Merge pull request #277 from smallstep/carl/entra

Update product names: Google Workspace and Microsoft Entra ID

certificate-manager/core-concepts.mdx

@@ -164,7 +164,7 @@ Each Provisioner addresses a particular environment, enabling different use case
 
 - **OIDC Provisioner** - Useful for getting certificates to people, 
 the OAuth/OpenID Connect (OIDC) Provisioner uses identity tokens for authentication. 
-With this provisioner, you can use single sign-on with G Suite, Okta, Azure Active Directory, or any other OAuth OIDC provider 
+With this provisioner, you can use single sign-on with Google Workspace, Okta, Microsoft Entra ID, or any other OAuth OIDC provider 
 to verify the user's identity before issuing a certificate.
 - **ACME Provisioner** - Useful for automating TLS certificates, 
 the ACME provisioner provides CSR generation, domain ownership verification, certificate download, and installation. 

certificate-manager/how-it-works.mdx

@@ -302,7 +302,7 @@ Certificates provide a secure, flexible, scalable mechanism for authenticating
 people, too (e.g., for SSH access, API access, or to connect to a BeyondCorp
 identity-aware proxy). Most organizations already have an identity provider
 (IdP) for authenticating people. The `OIDC` provisioner lets you leverage
-authentication services from G Suite, Okta, Azure AD, and any other IdP that
+authentication services from Google Workspace, Okta, Microsoft Entra ID, and any other IdP that
 supports OAuth OIDC to authenticate a certificate request.
 
 ![Developer single sign on for TLS certificate](/graphics/cm-hiw-sso.svg 'The certificate command triggers the OIDC Provisioner and the default browser to open the IDP login screen. The developer authenticates to the corporate single sign-on service and, upon successful completion, returns to the terminal with a personal x.509 certificate.')

certificate-manager/oidc.mdx

@@ -8,7 +8,7 @@ User certificates enable mutual TLS authentication between humans and APIs, VPNs
 Add single sign-on to to the mix, and you get a layer of strong authentication from your existing identity provider (IdP), using tools familiar to your team.
 It works for designated admininistrators, too: Admins can get certificates with any name or SAN, simplifying human approval workflows for security teams. 
 
-Certificate Manager supports any OAuth [OpenID connect](https://openid.net/connect/) IdP for single sign-on, including Google, Okta, Azure Active Directory, and Keycloak.
+Certificate Manager supports any OAuth [OpenID connect](https://openid.net/connect/) IdP for single sign-on, including Google, Okta, Microsoft Entra ID, and Keycloak.
 
 ### Connect your identity provider to Certificate Manager in a few steps
 1. Create an OIDC application integration with your IdP
@@ -40,7 +40,7 @@ First, create an OIDC application in your IdP. Be sure to set the following valu
 
 <Alert severity="info">
   <div>
-    For Azure AD you may need to create or update the native application from the command line to specify the redirect URI. The web interface may reject a <code>http://127.0.0.1</code> value. Contact <a href="mailto:[email protected]">Customer Success</a> if you have any questions.
+    For Microsoft Entra ID you may need to create or update the native application from the command line to specify the redirect URI. The web interface may reject a <code>http://127.0.0.1</code> value. Contact <a href="mailto:[email protected]">Customer Success</a> if you have any questions.
   </div>
 </Alert>
 

manifest.json

@@ -65,11 +65,11 @@
               "path": "/ssh/acls.mdx"
             },
             {
-              "title": "Azure AD Quickstart Guide",
+              "title": "Entra ID Quickstart Guide",
               "path": "/ssh/azure-ad.mdx"
             },
             {
-              "title": "G Suite Quickstart Guide",
+              "title": "Google Workspace Quickstart Guide",
               "path": "/ssh/g-suite.mdx"
             },
             {

ssh/README.mdx

@@ -43,9 +43,9 @@ identity provider. Note: Single Sign-on through your identity provider requires
 SSH Professional + Team level account or higher. [Click here for more pricing
 information] (/sso-ssh/pricing/#pricing).
 
-**[Azure AD Quickstart Guide](./azure-ad.mdx)**
+**[Microsoft Entra ID Quickstart Guide](./azure-ad.mdx)**
 
-**[G Suite Quickstart Guide](./g-suite.mdx)**
+**[Google Workspace Quickstart Guide](./g-suite.mdx)**
 
 **[Okta Quickstart Guide](./okta.mdx)**
 

ssh/azure-ad.mdx

@@ -1,6 +1,6 @@
 ---
-title: Azure AD Quickstart
-html_title: Azure AD Quickstart | SSH
+title: Microsoft Entra ID Quickstart
+html_title: Microsoft Entra ID Quickstart | SSH
 description: SSH Azure Quickstart | Smallstep Documentation
 ---
 
@@ -22,7 +22,7 @@ The following provisioning features are supported:
 * Reactivate Users
 
 ## Overview
-1. Create Groups in Azure Active Directory
+1. Create Groups in Microsoft Entra ID
 2. Tell us your directory's Tenant ID
 3. Add the Smallstep SSH Azure Enterprise Application to your tenant
 4. Enable user provisioning (SCIM) in Azure
@@ -55,18 +55,18 @@ When creating your groups, give them names and accept the defaults on all other
 
 1.  Sign in to Smallstep at `https://smallstep.com/app/[Team ID]`
 2.  Follow the Getting Started workflow.
-3.  Choose the **Users** tab, and choose **Azure AD** as your identity provider.
+3.  Choose the **Users** tab, and choose **Microsoft Entra ID** as your identity provider.
 4.  Enter your **Tenant ID** and **Whitelisted Domains**, and **Save**.
 5.  Now run `step ssh login your@email`.
-    Your browser will open to an Azure AD single sign-on flow,
+    Your browser will open to an Entra ID single sign-on flow,
     and you'll be prompted to add the Smallstep SSH enterprise application to your tenant.
 
     ![Azure consent screenshot](/graphics/quickstart/azure-consent.png)
 6.  Choose **Consent on behalf of your organization.**
 7.  Accept the application for your tenant, and finish the sign-on flow.
 
 > 🤦‍♂️ If you encounter "The username may be incorrect", you'll need to use a different account to accept the application into your tenant.
-> Specifically, you cannot use a Microsoft Account or a Guest account; the account must be an Azure AD account.
+> Specifically, you cannot use a Microsoft Account or a Guest account; the account must be an Entra ID account.
 
 #### Assign groups to your application
 
@@ -137,13 +137,13 @@ Return to the Smallstep dashboard.
    ![](/graphics/quickstart/scim-logs.png "SCIM Logs")
 
 * Navigate to the USERS menu. If the onboarding dialog is open, press `Esc` to close.
-* You should see your Users and Groups synced over from Azure AD.
+* You should see your Users and Groups synced over from Entra ID.
 
 > **Don't see your users and groups?** Microsoft's SCIM service may add a 40-minute delay after you set it up. You can force an update by clicking **Restart provisioning** in the Provisioning panel. Even then, it may take a minute to sync with Smallstep.
 
-### Azure AD Configuration Complete
+### Entra ID Configuration Complete
 
 ## Troubleshooting Tips
 
-* Initial activation of Azure AD OIDC provisioning in Smallstep SSH requires entering your **Application (client) ID**, **Client secret**, and **Configuration Endpoint** into the Smallstep UI. Contact smallstep support with any questions | [[email protected]](mailto:[email protected])
-* Note: When users are deactivated in Azure AD, they will be deactivated in Smallstep. Users will not be able to SSH to servers, but their user accounts will remain on smallstep managed hosts. To permanently delete user data on smallstep managed hosts, contact Smallstep Support | [[email protected]](mailto:[email protected])
+* Initial activation of Entra ID OIDC provisioning in Smallstep SSH requires entering your **Application (client) ID**, **Client secret**, and **Configuration Endpoint** into the Smallstep UI. Contact smallstep support with any questions | [[email protected]](mailto:[email protected])
+* Note: When users are deactivated in Entra ID, they will be deactivated in Smallstep. Users will not be able to SSH to servers, but their user accounts will remain on smallstep managed hosts. To permanently delete user data on smallstep managed hosts, contact Smallstep Support | [[email protected]](mailto:[email protected])

ssh/g-suite.mdx

@@ -1,6 +1,6 @@
 ---
-title: G Suite Quickstart
-description: SSH G Suite Quickstart | Smallstep Documentation
+title: Google Workspace Quickstart
+description: SSH Google Workspace Quickstart | Smallstep Documentation
 ---
 
 ### Prerequisites
@@ -10,20 +10,20 @@ You will need:
 * An account on the smallstep platform. Need one? [Register here](https://smallstep.com/signup?product=ssh)
 * Google Admin console privileges for your organization.
 * A single domain name that your users will use, added and verified in the Google Admin console.
-* A Google Cloud Platform (GCP) project in your G Suite Organization.
+* A Google Cloud Platform (GCP) project in your Google Workspace Organization.
   * [Create a GCP project here](https://console.cloud.google.com/projectcreate) if you don't yet have one.
 
 ### Features
 
 The following provisioning features are supported:
 
 * New Users and Periodical Pull of All Groups
-  * New users created through G Suite will be created in the third party application.
+  * New users created through Google Workspace will be created in the third party application.
   * Groups and Memberships will be synchronized periodically
 * Push Profile Updates
-  * Updates made to the user's profile through G Suite will be pushed to the third party application.
+  * Updates made to the user's profile through Google Workspace will be pushed to the third party application.
 * Push User Deactivation
-  * Deactivating the user or disabling the user's access to the application through G Suite will deactivate the user in the third party application.
+  * Deactivating the user or disabling the user's access to the application through Google Workspace will deactivate the user in the third party application.
   * Note: For this application, deactivating a user means removing access to login, but maintaining the user's ssh access information as an inactive user.
 * Reactivate Users
   * User accounts can be reactivated in the application.
@@ -32,7 +32,7 @@ The following provisioning features are supported:
 1. Create an OAUTH client ID
 2. Enter OIDC details into the Smallstep SSH UI
 3. Set up API client access
-4. Configure G Suite settings in Smallstep SSH UI
+4. Configure Google Workspace settings in Smallstep SSH UI
 
 ## Step-by-step Instructions
 
@@ -81,12 +81,12 @@ When you're finished, the Manage API Client Access screen page should resemble t
 
 ![](/graphics/quickstart/g-suite-api-clients.png)
 
-### Step 4. Configure G Suite Settings in Smallstep
+### Step 4. Configure Google Workspace Settings in Smallstep
 
 1. Fill in your **domain name** and **the email address of a Google Admin** in your organization, and Save.
-2. Wait while we configure and sync your G Suite directory. Please note that G Suite sync is periodical and might take a few minutes.
+2. Wait while we configure and sync your Google Workspace directory. Please note that Google Workspace sync is periodical and might take a few minutes.
 3. You should see your directory with users and groups synced.
 
 ## Troubleshooting Tips
 
-* Note: When users are deactivated in G Suite, they will be deactivated in Smallstep. Users will not be able to SSH to servers, but their user accounts will remain on smallstep managed hosts. To permanently delete user data on smallstep managed hosts, contact Smallstep Support, ([[email protected]](mailto:[email protected])).
+* Note: When users are deactivated in Google Workspace, they will be deactivated in Smallstep. Users will not be able to SSH to servers, but their user accounts will remain on smallstep managed hosts. To permanently delete user data on smallstep managed hosts, contact Smallstep Support, ([[email protected]](mailto:[email protected])).

ssh/how-it-works.mdx

@@ -114,7 +114,7 @@ The same offering is available in an on-premise configuration that brings the si
 
 ### Identity Provider
 
-1. Configure the smallstep application in your Okta, Azure AD, or G Suite identity provider interface.
+1. Configure the smallstep application in your Okta, Microsoft Entra ID, or Google Workspace identity provider interface.
    1. Activate OIDC flow for single sign-on workflows
    2. Activate SCIM to synchronize user groups
 2. Assign users to SSH groups (or repurpose existing groups)

step-ca/README.mdx

@@ -66,7 +66,7 @@ They offer different modes of authorization for the CA.
 For example, you can have your CA issue certificates in exchange for:
 - [ACME challenge responses](../tutorials/acme-protocol-acme-clients.mdx) from any ACMEv2 client
 - [OAuth OIDC single sign-on tokens](https://smallstep.com/blog/easily-curl-services-secured-by-https-tls.html), e.g.:
-  - ID tokens from Okta, G Suite, Azure AD and Auth0
+  - ID tokens from Okta, Google Workspace, Microsoft Entra ID and Auth0
   - ID tokens from an OAuth OIDC service you host, like [Keycloak](https://www.keycloak.org/) or [Dex](https://github.com/dexidp/dex)
 - [Cloud instance identity documents](https://smallstep.com/blog/embarrassingly-easy-certificates-on-aws-azure-gcp/) for VMs on AWS, GCP, and Azure
 - [Single-use, short-lived JWK tokens](./provisioners.mdx#jwk), e.g., issued by your CD tool — Puppet, Chef, Ansible, Terraform, etc.

step-ca/provisioners.mdx

@@ -481,7 +481,7 @@ To remove this key:
 ### OAuth/OIDC Single Sign-on
 
 Sometimes it's useful to issue certificates to people.
-So `step-ca` supports single sign-on with identity providers (IdPs) like Google, Okta, Azure Active Directory, Keycloak, 
+So `step-ca` supports single sign-on with identity providers (IdPs) like Google, Okta, Microsoft Entra ID, Keycloak, 
 or any other provider that supports OAuth's [OpenID Connect extension](https://openid.net/connect/).
 
 OpenID Connect is an extension to OAuth 2.0 that adds an identity layer.
@@ -1437,7 +1437,7 @@ In the `ca.json`, an Azure provisioner looks like:
 - **name**: a string used to identify the provider when the CLI is used.
 
 - **tenantId**: the Azure account tenant id for this provisioner. This
-  id is the Directory ID available in the Azure Active Directory properties.
+  id is the Directory ID available in the Microsoft Entra ID properties.
 
 - **audience**<Reference id="star10" marker="*" />: defaults to `https://management.azure.com/` but it can
   be changed if necessary.

tutorials/ssh-certificate-login.mdx

@@ -175,7 +175,7 @@ Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-55-generic x86_64)
 
 As you can see the _testhost_ VM will welcome you with a matching _testuser@testhost_ prompt.
 
-Learn how to use OAuth OIDC providers like G Suite or Instance Identity Documents to bootstrap SSH host and user certificates in the [`step` reference](../step-cli/reference/).
+Learn how to use OAuth OIDC providers like Google Workspace or Instance Identity Documents to bootstrap SSH host and user certificates in the [`step` reference](../step-cli/reference/).
 
 ## Generate ssh host certificates
 

tutorials/user-authentication.mdx

@@ -33,7 +33,7 @@ Smallstep makes running your own private CA and managing certificates for intern
 
 ## Personal certificates via OAuth OpenID Connect
 
-User identities are usually already managed by your existing G-Suite, Okta, Salesforce, or Microsoft Azure Active Directory _identity provider_.
+User identities are usually already managed by your existing G-Suite, Okta, Salesforce, or Microsoft Entra ID _identity provider_.
 _IDPs_ leverage a single database of user accounts to provide single sign on login to a wide array of applications and services.
 The [OpenID Connect](https://openid.net/connect/faq/) protocol is commonly used to facilitate the exchange between the application, user, and IDP.
 You can leverage OpenID Connect to authenticate with `step-ca` to make issuance of personal certificates simple for your whole team.