From cad1227c372e071045533042fa79e4bf6d930099 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Thu, 6 Nov 2025 08:20:02 +0200
Subject: [PATCH 1/3] WIP

---
 .../dashboards/dashboards.md                     | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md b/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md
index b67b8efeac..a2d070b64e 100644
--- a/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md
+++ b/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md
@@ -428,7 +428,21 @@ Note that the iframe request is made directly from the end user’s browser, not
 If you are implementing IP whitelisting at the network or firewall level, you will need to account for the IP addresses of the users accessing the embedded dashboard - not the IP of Port itself.
 :::
 
-![iFrame](/img/software-catalog/widgets/iframeWidget.png)
+<img src="/img/software-catalog/widgets/iframeWidget.png" border='1px' style={{borderRadius:'6x'}} />
+
+#### Protected URL Authentication
+
+When configuring an **Iframe widget** with a **Protected URL Type**, you can control **how the OAuth login flow is opened**.
+
+A **use pop-up for authentication URL** toggle, lets you choose whether the login flow runs **inside the Iframe** or in a **separate popup window**.
+
+* **Default:** The toggle will be off, which means the login happens inside the Iframe.
+* **When ON:** The login opens in a popup window.
+
+:::info Browser Pop-up Settings
+Make sure your **browser allows pop-ups** for the Port app’s domain.
+If pop-ups are blocked at the browser level, the authentication window will not open and the Iframe widget will fail to load.
+:::
 
 #### Widget properties
 

From 7afefe878916b467f40f72a2bd9c0d5b7b7676b5 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Thu, 6 Nov 2025 10:44:20 +0200
Subject: [PATCH 2/3] add iframe OAuth toggle for protected URL documentation

---
 .../dashboards/dashboards.md                  | 37 +++++++++----------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md b/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md
index a2d070b64e..b35c1379ae 100644
--- a/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md
+++ b/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md
@@ -430,33 +430,32 @@ If you are implementing IP whitelisting at the network or firewall level, you wi
 
 <img src="/img/software-catalog/widgets/iframeWidget.png" border='1px' style={{borderRadius:'6x'}} />
 
-#### Protected URL Authentication
+#### URL type
 
-When configuring an **Iframe widget** with a **Protected URL Type**, you can control **how the OAuth login flow is opened**.
+When configuring an **Iframe widget**, you can specify whether the URL is `public` or `protected`.
 
-A **use pop-up for authentication URL** toggle, lets you choose whether the login flow runs **inside the Iframe** or in a **separate popup window**.
+For the `protected` URL type, you can configure how the OAuth authentication flow is handled using the **"Use pop-up for authentication URL"** toggle:
 
-* **Default:** The toggle will be off, which means the login happens inside the Iframe.
-* **When ON:** The login opens in a popup window.
+- **Toggle off (default)**: The OAuth login flow runs inside the Iframe.
+- **Toggle on**: The OAuth login flow opens in a separate pop-up window.
 
-:::info Browser Pop-up Settings
-Make sure your **browser allows pop-ups** for the Port app’s domain.
-If pop-ups are blocked at the browser level, the authentication window will not open and the Iframe widget will fail to load.
+:::info Browser pop-up settings
+If you enable the pop-up option, ensure your browser allows pop-ups for the Port app’s domain. If pop-ups are blocked at the browser level, the authentication window will not open and the Iframe widget will fail to load.
 :::
 
 #### Widget properties
 
-| Field               | Type           | Description                                                                                                                                            | Default | Required |
-| ------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | -------- |
-| `Title`             | `String`       | Iframe widget title                                                                                                                                    | `null`  | `true`   |
-| `Icon`              | `String`       | Iframe widget Icon                                                                                                                                     | `null`  | `false`  |
-| `Description`       | `String`       | Iframe widget description                                                                                                                              | `null`  | `false`  |
-| `URL`               | `String`       | Iframe widget url                                                                                                                                      | `null`  | `false`  |
-| `URL type`          | `String`       | `public` or `protect`                                                                                                                                  | `null`  | `false`  |
-| `Authorization Url` | `URL String`   | If the `URL type` is `protected` this will be required. Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce) | `null`  | `false`  |
-| `clientId`          | `String`       | If the `URL type` is `protected` this will be required. Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce) | `null`  | `false`  |
-| `Scopes`            | `String Array` | If the `URL type` is `protected` this will be required. Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce) | `null`  | `false`  |
-| `Token URL`         | `URL String`   | If the `URL type` is `protected` this will be required. Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce) | `null`  | `false`  |
+| Field  | Type |Description | Default | Required |
+| ------- | -------------- | ---------------- | ------- | -------- |
+| `Title`   | `String`       | Iframe widget title   | `null`  | `true`   |
+| `Icon`              | `String`       | Iframe widget icon.  | `null`  | `false`  |
+| `Description`       | `String`       | Iframe widget description.      | `null`  | `false`  |
+| `URL`               | `String`       | Iframe widget url.           | `null`  | `false`  |
+| `URL type`          | `String`       | `public` or `protect`.     | `null`  | `false`  |
+| `Authorization Url` | `URL String`   | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null`  | `false`  |
+| `clientId`          | `String`       | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null`  | `false`  |
+| `Scopes`            | `String Array` | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null`  | `false`  |
+| `Token URL`         | `URL String`   | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null`  | `false`  |
 
 ### Action card
 

From bb0c0fc6ce1d6fe4895e4a565dd2f7cba5b4bb6f Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Thu, 6 Nov 2025 16:03:02 +0200
Subject: [PATCH 3/3] update the iframe documentation according to Naama's
 comments

---
 .../dashboards/dashboards.md                                  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md b/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md
index b35c1379ae..6e71292a42 100644
--- a/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md
+++ b/docs/customize-pages-dashboards-and-plugins/dashboards/dashboards.md
@@ -439,6 +439,8 @@ For the `protected` URL type, you can configure how the OAuth authentication flo
 - **Toggle off (default)**: The OAuth login flow runs inside the Iframe.
 - **Toggle on**: The OAuth login flow opens in a separate pop-up window.
 
+If the **Authorization URL** points to Microsoft Entra ID (`https://login.microsoftonline.com`), the toggle is automatically turned on, since Entra ID login pages include security headers that prevent them from being displayed inside an Iframe.
+
 :::info Browser pop-up settings
 If you enable the pop-up option, ensure your browser allows pop-ups for the Port app’s domain. If pop-ups are blocked at the browser level, the authentication window will not open and the Iframe widget will fail to load.
 :::
@@ -452,7 +454,7 @@ If you enable the pop-up option, ensure your browser allows pop-ups for the Port
 | `Description`       | `String`       | Iframe widget description.      | `null`  | `false`  |
 | `URL`               | `String`       | Iframe widget url.           | `null`  | `false`  |
 | `URL type`          | `String`       | `public` or `protect`.     | `null`  | `false`  |
-| `Authorization Url` | `URL String`   | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null`  | `false`  |
+| `Authentication Url` | `URL String`   | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null`  | `false`  |
 | `clientId`          | `String`       | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null`  | `false`  |
 | `Scopes`            | `String Array` | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null`  | `false`  |
 | `Token URL`         | `URL String`   | If the `URL type` is `protected` this will be required. <br></br>Read more about it [here](/build-your-software-catalog/customize-integrations/configure-data-model/setup-blueprint/properties/embedded-url/authentication/#authentication-code-flow--pkce). | `null`  | `false`  |