Merge pull request #209924 from MicrosoftDocs/main

9/01 AM Publish

Author: huypub

articles/active-directory-b2c/enable-authentication-web-api.md

@@ -443,7 +443,7 @@ Under the project root folder, create a *config.json* file, and then add to it t
 ```json
 {
     "credentials": {
-        "tenantName": "<your-tenant-name>",
+        "tenantName": "<your-tenant-name>.onmicrosoft.com",
         "clientID": "<your-webapi-application-ID>",
         "issuer": "https://<your-tenant-name>.b2clogin.com/<your-tenant-ID>/v2.0/"
     },
@@ -470,7 +470,7 @@ In the *config.json* file, update the following properties:
 
 |Section  |Key  |Value  |
 |---------|---------|---------|
-| credentials | tenantName | The first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name) (for example, `contoso`).|
+| credentials | tenantName | Your Azure AD B2C [tenant name/domain name](tenant-management.md#get-your-tenant-name) (for example, `contoso.onmicrosoft.com`).|
 | credentials |clientID | The web API application ID. In the [preceding diagram](#app-registration-overview), it's the application with *App ID: 2*. To learn how to get your web API application registration ID, see [Prerequisites](#prerequisites). |
 | credentials | issuer| The token issuer `iss` claim value. By default, Azure AD B2C returns the token in the following format: `https://<your-tenant-name>.b2clogin.com/<your-tenant-ID>/v2.0/`. Replace `<your-tenant-name>` with the first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name). Replace `<your-tenant-ID>` with your [Azure AD B2C tenant ID](tenant-management.md#get-your-tenant-id). |
 | policies | policyName | The user flows, or custom policy. To learn how to get your user flow or policy, see [Prerequisites](#prerequisites).|

articles/active-directory/fundamentals/whats-new.md

@@ -34,6 +34,22 @@ This page is updated monthly, so revisit it regularly. If you're looking for ite
 
 ## August 2022 
 
+### General Availability - Ability to force reauthentication on Intune enrollment, risky sign-ins, and risky users
+
+
+
+**Type:** New feature  
+**Service category:** Conditional Access  
+**Product capability:** Identity Security & Protection
+
+
+
+Customers can now require a fresh authentication each time a user performs a certain action. Forced reauthentication supports requiring a user to reauthenticate during Intune device enrollment, password change for risky users, and risky sign-ins.
+
+For more information, see: [Configure authentication session management with Conditional Access](../conditional-access/howto-conditional-access-session-lifetime.md#require-reauthentication-every-time)
+
+---
+
 ### General Availability - Multi-Stage Access Reviews
 
 **Type:** Changed feature  

articles/active-directory/hybrid/reference-connect-version-history.md

@@ -36,7 +36,7 @@ Required permissions | For permissions required to apply an update, see [Azure A
 ## Retiring Azure AD Connect 1.x versions
 > [!IMPORTANT]
 > *As of August 31, 2022, all 1.x versions of Azure AD Connect are retired because they include SQL Server 2012 components that will no longer be supported.* Upgrade to the most recent version of Azure AD Connect (2.x version) by that date or [evaluate and switch to Azure AD cloud sync](../cloud-sync/what-is-cloud-sync.md).
-> AADConnect V1.x will stop working on December 31st, due to the decommisioning of the ADAL library service on that date.
+> AADConnect V1.x will stop working on December 31st, due to the decommissioning of the ADAL library service on that date.
 
 ## Retiring Azure AD Connect 2.x versions
 > [!IMPORTANT]

articles/active-directory/hybrid/whatis-azure-ad-connect-v2.md

@@ -94,7 +94,7 @@ Until one of the components that are being retired are actually deprecated, you
 
 We expect TLS 1.0/1.1 to be deprecated in 2022, and you need to make sure you aren't using these protocols by that date as your service may stop working unexpectedly. You can manually configure your server for TLS 1.2 though, and that doesn't require an update of Azure AD Connect to V2 
 
-Azure AD Connect Health will stop working after December 20222. We will auto upgrade all Health agents to a new version before the end of 2022, but we cannot auto upgrade if you are running AADConnect V1 due to compatibility issues with V versions.
+Azure AD Connect Health will stop working after December 2022. We will auto upgrade all Health agents to a new version before the end of 2022, but we cannot auto upgrade if you are running AADConnect V1 due to compatibility issues with V versions.
 
 After December 2022, ADAL is planned to go out of support. When ADAL goes out of support, authentication may stop working unexpectedly, and this will block the Azure AD Connect server from working properly. We strongly advise you to upgrade to Azure AD Connect V2 before December 2022. You can't upgrade to a supported authentication library with your current Azure AD Connect version. 
 

articles/active-directory/saas-apps/syniverse-customer-portal-tutorial.md

@@ -0,0 +1,141 @@
+---
+title: 'Tutorial: Azure AD SSO integration with Syniverse Customer Portal'
+description: Learn how to configure single sign-on between Azure Active Directory and Syniverse Customer Portal.
+services: active-directory
+author: jeevansd
+manager: CelesteDG
+ms.reviewer: CelesteDG
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.topic: tutorial
+ms.date: 08/23/2022
+ms.author: jeedes
+
+---
+
+# Tutorial: Azure AD SSO integration with Syniverse Customer Portal
+
+In this tutorial, you'll learn how to integrate Syniverse Customer Portal with Azure Active Directory (Azure AD). When you integrate Syniverse Customer Portal with Azure AD, you can:
+
+* Control in Azure AD who has access to Syniverse Customer Portal.
+* Enable your users to be automatically signed-in to Syniverse Customer Portal with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+## Prerequisites
+
+To get started, you need the following items:
+
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Syniverse Customer Portal single sign-on (SSO) enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
+
+## Scenario description
+
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* Syniverse Customer Portal supports **SP** and **IDP** initiated SSO.
+* Syniverse Customer Portal supports **Just In Time** user provisioning.
+
+## Add Syniverse Customer Portal from the gallery
+
+To configure the integration of Syniverse Customer Portal into Azure AD, you need to add Syniverse Customer Portal from the gallery to your list of managed SaaS apps.
+
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Syniverse Customer Portal** in the search box.
+1. Select **Syniverse Customer Portal** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
+
+## Configure and test Azure AD SSO for Syniverse Customer Portal
+
+Configure and test Azure AD SSO with Syniverse Customer Portal using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user at Syniverse Customer Portal.
+
+To configure and test Azure AD SSO with Syniverse Customer Portal, perform the following steps:
+
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+    1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+    1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Syniverse Customer Portal SSO](#configure-syniverse-customer-portal-sso)** - to configure the single sign-on settings on application side.
+    1. **[Create Syniverse Customer Portal test user](#create-syniverse-customer-portal-test-user)** - to have a counterpart of B.Simon in Syniverse Customer Portal that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+
+## Configure Azure AD SSO
+
+Follow these steps to enable Azure AD SSO in the Azure portal.
+
+1. In the Azure portal, on the **Syniverse Customer Portal** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+    ![Screenshot shows to edit Basic SAML Configuration.](common/edit-urls.png "Basic Configuration")
+
+1. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.
+
+1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
+
+    In the **Sign-on URL** text box, type one of the following URLs:
+    
+    | **Sign-on URL**|
+    |-------|
+    | `https://symphony.dalab.syniverse.com/ups` |
+    | `https://symphony.syniverse.com/ups` |
+    | `https://symphony-test.dalab.syniverse.com/ups` |
+
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (PEM)** and select **Download** to download the certificate and save it on your computer.
+
+	![Screenshot shows the Certificate download link.](common/certificate-base64-download.png "Certificate")
+
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+   1. In the **Name** field, enter `B.Simon`.  
+   1. In the **User name** field, enter the [email protected]. For example, `[email protected]`.
+   1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+   1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Syniverse Customer Portal.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Syniverse Customer Portal**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure Syniverse Customer Portal SSO
+
+To configure single sign-on on **Syniverse Customer Portal** side, you need to send the downloaded **Certificate (PEM)** and appropriate copied URLs from Azure portal to [Syniverse Customer Portal support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
+
+### Create Syniverse Customer Portal test user
+
+In this section, a user called B.Simon is created in Syniverse Customer Portal. Syniverse Customer Portal supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Syniverse Customer Portal, a new one is created after authentication.
+
+## Test SSO 
+
+In this section, you test your Azure AD single sign-on configuration with following options. 
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Syniverse Customer Portal Sign-on URL where you can initiate the login flow.  
+
+* Go to Syniverse Customer Portal Sign-on URL directly and initiate the login flow from there.
+
+#### IDP initiated:
+
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Syniverse Customer Portal for which you set up the SSO. 
+
+You can also use Microsoft My Apps to test the application in any mode. When you click the Syniverse Customer Portal tile in the My Apps, if configured in SP mode you would be redirected to the application sign-on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Syniverse Customer Portal for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
+
+## Next steps
+
+Once you configure Syniverse Customer Portal you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).

articles/active-directory/saas-apps/toc.yml

@@ -2241,6 +2241,8 @@
         href: synergi-tutorial.md
       - name: Synerise AI Growth Operating System
         href: synerise-ai-growth-ecosystem-tutorial.md
+      - name: Syniverse Customer Portal
+        href: syniverse-customer-portal-tutorial.md
       - name: Sentry
         href: sentry-tutorial.md  
       - name: Syxsense