Restructureing Readme file and moving the get started to another file

Author: Ashkan Sirous

README.md

@@ -36,6 +36,7 @@ Use this reference code to get started on building a [SCIM](https://docs.microso
 |/ResourceTypes|**Retrieve supported resource types.**<br/>The number and types of resources supported by each service provider can vary. (e.g. Service Provider A supports users while Service Provider B supports users and groups).|
 |/ServiceProviderConfig|**Retrieve service provider's SCIM configuration**<br/>The SCIM features supported by each service provider can vary. (e.g. Service Provider A supports Patch operations while Service Provider B supports Patch Operations and Schema Discovery).|
 
+<<<<<<< Updated upstream
 ## Prerequisites
 
 1. [Visual Studio 2019](https://visualstudio.microsoft.com/downloads/) (required)
@@ -138,6 +139,11 @@ Provided below are test cases that you can use to ensure that your SCIM endpoint
 |CRUD operations on a Resource|Test that resources can be made, modified and deleted.|
 |Resource filtering|Test that specific resources are located and returned by filtered value (e.g. **?filters=DisplayName+eq+%22BobIsAmazing%22**).|
 |Attribute filtering|Test that specific attributes are located and returned (e.g. **?attributes=userName,emails**).|
+=======
+## Getting Started
+The `Microsoft.SystemForCrossDomainIdentityManagement` project contains the code base for building a SCIM API. The `Microsoft.SCIM.Sample` project is there as a sample for using the project.
+A step by step guide for starting up with the project can be found [here](docs/Get-Started.md)
+>>>>>>> Stashed changes
 
 ## Navigating the reference code
 
@@ -167,9 +173,7 @@ This reference code was developed as a .Net core MVC web API for SCIM provisioni
 |Add additional filterable attributes|**Steps**<br/>1. Navigate to the **FilterUsers.cs** or **FilterGroups.cs** files located in **ScimReferenceApi > Protocol**.<br/>2. Update the method to include the attributes that you would like to support filtering for. |
 |Support additional user resource extensions|**Steps**<br/>1. Copy the **EnterpriseUser.cs** file located in **ScimReferenceApi > Schemas**.<br/>2. Rename the class to your custom extension name (e.g. customExtensionName.cs)<br/>3. Update the schema to match the desired naming convention.<br/>4. Repeat steps 1 - 3 with the **EnterpriseAttributes.cs** file (located in ScimReferenceApi > Schemas > Attributes) and update it with the attributes that you need.|
 
-## Contents
-
-
+### Contents
 | File/folder       | Description                                |
 |-------------------|--------------------------------------------|
 | `ScimRefrenceAPI` | Sample source code.                        |
@@ -180,6 +184,28 @@ This reference code was developed as a .Net core MVC web API for SCIM provisioni
 | `README.md`       | This README file.                          |
 | `LICENSE`         | The license for the sample.                |
 
+
+## Authorization
+The SCIM standard leaves authentication and authorization relatively open. You could use cookies, basic authentication, TLS client authentication, or any of the other methods listed [here](https://tools.ietf.org/html/rfc7644#section-2). You should take into consideration security and industry best practices when choosing an authentication/authorization method. Avoid insecure methods such as username and password in favor of more secure methods such as OAuth. Azure AD supports long-lived bearer tokens (for gallery and non-gallery applications) as well as the OAuth authorization grant (for applications published in the app gallery). This reference code allows you to either turn authorization off to simplify testing, generate a bearer token, or bring your own bearer token. 
+
+**Option 1**: Turn off authorization (this should only be used for testing) 
+* Navigate to the **UsersController.cs** or **GroupController.cs** files located in **ScimReferenceApi > Controllers**.<br/>2. Comment out the authorize command.
+
+**Option 2**: Get a bearer token signed by Microsoft security bearer (should only be used for testing, not in production) 
+* Post to to the key endpoint with the string "SecureLogin" to retrieve a token. The token is valid for 120 minutes (the validity can be changed in the key controller). 
+
+**Option 3**: Bring your own token
+* **Option 3a**: Generate your own token that matches the specifications of the reference code. 
+  * By default the issuer, audience, and signer must be "Microsoft.Security.Bearer"
+  * These are defaults to get started testing quickly. They should not be relied on in production. 
+* **Option 3b**: Generate your own token and update the specifications of the reference code to match your token. 
+  * Change the specifications in the configure service section of the startup.cs class.
+  * Specify the authorization settings you would like to validate. 
+  * Generate a token on your own that matches those specifications. 
+
+Provided below are test cases that you can use to ensure that your SCIM endpoint is compliant with the SCIM RFC. 
+
+
 ## Contributing to the reference code
 
 This project welcomes contributions and suggestions! Like other open source contributions, you will need to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.