From 2669424da4b8bbaf9985cf51e48a4e1a1f05f42d Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Wed, 26 Feb 2025 14:21:05 +0000 Subject: [PATCH 01/29] SSO Azure requirements --- .../ROOT/pages/security/single-sign-on.adoc | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 5189c66ee..40aa8e5f4 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -6,9 +6,23 @@ label:AuraDB-Virtual-Dedicated-Cloud[] label:AuraDB-Business-Critical[] label:AuraDS-Enterprise[] +== Introduction to SSO + +Single Sign-On (SSO) enables you to use your organization’s identity provider (IDP) to authenticate users so they can access the Aura console and Aura instances. + +Neo4j Aura supports SSO authentication and authorization through Microsoft Entra and Okta identity providers (IDP). +Implementing the OpenID Connect (OIDC) identity authentication protocol. + +Neo4j Aura (as the service provider) passes the redirect URL to the identity provider (IDP). + +=== Supported identity providers + +* Entra - documentation is available at link:https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc[Entra Documentation] +* Okta - documentation available at link:https://developer.okta.com/docs/guides/oin-sso-overview/[Okta Documentation] + == SSO levels -Organization admins can configure SSO at the organization-level and project-level. +`Organization admins` and `Organization owner` roles can configure SSO at the organization-level and project-level. SSO is a log-in method. Access, roles, and permissions are dictated by role-based access control (RBAC). @@ -76,9 +90,11 @@ Support can assist with SSO configurations at instance-level including: * Custom groups claim besides `groups` * Updating SSO on already running instances -If you require support assistance, visit link:https://support.neo4j.com/[Customer Support] and raise a support ticket including the following information: +== Support +If you require support assistance, visit link:https://support.neo4j.com/[Customer Support] and raise a support ticket including the following information: . The _Project ID_ of the projects you want to use SSO for. Click on the project settings to copy the ID. . The name of your IdP + From bed6728c6540068da16fb3819d4775694d1a161a Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 10:01:46 +0000 Subject: [PATCH 02/29] Troubelshooting --- modules/ROOT/pages/security/single-sign-on.adoc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 40aa8e5f4..eac3fcd01 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -98,3 +98,10 @@ If you require support assistance, visit link:https://support.neo4j.com/[Custome . The name of your IdP +== Troubleshooting + +Troubleshooting SSO spans multiple systems such as the Aura console, Auth0, IdP, Workspace/Desktop, and Instance. + +*Correct tokens* + + From e96999319ba91a4a671a89eb62a06959ece06c2f Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 11:17:10 +0000 Subject: [PATCH 03/29] add info --- modules/ROOT/pages/security/single-sign-on.adoc | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index eac3fcd01..f5dca2f5c 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -10,15 +10,12 @@ label:AuraDS-Enterprise[] Single Sign-On (SSO) enables you to use your organization’s identity provider (IDP) to authenticate users so they can access the Aura console and Aura instances. -Neo4j Aura supports SSO authentication and authorization through Microsoft Entra and Okta identity providers (IDP). -Implementing the OpenID Connect (OIDC) identity authentication protocol. +Aura supports SSO authentication and authorization using https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc[Microsoft Entra] and link:https://developer.okta.com/docs/guides/oin-sso-overview/[Okta] as identity providers, implementing the OpenID Connect (OIDC) protocol. -Neo4j Aura (as the service provider) passes the redirect URL to the identity provider (IDP). +As the service provider, Neo4j Aura redirects authentication requests to the configured identity provider (IDP) using the OpenID Connect (OIDC) protocol. +When a user attempts to log in, Aura generates a redirect URL with authentication parameters and sends the user to the IDP for authentication. +Upon successful login, the IDP redirects the user back to Aura with a secure token, allowing Aura to establish an authenticated session. -=== Supported identity providers - -* Entra - documentation is available at link:https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc[Entra Documentation] -* Okta - documentation available at link:https://developer.okta.com/docs/guides/oin-sso-overview/[Okta Documentation] == SSO levels From a020dead1a5cd3868712b3420e9b2e44deaaf38c Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 11:26:36 +0000 Subject: [PATCH 04/29] claims --- modules/ROOT/pages/security/single-sign-on.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index f5dca2f5c..dc4fa4c2a 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -84,7 +84,7 @@ To configure role mapping for an individual instance, contact support. Support can assist with SSO configurations at instance-level including: * Role mapping specific to a database instance -* Custom groups claim besides `groups` +* link:https://auth0.com/docs/secure/tokens/json-web-tokens/create-custom-claims[Create custom claims] besides `groups` * Updating SSO on already running instances == Support From b3d2411765190b85e2efb0f8f3ce68632027d8ec Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 11:44:28 +0000 Subject: [PATCH 05/29] add info --- modules/ROOT/pages/security/single-sign-on.adoc | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index dc4fa4c2a..b48598a04 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -36,14 +36,14 @@ It *does not* give access to edit the project settings, for example to edit the Log-in methods are different for each SSO level. Administrators can configure a combination of one or more of the log-in methods. -*Organization-level supports:* +*Supported log-in methods at the organization-level:* * Email/password * Okta * Microsoft Entra ID * Google SSO (not Google Workspace SSO) -*Project-level supports:* +*Supported log-in methods at the project-level:* * User/password * Okta @@ -58,13 +58,16 @@ Accessing Aura with SSO requires: * Authorization Code Flow * A publicly accessible IdP server +Aura requires the Authorization Code Flow, an OAuth2 authentication method that involves redirecting users to an Identity Provider (IdP) for login. + To create an SSO Configuration, either a Discovery URI or a combination of Issuer, Authorization Endpoint, Token Endpoint, and JWKS URI is required. == Create a new SSO configuration From the *Organization settings*, go to *Single Sign-On* to set up a new SSO configuration. -The checkboxes *Use as a log in for the Organization* and *Use as login method for instances with projects in this Org* define whether SSO should be only on Organization level, only on Project level, or both. +The checkboxes *Use as a log in for the Organization* and *Use as login method for instances with projects in this Org* define whether SSO should be only on organization-level, only on project-level, or both. +Selecting both checkboxes means the SSO setup applies to both the organization-level and project-level. The required basic SSO configuration information can be retrieved from the IdP. Entering the Discovery URI pre-fills the fields below. @@ -76,7 +79,7 @@ image::sso.png[A screenshot of the SSO configuration,640,480] == Role mapping -Role mapping applies to all new instances in the selected project. +Role mapping applies to all new instances created within the selected project. To configure role mapping for an individual instance, contact support. == Individual instance-level @@ -99,6 +102,8 @@ If you require support assistance, visit link:https://support.neo4j.com/[Custome Troubleshooting SSO spans multiple systems such as the Aura console, Auth0, IdP, Workspace/Desktop, and Instance. -*Correct tokens* +=== Correct tokens + +Ensure that the IDP is issuing valid tokens with the correct claims required for authentication. From a1323a57ffd7f49df0f92067f212bef23a4b6606 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 11:56:27 +0000 Subject: [PATCH 06/29] add info --- modules/ROOT/pages/security/single-sign-on.adoc | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index b48598a04..8b2192839 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -49,7 +49,8 @@ Administrators can configure a combination of one or more of the log-in methods. * Okta * Microsoft Entra ID -At the project-level admins cannot disable user/password, but at the organization-level admins can disable email/password and Google SSO as long as there is at least one other custom SSO provider configured. +At the project-level, admins cannot disable user/password. +However, at the organization-level, admins can disable email/password and Google SSO as long as at least one other custom SSO provider is configured. == Setup requirements @@ -64,12 +65,12 @@ To create an SSO Configuration, either a Discovery URI or a combination of Issue == Create a new SSO configuration -From the *Organization settings*, go to *Single Sign-On* to set up a new SSO configuration. +1. From the *Organization settings*, go to *Single Sign-On* to set up a new SSO configuration. -The checkboxes *Use as a log in for the Organization* and *Use as login method for instances with projects in this Org* define whether SSO should be only on organization-level, only on project-level, or both. +2. The checkboxes *Use as a log in for the Organization* and *Use as login method for instances with projects in this Org* define whether SSO should be only on organization-level, only on project-level, or both. Selecting both checkboxes means the SSO setup applies to both the organization-level and project-level. -The required basic SSO configuration information can be retrieved from the IdP. +3. The required basic SSO configuration information can be retrieved from the IdP. Entering the Discovery URI pre-fills the fields below. If this is not known these fields can be completed manually. @@ -105,5 +106,7 @@ Troubleshooting SSO spans multiple systems such as the Aura console, Auth0, IdP, === Correct tokens Ensure that the IDP is issuing valid tokens with the correct claims required for authentication. +If authentication issues persist, verify the token contents using an online JWT decoder. +== Testing steps for pilot users From a9b4df769f38e07514cf7346b573c0bc3660afaf Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 12:06:39 +0000 Subject: [PATCH 07/29] add test sso --- modules/ROOT/pages/security/single-sign-on.adoc | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 8b2192839..360f70173 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -108,5 +108,15 @@ Troubleshooting SSO spans multiple systems such as the Aura console, Auth0, IdP, Ensure that the IDP is issuing valid tokens with the correct claims required for authentication. If authentication issues persist, verify the token contents using an online JWT decoder. -== Testing steps for pilot users +== Test SSO + +To verify that single sign-on is working: + +.Visit Neo4j Console. +.On the login page, you should see a Login with SSO button. +.Click Login with SSO to be redirected to your Identity Provider’s (IdP) login portal. +.If you are already logged in with your IdP, you will be automatically redirected back to the Aura console. +.If you are not logged in, enter your credentials to log in. +.After a successful login, you should be redirected to the Aura console. +.To confirm that SSO is active, you will see your SSO profile in the upper right hand corner of the console. From a4e2a402c880dba3a56f07a490b0b82dcc8371f3 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 15:02:06 +0000 Subject: [PATCH 08/29] wonderful edit --- .../ROOT/pages/security/single-sign-on.adoc | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 360f70173..f0f87637f 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -65,12 +65,12 @@ To create an SSO Configuration, either a Discovery URI or a combination of Issue == Create a new SSO configuration -1. From the *Organization settings*, go to *Single Sign-On* to set up a new SSO configuration. +. From the *Organization settings*, go to *Single Sign-On* to set up a new SSO configuration. -2. The checkboxes *Use as a log in for the Organization* and *Use as login method for instances with projects in this Org* define whether SSO should be only on organization-level, only on project-level, or both. +. The checkboxes *Use as a log in for the Organization* and *Use as login method for instances with projects in this Org* define whether SSO should be only on organization-level, only on project-level, or both. Selecting both checkboxes means the SSO setup applies to both the organization-level and project-level. -3. The required basic SSO configuration information can be retrieved from the IdP. +. The required basic SSO configuration information can be retrieved from the IdP. Entering the Discovery URI pre-fills the fields below. If this is not known these fields can be completed manually. @@ -112,11 +112,17 @@ If authentication issues persist, verify the token contents using an online JWT To verify that single sign-on is working: -.Visit Neo4j Console. -.On the login page, you should see a Login with SSO button. -.Click Login with SSO to be redirected to your Identity Provider’s (IdP) login portal. -.If you are already logged in with your IdP, you will be automatically redirected back to the Aura console. -.If you are not logged in, enter your credentials to log in. -.After a successful login, you should be redirected to the Aura console. -.To confirm that SSO is active, you will see your SSO profile in the upper right hand corner of the console. +. Visit Neo4j Console. + +. On the login page, you should see a Login with SSO button. + +. Click Login with SSO to be redirected to your Identity Provider’s (IdP) login portal. + +. If you are already logged in with your IdP, you will be automatically redirected back to the Aura console. + +. If you are not logged in, enter your credentials to log in. + +. After a successful login, you should be redirected to the Aura console. + +. To confirm that SSO is active, you will see your SSO profile in the upper right hand corner of the console. From ec4235a8fe006aeb0054c76777de680174de2493 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 16:36:54 +0000 Subject: [PATCH 09/29] add steps --- .../ROOT/pages/security/single-sign-on.adoc | 37 ++++++++++++++----- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index f0f87637f..11728eadf 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -108,21 +108,40 @@ Troubleshooting SSO spans multiple systems such as the Aura console, Auth0, IdP, Ensure that the IDP is issuing valid tokens with the correct claims required for authentication. If authentication issues persist, verify the token contents using an online JWT decoder. -== Test SSO +== Azure SSO configuration -To verify that single sign-on is working: +. Navigate to Azure at link:portal.azure.com[portal.azure.com] -. Visit Neo4j Console. +. Go to Microsoft Entra ID -. On the login page, you should see a Login with SSO button. +. Go to App Registrations and then New Registration -. Click Login with SSO to be redirected to your Identity Provider’s (IdP) login portal. +. Add a name for the new app registration and click Register. Skip redirect URI’s for now. -. If you are already logged in with your IdP, you will be automatically redirected back to the Aura console. +. On the app overview page, take note of the Application (client) ID. -. If you are not logged in, enter your credentials to log in. +. Click the Client Credentials link to navigate to the client credentials page. -. After a successful login, you should be redirected to the Aura console. +. Create a new secret and take note of the Value field, you won’t be able to see it again after leaving this page. -. To confirm that SSO is active, you will see your SSO profile in the upper right hand corner of the console. +. Go back to the app overview page and open the app endpoints and take note of the Open ID Connection metadata document uri +. Under Authentication on the left side nav, setup redirect urls by adding a new Web platform and adding https://login.neo4j.com/login/callback as the redirect URI. + +. Create an Azure SSO config via console. You can do this via the org settings for your org, or via the org details page under the SSO Configs tab in the Admin UI. On the SSO config create form, do the following: + +.. (Optional) Select if you want the SSO config to be applied to org logins, to specific tenants within the org, or both + +.. For IdP Type select Azure Active Directory + +.. For Client ID enter the Application (client) ID from the azure app + +.. For Client Secret enter the client secret value (not secret id) from the secret you created in the azure app + +.. For Discovery URI enter the OpenID Connect metadata document uri + +.. Configure the rest of the SSO config as you’d like + +.. Click Create + +.. To test Instance SSO, create an instance now in a tenant that has the just created SSO config linked. From ed543f742531cbb0cc2984675796ab053c1af2d6 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 16:37:08 +0000 Subject: [PATCH 10/29] add info --- modules/ROOT/pages/security/single-sign-on.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 11728eadf..4ff490eaf 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -128,7 +128,7 @@ If authentication issues persist, verify the token contents using an online JWT . Under Authentication on the left side nav, setup redirect urls by adding a new Web platform and adding https://login.neo4j.com/login/callback as the redirect URI. -. Create an Azure SSO config via console. You can do this via the org settings for your org, or via the org details page under the SSO Configs tab in the Admin UI. On the SSO config create form, do the following: +. Create an Azure SSO config via console. You can do this via the org settings for your org. On the SSO config create form, do the following: .. (Optional) Select if you want the SSO config to be applied to org logins, to specific tenants within the org, or both From e3c09cd4c6f27904dda73f24a91f02a94b01a8c2 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 16:38:48 +0000 Subject: [PATCH 11/29] edit --- .../ROOT/pages/security/single-sign-on.adoc | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 4ff490eaf..88f29c32a 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -99,15 +99,6 @@ If you require support assistance, visit link:https://support.neo4j.com/[Custome . The name of your IdP -== Troubleshooting - -Troubleshooting SSO spans multiple systems such as the Aura console, Auth0, IdP, Workspace/Desktop, and Instance. - -=== Correct tokens - -Ensure that the IDP is issuing valid tokens with the correct claims required for authentication. -If authentication issues persist, verify the token contents using an online JWT decoder. - == Azure SSO configuration . Navigate to Azure at link:portal.azure.com[portal.azure.com] @@ -145,3 +136,12 @@ If authentication issues persist, verify the token contents using an online JWT .. Click Create .. To test Instance SSO, create an instance now in a tenant that has the just created SSO config linked. + +== Troubleshooting + +Troubleshooting SSO spans multiple systems such as the Aura console, Auth0, IdP, Workspace/Desktop, and Instance. + +=== Correct tokens + +Ensure that the IDP is issuing valid tokens with the correct claims required for authentication. +If authentication issues persist, verify the token contents using an online JWT decoder. \ No newline at end of file From 9bf63f7223c062c119357ed1cd550e53fbc07a1d Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 27 Feb 2025 16:49:32 +0000 Subject: [PATCH 12/29] login link --- modules/ROOT/pages/security/single-sign-on.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 88f29c32a..32d0f0d92 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -78,6 +78,11 @@ If this is not known these fields can be completed manually. [.shadow] image::sso.png[A screenshot of the SSO configuration,640,480] +== Log-in link + +The log-in link can be found in the Aura console UI . +Users can bookmark this page for easy access. + == Role mapping Role mapping applies to all new instances created within the selected project. From 6b09fb821e1835f4e5900b401a6740e79246c820 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:41:43 +0000 Subject: [PATCH 13/29] Update single-sign-on.adoc --- modules/ROOT/pages/security/single-sign-on.adoc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 32d0f0d92..d9449d369 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -80,8 +80,7 @@ image::sso.png[A screenshot of the SSO configuration,640,480] == Log-in link -The log-in link can be found in the Aura console UI . -Users can bookmark this page for easy access. +After setting up SSO, the `Organization sso login` link can be found in the organization summary page. == Role mapping @@ -149,4 +148,4 @@ Troubleshooting SSO spans multiple systems such as the Aura console, Auth0, IdP, === Correct tokens Ensure that the IDP is issuing valid tokens with the correct claims required for authentication. -If authentication issues persist, verify the token contents using an online JWT decoder. \ No newline at end of file +If authentication issues persist, verify the token contents using an online JWT decoder. From 4c29f7524772bcb152d99ed25bb0261e7c09c392 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:45:49 +0000 Subject: [PATCH 14/29] Update single-sign-on.adoc --- modules/ROOT/pages/security/single-sign-on.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index d9449d369..0bbb18a22 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -141,7 +141,7 @@ If you require support assistance, visit link:https://support.neo4j.com/[Custome .. To test Instance SSO, create an instance now in a tenant that has the just created SSO config linked. -== Troubleshooting +== FAQ Troubleshooting SSO spans multiple systems such as the Aura console, Auth0, IdP, Workspace/Desktop, and Instance. From e8f54aed05ff6a0d53ce1749938d0c67890ae12d Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:48:29 +0000 Subject: [PATCH 15/29] Update single-sign-on.adoc --- modules/ROOT/pages/security/single-sign-on.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 0bbb18a22..49a5c38a4 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -80,7 +80,7 @@ image::sso.png[A screenshot of the SSO configuration,640,480] == Log-in link -After setting up SSO, the `Organization sso login` link can be found in the organization summary page. +After setting up SSO, the `Organization sso login` link can be found in the organization summary page in the Aura console. == Role mapping From 6cc10db93ea454133c2dbc799d206ca59d25e4ae Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:56:23 +0000 Subject: [PATCH 16/29] Update single-sign-on.adoc --- modules/ROOT/pages/security/single-sign-on.adoc | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 49a5c38a4..d5a438181 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -143,9 +143,7 @@ If you require support assistance, visit link:https://support.neo4j.com/[Custome == FAQ -Troubleshooting SSO spans multiple systems such as the Aura console, Auth0, IdP, Workspace/Desktop, and Instance. +*Can users get roles added to them in Console via Console/Organization SSO and a group to role mapping?* -=== Correct tokens +No, users must be granted the role on the org via Console invites and access management like with any other organization. -Ensure that the IDP is issuing valid tokens with the correct claims required for authentication. -If authentication issues persist, verify the token contents using an online JWT decoder. From 08352d54fc8981f4a9e73642ff9584c136edb758 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 11:00:15 +0000 Subject: [PATCH 17/29] Update single-sign-on.adoc --- modules/ROOT/pages/security/single-sign-on.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index d5a438181..5ea6722f2 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -143,7 +143,7 @@ If you require support assistance, visit link:https://support.neo4j.com/[Custome == FAQ -*Can users get roles added to them in Console via Console/Organization SSO and a group to role mapping?* +*Can users get roles added to them in Aura console via SSO and a group to role mapping?* -No, users must be granted the role on the org via Console invites and access management like with any other organization. +No, users must be granted the role on the org via Aura console invites and access management like with any other organization. From 0f3b376de69e3d8c55080bbf8ab45688dea819e5 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 11:19:18 +0000 Subject: [PATCH 18/29] Update single-sign-on.adoc --- modules/ROOT/pages/security/single-sign-on.adoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 5ea6722f2..e3d376449 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -147,3 +147,9 @@ If you require support assistance, visit link:https://support.neo4j.com/[Custome No, users must be granted the role on the org via Aura console invites and access management like with any other organization. +*Why am I unable to connect to the instance after completing the SSO login, the connection is showing as unconnected?* + +Ensure that the email field is provided on your user in Entra. If it already is, contact support for further assistance. + + + From 178a78a10224137d9864068132aeb402c7624fa5 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 11:27:15 +0000 Subject: [PATCH 19/29] Update single-sign-on.adoc --- modules/ROOT/pages/security/single-sign-on.adoc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index e3d376449..b091d0798 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -16,7 +16,6 @@ As the service provider, Neo4j Aura redirects authentication requests to the con When a user attempts to log in, Aura generates a redirect URL with authentication parameters and sends the user to the IDP for authentication. Upon successful login, the IDP redirects the user back to Aura with a secure token, allowing Aura to establish an authenticated session. - == SSO levels `Organization admins` and `Organization owner` roles can configure SSO at the organization-level and project-level. @@ -52,6 +51,10 @@ Administrators can configure a combination of one or more of the log-in methods. At the project-level, admins cannot disable user/password. However, at the organization-level, admins can disable email/password and Google SSO as long as at least one other custom SSO provider is configured. +== Pilot testing + +Keep the email/password or user/password login enabled so that if SSO fails, you can still access the Aura console and adjust the configuration. + == Setup requirements Accessing Aura with SSO requires: From cd15b339ae25c60cc45d88c79a5e4c8f1b7ac8f8 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 11:46:12 +0000 Subject: [PATCH 20/29] edit steps --- .../ROOT/pages/security/single-sign-on.adoc | 42 ++++++++++--------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index b091d0798..45d57df80 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -106,43 +106,47 @@ If you require support assistance, visit link:https://support.neo4j.com/[Custome . The name of your IdP -== Azure SSO configuration +== Azure config -. Navigate to Azure at link:portal.azure.com[portal.azure.com] +=== Azure SSO configuration -. Go to Microsoft Entra ID +. In the *Azure Portal*, go to *App Registrations* and then *New Registration*. -. Go to App Registrations and then New Registration - -. Add a name for the new app registration and click Register. Skip redirect URI’s for now. +. Add a name for the new app registration and select *Register*. +Skip redirect URI’s for now. . On the app overview page, take note of the Application (client) ID. -. Click the Client Credentials link to navigate to the client credentials page. +. Select the *Client Credentials* link to open the client credentials page. + +. Create a new secret and *copy the Value field*, it won’t be visible after leaving the page. + +. Go back to the *App Overview* page and open the *App Endpoints* and take note of the OpenID Connection metadata document URI -. Create a new secret and take note of the Value field, you won’t be able to see it again after leaving this page. +. Under *Authentication* in the left-hand navigation, setup redirect URLs: -. Go back to the app overview page and open the app endpoints and take note of the Open ID Connection metadata document uri +.. Adding a new Web platform +.. Enter `https://login.neo4j.com/login/callback` as the redirect URI. -. Under Authentication on the left side nav, setup redirect urls by adding a new Web platform and adding https://login.neo4j.com/login/callback as the redirect URI. +=== Create an Azure SSO config in the Aura console -. Create an Azure SSO config via console. You can do this via the org settings for your org. On the SSO config create form, do the following: +. Go to *Organization Settings* -.. (Optional) Select if you want the SSO config to be applied to org logins, to specific tenants within the org, or both +. Select if you want the SSO config to be applied to organization logins, to specific projects within the organization, or both -.. For IdP Type select Azure Active Directory +. For IdP Type select *Azure Active Directory* -.. For Client ID enter the Application (client) ID from the azure app +. For Client ID enter the *Application (client) ID* from the Azure app -.. For Client Secret enter the client secret value (not secret id) from the secret you created in the azure app +. For Client Secret enter the client secret value (not secret id) from the secret you created in the Azure app -.. For Discovery URI enter the OpenID Connect metadata document uri +. For Discovery URI enter the *OpenID Connect metadata document URI* -.. Configure the rest of the SSO config as you’d like +. Configure any additional settings as needed -.. Click Create +. Select *Create* -.. To test Instance SSO, create an instance now in a tenant that has the just created SSO config linked. +. To test Instance SSO, create an instance within a project that has been selected in the newly created SSO configuration. == FAQ From a7e178d93e6167e4ddf8bde30a08ba7f83cd9756 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 14:09:49 +0000 Subject: [PATCH 21/29] add testing --- modules/ROOT/pages/security/single-sign-on.adoc | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 45d57df80..d385d73dd 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -53,7 +53,17 @@ However, at the organization-level, admins can disable email/password and Google == Pilot testing -Keep the email/password or user/password login enabled so that if SSO fails, you can still access the Aura console and adjust the configuration. +*Organization-level testing* + +Keep the Email/password log-in method enabled, so that if SSO fails, you can still access the Aura console and adjust the configuration. + +Login to the Aura console with SSO. + +*Project level-testing* + +Keep the User/password login enabled, so that if SSO fails, you can still access the Aura console and adjust the configuration. + +Create a new instance in the project with SSO and login. == Setup requirements @@ -146,8 +156,6 @@ Skip redirect URI’s for now. . Select *Create* -. To test Instance SSO, create an instance within a project that has been selected in the newly created SSO configuration. - == FAQ *Can users get roles added to them in Aura console via SSO and a group to role mapping?* From 02c381cc6ef192db2c3c515cd5d83ae4cb36062e Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:04:24 +0000 Subject: [PATCH 22/29] make info up to date --- .../pages/platform/api/authentication.adoc | 33 +++++++++++++------ modules/ROOT/pages/platform/api/overview.adoc | 17 ++++++---- 2 files changed, 34 insertions(+), 16 deletions(-) diff --git a/modules/ROOT/pages/platform/api/authentication.adoc b/modules/ROOT/pages/platform/api/authentication.adoc index 80c852ca2..8036d9c18 100644 --- a/modules/ROOT/pages/platform/api/authentication.adoc +++ b/modules/ROOT/pages/platform/api/authentication.adoc @@ -6,13 +6,14 @@ The Aura API uses OAuth 2.0 for API authentication. == Creating credentials -[NOTE] -==== -Enterprise users have unrestricted access to creating API credentials. +AuraDB Virtual Dedicated Cloud users, and AuraDS Enterprise users have unrestricted access to creating API credentials. However, users with Free and Professional instances must have entered billing information or be a member of a marketplace project before they can create API credentials. -==== +API credentials are linked to the user account, inheriting its capabilities and roles. +The API credentials never expire unless you delete them. -. Navigate to the https://console.neo4j.io/#account[Neo4j Aura console Account Details page] in your browser. +To create credentials: + +. Navigate to the https://console.neo4j.io/#account[Neo4j Aura Console Account Details page] in your browser. . Select the *Create* button in the *Aura API Credentials* section. . Enter a *Client name*, and select *Create*. . Securely save the *Client ID* and *Client Secret* you are given in the resulting modal; you will need these for the next step. @@ -63,7 +64,7 @@ Authentication to the token endpoint uses HTTP Basic Authentication, where the c |=== |Parameter |Value -|grant_type +|`grant_type` |`client_credentials` |=== @@ -112,7 +113,7 @@ response = requests.request( print(response.json()) ---- -<1> `client_id` and `client_secret` must be set to the values obtained from the Aura console. +<1> `client_id` and `client_secret` must be set to the values obtained from the Aura Console. ===== ==== @@ -123,12 +124,14 @@ print(response.json()) ---- { "access_token": "", <1> - "expires_in": 3600, + "expires_in": 3600, <2> "token_type": "bearer" } ---- <1> The `access_token` returned here is what you will provide as the Bearer Token in the `Authorization` header of Aura API requests. +<2> The value of `expires_in` is the token expiration time in seconds. +Once the token expires, the application must request a new one. ==== HTTP response codes @@ -157,7 +160,17 @@ print(response.json()) |The request body is missing. |=== +=== Excessive token requests + +Excessive token requests may cause inefficiencies or rate-limiting. +You can optimize your API usage by following these steps: + +* *Retrieve the token once per hour:* As tokens remain valid for an hour, reduce the frequency of token requests and reuse the same token for multiple API calls. + +* *Implement token caching:* Store the token securely within your system to reuse it for subsequent requests during its validity period, minimizing unnecessary calls to the endpoint. + === Token expiration -If you attempt to send a request to the Aura API, authenticated using an expired access token, you will receive a 403 Forbidden response. -You will need to obtain a new token to continue using the API. +Access tokens are temporary and expire after one hour. +If you send a request to the Aura API using an expired token, you will receive a `403 Forbidden` response. +To continue using the API, you must obtain a new token using the Aura API credentials. \ No newline at end of file diff --git a/modules/ROOT/pages/platform/api/overview.adoc b/modules/ROOT/pages/platform/api/overview.adoc index 9a75e6f43..0104ea95c 100644 --- a/modules/ROOT/pages/platform/api/overview.adoc +++ b/modules/ROOT/pages/platform/api/overview.adoc @@ -2,7 +2,10 @@ = Overview :description: This page introduces the Aura API. -The Aura API allows you to programmatically perform actions on your Aura instances without the need to log in to the console. +label:AuraDB-Virtual-Dedicated-Cloud[] +label:AuraDS-Enterprise[] + +The Aura API allows you to programmatically perform actions on your Aura instances without the need to log in to the Console. A complete list of the available endpoints can be seen and tested in the link:{neo4j-docs-base-uri}/aura/platform/api/specification/[API Specification]. @@ -34,13 +37,15 @@ The following example shows how to use the base URL and versioning to make a req == Retries -In the event of `5xx` server error responses, you may consider retrying the request after a delay if it is safe to do so. The response may include a `Retry-After` header with a suggestion of a suitable minimum delay before attempting to retry. +In the event of `5xx` server error responses, you may consider retrying the request after a delay if it is safe to do so. +The response may include a `Retry-After` header with a suggestion of a suitable minimum delay before attempting to retry. -Rate limiting is set to 125 requests per minute. +The global rate limit for all requests is 125 requests per minute. -You should consider your use of the Rate Limit before attempting to retry, and we recommend using an exponential backoff delay with a limited number of retries before giving up. +You should consider your use of the rate limit before attempting to retry, and it is recommended that you use an exponential backoff delay with a limited number of retries before giving up. -A request is only guaranteed to be safe to retry if it uses an idempotent HTTP method, such as `GET`. If for example, you attempt to retry a request for creating an instance, you may end up with duplicate instances and end up being charged extra as a result. +A request is only guaranteed to be safe to retry if it uses an idempotent HTTP method, such as `GET`. +If, for example, you retry a request for creating an instance, you may end up with duplicate instances and end up being charged extra as a result. In the case of `429 Too Many Requests`, we would recommend slowing down the rate of all requests sent from your client application and consider retrying with a suitable minimum delay and backoff strategy. @@ -52,4 +57,4 @@ An `X-Request-Id` response header is returned with each request and can be used The value of this header contains a unique ID that can be used to track the journey of a request. -If you run into any issues with a particular request, you can https://support.neo4j.com/[raise a support ticket] and provide the `X-Request-Id`. +If you run into any issues with a particular request, you can https://support.neo4j.com/[raise a support ticket] and provide the `X-Request-Id`. \ No newline at end of file From df953074c9ab527b0be6e775daeb55d1f6a3dfb0 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:18:39 +0000 Subject: [PATCH 23/29] Update modules/ROOT/pages/security/single-sign-on.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/single-sign-on.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index d385d73dd..24ce12600 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -8,7 +8,7 @@ label:AuraDS-Enterprise[] == Introduction to SSO -Single Sign-On (SSO) enables you to use your organization’s identity provider (IDP) to authenticate users so they can access the Aura console and Aura instances. +Single Sign-On (SSO) enables organization owners and admins to use your organization’s identity provider (IdP) to authenticate users so they can access the Aura console and Aura instances. Aura supports SSO authentication and authorization using https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc[Microsoft Entra] and link:https://developer.okta.com/docs/guides/oin-sso-overview/[Okta] as identity providers, implementing the OpenID Connect (OIDC) protocol. From 1e454cdd7064e381acbbd9c91973510383caf5ef Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:18:44 +0000 Subject: [PATCH 24/29] Update modules/ROOT/pages/security/single-sign-on.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/single-sign-on.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 24ce12600..7b99dd7b1 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -18,7 +18,7 @@ Upon successful login, the IDP redirects the user back to Aura with a secure tok == SSO levels -`Organization admins` and `Organization owner` roles can configure SSO at the organization-level and project-level. +Users with either the `Organization admin` or the `Organization owner` role can configure SSO at both the organization-level and project-level. SSO is a log-in method. Access, roles, and permissions are dictated by role-based access control (RBAC). From 9030a8175bb0616967026fe27115f1431f0cc249 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:18:51 +0000 Subject: [PATCH 25/29] Update modules/ROOT/pages/security/single-sign-on.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/single-sign-on.adoc | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 7b99dd7b1..f83d34940 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -6,7 +6,6 @@ label:AuraDB-Virtual-Dedicated-Cloud[] label:AuraDB-Business-Critical[] label:AuraDS-Enterprise[] -== Introduction to SSO Single Sign-On (SSO) enables organization owners and admins to use your organization’s identity provider (IdP) to authenticate users so they can access the Aura console and Aura instances. From 495aa6057cf5852be2949632c4e71e0178a337a7 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:19:14 +0000 Subject: [PATCH 26/29] Update modules/ROOT/pages/security/single-sign-on.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/single-sign-on.adoc | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index f83d34940..e809e670c 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -80,7 +80,6 @@ To create an SSO Configuration, either a Discovery URI or a combination of Issue . From the *Organization settings*, go to *Single Sign-On* to set up a new SSO configuration. . The checkboxes *Use as a log in for the Organization* and *Use as login method for instances with projects in this Org* define whether SSO should be only on organization-level, only on project-level, or both. -Selecting both checkboxes means the SSO setup applies to both the organization-level and project-level. . The required basic SSO configuration information can be retrieved from the IdP. Entering the Discovery URI pre-fills the fields below. From dd16d478cab199e1bf44ba59f3d2e44d868f2ee7 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:19:24 +0000 Subject: [PATCH 27/29] Update modules/ROOT/pages/security/single-sign-on.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/single-sign-on.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index e809e670c..812bbd40c 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -136,7 +136,7 @@ Skip redirect URI’s for now. .. Adding a new Web platform .. Enter `https://login.neo4j.com/login/callback` as the redirect URI. -=== Create an Azure SSO config in the Aura console +=== Create an Azure SSO configuration in the Aura console . Go to *Organization Settings* From 3b0d8cc6a07c667cb698814ba0244d593a2814c6 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:19:31 +0000 Subject: [PATCH 28/29] Update modules/ROOT/pages/security/single-sign-on.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/single-sign-on.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index 812bbd40c..de2a36204 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -140,7 +140,7 @@ Skip redirect URI’s for now. . Go to *Organization Settings* -. Select if you want the SSO config to be applied to organization logins, to specific projects within the organization, or both +. Select if you want the SSO configuration to be applied to organization logins, to specific projects within the organization, or both. . For IdP Type select *Azure Active Directory* From 0212e6df9abb1226201b8cd726d787432a4e3d63 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:19:56 +0000 Subject: [PATCH 29/29] Update modules/ROOT/pages/security/single-sign-on.adoc Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/security/single-sign-on.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/single-sign-on.adoc b/modules/ROOT/pages/security/single-sign-on.adoc index de2a36204..614ffdcd3 100644 --- a/modules/ROOT/pages/security/single-sign-on.adoc +++ b/modules/ROOT/pages/security/single-sign-on.adoc @@ -114,7 +114,7 @@ If you require support assistance, visit link:https://support.neo4j.com/[Custome . The name of your IdP -== Azure config +== Azure configuration === Azure SSO configuration