Merge pull request #178931 from v-missam/asana

asana & gov cloud-1

Author: PMEds28

articles/active-directory/saas-apps/15five-provisioning-tutorial.md

@@ -38,6 +38,9 @@ The scenario outlined in this tutorial assumes that you already have the followi
 * [A 15Five tenant](https://www.15five.com/pricing/).
 * A user account in 15Five with Admin permissions.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Step 1. Plan your provisioning deployment
 1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
 2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).

articles/active-directory/saas-apps/4me-provisioning-tutorial.md

@@ -30,6 +30,9 @@ The scenario outlined in this tutorial assumes that you already have the followi
 * [A 4me tenant](https://www.4me.com/trial/)
 * A user account in 4me with Admin permissions.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Add 4me from the gallery
 
 Before configuring 4me for automatic user provisioning with Azure AD, you need to add 4me from the Azure AD application gallery to your list of managed SaaS applications.

articles/active-directory/saas-apps/8x8-provisioning-tutorial.md

@@ -34,6 +34,9 @@ The scenario outlined in this tutorial assumes that you already have the followi
 * An 8x8 user account with administrator permission in [Admin Console](https://vo-cm.8x8.com).
 * [Single Sign-On with Azure AD](./8x8virtualoffice-tutorial.md) has already been configured.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Step 1. Plan your provisioning deployment
 1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
 2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).

articles/active-directory/saas-apps/asana-provisioning-tutorial.md

@@ -1,25 +1,36 @@
 ---
-title: 'Tutorial: User provisioning for Asana - Azure AD'
-description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Asana.
+title: 'Tutorial: Configure Asana for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to automatically provision and de-provision user accounts from Azure AD to Asana.
 services: active-directory
-author: ArvindHarinder1
-manager: CelesteDG
+author: twimmers
+writer: twimmers
+manager: beatrizd
+
+ms.assetid: 274810a2-bd74-4500-95f1-c720abf23541
 ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
 ms.date: 03/27/2019
-ms.author: arvinh
-ms.reviewer: celested
+ms.author: thwimmer
 ---
 
 # Tutorial: Configure Asana for automatic user provisioning
 
-The objective of this tutorial is to show you the steps you need to perform in Asana and Azure Active Directory (Azure AD) to automatically provision and de-provision user accounts from Azure AD to Asana.
+This tutorial describes the steps you need to do in both Asana and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [Asana](https://www.asana.com/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md). 
+
+
+## Capabilities Supported
+> [!div class="checklist"]
+> * Create users in Asana.
+> * Remove users in Asana when they do not require access anymore.
+> * Keep user attributes synchronized between Azure AD and Asana.
+> * Provision groups and group memberships in Asana.
+> * [Single sign-on](asana-tutorial.md) to Asana(recommended).
 
 ## Prerequisites
 
-The scenario outlined in this tutorial assumes that you already have the following items:
+The scenario outlined in this tutorial assumes that you already have the following prerequisites:
 
 * An Azure AD tenant
 * An Asana tenant with an [Enterprise](https://www.asana.com/pricing) plan or better enabled
@@ -28,69 +39,123 @@ The scenario outlined in this tutorial assumes that you already have the followi
 > [!NOTE]
 > Azure AD provisioning integration relies on the [Asana API](https://asana.com/developers/api-reference/users), which is available to Asana.
 
-## Assign users to Asana
+## Step 1. Plan your provisioning deployment
+1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
+1. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+1. Determine what data to [map between Azure AD and Asana](../app-provisioning/customize-application-attributes.md). 
+
+## Step 2. Configure Asana to support provisioning with Azure AD
+ > [!TIP]
+ > To enable SAML-based single sign-on for Asana, follow the instructions provided in the Azure portal. Single sign-on can be configured independently of automatic provisioning, although these two features complement each other.
+
+### Generate Secret Token in Asana
+
+* Sign in to [Asana](https://app.asana.com/) by using your admin account.
+* Select the profile photo from the top bar, and select your current organization-name settings.
+* Go to the **Service Accounts** tab.
+* Select **Add Service Account**.
+* Update **Name** and **About** and the profile photo as needed. Copy the token in **Token**, and select it in Save Changes.
 
-Azure AD uses a concept called *assignments* to determine which users should receive access to selected apps. In the context of automatic user account provisioning, only the users assigned to an application in Azure AD are synchronized.
+## Step 3. Add Asana from the Azure AD application gallery
 
-Before you configure and enable the provisioning service, you must decide which users in Azure AD need access to your Asana app. Then you can assign these users to your Asana app by following the instructions here:
+Add Asana from the Azure AD application gallery to start managing provisioning to Asana. If you have previously setup Asana for SSO, you can use the same application. However it's recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md). 
 
-[Assign a user to an enterprise app](../manage-apps/assign-user-or-group-access-portal.md)
+## Step 4. Define who will be in scope for provisioning 
 
-### Important tips for assigning users to Asana
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
 
-We recommend that you assign a single Azure AD user to Asana to test the provisioning configuration. Additional users can be assigned later.
+* When assigning users and groups to Asana, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add more roles. 
 
-## Configure user provisioning to Asana
+* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md). 
 
-This section guides you through connecting your Azure AD to Asana user account provisioning API. You also configure the provisioning service to create, update, and disable assigned user accounts in Asana based on user assignments in Azure AD.
 
-> [!TIP]
-> To enable SAML-based single sign-on for Asana, follow the instructions provided in the [Azure portal](https://portal.azure.com). Single sign-on can be configured independently of automatic provisioning, although these two features complement each other.
+## Step 5. Configure automatic user provisioning to Asana 
 
-### To configure automatic user account provisioning to Asana in Azure AD
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and groups in Asana based on user and/or group assignments in Azure AD.
 
-1. In the [Azure portal](https://portal.azure.com), browse to the **Azure Active Directory** > **Enterprise Apps** > **All applications** section.
+### To configure automatic user provisioning for Asana in Azure AD:
 
-1. If you already configured Asana for single sign-on, search for your instance of Asana by using the search field. Otherwise, select **Add** and search for **Asana** in the application gallery. Select **Asana** from the search results, and add it to your list of applications.
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
 
-1. Select your instance of Asana, and then select the **Provisioning** tab.
+	![Enterprise applications blade](common/enterprise-applications.png)
 
-1. Set **Provisioning Mode** to **Automatic**.
+1. In the applications list, select **Asana**.
 
-    ![Asana Provisioning](./media/asana-provisioning-tutorial/asanaazureprovisioning.png)
+	![The Asana link in the Applications list](common/all-applications.png)
 
-1. Under the **Admin Credentials** section, follow these instructions to generate the token and enter it in  **Secret Token**:
+1. Select the **Provisioning** tab.
 
-    a. Sign in to [Asana](https://app.asana.com) by using your admin account.
+	![Provisioning tab](common/provisioning.png)
 
-    b. Select the profile photo from the top bar, and select your current organization-name settings.
+1. Set the **Provisioning Mode** to **Automatic**.
 
-    c. Go to the **Service Accounts** tab.
+	![Provisioning tab automatic](common/provisioning-automatic.png)
 
-    d. Select **Add Service Account**.
+1. In the **Admin Credentials** section, input your Asana Tenant URL and Secret Token provided by Asana. Click **Test Connection** to ensure Azure AD can connect to Asana. If the connection fails, contact Asana to check your account setup.
 
-    e. Update **Name** and **About** and the profile photo as needed. Copy the token in **Token**, and select it in **Save Changes**.
+ 	![Token](common/provisioning-testconnection-tenanturltoken.png)
 
-1. In the Azure portal, select **Test Connection** to ensure that Azure AD can connect to your Asana app. If the connection fails, ensure that your Asana account has admin permissions, and try the **Test Connection** step again.
+1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
 
-1. Enter the email address of a person or group that you want to receive provisioning error notifications in  **Notification Email**. Select the check box underneath.
+	![Notification Email](common/provisioning-notification-email.png)
 
 1. Select **Save**.
 
-1. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Asana**.
+1. In the **Mappings** section, select **Synchronize Azure Active Directory Users to Asana**.
 
-1. In the **Attribute Mappings** section, review the user attributes to be synchronized from Azure AD to Asana. The attributes selected as **Matching** properties are used to match the user accounts in Asana for update operations. Select **Save** to commit any changes. For more information, see [Customize user provision attribute mappings](../app-provisioning/customize-application-attributes.md).
+1. Review the user attributes that are synchronized from Azure AD to Asana in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Asana for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you'll need to ensure that the Asana API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
 
-1. To enable the Azure AD provisioning service for Asana, in the **Settings** section, change **Provisioning Status** to **On**.
+   |Attribute|Type|Supported for filtering|Required by Asana|
+   |---|---|---|---|
+   |userName|String|✓|✓|   
+   |active|Boolean|||
+   |name.formatted|String|||
+   |preferredLanguage|String|||
+   |title|String|||
+   |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department|String|||
 
-1. Select **Save**.
 
-Now the initial synchronization starts for any users assigned to Asana in the **Users** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the service is running. Use the **Synchronization Details** section to monitor progress and follow links to provisioning activity logs. The audit logs describe all actions performed by the provisioning service on your Asana app.
+1. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to Asana**.
+
+1. Review the group attributes that are synchronized from Azure AD to Asana in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in Asana for update operations. Select the **Save** button to commit any changes.
+
+      |Attribute|Type|Supported for filtering|Required by Asana|
+      |---|---|---|---|
+      |displayName|String|✓|✓      
+      |members|Reference|||
+
+1. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+1. To enable the Azure AD provisioning service for Asana, change the **Provisioning Status** to **On** in the **Settings** section.
 
-For more information on how to read the Azure AD provisioning logs, see [Report on automatic user account provisioning](../app-provisioning/check-status-user-account-provisioning.md).
+	![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
 
-## Additional resources
+1. Define the users and groups that you would like to provision to Asana by choosing the appropriate values in **Scope** in the **Settings** section.
 
-* [Manage user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
+	![Provisioning Scope](common/provisioning-scope.png)
+
+1. When you're ready to provision, click **Save**.
+
+	![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+
+This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to execute than next cycles, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. 
+
+## Step 6. Monitor your deployment
+Once you've configured provisioning, use the following resources to monitor your deployment:
+
+* Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
+* Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it's to completion
+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).  
+
+## Change log
+
+* 11/06/2021 - Dropped support for **externalId, name.givenName and name.familyName**. Added support for **preferredLanguage , title and urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department**. And enabled **Group Provisioning**.
+
+## More resources
+
+* [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
 * [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
-* [Configure single sign-on](asana-tutorial.md)
+
+## Next steps
+
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)

articles/active-directory/saas-apps/atlassian-cloud-provisioning-tutorial.md

@@ -35,6 +35,9 @@ The scenario outlined in this tutorial assumes that you already have the followi
 * [An Atlassian Cloud tenant](https://www.atlassian.com/licensing/cloud)
 * A user account in Atlassian Cloud with Admin permissions.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Step 1. Plan your provisioning deployment
 1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
 2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).

articles/active-directory/saas-apps/blink-provisioning-tutorial.md

@@ -30,6 +30,9 @@ The scenario outlined in this tutorial assumes that you already have the followi
 * [A Blink tenant](https://joinblink.com/pricing)
 * A user account in Blink with Admin permissions.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Assigning users to Blink
 
 Azure Active Directory uses a concept called *assignments* to determine which users should receive access to selected apps. In the context of automatic user provisioning, only the users and/or group members that have been assigned to an application in Azure AD are synchronized.

articles/active-directory/saas-apps/cisco-webex-provisioning-tutorial.md

@@ -30,6 +30,9 @@ The scenario outlined in this tutorial assumes that you already have the followi
 * [A Cisco Webex tenant](https://www.webex.com/pricing/index.html).
 * A user account in Cisco Webex  with Admin permissions.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Adding Cisco Webex from the gallery
 
 Before configuring Cisco Webex for automatic user provisioning with Azure AD, you need to add Cisco Webex from the Azure AD application gallery to your list of managed SaaS applications.