Updated Azure Active Directory to Entra ID

Microsoft have renamed Azure Active Directory to Entra ID. https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/new-name . This PR updates references to AAD to refer to Entra ID. * On each documentation page, I include `formerly Azure Active Directory` in the first non heading reference to Entra ID. This will help anyone unfaimiliar withthe name change, and will also mean the page continues to show up in search results if people search for the old name. * I didn't correct references in file names, as this would cause broken links. If we have a way of redirecting those to new urls I can look at doign that, but if not, I think it's better to leave existing links working. * There were a few references to AAD in release notes for older versions - I left these alone as the product naming was correct at the time of the release notes. * LDAP provider still has references to "Active Directory" as these reference to the on premise Active Directory, not Azure Active Directory Signed-off-by: Alex Crome <afscrome@users.noreply.github.com>
2023-10-19 21:24:47 +01:00
parent bae9015f2b
commit 243c655a68
12 changed files with 37 additions and 29 deletions
@@ -0,0 +1,7 @@
+---
+'@backstage/plugin-catalog-backend-module-msgraph': patch
+'@backstage/integration': patch
+'@backstage/plugin-auth-backend': patch
+---
+
+JSDoc and Error message updates to handle `Azure Active Directory` re-brand to `Entra ID`
@@ -456,3 +456,4 @@ Lightsail
 PR
 rebasing
 lookbehind
+Entra
@@ -1,18 +1,18 @@
-# Using AWS Application Load Balancer with Azure Active Directory to authenticate requests
+# Using AWS Application Load Balancer with Entra ID to authenticate requests

 Backstage allows offloading the responsibility of authenticating users to an AWS Application Load Balancer (**ALB**), leveraging the authentication support on ALB.
 This tutorial shows how to use authentication on an ALB sitting in front of Backstage.
-Azure Active Directory (**AAD**) is used as identity provider but any identity provider supporting OpenID Connect (OIDC) can be used.
+Entra Id (formerly Azure Active Directory) is used as identity provider but any identity provider supporting OpenID Connect (OIDC) can be used.

 It is assumed an ALB is already serving traffic in front of a Backstage instance configured to serve the frontend app from the backend.

 ## Infrastructure setup

-### AAD App
+### Entra App Registration

-The AAD App is used to execute the authentication flow, serve and refresh the identity token.
+The App Registration is used to execute the authentication flow, serve and refresh the identity token.

-Create the AAD App following the steps outlined in `Create a Microsoft App Registration in Microsoft Portal` section from the tutorial [Monorepo App Setup With Authentication][monorepo-app-setup-with-auth].
+Create the App following the steps outlined in `Create a Microsoft App Registration in Microsoft Portal` section from the tutorial [Monorepo App Setup With Authentication][monorepo-app-setup-with-auth].

 Instead of `localhost` addresses, use the following values.

@@ -27,12 +27,12 @@ In the AWS console, configure ALB Authentication:

 - Edit the ALB rule used to forward the traffic to Backstage and add a new `Authenticate` action. The action will have higher priority compared to the existing `Forward to`.
 - Select `OIDC` under `Authenticate`
- Set `Issuer` to `https://login.microsoftonline.com/{TENANT_ID}/v2.0`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the AAD App.
- Set `Authorization endpoint` to `https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/authorize`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the AAD App.
- Set `Token endpoint` to `https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the AAD App.
+- Set `Issuer` to `https://login.microsoftonline.com/{TENANT_ID}/v2.0`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the App Registration.
+- Set `Authorization endpoint` to `https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/authorize`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the App Registration.
+- Set `Token endpoint` to `https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the App Registration.
 - Set `User info endpoint` to `https://graph.microsoft.com/oidc/userinfo`
- Set `Client ID` to the AAD App `Application (client) Id`
- Set `Client secret` to the AAD APP `client secret`
+- Set `Client ID` to the App Registration `Application (client) Id`
+- Set `Client secret` to the App Registration `client secret`

 Use the following advanced settings:

@@ -41,7 +41,7 @@ Use the following advanced settings:
 - `Scope` = `openid profile offline_access`
 - `Action on unauthenticated request` = `Autenticate (client reattempt)`

-Once you've saved the action, you should see an authentication flow be triggered against AAD when visiting Backstage address at `https://backstage.yourdomain.com`. The flow will not complete successfully as the Backstage app isn't yet configured properly.
+Once you've saved the action, you should see an authentication flow be triggered against Entra ID when visiting Backstage address at `https://backstage.yourdomain.com`. The flow will not complete successfully as the Backstage app isn't yet configured properly.

 ## Backstage changes

@@ -215,11 +215,11 @@ auth:
      region: <AWS_REGION>
 ```

-Replace `<TENANT_ID>` with the value of `Directory (tenant) ID` of the AAD App and `<AWS_REGION>` with the AWS region identifier where the ALB is deployed (for example: `eu-central-1`).
+Replace `<TENANT_ID>` with the value of `Directory (tenant) ID` of the App Registration and `<AWS_REGION>` with the AWS region identifier where the ALB is deployed (for example: `eu-central-1`).

 ## Conclusion

-Once it's deployed, after going through the AAD authentication flow, Backstage should display the AAD user details.
+Once it's deployed, after going through the Entra ID authentication flow, Backstage should display the Entra user details.

 <!-- links -->

@@ -5,7 +5,7 @@ sidebar_label: Azure Easy Auth
 description: Adding Azure's EasyAuth Proxy as an authentication provider in Backstage
 ---

-The Backstage `core-plugin-api` package comes with a Microsoft authentication provider that can authenticate users using Azure Active Directory for PaaS service hosted in Azure that support Easy Auth, such as Azure App Services.
+The Backstage `core-plugin-api` package comes with a Microsoft authentication provider that can authenticate users using Microsoft Entra ID (formerly Azure Active Directory) for PaaS service hosted in Azure that support Easy Auth, such as Azure App Services.

 ## Backstage Changes

@@ -101,11 +101,11 @@ const app = createApp({

 ## Azure Configuration

-How to configure azure depends on the service you're enable AAD auth on the app service.
+How to configure azure depends on the Azure service you're using to host Backstage.

 ### Azure App Services

-To use EasyAuth with App Services, turn on Active Directory authentication
+To use EasyAuth with App Services, turn on Entra ID (formerly Azure Active Directory) authentication
 You must also enable the token store.

 The following example shows how to do this via a bicep template:
@@ -11,7 +11,7 @@ add custom providers there if needed.

 These providers are configured so your Kubernetes plugin can locate and access the
 clusters you have access to, some of them have special requirements in the third party in
-question, like Azure's Managed AAD subscription or Azure RBAC support active on the cluster.
+question, like Microsoft Entra ID (formerly Azure Active Directory) subscription or Azure RBAC support active on the cluster.

 The providers currently available are divided into server side and client side.

@@ -78,7 +78,7 @@ You get both, the cluster `url` and `caData` directly from the AWS console by go
 ### Azure

 The Azure server side authentication provider works by authenticating on the server with
-the Azure CLI, please note that [Azure AD Authentication][1] is a requirement and has to
+the Azure CLI, please note that [Microsoft Entra authentication][1] is a requirement and has to
 be enabled in your AKS cluster, then follow these steps:

 - [Install the Azure CLI][2] in the environment where the backstage application will run.
@@ -89,6 +89,6 @@ The `credentials` element is a structure with these elements:
 > Note:
 >
 > - You cannot use a service principal or managed identity for Azure DevOps Server (on-premises) organizations
-> - You can only use a service principal or managed identity for Azure AD backed Azure DevOps organizations
+> - You can only use a service principal or managed identity for Microsoft Entra ID (formerly Azure Active Directory) backed Azure DevOps organizations
 > - You can only specify one credential per host without any organizations specified
 > - The personal access token should just be provided as the raw token generated by Azure DevOps using the format `raw_token` with no base64 encoding. Formatting and base64'ing is handled by dependent libraries handling the Azure DevOps API
@@ -1,13 +1,13 @@
 ---
 id: org
-title: Microsoft Azure Active Directory Organizational Data
+title: Microsoft Entra tenantal Data
 sidebar_label: Org Data
 # prettier-ignore
-description: Importing users and groups from Microsoft Azure Active Directory into Backstage
+description: Importing users and groups from Microsoft Entra ID into Backstage
 ---

 The Backstage catalog can be set up to ingest organizational data - users and
-teams - directly from a tenant in Microsoft Azure Active Directory via the
+teams - directly from a tenant in Microsoft Entra ID via the
 Microsoft Graph API.

 ## Installation
@@ -205,7 +205,7 @@ export async function myGroupTransformer(
      annotations: {},
    },
    spec: {
-      type: 'aad',
+      type: 'Microsoft Entra ID',
      children: [],
    },
  };
@@ -219,7 +219,7 @@ export async function myUserTransformer(
  const backstageUser = await defaultUserTransformer(graphUser, userPhoto);

  if (backstageUser) {
-    backstageUser.metadata.description = 'Loaded from Azure Active Directory';
+    backstageUser.metadata.description = 'Loaded from Microsoft Entra ID';
  }

  return backstageUser;
@@ -90,7 +90,7 @@ export type AzureCredentialBase = {
 export type AzureClientSecretCredential = AzureCredentialBase & {
  kind: 'ClientSecret';
  /**
-   * The Azure Active Directory tenant
+   * The Entra ID tenant
   */
  tenantId: string;
  /**
@@ -256,7 +256,7 @@ describe('easyAuth factory', () => {
    });

    expect(() => factory({} as any)).toThrow(
-      'Authentication provider is not Azure Active Directory',
+      'Authentication provider is not Entra ID',
    );
  });

@@ -185,7 +185,7 @@ function validateAppServiceConfiguration(env: NodeJS.ProcessEnv) {
  if (
    env.WEBSITE_AUTH_DEFAULT_PROVIDER?.toLowerCase() !== 'azureactivedirectory'
  ) {
-    throw new Error('Authentication provider is not Azure Active Directory');
+    throw new Error('Authentication provider is not Entra ID');
  }
  if (process.env.WEBSITE_AUTH_TOKEN_STORE?.toLowerCase() !== 'true') {
    throw new Error('Token Store is not enabled');
@@ -2,7 +2,7 @@

 This is an extension module to the `plugin-catalog-backend` plugin, providing a `MicrosoftGraphOrgEntityProvider`
 that can be used to ingest organization data from the Microsoft Graph API.
-This provider is useful if you want to import users and groups from Azure Active Directory or Office 365.
+This provider is useful if you want to import users and groups from Entra Id (formerly Azure Active Directory) or Office 365.

 ## Getting Started

@@ -69,7 +69,7 @@ export type GroupMember =

 /**
 * A HTTP Client that communicates with Microsoft Graph API.
- * Simplify Authentication and API calls to get `User` and `Group` from Azure Active Directory
+ * Simplify Authentication and API calls to get `User` and `Group` from Microsoft Graph
 *
 * Uses `msal-node` for authentication
 *