[BRE-831] migrate secrets AKV (#796 )

[PM-32177] - Fixing Backward Compatibility with Azure AD (#813 )
* Updating the fetching of the config and key to check entra and check azure afterwards. * Making this camelCase to match other values. (cherry picked from commit 284206b735)
2026-01-06 10:33:46 +00:00 · 2025-07-10 12:05:51 -05:00 · 2025-07-02 09:36:03 -05:00 · 2025-06-30 14:08:03 -05:00 · 2025-06-27 08:28:04 -05:00 · 2025-06-26 14:49:56 +01:00
20 changed files with 1409 additions and 1266 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -9,10 +9,15 @@ on:
      - "hotfix-rc"
  workflow_dispatch: {}

+permissions:
+  contents: read
+
 jobs:
  cloc:
    name: CLOC
    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
    steps:
      - name: Checkout repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -29,6 +34,8 @@ jobs:
  setup:
    name: Setup
    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
    outputs:
      package_version: ${{ steps.retrieve-version.outputs.package_version }}
    steps:
@@ -50,6 +57,8 @@ jobs:
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
      _PKG_FETCH_NODE_VERSION: 18.5.0
      _PKG_FETCH_VERSION: 3.4
+    permissions:
+      contents: read
    steps:
      - name: Checkout repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -95,11 +104,6 @@ jobs:
      - name: Zip
        run: zip -j dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip dist-cli/linux/bwdc keytar/linux/build/Release/keytar.node

-      - name: Create checksums
-        run: |
-          shasum -a 256 dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip | \
-            cut -d " " -f 1 > dist-cli/bwdc-linux-sha256-$_PACKAGE_VERSION.txt
-
      - name: Version Test
        run: |
          sudo apt-get update
@@ -129,18 +133,13 @@ jobs:
          path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
          if-no-files-found: error

-      - name: Upload Linux checksum to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-

  macos-cli:
    name: Build Mac CLI
    runs-on: macos-13
    needs: setup
+    permissions:
+      contents: read
    env:
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
      _PKG_FETCH_NODE_VERSION: 18.5.0
@@ -190,11 +189,6 @@ jobs:
      - name: Zip
        run: zip -j dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip dist-cli/macos/bwdc keytar/macos/build/Release/keytar.node

-      - name: Create checksums
-        run: |
-          shasum -a 256 dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip | \
-            cut -d " " -f 1 > dist-cli/bwdc-macos-sha256-$_PACKAGE_VERSION.txt
-
      - name: Version Test
        run: |
          mkdir -p test/macos
@@ -217,17 +211,13 @@ jobs:
          path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
          if-no-files-found: error

-      - name: Upload Mac checksum to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error

  windows-cli:
    name: Build Windows CLI
    runs-on: windows-2022
    needs: setup
+    permissions:
+      contents: read
    env:
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
      _WIN_PKG_FETCH_VERSION: 18.5.0
@@ -349,11 +339,6 @@ jobs:
            Throw "Version test failed."
          }

-      - name: Create checksums
-        run: |
-          checksum -f="./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" `
-            -t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:_PACKAGE_VERSION}.txt
-
      - name: Upload Windows Zip to GitHub
        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
@@ -361,18 +346,14 @@ jobs:
          path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
          if-no-files-found: error

-      - name: Upload Windows checksum to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-

  windows-gui:
    name: Build Windows GUI
    runs-on: windows-2022
    needs: setup
+    permissions:
+      contents: read
+      id-token: write
    env:
      NODE_OPTIONS: --max_old_space_size=4096
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
@@ -404,10 +385,12 @@ jobs:
      - name: Install Node dependencies
        run: npm install

-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}

      - name: Retrieve secrets
        id: retrieve-secrets
@@ -420,6 +403,9 @@ jobs:
            code-signing-client-secret,
            code-signing-cert-name"

+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Build & Sign
        run: npm run dist:win
        env:
@@ -463,6 +449,8 @@ jobs:
    name: Build Linux GUI
    runs-on: ubuntu-24.04
    needs: setup
+    permissions:
+      contents: read
    env:
      NODE_OPTIONS: --max_old_space_size=4096
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
@@ -517,6 +505,9 @@ jobs:
    name: Build MacOS GUI
    runs-on: macos-13
    needs: setup
+    permissions:
+      contents: read
+      id-token: write
    env:
      NODE_OPTIONS: --max_old_space_size=4096
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
@@ -544,10 +535,19 @@ jobs:
          echo "GitHub ref: $GITHUB_REF"
          echo "GitHub event: $GITHUB_EVENT"

-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-directory-connector
+          secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"

      - name: Get certificates
        run: |
@@ -562,9 +562,12 @@ jobs:
          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
            jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12

+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Set up keychain
        env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
        run: |
          security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
          security default-keychain -s build.keychain
@@ -598,13 +601,13 @@ jobs:
        run: |
          mkdir ~/private_keys
          cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8
-          ${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
+          ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
          EOF

      - name: Build application
        run: npm run dist:mac
        env:
-          APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
+          APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
          APP_STORE_CONNECT_AUTH_KEY: UFD296548T
          APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_UFD296548T.p8
          CSC_FOR_PULL_REQUEST: true
@@ -650,6 +653,8 @@ jobs:
      - windows-gui
      - linux-gui
      - macos-gui
+    permissions:
+      id-token: write
    steps:
      - name: Check if any job failed
        if: |
@@ -659,11 +664,13 @@ jobs:
          && contains(needs.*.result, 'failure')
        run: exit 1

-      - name: Login to Azure - CI subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
        if: failure()
+        uses: bitwarden/gh-actions/azure-login@main
        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}

      - name: Retrieve secrets
        id: retrieve-secrets
@@ -673,6 +680,9 @@ jobs:
          keyvault: "bitwarden-ci"
          secrets: "devops-alerts-slack-webhook-url"

+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Notify Slack on failure
        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
        if: failure()
--- a/.github/workflows/enforce-labels.yml
+++ b/.github/workflows/enforce-labels.yml
@@ -3,6 +3,9 @@ name: Enforce PR labels
 on:
  pull_request:
    types: [labeled, unlabeled, opened, edited, synchronize]
+permissions:
+  contents: read
+  pull-requests: read
 jobs:
  enforce-label:
    name: EnforceLabel
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,10 +13,15 @@ on:
          - Redeploy
          - Dry Run

+permissions:
+  contents: read
+
 jobs:
  setup:
    name: Setup
    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
    outputs:
      release_version: ${{ steps.version.outputs.version }}
    steps:
@@ -45,6 +50,10 @@ jobs:
    name: Release
    runs-on: ubuntu-24.04
    needs: setup
+    permissions:
+      actions: read
+      packages: read
+      contents: write
    steps:
      - name: Download all artifacts
        if: ${{ inputs.release_type != 'Dry Run' }}
@@ -71,9 +80,6 @@ jobs:
          artifacts: "./bwdc-windows-${{ env.PKG_VERSION }}.zip,
                      ./bwdc-macos-${{ env.PKG_VERSION }}.zip,
                      ./bwdc-linux-${{ env.PKG_VERSION }}.zip,
-                      ./bwdc-windows-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-macos-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-linux-sha256-${{ env.PKG_VERSION }}.txt,
                      ./Bitwarden-Connector-Portable-${{ env.PKG_VERSION }}.exe,
                      ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe,
                      ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe.blockmap,
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -5,13 +5,23 @@ on:
  push:
    branches:
      - "main"
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore:
+      - main
  pull_request_target:
-    types: [opened, synchronize]
+    types: [opened, synchronize, reopened]
+    branches:
+      - main
+
+permissions: {}

 jobs:
  check-run:
    name: Check PR run
    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read

  sast:
    name: SAST scan
@@ -21,6 +31,7 @@ jobs:
      contents: read
      pull-requests: write
      security-events: write
+      id-token: write

    steps:
      - name: Check out repo
@@ -28,16 +39,33 @@ jobs:
        with:
          ref: ${{ github.event.pull_request.head.sha }}

+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "CHECKMARX-TENANT,CHECKMARX-CLIENT-ID,CHECKMARX-SECRET"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Scan with Checkmarx
        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
        env:
          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
        with:
          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
+          cx_tenant: ${{ steps.get-kv-secrets.outputs.CHECKMARX-TENANT }}
          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
+          cx_client_id: ${{ steps.get-kv-secrets.outputs.CHECKMARX-CLIENT-ID }}
+          cx_client_secret: ${{ steps.get-kv-secrets.outputs.CHECKMARX-SECRET }}
          additional_params: |
            --report-format sarif \
            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
@@ -57,6 +85,7 @@ jobs:
    permissions:
      contents: read
      pull-requests: write
+      id-token: write

    steps:
      - name: Check out repo
@@ -65,10 +94,27 @@ jobs:
          fetch-depth: 0
          ref: ${{ github.event.pull_request.head.sha }}

+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "SONAR-TOKEN"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
+        uses: sonarsource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0
        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_TOKEN: ${{ steps.get-kv-secrets.outputs.SONAR-TOKEN }}
        with:
          args: >
            -Dsonar.organization=${{ github.repository_owner }}
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -12,6 +12,9 @@ jobs:
  bump_version:
    name: Bump Version
    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      id-token: write
    steps:
      - name: Validate version input
        if: ${{ inputs.version_number_override != '' }}
@@ -19,12 +22,29 @@ jobs:
        with:
          version: ${{ inputs.version_number_override }}

+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
      - name: Generate GH App token
        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
        id: app-token
        with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}

      - name: Checkout Branch
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ Supported directories:

 - Active Directory
 - Any other LDAP-based directory
- Azure Active Directory
+- Microsoft Entra ID
 - G Suite (Google)
 - Okta

--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
  "name": "@bitwarden/directory-connector",
  "productName": "Bitwarden Directory Connector",
  "description": "Sync your user directory to your Bitwarden organization.",
-  "version": "2025.5.0",
+  "version": "2025.6.1",
  "keywords": [
    "bitwarden",
    "password",
@@ -73,15 +73,15 @@
    "test:types": "npx tsc --noEmit"
  },
  "devDependencies": {
-    "@angular-devkit/build-angular": "17.3.11",
+    "@angular-devkit/build-angular": "17.3.17",
    "@angular-eslint/eslint-plugin-template": "17.5.3",
    "@angular-eslint/template-parser": "17.5.3",
    "@angular/compiler-cli": "17.3.12",
    "@electron/notarize": "2.5.0",
-    "@electron/rebuild": "3.7.1",
+    "@electron/rebuild": "3.7.2",
    "@fluffy-spoon/substitute": "1.208.0",
    "@microsoft/microsoft-graph-types": "2.40.0",
-    "@ngtools/webpack": "17.3.11",
+    "@ngtools/webpack": "17.3.17",
    "@types/inquirer": "8.2.10",
    "@types/jest": "29.5.14",
    "@types/lowdb": "1.0.15",
@@ -90,38 +90,37 @@
    "@types/node-forge": "1.3.11",
    "@types/proper-lockfile": "4.1.4",
    "@types/tldjs": "2.3.4",
-    "@typescript-eslint/eslint-plugin": "8.23.0",
-    "@typescript-eslint/parser": "8.23.0",
+    "@typescript-eslint/eslint-plugin": "8.32.1",
+    "@typescript-eslint/parser": "8.32.1",
    "clean-webpack-plugin": "4.0.0",
    "concurrently": "9.1.2",
    "copy-webpack-plugin": "12.0.2",
    "cross-env": "7.0.3",
    "css-loader": "7.1.2",
-    "dotenv": "16.4.7",
+    "dotenv": "16.5.0",
    "electron": "34.1.1",
    "electron-builder": "24.13.3",
-    "electron-log": "5.2.4",
+    "electron-log": "5.4.1",
    "electron-reload": "2.0.0-alpha.1",
    "electron-store": "8.2.0",
-    "electron-updater": "6.3.9",
+    "electron-updater": "6.6.2",
    "eslint": "8.57.1",
-    "eslint-config-prettier": "10.0.1",
+    "eslint-config-prettier": "10.1.5",
    "eslint-import-resolver-typescript": "3.7.0",
    "eslint-plugin-import": "2.31.0",
    "eslint-plugin-rxjs": "5.0.3",
    "eslint-plugin-rxjs-angular": "2.0.1",
-    "form-data": "4.0.1",
+    "form-data": "4.0.3",
    "html-loader": "5.1.0",
    "html-webpack-plugin": "5.6.3",
    "husky": "9.1.7",
    "jest": "29.7.0",
    "jest-junit": "16.0.0",
    "jest-mock-extended": "3.0.7",
-    "jest-preset-angular": "14.5.0",
-    "lint-staged": "15.4.1",
+    "jest-preset-angular": "14.5.5",
+    "lint-staged": "15.5.2",
    "mini-css-extract-plugin": "2.9.2",
-    "minimatch": "3.1.2",
-    "node-abi": "3.74.0",
+    "node-abi": "3.75.0",
    "node-forge": "1.3.1",
    "node-loader": "2.1.0",
    "pkg": "5.8.1",
@@ -129,11 +128,11 @@
    "rimraf": "6.0.1",
    "rxjs": "7.8.2",
    "sass": "1.79.4",
-    "sass-loader": "16.0.4",
-    "ts-jest": "29.2.5",
+    "sass-loader": "16.0.5",
+    "ts-jest": "29.4.0",
    "ts-loader": "9.5.2",
    "tsconfig-paths-webpack-plugin": "4.2.0",
-    "type-fest": "4.32.0",
+    "type-fest": "4.41.0",
    "typescript": "5.4.5",
    "webpack": "5.97.1",
    "webpack-cli": "6.0.1",
@@ -157,21 +156,22 @@
    "browser-hrtime": "1.1.8",
    "chalk": "4.1.2",
    "commander": "13.1.0",
-    "core-js": "3.40.0",
-    "form-data": "4.0.1",
+    "core-js": "3.42.0",
+    "form-data": "4.0.3",
    "google-auth-library": "9.15.1",
    "googleapis": "144.0.0",
    "https-proxy-agent": "7.0.6",
    "inquirer": "8.2.6",
    "keytar": "7.9.0",
-    "ldapts": "7.3.1",
+    "ldapts": "7.4.0",
    "lowdb": "1.0.0",
    "ngx-toastr": "19.0.0",
    "node-fetch": "2.7.0",
    "proper-lockfile": "4.1.2",
    "rxjs": "7.8.2",
    "tldjs": "2.3.1",
-    "zone.js": "0.14.10"
+    "zone.js": "0.14.10",
+    "parse5": "7.2.1"
  },
  "engines": {
    "node": "~22.13.0",
--- a/src/abstractions/state.service.ts
+++ b/src/abstractions/state.service.ts
@@ -3,7 +3,7 @@ import { StorageOptions } from "@/jslib/common/src/models/domain/storageOptions"

 import { DirectoryType } from "@/src/enums/directoryType";
 import { Account } from "@/src/models/account";
-import { AzureConfiguration } from "@/src/models/azureConfiguration";
+import { EntraIdConfiguration } from "@/src/models/entraIdConfiguration";
 import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
 import { LdapConfiguration } from "@/src/models/ldapConfiguration";
 import { OktaConfiguration } from "@/src/models/oktaConfiguration";
@@ -17,7 +17,7 @@ export abstract class StateService extends BaseStateServiceAbstraction<Account>
    config:
      | LdapConfiguration
      | GSuiteConfiguration
-      | AzureConfiguration
+      | EntraIdConfiguration
      | OktaConfiguration
      | OneLoginConfiguration,
  ) => Promise<any>;
@@ -25,8 +25,8 @@ export abstract class StateService extends BaseStateServiceAbstraction<Account>
  setLdapConfiguration: (value: LdapConfiguration, options?: StorageOptions) => Promise<void>;
  getGsuiteConfiguration: (options?: StorageOptions) => Promise<GSuiteConfiguration>;
  setGsuiteConfiguration: (value: GSuiteConfiguration, options?: StorageOptions) => Promise<void>;
-  getAzureConfiguration: (options?: StorageOptions) => Promise<AzureConfiguration>;
-  setAzureConfiguration: (value: AzureConfiguration, options?: StorageOptions) => Promise<void>;
+  getEntraConfiguration: (options?: StorageOptions) => Promise<EntraIdConfiguration>;
+  setEntraConfiguration: (value: EntraIdConfiguration, options?: StorageOptions) => Promise<void>;
  getOktaConfiguration: (options?: StorageOptions) => Promise<OktaConfiguration>;
  setOktaConfiguration: (value: OktaConfiguration, options?: StorageOptions) => Promise<void>;
  getOneLoginConfiguration: (options?: StorageOptions) => Promise<OneLoginConfiguration>;
--- a/src/app/tabs/settings.component.html
+++ b/src/app/tabs/settings.component.html
@@ -242,7 +242,7 @@
            </div>
          </div>
        </div>
-        <div [hidden]="directory != directoryType.AzureActiveDirectory">
+        <div [hidden]="directory != directoryType.EntraID">
          <div class="mb-3">
            <label for="identityAuthority" class="form-label">{{
              "identityAuthority" | i18n
@@ -251,10 +251,10 @@
              class="form-select"
              id="identityAuthority"
              name="IdentityAuthority"
-              [(ngModel)]="azure.identityAuthority"
+              [(ngModel)]="entra.identityAuthority"
            >
-              <option value="login.microsoftonline.com">Azure AD Public</option>
-              <option value="login.microsoftonline.us">Azure AD Government</option>
+              <option value="login.microsoftonline.com">Entra Id Public</option>
+              <option value="login.microsoftonline.us">Entra Id Government</option>
            </select>
          </div>
          <div class="mb-3">
@@ -264,7 +264,7 @@
              class="form-control"
              id="tenant"
              name="Tenant"
-              [(ngModel)]="azure.tenant"
+              [(ngModel)]="entra.tenant"
            />
            <div class="form-text">{{ "ex" | i18n }} companyad.onmicrosoft.com</div>
          </div>
@@ -275,29 +275,29 @@
              class="form-control"
              id="applicationId"
              name="ApplicationId"
-              [(ngModel)]="azure.applicationId"
+              [(ngModel)]="entra.applicationId"
            />
          </div>
          <div class="mb-3">
            <label for="secretKey" class="form-label">{{ "secretKey" | i18n }}</label>
            <div class="input-group">
              <input
-                type="{{ showAzureKey ? 'text' : 'password' }}"
+                type="{{ showEntraKey ? 'text' : 'password' }}"
                class="form-control"
                id="secretKey"
                name="SecretKey"
-                [(ngModel)]="azure.key"
+                [(ngModel)]="entra.key"
              />
              <button
                type="button"
                class="btn btn-outline-secondary"
                appA11yTitle="{{ 'toggleVisibility' | i18n }}"
-                (click)="toggleAzureKey()"
+                (click)="toggleEntraKey()"
              >
                <i
                  class="bwi bwi-lg"
                  aria-hidden="true"
-                  [ngClass]="showAzureKey ? 'bwi-eye-slash' : 'bwi-eye'"
+                  [ngClass]="showEntraKey ? 'bwi-eye-slash' : 'bwi-eye'"
                ></i>
              </button>
            </div>
@@ -607,7 +607,7 @@
            <div class="form-text" *ngIf="directory === directoryType.Ldap">
              {{ "ex" | i18n }} (&amp;(givenName=John)(|(l=Dallas)(l=Austin)))
            </div>
-            <div class="form-text" *ngIf="directory === directoryType.AzureActiveDirectory">
+            <div class="form-text" *ngIf="directory === directoryType.EntraID">
              {{ "ex" | i18n }} exclude:joe&#64;company.com
            </div>
            <div class="form-text" *ngIf="directory === directoryType.Okta">
@@ -684,7 +684,7 @@
            <div class="form-text" *ngIf="directory === directoryType.Ldap">
              {{ "ex" | i18n }} (&amp;(objectClass=group)(!(cn=Sales*))(!(cn=IT*)))
            </div>
-            <div class="form-text" *ngIf="directory === directoryType.AzureActiveDirectory">
+            <div class="form-text" *ngIf="directory === directoryType.EntraID">
              {{ "ex" | i18n }} include:Sales,IT
            </div>
            <div class="form-text" *ngIf="directory === directoryType.Okta">
--- a/src/app/tabs/settings.component.ts
+++ b/src/app/tabs/settings.component.ts
@@ -5,7 +5,7 @@ import { LogService } from "@/jslib/common/src/abstractions/log.service";

 import { StateService } from "../../abstractions/state.service";
 import { DirectoryType } from "../../enums/directoryType";
-import { AzureConfiguration } from "../../models/azureConfiguration";
+import { EntraIdConfiguration } from "../../models/entraIdConfiguration";
 import { GSuiteConfiguration } from "../../models/gsuiteConfiguration";
 import { LdapConfiguration } from "../../models/ldapConfiguration";
 import { OktaConfiguration } from "../../models/oktaConfiguration";
@@ -22,13 +22,13 @@ export class SettingsComponent implements OnInit, OnDestroy {
  directoryType = DirectoryType;
  ldap = new LdapConfiguration();
  gsuite = new GSuiteConfiguration();
-  azure = new AzureConfiguration();
+  entra = new EntraIdConfiguration();
  okta = new OktaConfiguration();
  oneLogin = new OneLoginConfiguration();
  sync = new SyncConfiguration();
  directoryOptions: any[];
  showLdapPassword = false;
-  showAzureKey = false;
+  showEntraKey = false;
  showOktaKey = false;
  showOneLoginSecret = false;

@@ -42,7 +42,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
    this.directoryOptions = [
      { name: this.i18nService.t("select"), value: null },
      { name: "Active Directory / LDAP", value: DirectoryType.Ldap },
-      { name: "Azure Active Directory", value: DirectoryType.AzureActiveDirectory },
+      { name: "Entra ID", value: DirectoryType.EntraID },
      { name: "G Suite (Google)", value: DirectoryType.GSuite },
      { name: "Okta", value: DirectoryType.Okta },
      { name: "OneLogin", value: DirectoryType.OneLogin },
@@ -56,10 +56,9 @@ export class SettingsComponent implements OnInit, OnDestroy {
    this.gsuite =
      (await this.stateService.getDirectory<GSuiteConfiguration>(DirectoryType.GSuite)) ||
      this.gsuite;
-    this.azure =
-      (await this.stateService.getDirectory<AzureConfiguration>(
-        DirectoryType.AzureActiveDirectory,
-      )) || this.azure;
+    this.entra =
+      (await this.stateService.getDirectory<EntraIdConfiguration>(DirectoryType.EntraID)) ||
+      this.entra;
    this.okta =
      (await this.stateService.getDirectory<OktaConfiguration>(DirectoryType.Okta)) || this.okta;
    this.oneLogin =
@@ -80,7 +79,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
    await this.stateService.setDirectoryType(this.directory);
    await this.stateService.setDirectory(DirectoryType.Ldap, this.ldap);
    await this.stateService.setDirectory(DirectoryType.GSuite, this.gsuite);
-    await this.stateService.setDirectory(DirectoryType.AzureActiveDirectory, this.azure);
+    await this.stateService.setDirectory(DirectoryType.EntraID, this.entra);
    await this.stateService.setDirectory(DirectoryType.Okta, this.okta);
    await this.stateService.setDirectory(DirectoryType.OneLogin, this.oneLogin);
    await this.stateService.setSync(this.sync);
@@ -135,8 +134,8 @@ export class SettingsComponent implements OnInit, OnDestroy {
    document.getElementById("password").focus();
  }

-  toggleAzureKey() {
-    this.showAzureKey = !this.showAzureKey;
+  toggleEntraKey() {
+    this.showEntraKey = !this.showEntraKey;
    document.getElementById("secretKey").focus();
  }

--- a/src/commands/config.command.ts
+++ b/src/commands/config.command.ts
@@ -8,7 +8,7 @@ import { MessageResponse } from "@/jslib/node/src/cli/models/response/messageRes

 import { StateService } from "../abstractions/state.service";
 import { DirectoryType } from "../enums/directoryType";
-import { AzureConfiguration } from "../models/azureConfiguration";
+import { EntraIdConfiguration } from "../models/entraIdConfiguration";
 import { GSuiteConfiguration } from "../models/gsuiteConfiguration";
 import { LdapConfiguration } from "../models/ldapConfiguration";
 import { OktaConfiguration } from "../models/oktaConfiguration";
@@ -20,7 +20,7 @@ export class ConfigCommand {
  private directory: DirectoryType;
  private ldap = new LdapConfiguration();
  private gsuite = new GSuiteConfiguration();
-  private azure = new AzureConfiguration();
+  private entra = new EntraIdConfiguration();
  private okta = new OktaConfiguration();
  private oneLogin = new OneLoginConfiguration();
  private sync = new SyncConfiguration();
@@ -54,8 +54,11 @@ export class ConfigCommand {
        case "gsuite.key":
          await this.setGSuiteKey(value);
          break;
+        // Azure Active Directory was renamed to Entra ID, but we've kept the old key name
+        // to be backwards compatible with existing configurations.
        case "azure.key":
-          await this.setAzureKey(value);
+        case "entra.key":
+          await this.setEntraIdKey(value);
          break;
        case "okta.token":
          await this.setOktaToken(value);
@@ -102,9 +105,9 @@ export class ConfigCommand {
    await this.saveConfig();
  }

-  private async setAzureKey(key: string) {
+  private async setEntraIdKey(key: string) {
    await this.loadConfig();
-    this.azure.key = key;
+    this.entra.key = key;
    await this.saveConfig();
  }

@@ -127,10 +130,9 @@ export class ConfigCommand {
    this.gsuite =
      (await this.stateService.getDirectory<GSuiteConfiguration>(DirectoryType.GSuite)) ||
      this.gsuite;
-    this.azure =
-      (await this.stateService.getDirectory<AzureConfiguration>(
-        DirectoryType.AzureActiveDirectory,
-      )) || this.azure;
+    this.entra =
+      (await this.stateService.getDirectory<EntraIdConfiguration>(DirectoryType.EntraID)) ||
+      this.entra;
    this.okta =
      (await this.stateService.getDirectory<OktaConfiguration>(DirectoryType.Okta)) || this.okta;
    this.oneLogin =
@@ -144,7 +146,7 @@ export class ConfigCommand {
    await this.stateService.setDirectoryType(this.directory);
    await this.stateService.setDirectory(DirectoryType.Ldap, this.ldap);
    await this.stateService.setDirectory(DirectoryType.GSuite, this.gsuite);
-    await this.stateService.setDirectory(DirectoryType.AzureActiveDirectory, this.azure);
+    await this.stateService.setDirectory(DirectoryType.EntraID, this.entra);
    await this.stateService.setDirectory(DirectoryType.Okta, this.okta);
    await this.stateService.setDirectory(DirectoryType.OneLogin, this.oneLogin);
    await this.stateService.setSync(this.sync);
--- a/src/enums/directoryType.ts
+++ b/src/enums/directoryType.ts
@@ -1,6 +1,6 @@
 export enum DirectoryType {
  Ldap = 0,
-  AzureActiveDirectory = 1,
+  EntraID = 1,
  GSuite = 2,
  Okta = 3,
  OneLogin = 4,
--- a/src/models/account.ts
+++ b/src/models/account.ts
@@ -2,7 +2,7 @@ import { Account as BaseAccount } from "@/jslib/common/src/models/domain/account

 import { DirectoryType } from "@/src/enums/directoryType";

-import { AzureConfiguration } from "./azureConfiguration";
+import { EntraIdConfiguration } from "./entraIdConfiguration";
 import { GSuiteConfiguration } from "./gsuiteConfiguration";
 import { LdapConfiguration } from "./ldapConfiguration";
 import { OktaConfiguration } from "./oktaConfiguration";
@@ -29,7 +29,10 @@ export class ClientKeys {
 export class DirectoryConfigurations {
  ldap: LdapConfiguration;
  gsuite: GSuiteConfiguration;
-  azure: AzureConfiguration;
+  entra: EntraIdConfiguration;
+  // Azure Active Directory was renamed to Entra ID, but we've kept the old account property name
+  // to be backwards compatible with existing configurations.
+  azure: EntraIdConfiguration;
  okta: OktaConfiguration;
  oneLogin: OneLoginConfiguration;
 }
--- a/src/models/entraIdConfiguration.ts
+++ b/src/models/entraIdConfiguration.ts
@@ -1,6 +1,6 @@
 import { IConfiguration } from "./IConfiguration";

-export class AzureConfiguration implements IConfiguration {
+export class EntraIdConfiguration implements IConfiguration {
  identityAuthority: string;
  tenant: string;
  applicationId: string;
--- a/src/program.ts
+++ b/src/program.ts
@@ -190,7 +190,7 @@ export class Program extends BaseProgram {
        writeLn("    server - On-premise hosted installation URL.");
        writeLn("    directory - The type of directory to use.");
        writeLn("    ldap.password - The password for connection to this LDAP server.");
-        writeLn("    azure.key - The Azure AD secret key.");
+        writeLn("    entra.key - The Entra Id secret key.");
        writeLn("    gsuite.key - The G Suite private key.");
        writeLn("    okta.token - The Okta token.");
        writeLn("    onelogin.secret - The OneLogin client secret.");
@@ -202,7 +202,7 @@ export class Program extends BaseProgram {
        writeLn("    bwdc config directory 1");
        writeLn("    bwdc config ldap.password <password>");
        writeLn("    bwdc config ldap.password --secretenv LDAP_PWD");
-        writeLn("    bwdc config azure.key <key>");
+        writeLn("    bwdc config entra.key <key>");
        writeLn("    bwdc config gsuite.key <key>");
        writeLn("    bwdc config okta.token <token>");
        writeLn("    bwdc config onelogin.secret <secret>");
--- a/src/services/directory-factory.service.ts
+++ b/src/services/directory-factory.service.ts
@@ -5,7 +5,7 @@ import { DirectoryFactoryService } from "../abstractions/directory-factory.servi
 import { StateService } from "../abstractions/state.service";
 import { DirectoryType } from "../enums/directoryType";

-import { AzureDirectoryService } from "./azure-directory.service";
+import { EntraIdDirectoryService } from "./entra-id-directory.service";
 import { GSuiteDirectoryService } from "./gsuite-directory.service";
 import { LdapDirectoryService } from "./ldap-directory.service";
 import { OktaDirectoryService } from "./okta-directory.service";
@@ -22,8 +22,8 @@ export class DefaultDirectoryFactoryService implements DirectoryFactoryService {
    switch (directoryType) {
      case DirectoryType.GSuite:
        return new GSuiteDirectoryService(this.logService, this.i18nService, this.stateService);
-      case DirectoryType.AzureActiveDirectory:
-        return new AzureDirectoryService(this.logService, this.i18nService, this.stateService);
+      case DirectoryType.EntraID:
+        return new EntraIdDirectoryService(this.logService, this.i18nService, this.stateService);
      case DirectoryType.Ldap:
        return new LdapDirectoryService(this.logService, this.i18nService, this.stateService);
      case DirectoryType.Okta:
--- a/src/services/entra-id-directory.service.ts
+++ b/src/services/entra-id-directory.service.ts
@@ -9,7 +9,7 @@ import { LogService } from "@/jslib/common/src/abstractions/log.service";

 import { StateService } from "../abstractions/state.service";
 import { DirectoryType } from "../enums/directoryType";
-import { AzureConfiguration } from "../models/azureConfiguration";
+import { EntraIdConfiguration } from "../models/entraIdConfiguration";
 import { GroupEntry } from "../models/groupEntry";
 import { SyncConfiguration } from "../models/syncConfiguration";
 import { UserEntry } from "../models/userEntry";
@@ -17,8 +17,10 @@ import { UserEntry } from "../models/userEntry";
 import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";

-const AzurePublicIdentityAuhtority = "login.microsoftonline.com";
-const AzureGovermentIdentityAuhtority = "login.microsoftonline.us";
+const EntraIdPublicIdentityAuthority = "login.microsoftonline.com";
+const EntraIdPublicGraphEndpoint = "https://graph.microsoft.com";
+const EntraIdGovernmentIdentityAuthority = "login.microsoftonline.us";
+const EntraIdGovernmentGraphEndpoint = "https://graph.microsoft.us";

 const NextLink = "@odata.nextLink";
 const DeltaLink = "@odata.deltaLink";
@@ -32,9 +34,9 @@ enum UserSetType {
  ExcludeGroup,
 }

-export class AzureDirectoryService extends BaseDirectoryService implements IDirectoryService {
+export class EntraIdDirectoryService extends BaseDirectoryService implements IDirectoryService {
  private client: graph.Client;
-  private dirConfig: AzureConfiguration;
+  private dirConfig: EntraIdConfiguration;
  private syncConfig: SyncConfiguration;
  private accessToken: string;
  private accessTokenExpiration: Date;
@@ -50,12 +52,12 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire

  async getEntries(force: boolean, test: boolean): Promise<[GroupEntry[], UserEntry[]]> {
    const type = await this.stateService.getDirectoryType();
-    if (type !== DirectoryType.AzureActiveDirectory) {
+    if (type !== DirectoryType.EntraID) {
      return;
    }

-    this.dirConfig = await this.stateService.getDirectory<AzureConfiguration>(
-      DirectoryType.AzureActiveDirectory,
+    this.dirConfig = await this.stateService.getDirectory<EntraIdConfiguration>(
+      DirectoryType.EntraID,
    );
    if (this.dirConfig == null) {
      return;
@@ -207,7 +209,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
    if (keyword === "excludeadministrativeunit" || keyword === "includeadministrativeunit") {
      for (const p of pieces) {
        let auMembers = await this.client
-          .api(`https://graph.microsoft.com/v1.0/directory/administrativeUnits/${p}/members`)
+          .api(`${this.getGraphApiEndpoint()}/v1.0/directory/administrativeUnits/${p}/members`)
          .get();
        // eslint-disable-next-line
        while (true) {
@@ -457,10 +459,10 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
        const identityAuthority =
          this.dirConfig.identityAuthority != null
            ? this.dirConfig.identityAuthority
-            : AzurePublicIdentityAuhtority;
+            : EntraIdPublicIdentityAuthority;
        if (
-          identityAuthority !== AzurePublicIdentityAuhtority &&
-          identityAuthority !== AzureGovermentIdentityAuhtority
+          identityAuthority !== EntraIdPublicIdentityAuthority &&
+          identityAuthority !== EntraIdGovernmentIdentityAuthority
        ) {
          done(new Error(this.i18nService.t("dirConfigIncomplete")), null);
          return;
@@ -478,7 +480,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
          client_id: this.dirConfig.applicationId,
          client_secret: this.dirConfig.key,
          grant_type: "client_credentials",
-          scope: "https://graph.microsoft.com/.default",
+          scope: `${this.getGraphApiEndpoint()}/.default`,
        });

        const req = https
@@ -542,4 +544,10 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
    exp.setSeconds(exp.getSeconds() + expSeconds);
    this.accessTokenExpiration = exp;
  }
+
+  private getGraphApiEndpoint(): string {
+    return this.dirConfig.identityAuthority === EntraIdGovernmentIdentityAuthority
+      ? EntraIdGovernmentGraphEndpoint
+      : EntraIdPublicGraphEndpoint;
+  }
 }
--- a/src/services/state.service.ts
+++ b/src/services/state.service.ts
@@ -11,7 +11,7 @@ import { StateService as StateServiceAbstraction } from "@/src/abstractions/stat
 import { DirectoryType } from "@/src/enums/directoryType";
 import { IConfiguration } from "@/src/models/IConfiguration";
 import { Account } from "@/src/models/account";
-import { AzureConfiguration } from "@/src/models/azureConfiguration";
+import { EntraIdConfiguration } from "@/src/models/entraIdConfiguration";
 import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
 import { LdapConfiguration } from "@/src/models/ldapConfiguration";
 import { OktaConfiguration } from "@/src/models/oktaConfiguration";
@@ -21,7 +21,10 @@ import { SyncConfiguration } from "@/src/models/syncConfiguration";
 const SecureStorageKeys = {
  ldap: "ldapPassword",
  gsuite: "gsuitePrivateKey",
+  // Azure Active Directory was renamed to Entra ID, but we've kept the old property name
+  // to be backwards compatible with existing configurations.
  azure: "azureKey",
+  entra: "entraKey",
  okta: "oktaToken",
  oneLogin: "oneLoginClientSecret",
  userDelta: "userDeltaToken",
@@ -68,8 +71,8 @@ export class StateService
        case DirectoryType.Ldap:
          (configWithSecrets as any).password = await this.getLdapKey();
          break;
-        case DirectoryType.AzureActiveDirectory:
-          (configWithSecrets as any).key = await this.getAzureKey();
+        case DirectoryType.EntraID:
+          (configWithSecrets as any).key = await this.getEntraKey();
          break;
        case DirectoryType.Okta:
          (configWithSecrets as any).token = await this.getOktaKey();
@@ -93,7 +96,7 @@ export class StateService
    config:
      | LdapConfiguration
      | GSuiteConfiguration
-      | AzureConfiguration
+      | EntraIdConfiguration
      | OktaConfiguration
      | OneLoginConfiguration,
  ): Promise<any> {
@@ -106,11 +109,11 @@ export class StateService
          await this.setLdapConfiguration(ldapConfig);
          break;
        }
-        case DirectoryType.AzureActiveDirectory: {
-          const azureConfig = config as AzureConfiguration;
-          await this.setAzureKey(azureConfig.key);
-          azureConfig.key = StoredSecurely;
-          await this.setAzureConfiguration(azureConfig);
+        case DirectoryType.EntraID: {
+          const entraConfig = config as EntraIdConfiguration;
+          await this.setEntraKey(entraConfig.key);
+          entraConfig.key = StoredSecurely;
+          await this.setEntraConfiguration(entraConfig);
          break;
        }
        case DirectoryType.Okta: {
@@ -187,23 +190,32 @@ export class StateService
    );
  }

-  private async getAzureKey(options?: StorageOptions): Promise<string> {
+  private async getEntraKey(options?: StorageOptions): Promise<string> {
    options = this.reconcileOptions(options, await this.defaultSecureStorageOptions());
    if (options?.userId == null) {
      return null;
    }
+
+    const entraKey = await this.secureStorageService.get<string>(
+      `${options.userId}_${SecureStorageKeys.entra}`,
+    );
+
+    if (entraKey != null) {
+      return entraKey;
+    }
+
    return await this.secureStorageService.get<string>(
      `${options.userId}_${SecureStorageKeys.azure}`,
    );
  }

-  private async setAzureKey(value: string, options?: StorageOptions): Promise<void> {
+  private async setEntraKey(value: string, options?: StorageOptions): Promise<void> {
    options = this.reconcileOptions(options, await this.defaultSecureStorageOptions());
    if (options?.userId == null) {
      return;
    }
    await this.secureStorageService.save(
-      `${options.userId}_${SecureStorageKeys.azure}`,
+      `${options.userId}_${SecureStorageKeys.entra}`,
      value,
      options,
    );
@@ -259,8 +271,8 @@ export class StateService
        return await this.getLdapConfiguration();
      case DirectoryType.GSuite:
        return await this.getGsuiteConfiguration();
-      case DirectoryType.AzureActiveDirectory:
-        return await this.getAzureConfiguration();
+      case DirectoryType.EntraID:
+        return await this.getEntraConfiguration();
      case DirectoryType.Okta:
        return await this.getOktaConfiguration();
      case DirectoryType.OneLogin:
@@ -305,17 +317,28 @@ export class StateService
    );
  }

-  async getAzureConfiguration(options?: StorageOptions): Promise<AzureConfiguration> {
+  async getEntraConfiguration(options?: StorageOptions): Promise<EntraIdConfiguration> {
+    const entraConfig = (
+      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
+    )?.directoryConfigurations?.entra;
+
+    if (entraConfig != null) {
+      return entraConfig;
+    }
+
    return (
      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
    )?.directoryConfigurations?.azure;
  }

-  async setAzureConfiguration(value: AzureConfiguration, options?: StorageOptions): Promise<void> {
+  async setEntraConfiguration(
+    value: EntraIdConfiguration,
+    options?: StorageOptions,
+  ): Promise<void> {
    const account = await this.getAccount(
      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
    );
-    account.directoryConfigurations.azure = value;
+    account.directoryConfigurations.entra = value;
    await this.saveAccount(
      account,
      this.reconcileOptions(options, await this.defaultOnDiskOptions()),
--- a/src/services/stateMigration.service.ts
+++ b/src/services/stateMigration.service.ts
@@ -3,7 +3,7 @@ import { StateMigrationService as BaseStateMigrationService } from "@/jslib/comm

 import { DirectoryType } from "@/src/enums/directoryType";
 import { Account, DirectoryConfigurations, DirectorySettings } from "@/src/models/account";
-import { AzureConfiguration } from "@/src/models/azureConfiguration";
+import { EntraIdConfiguration } from "@/src/models/entraIdConfiguration";
 import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
 import { LdapConfiguration } from "@/src/models/ldapConfiguration";
 import { OktaConfiguration } from "@/src/models/oktaConfiguration";
@@ -14,6 +14,7 @@ const SecureStorageKeys: { [key: string]: any } = {
  ldap: "ldapPassword",
  gsuite: "gsuitePrivateKey",
  azure: "azureKey",
+  entra: "entraIdKey",
  okta: "oktaToken",
  oneLogin: "oneLoginClientSecret",
  directoryConfigPrefix: "directoryConfig_",
@@ -104,13 +105,16 @@ export class StateMigrationService extends BaseStateMigrationService {
      }
    };

-    // Initilize typed objects from key/value pairs in storage to either be saved temporarily until an account is authed or applied to the active account
+    // Initialize typed objects from key/value pairs in storage to either be saved temporarily until an account is authed or applied to the active account
    const getDirectoryConfig = async <T>(type: DirectoryType) =>
      await this.get<T>(SecureStorageKeys.directoryConfigPrefix + type);
    const directoryConfigs: DirectoryConfigurations = {
      ldap: await getDirectoryConfig<LdapConfiguration>(DirectoryType.Ldap),
      gsuite: await getDirectoryConfig<GSuiteConfiguration>(DirectoryType.GSuite),
-      azure: await getDirectoryConfig<AzureConfiguration>(DirectoryType.AzureActiveDirectory),
+      // Azure Active Directory was renamed to Entra ID, but we've kept the old property name
+      // to be backwards compatible with existing configurations.
+      azure: await getDirectoryConfig<EntraIdConfiguration>(DirectoryType.EntraID),
+      entra: await getDirectoryConfig<EntraIdConfiguration>(DirectoryType.EntraID),
      okta: await getDirectoryConfig<OktaConfiguration>(DirectoryType.Okta),
      oneLogin: await getDirectoryConfig<OneLoginConfiguration>(DirectoryType.OneLogin),
    };
Author	SHA1	Message	Date
Andy Pixley	13b5574723	[BRE-831] migrate secrets AKV (#796 )	2025-07-10 12:05:51 -05:00
Jared McCannon	a35d921993	[PM-32177] - Fixing Backward Compatibility with Azure AD (#813 ) * Updating the fetching of the config and key to check entra and check azure afterwards. * Making this camelCase to match other values. (cherry picked from commit `284206b735`)	2025-07-02 09:36:03 -05:00
Vincent Salucci	3a46e1781e	chore: bump version to v2025.6.1 (#812 )	2025-06-30 14:08:03 -05:00
Jared McCannon	dc64f7191e	[PM-21187] Rename Azure AD to Entra ID (#797 ) * Changed label to entraID * Performed rename of Azure AD to Entra ID * Added check to maintain backward compatibility. * Swapping Azure for Entra * one last spot * Adding property for the data.json for backward compatibility. Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * Removing unneeded setting using the old azure property. * Accidentally removed. Adding entra back in. * Adding backward compatibility comment. Added here because it's required for SecureStorageKeys * Adding backward compatibility comments. * Fixing comment * Removing unused fields. --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>	2025-06-27 08:28:04 -05:00
renovate[bot]	570bcf1581	[deps]: Update ts-jest to v29.4.0 (#759 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-26 14:49:56 +01:00
renovate[bot]	fc06bf401a	[deps]: Update electron-log to v5.4.1 (#751 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-26 14:41:01 +01:00
Andy Pixley	61d7c996c1	[BRE-848] Adding Workflow Permissions (#798 )	2025-06-23 11:14:00 -05:00
renovate[bot]	71a19fecaa	[deps]: Update sass-loader to v16.0.5 (#747 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-23 14:51:51 +01:00
renovate[bot]	ae37cea276	[deps]: Update form-data to v4.0.3 (#744 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-23 14:47:48 +01:00
renovate[bot]	09f1f6981c	[deps]: Update @electron/rebuild to v3.7.2 (#741 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-23 14:43:57 +01:00
Vince Grassia	ceff0559f2	Remove checksum assets from releases (#795 )	2025-06-12 12:06:11 -04:00
Matt Andreko	4d55bf0527	Added explicit permissions to check-run (#794 )	2025-06-09 14:55:48 -04:00
renovate[bot]	7347c1992f	[deps]: Update sonarsource/sonarqube-scan-action action to v5 (#790 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-03 14:29:32 -04:00
Brandon Treston	46d2797d8c	Lock file maintenance (#791 ) * [deps]: Lock file maintenance * wip deps --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-03 10:04:15 -04:00
Vincent Salucci	ed58d7c758	chore: bump verstion to v2025.6.0 (#793 )	2025-06-02 11:17:31 -05:00
renovate[bot]	cd6bbd792a	[deps]: Update node-abi to v3.75.0 (#779 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-02 09:52:51 -05:00
Rui Tomé	3b3ea8ac47	[PM-15456] Update AzureDirectoryService to dynamically select Graph API endpoint based on identity authority (public or government) (#777 ) Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>	2025-06-02 14:00:07 +01:00
Matt Andreko	5f9adf9ab7	fix: update scan workflow (#792 )	2025-06-02 08:28:33 -04:00
renovate[bot]	1deb22a446	[deps]: Update eslint-config-prettier to v10.1.5 (#753 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-23 11:29:23 -05:00
renovate[bot]	115a60316d	[deps]: Update lint-staged to v15.5.2 (#757 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-23 11:11:09 -05:00
renovate[bot]	e11225b2ce	[deps]: Update typescript-eslint monorepo to v8.32.1 (#761 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-22 14:51:42 -05:00
renovate[bot]	4909d306ba	[deps]: Update dotenv to v16.5.0 (#749 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-22 10:53:01 -05:00
renovate[bot]	caa8c4d070	[deps]: Update core-js to v3.42.0 (#748 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-21 09:36:15 -04:00
Brandon Treston	ed1d941282	remove dependency (#783 )	2025-05-21 09:31:45 -04:00
renovate[bot]	f6f874360f	[deps]: Update electron-updater to v6.6.2 (#752 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-19 16:54:54 -04:00
renovate[bot]	18b110e70d	[deps]: Update ldapts to v7.4.0 (#756 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-19 12:54:17 -04:00
renovate[bot]	83c42cec73	[deps]: Update type-fest to v4.41.0 (#760 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Brandon Treston <btreston@bitwarden.com>	2025-05-19 11:46:23 -04:00
renovate[bot]	2d80fceb8c	[deps]: Update jest-preset-angular to v14.5.5 (#745 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Brandon Treston <btreston@bitwarden.com>	2025-05-19 11:02:43 -04:00
renovate[bot]	0489f0cbe9	[deps]: Update angular-cli monorepo to v17.3.17 (#742 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Brandon Treston <btreston@bitwarden.com>	2025-05-19 10:19:53 -04:00
Brandon Treston	c5d4cb9fb6	fix null error (#782 )	2025-05-14 11:12:01 -04:00