Merge pull request #3621 from MicrosoftDocs/portals-2069325

Portals auth update - 2069325

Author: tapanm-MSFT

powerapps-docs/maker/portals/configure/configure-openid-provider.md

@@ -76,7 +76,7 @@ To configure OpenID Connect provider:
     | Client ID | The ID of the application created with the identity provider and to be used with the portal. |
     | Redirect URL | The ___location where the identity provider will send the authentication response. <br> Example: `https://contoso-portal.powerappsportals.com/signin-openid_1` <br> **Note**: If you're using the default portal URL, you can copy and paste the **Reply URL** as shown in *Create and configure OpenID Connect provider* settings. If you're using a custom ___domain name, enter the URL manually. However, ensure that the value enter here is exactly the same as the **Redirect URI** value for the application in the identity provider configuration (such as Azure portal). |
     | Metadata address | The discovery endpoint for obtaining metadata. Common format: [Authority URL]/.well-known/openid-configuration. <br> Example (Azure AD) : `https://login.microsoftonline.com/7e6ea6c7-a751-4b0d-bbb0-8cf17fe85dbb/v2.0/.well-known/openid-configuration` |
-    | Scope | A space-separated list of scopes to request via the OpenID Connect scope parameter. <br> Default value: `openid` <br> Example: `openid profile email` |
+    | Scope | A space-separated list of scopes to request via the OpenID Connect scope parameter. <br> Default value: `openid` <br> Example (Azure AD) : `openid profile email` <br> More information: [Configure additional claims when using OpenID Connect for portals with Azure AD](configure-openid-settings.md#configure-additional-claims) |
     | Response type | The value for the OpenID Connect 'response_type' parameter. <br> Possible values: <ul> <li> `code` </li> <li> `code id_token` </li><li> `id_token` </li><li> `id_token token` </li><li> `code id_token token` </li> </ul> <br> Default: `code id_token` |
     | Client secret | The client secret value from the provider application. It may also be referred to as an "App Secret" or "Consumer Secret". This setting is required if the selected response type is “code”. |
     | Response mode | The value for the OpenID Connect “response_mode” parameter. The value should be  “query”  if the selected response type is “code”. Default value: ‘form_post’. |

powerapps-docs/maker/portals/configure/configure-openid-settings.md

@@ -67,14 +67,12 @@ To configure Azure AD as the OpenID Connect provider using Implicit Grant flow:
 
     1. In the left menu, under **Manage**, select **Authentication**.
 
+        ![Enable implicit grant flow with ID tokens](media/authentication/id-tokens-openid.png "Enable implicit grant flow with ID tokens")
+
     1. Under **Implicit grant**, select **ID tokens** check box.
 
     1. Select **Save**.
 
-        ![Enable implicit grant flow with ID tokens](media/authentication/id-tokens-openid.png "Enable implicit grant flow with ID tokens")
-
-    1. Keep the Azure portal open, and switch to the OpenID Connect configuration for Power Apps portals for the next steps.
-
 1. In this step, enter the site settings for the portal configuration.
 
     ![Configure OpenID Connect site settings](media/authentication/openid-site-settings-1.png "Configure OpenID Connect site settings")
@@ -133,7 +131,7 @@ To configure Azure AD as the OpenID Connect provider using Implicit Grant flow:
 
 1. Select **Close**.
 
-### Configure additional claims
+## Configure additional claims
 
 To configure additional claims, such as using first name, or last name: