Updating Azure + Ping Custom IDP docs (#1827)

## Type of change
<!-- Please be sure to add the appropriate label to your PR. -->
This PR updates two of our Custom IDP walkthroughs: PingID and Microsoft
Entra ID (formerly Azure Active Directory).

The impetus for these updates was that we changed the console URL and
updated our branding, which wasn't reflected in some screenshots in
these docs. Also, Azure AD recently rebranded which warranted some more
updates to that doc. Lastly, a customer/prospect reached out letting us
know that the Azure doc wasn't working for them, although I was able to
confirm that it works as written.

### What should this PR do?
<!-- Does this PR resolve an issue? Please include a reference to it.
-->
Resolves chainguard-dev/internal#4131

### Why are we making this change?
<!-- What larger problem does this PR address? -->
Customer interest, aligning with new brand.

### What are the acceptance criteria? 
<!-- What should be happening for this PR to be accepted? Please list
criteria. -->
<!-- Do any stakeholders need to be tagged in this review? If so, please
add them. -->

### How should this PR be tested?
<!-- What should your reviewer do to test this PR? Please list steps.
-->
Changes should look okay when rendered, doc should work as written.

Signed-off-by: Mark Drake <mark@chainguard.dev>

content/chainguard/administration/custom-idps/azure-ad/index.md → content/chainguard/administration/custom-idps/ms-entra-id/index.md

@@ -1,69 +1,70 @@
 ---
-title : "How To Integrate Azure Active Directory SSO with Chainguard"
-linktitle: "Azure Active Directory"
+title : "How To Integrate Microsoft Entra ID SSO with Chainguard"
+linktitle: "Microsoft Entra ID"
+alias:
+- /chainguard/administration/custom-idps/azure-ad/
 lead: ""
-description: "Procedural tutorial on how to register an Azure Active Directory Application"
+description: "Procedural tutorial on how to register a Microsoft Entra ID Application and integrate it with the Chainguard platform."
 type: "article"
 date: 2023-04-17T08:48:45+00:00
-lastmod: 2024-06-26T15:22:20+01:00
+lastmod: 2024-09-25T15:22:20+01:00
 draft: false
-tags: ["Chainguard Images", "Procedural"]
+tags: ["CHAINGUARD IMAGES", "PROCEDURAL"]
 images: []
 weight: 020
 ---
 
 The Chainguard platform supports Single sign-on (SSO) authentication for users. By default, users can log in with GitHub, GitLab and Google, but SSO support allows users to bring their own identity provider for authentication.
 
-This guide outlines how to create an Azure Active Directory (AD) Application and integrate it with Chainguard. After completing this guide, you'll be able to log in to Chainguard using Azure AD and will no longer be limited to the default SSO options.
+This guide outlines how to create a Microsoft Entra ID (formerly Azure Active Directory) application and integrate it with Chainguard. After completing this guide, you'll be able to log in to Chainguard using Entra ID and will no longer be limited to the default SSO options.
 
 
 ## Prerequisites
 
 To complete this guide, you will need the following.
 
 * `chainctl` installed on your system. Follow our guide on [How To Install `chainctl`](/chainguard/administration/how-to-install-chainctl/) if you don't already have this installed.
-* An Azure account you can use to set up an Active Directory Application.
+* An Azure account you can use to set up an Microsoft Entra ID application.
 
 
-## Create an Azure Active Directory Application
+## Create a Microsoft Entra ID Application
 
-To integrate the Azure AD identity provider with the Chainguard platform, log in to [Azure](https://azure.microsoft.com) and navigate to the Azure Active Directory console in the Azure portal.
+To integrate Microsoft Entra ID with the Chainguard platform, log in to [Azure](https://azure.microsoft.com). In the left-hand navigation menu, select **Microsoft Entra ID**.
 
-![Screenshot of the Azure portal's sidebar menu, with Azure Active Directory highlighted in a red circle.](aad-1.png)
+![Screenshot of Azure's left-hand navigation menu, with the "Microsoft Entra ID" option highglighted in a yellow box.](meid-0.png)
 
-There, select the **App registrations** tab and click **New registration**.
+From the Default Directory **Overview** page, click the **➕ Add** button and select **App Registration** from the dropdown menu.
 
-![Screenshot of the App registrations landing page  in the Azure Active Directory console. The App registrations tab in the left sidebar menu is highlighted in a red circle, as is the "New registration" option.](aad-2.png)
+![Screenshot of the Overview in the Azure console. The "Add" dropdown menu has been opened and the "App Registration" option is highlighted in a yellow box.](meid-1.png)
 
 In the **Register an application** screen, configure the application as follows.
 
 * **Name**: Set the username to "Chainguard" (or similar) to ensure users recognize this application is for authentication to the Chainguard platform.
 * **Supported account types**: Select the **Single tenant** option so that only your organization can use this application to authenticate to Chainguard.
 * **Redirect URI**: Set the platform to **Web** and the redirect URI to `https://issuer.enforce.dev/oauth/callback`.
 
-![Screenshot of the Register an application screen with the following settings selected: the Name is set to "chainguard"; Supported account types is set to the "Accounts in this organizational directory only (default Directory only - Single tenant)" option; and the Redirect URI is set to "Web" with "https://issuer.enforce.dev/oauth/callback" set as the URI.](aad-3-new-reg-less-wide.png)
+![Screenshot of the Register an application screen with the following settings selected: the Name is set to "chainguard"; Supported account types is set to the "Accounts in this organizational directory only (default Directory only - Single tenant)" option; and the Redirect URI is set to "Web" with "https://issuer.enforce.dev/oauth/callback" set as the URI.](meid-2.png)
 
 Save your configuration by clicking the **Register** button.
 
-Next, you can optionally set additional branding for the application by selecting the **Branding and properties** tab.
+Next, you can optionally set additional branding for the application by selecting **Branding and properties** from the **Manage** dropdown menu.
 
-There, you can set additional metadata for the application, including a Chainguard logo icon here to help your users visually identify this integration. If you'd like, you can use the icon from the [Chainguard Console](https://console.chainguard.dev/logo512.png). The console homepage is [console.chainguard.dev](https://console.chainguard.dev), and our terms of service and private statements can be found at [chainguard.dev/terms-of-service](https://www.chainguard.dev/terms-of-service) and [chainguard.dev/privacy-notice](https://www.chainguard.dev/privacy-notice), respectively.
+Here you can set additional metadata for the application, including a Chainguard logo icon here to help your users visually identify this integration. If you'd like, you can use the icon from the [Chainguard Console](https://console.chainguard.dev/logo512.png). The console homepage is [console.chainguard.dev](https://console.chainguard.dev), and our terms of service and private statements can be found at [chainguard.dev/terms-of-service](https://www.chainguard.dev/terms-of-service) and [chainguard.dev/privacy-notice](https://www.chainguard.dev/privacy-notice), respectively.
 
-![Screenshot of the Branding & properties screen with the following settings: Name is set to "Chainguard"; Logo shows the sample Linky logo uploaded; Home page URL is set to "https://console.chainguard.dev"; Terms of service URL is set to "https://www.chainguard.dev/terms-of-service"; and the Privacy statement URL is set to "https://www.chainguard.dev/privacy-notice".](aad-branding.png)
+![Screenshot of the Branding & properties screen with the following settings: Name is set to "Chainguard"; Logo shows the sample Linky logo uploaded; Home page URL is set to "https://console.chainguard.dev"; Terms of service URL is set to "https://www.chainguard.dev/terms-of-service"; and the Privacy statement URL is set to "https://www.chainguard.dev/privacy-notice".](meid-3.png)
 
-Finally, navigate to the **Certificates & secrets** tab to create a client secret to authenticate the Chainguard platform to Azure Active Directory. Select **New client secret** to add a client secret. In the resulting modal window, add a description and set an expiration date.
+Finally, navigate to the **Certificates & secrets** tab in the **Manage** dropdown to create a client secret to authenticate the Chainguard platform to Microsoft Entra ID. Select **New client secret** to add a client secret. In the resulting modal window, add a description and set an expiration date.
 
+![Screenshot showing the Certificates & secrets landing page with the Add a client secret screen opened. The "Certificates & secrets" tab is highlighted in yellow, as is the "New client secret" button.](meid-4.png)
 
-![Screenshot showing the Certificates & secrets landing page with the Add a client secret screen opened. The Certificates & secrets tab is highlighted in a red circle, as is the New client secret button.](aad-6.png)
+Finally, take note of the client secret “Value” that is created. You'll need this to configure the Chainguard platform to use this Microsoft Entra ID application.
 
-Finally, take note of the client secret “Value” that is created. You'll need this to configure the Chainguard platform to use this Azure Active Directory application.
+![Screenshot showing the "Client secrets" tab, with the Value highlighted in yellow.](meid-5.png)
 
-![Screenshot showing the client secrets tab, with the Value highlighted in a red circle.](aad-7.png)
 
+## Configuring Chainguard to use Microsoft Entra ID
 
-## Configuring Chainguard to use Azure Active Directory
-
-Now that your Azure Active Directory application is ready, you can create the custom identity provider.
+Now that your Microsoft Entra ID application is ready, you can create the custom identity provider.
 
 First, log in to Chainguard with `chainctl`, using an OIDC provider like Google, GitHub, or GitLab to bootstrap your account.
 
@@ -73,14 +74,13 @@ chainctl auth login
 
 Note that this bootstrap account can be used as a [backup account](/chainguard/administration/custom-idps/custom-idps/#backup-accounts) (that is, a backup account you can use to log in if you ever lose access to your primary account). However, if you prefer to remove this role-binding after configuring the custom IDP, you may also do so.
 
-To configure Chainguard, make a note of the following details from your Azure Active Directory application:
+To configure Chainguard, make a note of the following details from your Microsoft Entra ID application:
 
-* **Application (client) Id**: This can be found on the **Overview** tab of the Chainguard AD application.
-* **Client Secret**: You noted this down when you set up the  clientsecret in the previous step.
-* **Directory (tenant) Id**: This can also be found on the **Overview** tab of the Chainguard AD application.
+* **Application (client) Id**: This can be found on the **Overview** tab of the Chainguard application.
+* **Client Secret**: You noted this down when you set up the client secret in the previous step.
+* **Directory (tenant) Id**: This can also be found on the **Overview** tab of the Chainguard application.
 
-![Screenshot of the Azure AD Overview tab showing the Essentials information. Th
-He Application (client) ID and the Directory (tenant) ID are both highlighted in red circles.](aad-8.png)
+![Screenshot of a portion of the Overview page showing the "Essentials" information. The Application (client) ID and the Directory (tenant) ID are both highlighted in yellow boxes, though their values have been blurred.](meid-6.png)
 
 You will also need the UIDP for the Chainguard organization under which you want to install the identity provider.  Your selection won’t affect how your users authenticate but will have implications on who has permission to modify the SSO configuration.
 
@@ -101,7 +101,7 @@ Note down the `ID` value for your chosen organization.
 With this information in hand, create a new identity provider with the following commands.
 
 ```sh
-export NAME=azure-ad
+export NAME=entra-id
 export CLIENT_ID=<your application/client id here>
 export CLIENT_SECRET=<your client secret here>
 export ORG=<your organization UIDP here>
@@ -121,5 +121,4 @@ chainctl iam identity-provider create \
 
 Note the `--default-role` option. This defines the default role granted to users registering with this identity provider. This example specifies the `viewer` role, but depending on your needs you might choose `editor` or `owner`. If you don't include this option, you'll be prompted to specify the role interactively. For more information, refer to the [IAM and Security section](/chainguard/administration/custom-idps/custom-idps/#iam-and-security) of our Introduction to Custom Identity Providers in Chainguard tutorial.
 
-
 You can refer to our [Generic Integration Guide](/chainguard/administration/custom-idps/custom-idps/#generic-integration-guide) in our Introduction to Custom Identity Providers doc for more information about the `chainctl iam identity-provider create` command and its required options.

content/chainguard/administration/custom-idps/ping-id/index.md

@@ -5,7 +5,7 @@ lead: ""
 description: "Procedural tutorial on how to create a Ping Identity Application"
 type: "article"
 date: 2023-04-17T08:48:45+00:00
-lastmod: 2024-06-26T15:22:20+01:00
+lastmod: 2024-09-25T15:22:20+01:00
 draft: false
 tags: ["Chainguard Images", "Procedural"]
 images: []
@@ -27,29 +27,29 @@ To complete this guide, you will need the following.
 
 ## Create a Ping Identity Application
 
-To integrate the Ping identity provider with the Chainguard platform, [sign on to Ping Identity](https://www.pingidentity.com/en.html) and navigate to the Dashboard. Click on the **Connections** tab in the left hand sidebar menu, and then click on **Applications** in the resulting dropdown menu. From the Applications landing page, click the plus sign (**➕**) to set up a new application.
+To integrate the Ping identity provider with the Chainguard platform, [sign on to Ping Identity](https://www.pingidentity.com/en.html) and navigate to the Dashboard. Click on the **Applications** tab in the left-hand sidebar menu, and then click on **Applications** in the resulting dropdown menu. From the Applications landing page, click the plus sign (**➕**) to set up a new application.
 
-![Screenshot of the Ping Identity Dashboard, showing the applications landing page. The Applications tab in the left hand sidebar and the "add application" plus sign icon are circled in magenta.](ping-1.png)
+![Screenshot of the Ping Identity Dashboard, showing the applications landing page. The Applications tab in the left hand sidebar and the "add application" plus sign icon are highlighted in yellow.](ping-1.png)
 
 Configure the application as follows:
 
-* **Application Name**: Set a name and option description (such as "Chainguard") to ensure users recognize this application is for authentication to the Chainguard platform.
+* **Application Name**: Set a descriptive name (such as "Chainguard") and optional description to ensure users recognize this application is for authentication to the Chainguard platform.
 * **Icon**: You can optionally add a Chainguard logo icon here to help your users visually identify this integration. If you'd like, you can use the icon from the [Chainguard Console](https://console.chainguard.dev/logo512.png).
 * **Application Type**: Select **OIDC Web App**.
 
-![Screenshot showing the Add Application modal window with the following settings in place: Application Name is set to "Chainguard"; Description reads "Build it right, Build it safe, Build it fast, https://console.chainguard.dev"; the example Linky icon has been uploaded to the Icon field; and the Application Type is set to "OIDC Web App."](ping-2-add-app.png)
+![Screenshot showing the Add Application modal window with the following settings in place: Application Name is set to "Chainguard"; Description reads "Safe Source for Open Source, https://console.chainguard.dev"; the example Linky icon has been uploaded to the Icon field; and the Application Type is set to "OIDC Web App."](ping-2.png)
 
 After setting these details, click the **Save** button.
 
 Next, configure scopes for the application. In the **Overview** tab, click the **Resource Access** scope button.
 
-![Screenshot of the Overview tab, with the Resource Access scope button highlighted in a magenta circle.](ping-3.png)
+![Screenshot of the Overview tab, with the Resource Access scope button highlighted in a yellow box.](ping-3.png)
 
 Add **email** and **profile** scopes, then save.
 
 ![Screenshot of the Edit Resources modal window, showing the email and profile scopes selected.](ping-4.png)
 
-Next, configure the OIDC application. Navigate to the **Configuration** tab and click the "edit" icon.
+Next, configure the OIDC application. Navigate to the **Configuration** tab and click the pencil-shaped "edit" icon.
 
 To configure the application, add the following settings.
 
@@ -60,13 +60,13 @@ To configure the application, add the following settings.
 
 * **Redirect URIs**: Set the Redirect URI to [`https://issuer.enforce.dev/oauth/callback`](https://issuer.enforce.dev/oauth/callback).
 
-![Screenshot of the Edit Configuration modal window with the following settings: Resource type is set to "Code"; Grant type is set to "Authorization Code" (with PKCE enforcement set to "Optional"); Redirect URIs has one option set (https://issuer.enforce.dev/oauth/callback).](ping-7-edit-conf.png)
+![Screenshot of the Edit Configuration modal window with the following settings: Resource type is set to "Code"; Grant type is set to "Authorization Code" (with PKCE enforcement set to "Optional"); Redirect URIs has one option set (https://issuer.enforce.dev/oauth/callback).](ping-5.png)
 
 Click the **Save** button to save your configuration.
 
-Finally, enable the Chainguard application by toggling the knob in the top right corner.
+Finally, enable the Chainguard application by toggling the button in the top right corner.
 
-![Screenshot of the Overview tab, with the toggle button turned on. Additionally, the toggle button is highlighted with a magenta circle.](ping-8-2.png)
+![Screenshot of the Overview tab, with the toggle button turned on. The toggle button is highlighted with a yellow box.](ping-6.png)
 
 This completes configuration of the Ping application. You're now ready to configure the Chainguard platform to use it.
 
@@ -127,5 +127,4 @@ chainctl iam identity-provider create \
 
 Note the `--default-role` option. This defines the default role granted to users registering with this identity provider. This example specifies the `viewer` role, but depending on your needs you might choose `editor` or `owner`. If you don't include this option, you'll be prompted to specify the role interactively. For more information, refer to the [IAM and Security section](/chainguard/administration/custom-idps/custom-idps/#iam-and-security) of our Introduction to Custom Identity Providers in Chainguard tutorial.
 
-
 You can refer to our [Generic Integration Guide](/chainguard/administration/custom-idps/custom-idps/#generic-integration-guide) in our Introduction to Custom Identity Providers guide for more information about the `chainctl iam identity-provider create` command and its required options.