MicrosoftDocs
diff --git a/‎articles/active-directory/develop/msal-error-handling-js.md
Lines changed: 7 additions & 3 deletions b/‎articles/active-directory/develop/msal-error-handling-js.md
Lines changed: 7 additions & 3 deletions
diff --git a/‎articles/active-directory/saas-apps/adobe-identity-management-provisioning-oidc-tutorial.md
Lines changed: 8 additions & 1 deletion b/‎articles/active-directory/saas-apps/adobe-identity-management-provisioning-oidc-tutorial.md
Lines changed: 8 additions & 1 deletion
diff --git a/‎articles/active-directory/saas-apps/adobe-identity-management-provisioning-tutorial.md
Lines changed: 25 additions & 14 deletions b/‎articles/active-directory/saas-apps/adobe-identity-management-provisioning-tutorial.md
Lines changed: 25 additions & 14 deletions
diff --git a/‎articles/active-directory/saas-apps/oracle-cloud-infrastructure-console-provisioning-tutorial.md
Lines changed: 7 additions & 1 deletion b/‎articles/active-directory/saas-apps/oracle-cloud-infrastructure-console-provisioning-tutorial.md
Lines changed: 7 additions & 1 deletion
diff --git a/‎articles/active-directory/saas-apps/oreilly-learning-platform-provisioning-tutorial.md
Lines changed: 16 additions & 9 deletions b/‎articles/active-directory/saas-apps/oreilly-learning-platform-provisioning-tutorial.md
Lines changed: 16 additions & 9 deletions
@@ -46,11 +46,11 @@ The following error types are available:
 
 - `AuthError`: Base error class for the MSAL.js library, also used for unexpected errors.
 
-- `ClientAuthError`: Error class, which denotes an issue with Client authentication. Most errors that come from the library will be ClientAuthErrors. These errors result from things like calling a login method when login is already in progress, the user cancels the login, and so on.
+- `ClientAuthError`: Error class which denotes an issue with Client authentication. Most errors that come from the library are ClientAuthErrors. These errors result from things like calling a login method when login is already in progress, the user cancels the login, and so on.
 
 - `ClientConfigurationError`: Error class, extends `ClientAuthError` thrown before requests are made when the given user config parameters are malformed or missing.
 
-- `ServerError`: Error class, represents the error strings sent by the authentication server. These may be errors such as invalid request formats or parameters, or any other errors that prevent the server from authenticating or authorizing the user.
+- `ServerError`: Error class, represents the error strings sent by the authentication server. These errors may be invalid request formats or parameters, or any other errors that prevent the server from authenticating or authorizing the user.
 
 - `InteractionRequiredAuthError`: Error class, extends `ServerError` to represent server errors, which require an interactive call. This error is thrown by `acquireTokenSilent` if the user is required to interact with the server to provide credentials or consent for authentication/authorization. Error codes include `"interaction_required"`, `"login_required"`, and `"consent_required"`.
 
@@ -71,7 +71,7 @@ myMSALObj.handleRedirectPromise()
 myMSALObj.acquireTokenRedirect(request);
 ```
 
-The methods for pop-up experience (`loginPopup`, `acquireTokenPopup`) return promises, so you can use the promise pattern (.then and .catch) to handle them as shown:
+The methods for pop-up experience (`loginPopup`, `acquireTokenPopup`) return promises, so you can use the promise pattern (`.then` and `.catch`) to handle them as shown:
 
 ```javascript
 myMSALObj.acquireTokenPopup(request).then(
@@ -144,6 +144,10 @@ When calling an API requiring Conditional Access, you can receive a claims chall
 
 See [How to use Continuous Access Evaluation enabled APIs in your applications](./app-resilience-continuous-access-evaluation.md) for more detail.
 
+### Using other frameworks
+
+Using toolkits like Tauri for registered single page applications (SPAs) with the identity platform are not recognized for production apps. SPAs only support URLs that start with `https` for production apps and `http://localhost` for local development. Prefixes like `tauri://localhost` cannot be used for browser apps. This format can only be supported for mobile or web apps as they have a confidential component unlike browser apps.
+
 [!INCLUDE [Active directory error handling retries](./includes/error-handling-and-tips/error-handling-retries.md)]
 
 ## Next steps
 
@@ -121,6 +121,10 @@ This section guides you through the steps to configure the Azure AD provisioning
    |name.givenName|String||
    |name.familyName|String||
    |urn:ietf:params:scim:schemas:extension:Adobe:2.0:User:emailAliases|String||
+   |urn:ietf:params:scim:schemas:extension:Adobe:2.0:User:eduRole|String||
+
+    > [!NOTE]
+    > The **eduRole** field accepts values like `Teacher or Student`, anything else will be ignored.
 
 1. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to Adobe Identity Management (OIDC)**.
 
@@ -152,7 +156,10 @@ Once you've configured provisioning, use the following resources to monitor your
 
 * Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
 * Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
-* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).  
+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
+
+## Change log
+08/15/2023 - Added support for Schema Discovery.
 
 ## More resources
 
 
@@ -42,6 +42,9 @@ The scenario outlined in this tutorial assumes that you already have the followi
 > [!NOTE]
 > If your organization uses the User Sync Tool or a UMAPI integration, you must first pause the integration. Then, add Azure AD automatic provisioning to automate user management from the Azure portal. Once Azure AD automatic provisioning is configured and running, you can completely remove the User Sync Tool or UMAPI integration.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+
 ## Step 1. Plan your provisioning deployment
 1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
 2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
@@ -115,24 +118,28 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 9. Review the user attributes that are synchronized from Azure AD to Adobe Identity Management in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Adobe Identity Management for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the Adobe Identity Management API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
 
-   |Attribute|Type|
-   |---|---|
-   |userName|String|
-   |emails[type eq "work"].value|String|
-   |active|Boolean|
-   |addresses[type eq "work"].country|String|
-   |name.givenName|String|
-   |name.familyName|String|
-   |urn:ietf:params:scim:schemas:extension:Adobe:2.0:User:emailAliases|String|
+   |Attribute|Type|Supported for filtering|Required by Adobe Identity Management
+   |---|---|---|---|
+   |userName|String|&check;|&check;   
+   |active|Boolean||
+   |emails[type eq "work"].value|String||
+   |addresses[type eq "work"].country|String||
+   |name.givenName|String||
+   |name.familyName|String||
+   |urn:ietf:params:scim:schemas:extension:Adobe:2.0:User:emailAliases|String||
+   |urn:ietf:params:scim:schemas:extension:Adobe:2.0:User:eduRole|String||
+
+    > [!NOTE]
+    > The **eduRole** field accepts values like `Teacher or Student`, anything else will be ignored.
 
 10. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to Adobe Identity Management**.
 
 11. Review the group attributes that are synchronized from Azure AD to Adobe Identity Management in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in Adobe Identity Management for update operations. Select the **Save** button to commit any changes.
 
-      |Attribute|Type|
-      |---|---|
-      |displayName|String|
-      |members|Reference|
+      |Attribute|Type|Supported for filtering|Required by Adobe Identity Management
+      |---|---|---|---|
+      |displayName|String|&check;|&check;
+      |members|Reference||
 
 12. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
 
@@ -157,7 +164,11 @@ Once you've configured provisioning, use the following resources to monitor your
 2. Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
 3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).  
 
-## Additional resources
+## Change log
+07/18/2023 - The app was added to Gov Cloud.
+08/15/2023 - Added support for Schema Discovery.
+
+## More resources
 
 * [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
 * [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
 
@@ -37,6 +37,9 @@ The scenario outlined in this tutorial assumes that you already have the followi
 * An Oracle Cloud Infrastructure Console [tenant](https://www.oracle.com/cloud/sign-in.html?intcmp=OcomFreeTier&source=:ow:o:p:nav:0916BCButton).
 * A user account in Oracle Cloud Infrastructure Console with Admin permissions.
 
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud
+
 ## Step 1. Plan your provisioning deployment
 1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
 2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
@@ -178,7 +181,10 @@ Once you've configured provisioning, use the following resources to monitor your
 * Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
 * If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
 
-## Additional resources
+## Change log
+08/15/2023 - The app was added to Gov Cloud.
+
+## More resources
 
 * [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
 * [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
 
@@ -18,8 +18,8 @@ ms.author: thwimmer
 
 This tutorial describes the steps you need to perform in both O'Reilly learning platform and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users to [O'Reilly learning platform](https://www.oreilly.com/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md). 
 
-
 ## Supported capabilities
+
 > [!div class="checklist"]
 > * Create users in O'Reilly learning platform.
 > * Remove users in O'Reilly learning platform when they do not require access anymore.
@@ -33,31 +33,37 @@ The scenario outlined in this tutorial assumes that you already have the followi
 * [An Azure AD tenant](../develop/quickstart-create-new-tenant.md) 
 * A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
 * A user account in O'Reilly learning platform with Admin permissions.
+* An O'Reilly learning platform single sign-on (SSO) enabled subscription.
 
 ## Step 1. Plan your provisioning deployment
 * Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
 * Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
 * Determine what data to [map between Azure AD and O'Reilly learning platform](../app-provisioning/customize-application-attributes.md).
 
 ## Step 2. Configure O'Reilly learning platform to support provisioning with Azure AD
-Contact O'Reilly learning platform support to configure O'Reilly learning platform to support provisioning with Azure AD.
+
+Before you begin to configure the O'Reilly learning platform to support provisioning with Azure AD, you’ll need to generate a SCIM API token within the O’Reilly Admin Console.
+
+1. Navigate to [O’Reilly Admin Console](https://learning.oreilly.com/) by logging in to your O’Reilly account. 
+1. Once you’ve logged in, click **Admin** in the top navigation and select **Integrations**.
+1. Scroll down to the **API tokens** section. Under API tokens, click **Create token** and select the **SCIM API**. Then give your token a name and expiration date, and click Continue. You’ll receive your API key in a pop-up message prompting you to store a copy of it in a secure place. Once you’ve saved a copy of your key, click the checkbox and Continue.
+1. You will use the O’Reilly SCIM API token in Step 5.
 
 ## Step 3. Add O'Reilly learning platform from the Azure AD application gallery
 
-Add O'Reilly learning platform from the Azure AD application gallery to start managing provisioning to O'Reilly learning platform. If you have previously setup O'Reilly learning platform for SSO you can use the same application. However it's recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md). 
+Add O'Reilly learning platform from the Azure AD application gallery to start managing provisioning to O'Reilly learning platform. If you have previously [set up O'Reilly learning platform for SSO](oreilly-learning-platform-tutorial.md), you can use the same application. However it's recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
 
-## Step 4. Define who will be in scope for provisioning 
+## Step 4. Define who will be in scope for provisioning
 
-The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users to the application. If you choose to scope who will be provisioned based solely on attributes of the user, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md). 
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users to the application. If you choose to scope who will be provisioned based solely on attributes of the user, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
 
 * Start small. Test with a small set of users before rolling out to everyone. When scope for provisioning is set to assigned users, you can control this by assigning one or two users to the app. When scope is set to all users, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
 
 * If you need more roles, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add new roles.
 
+## Step 5. Configure automatic user provisioning to O'Reilly learning platform
 
-## Step 5. Configure automatic user provisioning to O'Reilly learning platform 
-
-This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users in TestApp based on user assignments in Azure AD.
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users in O’Reilly learning platform based on user assignments in Azure AD.
 
 ### To configure automatic user provisioning for O'Reilly learning platform in Azure AD:
 
@@ -77,7 +83,7 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 	![Screenshot of Provisioning tab automatic.](common/provisioning-automatic.png)
 
-1. Under the **Admin Credentials** section, input your O'Reilly learning platform Tenant URL and Secret Token. Click **Test Connection** to ensure Azure AD can connect to O'Reilly learning platform. If the connection fails, ensure your O'Reilly learning platform account has Admin permissions and try again.
+1. Under the **Admin Credentials** section, input your O'Reilly learning platform Tenant URL, which is `https://api.oreilly.com/api/scim/v2`, and Secret Token, which you generated in Step 2. Click **Test Connection** to ensure Azure AD can connect to O'Reilly learning platform. If the connection fails, double-check that your token is correct or [contact the O’Reilly platform integration team](mailto:[email protected]) for help.
 
  	![Screenshot of Token.](common/provisioning-testconnection-tenanturltoken.png)
 
@@ -117,6 +123,7 @@ This section guides you through the steps to configure the Azure AD provisioning
 This operation starts the initial synchronization cycle of all users defined in **Scope** in the **Settings** section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. 
 
 ## Step 6. Monitor your deployment
+
 Once you've configured provisioning, use the following resources to monitor your deployment:
 
 * Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully