diff --git a/_data/errors.yml b/_data/errors.yml
index 6ed5c789..2a735fcc 100644
--- a/_data/errors.yml
+++ b/_data/errors.yml
@@ -10,8 +10,8 @@ oidc:
This specific error occurs when Login.gov receives an OIDC request from a Service Provider that contains a `client_id` that is either not registered or not active with Login.gov. The `client_id` specified in the request must match EXACTLY the Issuer defined in the Portal.
##### What to do:
- Ensure the authentication request has a `client_id` value
- - Ensure that the `client_id` sent in the authentication request matches the Issuer registered in your application's configuration on the [Partner Portal](https://portal.int.identitysandbox.gov/){:target="_blank"}.
- - Ensure that the integration configuration's "Accessible" setting is set to "Yes".
+ - Ensure that the `client_id` sent in the authentication request matches the Issuer registered in your application on the [Partner Portal](https://portal.int.identitysandbox.gov/){:target="_blank"}.
+ - Ensure that the application configuration's "Accessible" setting is set to "Yes".
- See our video [How to Troubleshoot and Fix "Bad client_id" Error for OIDC Integrations](https://www.youtube.com/watch?v=MAgSnjp1aOE) for a detailed visual explanation.
- title: Missing a valid IAL level
id: oidc-missing-ial
@@ -21,8 +21,8 @@ oidc:
No IAL Service Levels are present in the `acr_values` parameter of the authentication request.
##### What to do:
Check the `acr_values` parameter in your authentication request and ensure that you are passing either:
- - `urn:acr.login.gov:auth-only` for Authentication Only integrations, OR;
- - `urn:acr.login.gov:verified` for Identity-Verification Permitted integrations.
+ - `urn:acr.login.gov:auth-only` for Authentication Only applications, OR;
+ - `urn:acr.login.gov:verified` for Identity-Verification Permitted applications.
Learn more about IAL Service Level values here: [https://developers.login.gov/oidc/authorization/#service_level](/oidc/authorization/#service_level){:target="_blank"}
- title: The acr_values are not authorized
id: oidc-missing-acr-values
@@ -104,7 +104,7 @@ oidc:
##### What to do:
- Ensure the logout request has a `client_id` value.
- Ensure that the `client_id` sent in the logout request matches the one registered in your application on the [Partner Portal](https://dashboard.int.identitysandbox.gov/){:target="_blank"}.
- - Ensure that the integration configuration's `active` value is set to `true`.
+ - Ensure that the application configuration's `active` value is set to `true`.
- title: client_id is missing
id: client-id-missing
accordion-id: client_id_missing
diff --git a/_includes/support/faq_csp_violation.html b/_includes/support/faq_csp_violation.html
index ff9d23ef..b079a751 100644
--- a/_includes/support/faq_csp_violation.html
+++ b/_includes/support/faq_csp_violation.html
@@ -4,9 +4,9 @@ Background:
The CSP form-action directive restricts which URLs can be used as the target of form submissions from a given context. Certain Chromium-based internet browsers (e.g. Google Chrome and Microsoft Edge) enforce the form-action directive through the entire redirect chain (if any). Other non-Chromium-based browsers only check the first redirect in the chain (e.g. Firefox). For Chromium-based browsers, upon form submission, any attempts to redirect to a url not explicitly listed as a form-action source will violate the CSP directive and cause a failure to load and a console error.
- This error occurs when Service Providers attempt to redirect users to a url that is not registered in the Redirect URLs field in the Login.gov Portal application's configuration. All urls that users could be redirected to, even as a passthrough, need to be included in the list of Redirect URLs.
+ This error occurs when Service Providers attempt to redirect users to a url that is not registered in the Redirect URLs field in the Login.gov Portal configuration. All urls that users could be redirected to, even as a passthrough, need to be included in the list of Redirect URLs.
Solution:
- Use the Network tab of your web browser to identify which redirect (302) is hanging or failing. Add that uri to the list of Redirect URIs in your Login.gov Portal integration configuration.
+ Use the Network tab of your web browser to identify which redirect (302) is hanging or failing. Add that uri to the list of Redirect URIs in your Login.gov Portal configuration.
\ No newline at end of file
diff --git a/_includes/support/faq_unauthorized_sp.html b/_includes/support/faq_unauthorized_sp.html
index db332e85..9fc8b090 100644
--- a/_includes/support/faq_unauthorized_sp.html
+++ b/_includes/support/faq_unauthorized_sp.html
@@ -10,11 +10,11 @@ Solution:
- Note that certain Service Providers will not allow partners to set or change the Issuer value after the application is configured (e.g. MS Power Apps Portal). In this case, the best option would be to create the Login.gov Portal integration configuration after the Service Provider application has defined the Issuer and use that Issuer in the Portal.
+ Note that certain Service Providers will not allow partners to set or change the Issuer value after the application is configured (e.g. MS Power Apps Portal). In this case, the best option would be to create the Login.gov Portal configuration after the Service Provider application has defined the Issuer and use that Issuer in the Portal.
diff --git a/_pages/oidc/getting-started.md b/_pages/oidc/getting-started.md
index d5fd2246..4460055c 100644
--- a/_pages/oidc/getting-started.md
+++ b/_pages/oidc/getting-started.md
@@ -60,9 +60,9 @@ You are able to test authentication methods in real time with a testing account
- Select the “Sign-in” button to create a new account. Anyone with a .gov or .mil email address may request an account.
- Create a new team - see [Testing](/testing/) page for instructions.
-- Create a certificate - before creating your configuration you'll need to create a certificate that will be used to sign your requests. You can create a certificate using openssl. The example command to create the certificate from your terminal is:
+- Create a certificate - before creating your application you'll need to create a certificate that will be used to sign your requests. You can create a certificate using openssl. The example command to create the certificate from your terminal is:
- `openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private.pem -out public.crt`
-- Create a configuration, at which point you will need to decide between private_key_jwt or PKCE.
+- Create an application, at which point you will need to decide between private_key_jwt or PKCE.
It is important to note that your Login.gov production account and your Login.gov sandbox account are two separate accounts.
diff --git a/_pages/oidc/token.md b/_pages/oidc/token.md
index b3c61274..9664ce2a 100644
--- a/_pages/oidc/token.md
+++ b/_pages/oidc/token.md
@@ -23,7 +23,7 @@ sidenav:
---
{% capture client_assertion %}
-A [JWT](https://jwt.io/){:class="usa-link--external"} signed with the client’s private key (minimum length of 2048 bits) associated with the public key uploaded to your integration configuration within the Portal. The JWT should use the RS256 algorithm and containing the following claims:
+A [JWT](https://jwt.io/){:class="usa-link--external"} signed with the client’s private key (minimum length of 2048 bits) associated with the public key uploaded to your application configuration within the Portal. The JWT should use the RS256 algorithm and containing the following claims:
- **iss** (string) — The issuer, which must be the `client_id`.
- **sub** (string) — The subject, which must also be the `client_id`.
- **aud** (string) — The audience, which should be (or, in the case of multiple audience values, include) the URL of the token endpoint, for example: `https://idp.int.identitysandbox.gov/api/openid_connect/token`
diff --git a/_pages/oidc/token/pkce.md b/_pages/oidc/token/pkce.md
index 89540b51..9c94d51f 100644
--- a/_pages/oidc/token/pkce.md
+++ b/_pages/oidc/token/pkce.md
@@ -23,7 +23,7 @@ sidenav:
---
{% capture client_assertion %}
-A [JWT](https://jwt.io/){:class="usa-link--external"} signed with the client’s private key (minimum length of 2048 bits) associated with the public key uploaded to your integration configuration within the Dashboard. The JWT should use the RS256 algorithm and containing the following claims:
+A [JWT](https://jwt.io/){:class="usa-link--external"} signed with the client’s private key (minimum length of 2048 bits) associated with the public key uploaded to your application configuration within the Dashboard. The JWT should use the RS256 algorithm and containing the following claims:
- **iss** (string) — The issuer, which must be the `client_id`.
- **sub** (string) — The subject, which must also be the `client_id`.
- **aud** (string) — The audience, which should be (or, in the case of multiple audience values, include) the URL of the token endpoint, for example: `https://idp.int.identitysandbox.gov/api/openid_connect/token`
diff --git a/_pages/overview.md b/_pages/overview.md
index 1724a5ca..e43b2ef0 100644
--- a/_pages/overview.md
+++ b/_pages/overview.md
@@ -30,5 +30,5 @@ This is the configuration for your application within Login.gov’s identity pro
To configure a test application in the sandbox environment:
* Create an account in the [Login.gov Portal](https://portal.int.identitysandbox.gov). From here you will be able to test various configurations and determine what is right for your agency.
* Select between [OIDC]({{ site.baseurl }}/oidc/) or [SAML]({{ site.baseurl }}/saml/) protocol implementation protocols and understand which user attributes are required.
-* If you have questions when testing your integration, read through our [FAQs]({{ site.baseurl }}/support/) or submit a ticket to our [technical support help desk]({{ site.baseurl}}/support/#contacting-partner-support).
-* Before submitting a request to move your application's configuration to production, review the [User experience]({{ site.baseurl }}/design-guidelines/) page and the [Production]({{ site.baseurl }}/production/) page. Additional requirements, like a [signed Interagency agreement]({{ site.baseurl }}/production/#confirm-interagency-agreement-iaa) (IAA) and [agency logo]({{ site.baseurl }}/user-experience/agency-logo/), are described in these pages.
+* If you have questions when testing your app, read through our [FAQs]({{ site.baseurl }}/support/) or submit a ticket to our [technical support help desk]({{ site.baseurl}}/support/#contacting-partner-support).
+* Before submitting a request to move your app to production, review the [User experience]({{ site.baseurl }}/design-guidelines/) page and the [Production]({{ site.baseurl }}/production/) page. Additional requirements, like a [signed Interagency agreement]({{ site.baseurl }}/production/#confirm-interagency-agreement-iaa) (IAA) and [agency logo]({{ site.baseurl }}/user-experience/agency-logo/), are described in these pages.
diff --git a/_pages/production.md b/_pages/production.md
index d0e17a8d..5d38261e 100644
--- a/_pages/production.md
+++ b/_pages/production.md
@@ -35,7 +35,7 @@ Make sure you have the following items ready before you start the deployment pro
- [Signed Interagency Agreement (IAA) listing this integration ]({{ site.baseurl}}/production/#confirm-interagency-agreement-iaa)
-- A dedicated [integration configuration within the Portal](https://dashboard.int.identitysandbox.gov/)
+- A dedicated [application configuration within the Portal](https://dashboard.int.identitysandbox.gov/)
* We recommend having two configurations, one that is intended for deployment to production and one which is purely for testing purposes.
* All production urls should have .gov, .mil, or a dedicated .com address and point to an Authority to Operate (ATO) approved environment.
@@ -69,13 +69,13 @@ Please reach out to your agency IAA contact if you have any questions. If your a
## Production configuration process
-Before you can request deployment, you need to create a new and separate integration configuration on our partner portal. This new app will include your production certificate, urls, and logo. When starting this process you need the following items ready to go:
+Before you can request deployment, you need to create a new and separate application on our partner portal. This new app will include your production certificate, urls, and logo. When starting this process you need the following items ready to go:
- Signed IAA listing this integration
- ATO approved environment
- [Approved agency logo](/user-experience/agency-logo/) for your app
-When you have the components required, follow these steps to create your production integration configuration:
+When you have the components required, follow these steps to create your production configuration app:
1. [Create a new app on the](https://dashboard.int.identitysandbox.gov/) Login.gov Partner Portal. Select “Apps” from the top right menu, then select the “Create a new app” button.
@@ -83,9 +83,9 @@ When you have the components required, follow these steps to create your product
1. Select "Ready for Production" in the Dashboard Configuration section.
-1. Enter the name of the app as it appears in your IAA in the "Configuration name" field. Do NOT use environment names such as "Prod" or "Production".
+1. Enter the name of the app as it appears in your IAA in the "App Name" field. Do NOT use environment names such as "Prod" or "Production".
-1. Enter the name of the app as it should appear to users in the "Friendly name" field. This is the app name a user will see when logging in.
+1. Enter the name of the app as it should appear to users in the "Friendly Name" field. This is the app name a user will see when logging in.
1. Select the Next button to move to the next steps.
@@ -107,7 +107,7 @@ When you have the components required, follow these steps to create your product
1. Select the sign-in, sign-up, and forgot password help text users will encounter in your app. This step is optional but encouraged to ensure better usability. Take a look at the [user experience guidance]({% link _pages/user-experience/help-text.md %}) for a good example of help text.
-1. Once all fields are complete select the "Create configuration" button.
+1. Once all fields are complete select the "Create app" button.
If you encounter errors or have questions after completing these steps, please submit a technical support ticket through the [Partner Support Help Desk.]({{ site.baseurl}}/support/#contacting-partner-support)
@@ -135,7 +135,7 @@ Once you have:
1. [Confirmed that this integration is listed in a signed IAA](https://login.gov/partners/get-started/#interagency-agreement-iaa-process). **Do not request deployment if you are not certain that your application is listed in a signed IAA.**
-2. [Created a production configuration]({{site.baseurl}}/production/#production-configuration-process).
+2. [Created a production configuration app]({{site.baseurl}}/production/#production-configuration-process).
3. Confirmed that you have a logo uploaded to your production configuration in the [Partner Portal](https://dashboard.int.identitysandbox.gov/). **An uploaded logo is required for the deployment process.**
@@ -153,9 +153,9 @@ We recommend using the sandbox environment to test your new app before requestin
## Changes to production applications
-**Changes to production configurations are not automatic and may take up to two weeks.**
+**Changes to the production app are not automatic and may take up to two weeks.**
-If you need to make any changes to your deployed integration, please update your production integration configuration in the sandbox and test the changes you wish to deploy. After you have confirmed the change, **you must submit a change request** through the [Partner Support Help Desk](https://zendesk.login.gov) to ensure the change takes effect in production.
+If you need to make any changes to your deployed integration, please update your production configuration app in the sandbox and test the changes you wish to deploy. After you have confirmed the change, **you must submit a change request** through the [Partner Support Help Desk](https://zendesk.login.gov) to ensure the change takes effect in production.
### Certificate Rotation Process
diff --git a/_pages/testing.md b/_pages/testing.md
index bf8e6182..891d5b1b 100644
--- a/_pages/testing.md
+++ b/_pages/testing.md
@@ -51,18 +51,18 @@ Please submit a support ticket through the [Partner Support Help Desk](https://z
1. If you already have a Login.gov test account, select the “Sign in” button in the upper-right corner to sign in.
1. You must create a team before you can create a new app. Create a new team by selecting the “Continue” button under “Create your first team.” If you have previously created a team you can move on to the next step.
1. If necessary, add users to that team by clicking the “Add users” button. This is the opportunity to add contractors or anyone without a .gov or a .mil email address.
-1. After creating your team, select the Apps tab. This page is where you will find all of the integration configurations you and your team create.
+1. After creating your team, select the Apps tab. This page is where you will find all of the applications you and your team create.
1. Select the “Create a new app” button and follow the steps to register a new application with the Login.gov IdP in the test sandbox environment. You can only have one app creation in progress at a time. There are links to additional information throughout the form. We recommend reading through the descriptions carefully.
1. To troubleshoot specific errors, please visit our error dictionary in the [troubleshooting section of our developer documentation]({% link _pages/support.md %}). If the guidance there does not resolve the error, please submit a support ticket through the [Partner Support Help Desk](https://zendesk.login.gov/).
1. Start testing!
-1. When you're ready to go to production, please [follow our production deployment instructions]({% link _pages/production.md %}). We'll manage your configuration's promotion to production. **The move to production may take up to two weeks.**
+1. When you're ready to go to production, please [follow our production deployment instructions]({% link _pages/production.md %}). We'll manage your application's promotion to production. **The move to production may take up to two weeks.**
## If you lost access to a sandbox team
Login.gov does not manage user accounts. If you have lost access to a team:
* Request someone on your team who still has access to re-add you.
* If there is no one left with access, contact the partner agency's Login.gov Point of Contact and request that they re-add you to the team.
-* If they are unable to re-add you, request that they open up a ticket through the [Partner Support Help Desk](https://zendesk.login.gov) explaining the situation and confirming that you need access. They must include either the issuer or the link to the integration configuration.
+* If they are unable to re-add you, request that they open up a ticket through the [Partner Support Help Desk](https://zendesk.login.gov) explaining the situation and confirming that you need access. They must include either the issuer or the link to the application configuration.
### Creating a public certificate
diff --git a/_pages/user-experience/help-text.md b/_pages/user-experience/help-text.md
index 4293a0ac..95ee4e4c 100644
--- a/_pages/user-experience/help-text.md
+++ b/_pages/user-experience/help-text.md
@@ -24,7 +24,7 @@ sidenav:
## Help text guidance
-You may include help text to alert the users to specific information that will assist them in logging in, signing up, and logging out. The help text section of the configuration workflow allows you to choose from the default help text options or request custom help text specific to your integration.
+You may include help text to alert the users to specific information that will assist them in logging in, signing up, and logging out. The help text section of the app configuration workflow allows you to choose from the default help text options or request custom help text specific to your integration.
Custom help text should follow the guidelines below to be included in your integration: