fixed sintax for "How to Create a New Entra ID Enterprise Application and Configure Custom Attributes for SAML Login for AWS Cognito" (#199)

* added the "How to Create a New Entra ID Enterprise Application and Configure Custom Attributes for SAML Login for AWS Cognito" page

* removed image formatting

* testing image width

* fixed all pictures width

* increased width to 85%

* replaced the ** for bold text with <strong>

* testing the the switch from ** to <strong>

* configured the width for the table

* reverted the table syntax

* fixed list of tasks in Configure User Attributes & Claims for SSO login

* small tweaks

* fixed cognito userpool id reply url syntax

* fixed ordering list for Configure User Attributes & Claims for SSO Login

* moved the save changes as a bullet point

---------

Co-authored-by: Lucian Patian <[email protected]>

Author: lucianpatian

_posts/2024-10-08-EntraID-SAML.md

@@ -41,17 +41,16 @@ Create the connection between Entra ID and your application by setting the login
 2. **Edit Basic SAML Configuration**
     * Edit the **Basic SAML Configuration**.
     * Add the **Identifier (Entity ID)** and **Reply URL (Assertion Consumer Service URL)**.
-        * The **Identifier (Entity ID)** should follow the format: urn:amazon:cognito:sp:<Cognito_userpool_ID>.
-        * The **Reply URL (Assertion Consumer Service URL)** should follow the format: https://<Cognito_domain_URL>/saml2/idpresponse.
+        * The **Identifier (Entity ID)** should follow the format: urn:amazon:cognito:sp:"Cognito_userpool_ID".
+        * The **Reply URL (Assertion Consumer Service URL)** should follow the format: https://Cognito_domain_URL/saml2/idpresponse.
+        * **Save the changes** to the Basic SAML Configuration.
 
 3. **Save the changes** to the Basic SAML Configuration.
 
 <a href="/images/entra_cognito/saml_sso_config.png" target="_blank">
     <img src="/images/entra_cognito/saml_sso_config.png" alt="SAML SSO Configuration" style="width: 85%; display: block; margin: 0 auto;">
 </a>
 
-
-
 ### Configure the User Access for SSO login
 Assign the users and groups that should have permissions to log in to your application.
 
@@ -65,25 +64,30 @@ Assign the users and groups that should have permissions to log in to your appli
     <img src="/images/entra_cognito/sso_add_users.png" alt="Add Users for SSO" style="width: 85%; display: block; margin: 0 auto;">
 </a>
 
-### Configure User Attributes & Claims for SSO login
-Configure which Entra ID attributes should be used to log in to your application.
-1. **Edit User Attributes & Claims**
-    * From the **Single Sign-On** option for your Enterprise application, edit the **User Attributes & Claims**.
+### 4. Configure User Attributes & Claims for SSO Login
 
-<a href="/images/entra_cognito/sso_attributes_claims.png" target="_blank">
-    <img src="/images/entra_cognito/sso_attributes_claims.png" alt="User Attributes and Claims" style="width: 85%; display: block; margin: 0 auto;">
-</a>
-
-2. **Set Unique User Identifier**
-    * Select the **Unique User Identifier (Name ID)** claim to edit it.
-    * In the **Source attribute**, set the value to user.objectid.
-
-<a href="/images/entra_cognito/sso_object_id_claim.png" target="_blank">
-    <img src="/images/entra_cognito/sso_object_id_claim.png" alt="Set Object ID Claim" style="width: 85%; display: block; margin: 0 auto;">
-</a>
-
-3. Save the changes
+Configure which Entra ID attributes should be used to log in to your application.
 
+<ol>
+    <li><strong>Edit User Attributes & Claims</strong>
+        <ul>
+            <li>From the <strong>Single Sign-On</strong> option for your Enterprise application, edit the <strong>User Attributes & Claims</strong>.</li>
+        </ul>
+        <a href="/images/entra_cognito/sso_attributes_claims.png" target="_blank">
+            <img src="/images/entra_cognito/sso_attributes_claims.png" alt="User Attributes and Claims" style="width: 85%; display: block; margin: 0 auto;">
+        </a>
+    </li>
+    <li><strong>Set Unique User Identifier</strong>
+        <ul>
+            <li>Select the <strong>Unique User Identifier (Name ID)</strong> claim to edit it.</li>
+            <li>In the <strong>Source attribute</strong>, set the value to <code>user.objectid</code>.</li>
+            <li><strong>Save the Changes</strong></li>
+        </ul>
+        <a href="/images/entra_cognito/sso_object_id_claim.png" target="_blank">
+            <img src="/images/entra_cognito/sso_object_id_claim.png" alt="Set Object ID Claim" style="width: 85%; display: block; margin: 0 auto;">
+        </a>
+    </li>
+</ol>
 
 ## Update the AWS Cognito userpool
 Once you have defined all the claim mappings on the Entra ID side, it is time to connect the dots on AWS's side.
@@ -114,7 +118,6 @@ After all configurations are done on Entra ID side, you need to update the confi
     <img src="/images/entra_cognito/sso_cognito_saml_config.png" alt="Cognito SAML Configuration" style="width: 85%; display: block; margin: 0 auto;">
 </a>
 
-
 This is a better solution than uploading the XML file because Cognito refreshes the metadata every 6 hours or before the metadata expires. This way, you don’t have to manually refresh the metadata XML every time the Entra ID SSL certificates expire or any other change occurs on the Entra ID side that would impact the federation authentication.
 
 
@@ -133,15 +136,13 @@ Configure the attributes that are stored in Entra ID and are mapped via the SAML
     <img src="/images/entra_cognito/sso_cognito_attributes.png" alt="Cognito Attribute Mapping" style="width: 85%; display: block; margin: 0 auto;">
 </a>
 
-
 ### Enable the External IdP for App Clients
 Now that you have an IdP using the Entra ID configuration, you need to assign it to your application created in the Cognito userpool.
 1. **Enable the IdP for App Clients**
     * In AWS Cognito, navigate to the **App integration** tab, **App client list** section.
     * Select the App client you want to configure and edit the **Hosted UI** section.
     * From the **Identity providers** dropdown, select your newly created IdP (e.g., EntraID) and save the changes.
 
-
 ### Test the Configuration
 
 * Click on the **View Hosted UI** button to quickly test your changes
@@ -155,7 +156,6 @@ The user attribute **identities** will store the metadata relating to the extern
     <img src="/images/entra_cognito/sso_cognito_identities.png" alt="Cognito Identities" style="width: 85%; display: block; margin: 0 auto;">
 </a>
 
-
 These fields will be updated on each successful authentication, so you can rely on the fact that the fields you receive via JWT attributes will be up-to-date.
 
 ### Conclusion