Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into 20230426-backup-controller-database

Author: Mike Ray (Microsoft)

.openpublishing.publish.config.json

@@ -969,6 +969,12 @@
       "branch_mapping": {}
     },
     {
+		"path_to_root": "azure-load-testing-samples",
+		"url": "https://github.com/Azure-Samples/azure-load-testing-samples",
+		"branch": "main",
+		"branch_mapping": {}
+	  },
+	  {
       "path_to_root": "microsoft-graph",
       "url": "https://github.com/MicrosoftGraph/microsoft-graph-docs",
       "branch": "main",

articles/active-directory/fundamentals/multi-tenant-user-management-introduction.md

@@ -55,9 +55,9 @@ Most documentation for B2B refers to an external user as a guest user. It confla
 
 [Cross-tenant synchronization](../multi-tenant-organizations/cross-tenant-synchronization-overview.md) enables multi-tenant organizations to provide seamless access and collaboration experiences to end users, leveraging existing B2B external collaboration capabilities. The feature doesn't allow cross-tenant synchronization across Microsoft sovereign clouds (such as Microsoft 365 US Government GCC High, DOD or Office 365 in China). See [Common considerations for multi-tenant user management](multi-tenant-common-considerations.md#cross-tenant-synchronization) for help with automated and custom cross-tenant synchronization scenarios.
 
-Watch John Savill talk about the cross-tenant sync capability in Azure AD (embedded below).
+Watch Arvind Harinder talk about the cross-tenant sync capability in Azure AD (embedded below).
 
-> [!VIDEO https://www.youtube.com/embed/z0J5kteqUVQ]
+> [!VIDEO https://www.youtube.com/embed/7B-PQwNfGBc]
 
 The following conceptual and how-to articles provide information about Azure AD B2B collaboration and cross-tenant synchronization.
 
@@ -119,7 +119,7 @@ Organizations initially focus on requirements that they want in place for immedi
 - **Single Sign On:** Enable users to access resources across the organization without the need to enter more credentials.
 ### Patterns for account creation 
 
-Microsoft mechanisms for creating and managing the lifecycle of your external user accounts follow three common patterns. You can use these patterns to help define and implement your requirements. Choose the pattern that best aligns with your scenario and then focus on the pattern details.
+Microsoft mechanisms for creating and managing the lifecycle of your external user accounts follow three common patterns. You can use these patterns to help define and implement your requirements. Choose the pattern that best aligns with your scenario and then focus on the pattern details.  
 
 | Mechanism |  Description | Best when |
 | - | - | - |

articles/active-directory/fundamentals/multi-tenant-user-management-scenarios.md

@@ -165,13 +165,13 @@ This scenario requires automatic synchronization and identity management to conf
 
 This section describes three techniques for automating account provisioning in the automated scenario.
 
-#### Technique 1: Use the [built-in cross-tenant synchronization capability in Azure AD](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/seamless-application-access-and-lifecycle-management-for-multi/ba-p/3728752)
+#### Technique 1: Use the [built-in cross-tenant synchronization capability in Azure AD](../multi-tenant-organizations/cross-tenant-synchronization-overview.md)
 
 This approach only works when all tenants that you need to synchronize are in the same cloud instance (such as Commercial to Commercial).
 
 #### Technique 2: Provision accounts with Microsoft Identity Manager
 
-Use an external Identity and Access Management (IAM) solution such as [Microsoft Identity Manager](https://microsoft.sharepoint-df.com/microsoft-identity-manager/microsoft-identity-manager-2016) (MIM) as a synchronization engine.
+Use an external Identity and Access Management (IAM) solution such as [Microsoft Identity Manager](/microsoft-identity-manager/microsoft-identity-manager-2016) (MIM) as a synchronization engine.
 
 This advanced deployment uses MIM as a synchronization engine. MIM calls the [Microsoft Graph API](https://developer.microsoft.com/graph) and [Exchange Online PowerShell](/powershell/exchange/exchange-online/exchange-online-powershell?view=exchange-ps&preserve-view=true). Alternative implementations can include the cloud-hosted [Active Directory Synchronization Service](/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview) (ADSS) managed service offering from [Microsoft Industry Solutions](https://www.microsoft.com/industrysolutions). There are non-Microsoft offerings that you can create from scratch with other IAM offerings (such as SailPoint, Omada, and OKTA).
 

articles/active-directory/fundamentals/multilateral-federation-solution-one.md

@@ -81,6 +81,19 @@ The following are some of the trade-offs of using this solution:
 
 * **Subscription required for Cirrus Bridge** - An annual subscription is required for the Cirrus Bridge. The subscription fee is based on anticipated annual authentication usage of the bridge.
 
+## Migration resources
+
+The following are resources to help with your migration to this solution architecture.
+
+| Migration Resource   | Description           |
+| - | - |
+| [Resources for migrating applications to Azure Active Directory (Azure AD)](../manage-apps/migration-resources.md) | List of resources to help you migrate application access and authentication to Azure AD |
+| [Azure AD custom claims provider](../develop/custom-claims-provider-overview.md)|This article provides an overview to the Azure AD custom claims provider |
+| [Custom security attributes documentation](../fundamentals/custom-security-attributes-manage.md) | This article describes how to manage access to custom security attributes |
+| [Azure AD SSO integration with Cirrus Identity Bridge](../saas-apps/cirrus-identity-bridge-for-azure-ad-tutorial.md) | Tutorial to integrate Cirrus Identity Bridge for Azure AD with Azure AD |
+| [Cirrus Identity Bridge Overview](https://blog.cirrusidentity.com/documentation/azure-bridge-setup-rev-6.0) | Link to the documentation for the Cirrus Identity Bridge |
+| [Azure MFA deployment considerations](../authentication/howto-mfa-getstarted.md) | Link to guidance for configuring multi-factor authentication (MFA) using Azure AD | 
+
 ## Next steps
 
 See these other multilateral federation articles:

articles/active-directory/fundamentals/multilateral-federation-solution-three.md

@@ -48,6 +48,14 @@ The following are some of the trade-offs of using this solution:
 
 * **Significant ongoing staff allocation** - IT staff must maintain infrastructure and software for the authentication solution. Any staff attrition might introduce risk.
 
+## Migration resources
+
+The following are resources to help with your migration to this solution architecture.
+
+| Migration Resource   | Description           |
+| - | - |
+| [Resources for migrating applications to Azure Active Directory (Azure AD)](../manage-apps/migration-resources.md) | List of resources to help you migrate application access and authentication to Azure AD |
+
 ## Next steps
 
 See these related multilateral federation articles:

articles/active-directory/fundamentals/multilateral-federation-solution-two.md

@@ -62,6 +62,16 @@ The following are some of the trade-offs of using this solution:
     denominator (optimize for security controls, but at the expense of
     user friction) with limited ability to make granular decisions.
 
+## Migration resources
+
+The following are resources to help with your migration to this solution architecture.
+
+| Migration Resource   | Description           |
+| - | - |
+| [Resources for migrating applications to Azure Active Directory (Azure AD)](../manage-apps/migration-resources.md) | List of resources to help you migrate application access and authentication to Azure AD |
+| [Configuring Shibboleth as SAML Proxy](https://shibboleth.atlassian.net/wiki/spaces/KB/pages/1467056889/Using+SAML+Proxying+in+the+Shibboleth+IdP+to+connect+with+Azure+AD) | Link to a Shibboleth article that describes how to use the SAML proxying feature to connect Shibboleth IdP to Azure AD |
+| [Azure MFA deployment considerations](../authentication/howto-mfa-getstarted.md) | Link to guidance for configuring multi-factor authentication (MFA) using Azure AD |
+
 ## Next steps
 
 See these other multilateral federation articles:

articles/active-directory/saas-apps/alvao-provisioning-tutorial.md

@@ -40,7 +40,8 @@ The scenario outlined in this tutorial assumes that you already have the followi
 1. Determine what data to [map between Azure AD and ALVAO](../app-provisioning/customize-application-attributes.md).
 
 ## Step 2. Configure ALVAO to support provisioning with Azure AD
-Contact ALVAO support to configure ALVAO to support provisioning with Azure AD.
+1. Find your **Tenant SCIM Endpoint URL**, which is in the form: {ALVAO REST API address}/scim, for example, https://app.contoso.com/alvaorestapi/scim.
+1. Generate a new **Secret Token** in **WebApp - Administration - Settings - [Active Directory and Azure Active Directory](https://doc.alvao.com/en/11.1/list-of-windows/alvao-webapp/administration/settings/activedirectory)** and copy its value.
 
 ## Step 3. Add ALVAO from the Azure AD application gallery
 
@@ -115,6 +116,10 @@ This section guides you through the steps to configure the Azure AD provisioning
    |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization|String||
    |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department|String||
    |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager|String||
+   > [!NOTE]
+   >For advanced settings see:
+   > * [Mapping SCIM attributes to user fields](https://doc.alvao.com/en/11.1/alvao-asset-management/implementation/users/authentication/aad/provisioning/person-attribute-mapping)
+   > * [Mapping SCIM attributes to object properties](https://doc.alvao.com/en/11.1/alvao-asset-management/implementation/users/authentication/aad/provisioning/object-attribute-mapping)
 
 1. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to ALVAO**.
 

articles/active-directory/saas-apps/code42-provisioning-tutorial.md

@@ -39,9 +39,6 @@ The scenario outlined in this tutorial assumes that you already have the followi
 * A Code42 tenant with Identity Management enabled.
 * A Code42 user account with [Customer Cloud Admin](https://support.code42.com/Administrator/Cloud/Monitoring_and_managing/Roles_reference#Customer_Cloud_Admin) permission.
 
-> [!NOTE]
-> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
-
 ## Step 1. Plan your provisioning deployment
 1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
 2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
@@ -169,4 +166,4 @@ Once you've configured provisioning, use the following resources to monitor your
 
 ## Next steps
 
-* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)

articles/active-directory/saas-apps/locus-tutorial.md

@@ -0,0 +1,103 @@
+---
+title: Azure Active Directory SSO integration with Locus
+description: Learn how to configure single sign-on between Azure Active Directory and Locus.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: how-to
+ms.date: 04/26/2023
+ms.author: jeedes
+
+---
+
+# Azure Active Directory SSO integration with Locus
+
+In this article, you learn how to integrate Locus with Azure Active Directory (Azure AD). Locus is a real-world ready dispatch management platform for last-mile excellence. When you integrate Locus with Azure AD, you can:
+
+* Control in Azure AD who has access to Locus.
+* Enable your users to be automatically signed-in to Locus with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+You configure and test Azure AD single sign-on for Locus in a test environment. Locus supports **SP** initiated single sign-on.
+
+## Prerequisites
+
+To integrate Azure Active Directory with Locus, you need:
+
+* An Azure AD user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+* One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Locus single sign-on (SSO) enabled subscription.
+
+## Add application and assign a test user
+
+Before you begin the process of configuring single sign-on, you need to add the Locus application from the Azure AD gallery. You need a test user account to assign to the application and test the single sign-on configuration.
+
+### Add Locus from the Azure AD gallery
+
+Add Locus from the Azure AD application gallery to configure single sign-on with Locus. For more information on how to add application from the gallery, see the [Quickstart: Add application from the gallery](../manage-apps/add-application-portal.md).
+
+### Create and assign Azure AD test user
+
+Follow the guidelines in the [create and assign a user account](../manage-apps/add-application-portal-assign-users.md) article to create a test user account in the Azure portal called B.Simon.
+
+Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, and assign roles. The wizard also provides a link to the single sign-on configuration pane in the Azure portal. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides). 
+
+## Configure Azure AD SSO
+
+Complete the following steps to enable Azure AD single sign-on in the Azure portal.
+
+1. In the Azure portal, on the **Locus** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, select the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+   ![Screenshot shows how to edit Basic SAML Configuration.](common/edit-urls.png "Basic Configuration")
+
+1. On the **Basic SAML Configuration** section, perform the following steps:
+
+    a. In the **Identifier** textbox, type a value using the following pattern:
+    `urn:auth0:locus-aws-us-east-1:<ConnectionName>`
+
+    b. In the **Reply URL** textbox, type a URL using the following pattern:
+    `https://accounts.locus-dashboard.com/login/callback?connection=<ConnectionName>`
+
+    c. In the **Sign on URL** textbox, type a URL using the following pattern:
+    `https://<ClientId>.locus-dashboard.com/#/login/sso?clientId=<ClientId>&connection=<ConnectionName>`
+    
+    > [!NOTE]
+    > These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [Locus Client support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
+
+    ![Screenshot shows the Certificate download link.](common/copy-metadataurl.png "Certificate")
+
+## Configure Locus SSO
+
+To configure single sign-on on **Locus** side, you need to send the **App Federation Metadata Url** to [Locus support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
+
+### Create Locus test user
+
+In this section, you create a user called Britta Simon at Locus. Work with [Locus support team](mailto:[email protected]) to add the users in the Locus platform. Users must be created and activated before you use single sign-on.
+
+## Test SSO 
+
+In this section, you test your Azure AD single sign-on configuration with following options. 
+
+* Click on **Test this application** in Azure portal. This will redirect to Locus Sign-on URL where you can initiate the login flow. 
+
+* Go to Locus Sign-on URL directly and initiate the login flow from there.
+
+* You can use Microsoft My Apps. When you click the Locus tile in the My Apps, this will redirect to Locus Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
+
+## Additional resources
+
+* [What is single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+* [Plan a single sign-on deployment](../manage-apps/plan-sso-deployment.md).
+
+## Next steps
+
+Once you configure Locus you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).