Update auth note

Azure-Samples · Dec 28, 2023 · ac7f0d2 · ac7f0d2
1 parent e253b83
commit ac7f0d2
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/documentation/WHATS-NEXT.md b/documentation/WHATS-NEXT.md
@@ -12,14 +12,18 @@ This repos automatically sets up the Azure App Service health endpoint pinging y
 
 > **Warning** - Be aware that the trial instance of the [Business Partner API](https://api.sap.com/api/API_BUSINESS_PARTNER/overview) throttles easily.
 
-## Authentication with Azure AD 🔐
+## Authentication with Microsoft Entra ID (formerly Azure AD) 🔐
 
-[Configure](https://learn.microsoft.com/azure/app-service/configure-authentication-provider-aad) your App Service or Azure Functions app to use Azure AD login. Use standard variable `X-MS-TOKEN-AAD-ACCESS-TOKEN` to retrieve the access token from the request header. [Learn more](https://learn.microsoft.com/azure/app-service/configure-authentication-oauth-tokens#retrieve-tokens-in-app-code)
+[Configure](https://learn.microsoft.com/azure/app-service/configure-authentication-provider-aad) your Azure Function app to use Entra ID login. See the [linked Azure App Service repos](https://github.com/Azure-Samples/app-service-javascript-sap-cloud-sdk-quickstart/blob/main/documentation/AUTHENTICATION.md) for more details on how to automate the Identity Provider configuration and SAP OData API authorization.
+
+Use standard variable `X-MS-TOKEN-AAD-ACCESS-TOKEN` to retrieve the access token from the request header. [Learn more](https://learn.microsoft.com/azure/app-service/configure-authentication-oauth-tokens#retrieve-tokens-in-app-code)
 
 Consider SAP Principal Propagation for your authentication scenario handled by [Azure API Management](https://learn.microsoft.com/azure/api-management/sap-api#production-considerations).
 
 [Learn more](https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Request%20OAuth2%20access%20token%20from%20SAP%20using%20AAD%20JWT%20token.xml)
 
+![Overview of authentication flow and trust relationship of SAP services with Azure and Entra ID](https://github.com/Azure-Samples/app-service-javascript-sap-cloud-sdk-quickstart/blob/main/assets/app-auth-principal-propagation.svg)
+
 ## Connectivity to SAP backends and secure virtual network access 🔌
 
 SAP backends on Azure typically run in fully isolated virtual networks. There are multiple ways to connect to them. Most popular ones are: