Merge pull request #208798 from v-hgampala/embark-update

PMEds28 · web-flow · commit 2439ace29a16 · 2022-08-25T09:49:28.000+01:00
Product Backlog Item 2039038: SaaS App Tutorial: Embark Update
diff --git a/articles/active-directory/saas-apps/embark-tutorial.md b/articles/active-directory/saas-apps/embark-tutorial.md
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 02/11/2022
+ms.date: 08/23/2022
 ms.author: jeedes
 
 ---
@@ -33,7 +33,7 @@ To get started, you need the following items:
 
 In this tutorial, you configure and test Azure AD SSO in a test environment.
 
-* Embark supports **SP** initiated SSO.
+* Embark supports **SP and IDP** initiated SSO.
 
 > [!NOTE]
 > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
@@ -73,18 +73,31 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
 
-	In the **Sign on URL** text box, type a URL using the following pattern:
-    `https://<ENVIRONMENT>.ehr.com/microsoftbenefits`
+	a. In the **Identifier** text box, type a URL using the following pattern:
+    `https://<ENVIRONMENT>.ehr.com`
+
+    b. In the **Reply URL** text box, type a URL using the following pattern:
+    `https://<ENVIRONMENT>.ehr.com`
+
+1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
+
+    In the **Sign on URL** text box, type a URL using the following pattern:
+    `https://<ENVIRONMENT>.ehr.com`
 
     > [!NOTE]
-	> The Sign on URL value is not real. Update the value with the actual Sign on URL. Contact [Embark support team](mailto:wtw.software.support.notification@willistowerswatson.com) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [Embark support team](mailto:wtw.software.support.notification@willistowerswatson.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
-1. Your Embark application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows an example for this. The default value of **Unique User Identifier** is **user.userprincipalname** but Embark expects this to be mapped with the user's employee id. For that you can use **user.employeeid** attribute from the list or use the appropriate attribute value based on your organization configuration..
+1. Your Embark application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows an example for this. The default value of **Unique User Identifier** is **user.userprincipalname** but Embark expects this to be mapped with the user's employee id. For that you can use **user.employeeid** attribute from the list or use the appropriate attribute value based on your organization configuration.
 
 	![image](common/default-attributes.png)
 
+1. In addition to above, Embark platform application expects few more attributes to be passed back in SAML response, which are shown below. These attributes are also pre populated but you can review them as per your requirements.
+	
+	| Name | Source Attribute|
+	| --------| --------- |
+	| EmployeeID | user.employeeid |
 
 1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
 
@@ -126,11 +139,18 @@ In this section, you create a user called Britta Simon in Embark. Work with [Em
 
 In this section, you test your Azure AD single sign-on configuration with following options. 
 
-* Click on **Test this application** in Azure portal. This will redirect to Embark Sign-on URL where you can initiate the login flow. 
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Embark platform Sign-on URL where you can initiate the login flow.  
+
+* Go to Embark platform Sign-on URL directly and initiate the login flow from there.
+
+#### IDP initiated:
+
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Embark platform for which you set up the SSO. 
 
-* Go to Embark Sign-on URL directly and initiate the login flow from there.
+You can also use Microsoft My Apps to test the application in any mode. When you click the Embark platform tile in the My Apps, if configured in SP mode you would be redirected to the application sign-on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Embark platform for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
 
-* You can use Microsoft My Apps. When you click the Embark tile in the My Apps, this will redirect to Embark Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
 
 ## Next steps
 
