Improve a few steps configuring SSO on Azure

Author: NataliaIvakina

modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc

@@ -167,16 +167,28 @@ As previously mentioned, the GUID here is also the directory (tenant) ID.
 Make sure you add the trailing slash (`/`) at the end or this operation might fail.
 ====
 
-. Go to the "Expose an API" tab and click "Add a Scope" to include the following statement:
+. Go to the "Expose an API" tab and click the "Add a Scope" button. 
++
+If you click this button for the first time, you see a new window stating that you need to add an _Application ID URI_ before proceeding:
++
+[source]
+----
+api://4376dc8b-b5af-424f-9ada-c1c1b2d416b9/access-token
+----
+
+. Next fill in all mandatory fields in the panel _Add a scope_.
+
+. Copy your scope which will be used for _neo4j.conf_ file.
+Include the following statement:
 +
 [source, properties]
 ----
 dbms.security.oidc.azure.params=client_id=4376dc8b-b5af-424f-9ada-c1c1b2d416b9;response_type=code;scope=openid profile email api://4376dc8b-b5af-424f-9ada-c1c1b2d416b9/access-token
 ----
-
-. Add the value in the scope column to the scopes in the configuration.
++
 Note that the audience parameter for access tokens are typically set with` api://` at the front.
 
+
 === ID token
 
 This example shows how to configure Entra ID for authentication and authorization using ID tokens.