A unique Client ID generated in the external login provider.Entra ID: Guid<br>Auth0: Random characters<br>Google: <code>{randomchars}.apps.googleusercontent.com</code>
 
 
-**Client Secret (required)** 
+### Client Secret (required)
 
 A secret that is generated in the External Login Provider and is associated with the Client Id.
 
 
-**Authority (required)** 
+### Authority (required)
 
 The URL for the External Login Provider. This can be found in the External Login Provider.
 
+Entra ID: `https://login.microsoftonline.com/&#x3C;Directory (tenant)>`
+Auth0: `https://{accountId}.uk.auth0.com`
+Google: `https://accounts.google.com`
 
-Entra ID: <code>https://login.microsoftonline.com/&#x3C;Directory (tenant)></code><br>Auth0: <code>https://{accountId}.uk.auth0.com</code><br>Google: <code>https://accounts.google.com</code>
 
-
-**Metadata Address**
+### Metadata Address
 
 If you need a special metadata address for your External Login Provider, you can set it here. By default, the system will resolve the metadata address from the Authority Url, which is why this property is optional.
 
-A common scenario for using a special metadata address is when working with Entra ID and configuring claims mapping. In this case, you must set the metadata address to the following:<code>https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration?appid={client-id}</code>
+A common scenario for using a special metadata address is when working with Entra ID and configuring claims mapping. In this case, you must set the metadata address to the following: `https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration?appid={client-id}`.
 
-**User Mapping Claim Name**
+### User Mapping Claim Name
 
 Your provider may assign users to specific roles (For example: Admin, Editor, Viewer).<br><br>The <strong>User Mapping Claim Name</strong> is the field in the authentication token (claim) that identifies these roles. The system reads this claim to determine a user’s permissions.
 
-Example: If the roles claim is called <code>user_roles</code> in your provider, you set the <strong>User Mapping Claim Name</strong> to <code>user_roles</code>.
+Example: If the roles claim is called `user_roles` in your provider, you set the **User Mapping Claim Name** to `user_roles`.
 
-### Signing in using the Login Provider
+## Signing in using the Login Provider
 
 When trying to access Umbraco Cloud Portal through `s1.umbraco.io` you will still be greeted by an Umbraco ID sign in screen. 
 
@@ -218,30 +240,37 @@ When setting up a Project Permission first select a Project in the left side of
 
 
 The modal has the following fields:
+
 - Default Access Level (required)
 - No Claim Found Behavior (required)
 - User Mapping Claim Name
 - Project User Mappings
   - Consists of two fields: "Provider Role Value" and "Project Access Level"
 
-### How to fill in the Project Permissions
+## How to fill in the Project Permissions
 
-**Default Access Level**
+### Default Access Level
 
 Select the level of access you want users signing in with the External Login Provider to get for this Project.
+
 The dropdown has two possible permissions:
+
 - Read Only
 - Read and Write
 
 
-**Read:** A team member with Read permissions can only view the project in the portal as well as the backoffices. They are not able to deploy or change anything on the project itself.
+#### Read
+
+A team member with Read permissions can only view the project in the portal as well as the backoffices. They are not able to deploy or change anything on the project itself.
+
+#### Read And Write
 
-**Read And Write:** A team member with Write permissions can do everything on a project except delete it and edit the team. A user with Write permissions can deploy changes between environments through the portal.
+A team member with Write permissions can do everything on a project except delete it and edit the team. A user with Write permissions can deploy changes between environments through the portal.
 
 This value is meant to be a fallback value and can be overwritten by "Project User Mappings" setting.
 If there are no Mappings available for the user the "No Claim Found Behavior" setting will evaluate if this fallback Permissions is used or "NoAccess".
 
-**No Claim Found Behavior**
+### No Claim Found Behavior
 
 Use this setting for more fine grained control.
 This will allow you to use the Role Claim in you Login Provider to assign Permissions to your users.
@@ -253,11 +282,11 @@ The setting has two Settings:
 When `NoAccess` is selected it will block the users access to the Project if they do not have the correct Role assigned. 
 Using the "Use Default Access Level"-option, all users in your Login Provider will automatic get the permission you selected in "Default Access Level". Unless they have a hit on the Project User Mappings.
 
-**User Mapping Claim Name**
+### User Mapping Claim Name
 
 Enter the name of your providers default or custom Role claim name. This is if you want to override the one already entered in the Login Provider configuration.
 
-**Project User Mappings**
+### Project User Mappings
 
 Here you can set up a mapping between the Provider Role Value (a role coming from your external login provider) and a Project Permission Level in the portal.