Merge pull request #106116 from ArvindHarinder1/patch-89

PRMerger14 · web-flow · commit 3a92740acd8c · 2020-02-29T06:30:02.000-08:00
Remove development section of SCIM doc
diff --git a/articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md b/articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md
@@ -757,7 +757,7 @@ TLS 1.2 Cipher Suites minimum bar:
 Now that you have desidned your schema and understood the Azure AD SCIM implementation, you can get started developing your SCIM endpoint. Rather than starting from scratch and building the implementation completely on your own, you can rely on a number of open source SCIM libraries published by the SCIM commuinty.  
 The open source .NET Core [reference code](https://aka.ms/SCIMReferenceCode) published by the Azure AD provisioning team is one such resource that can jump start your development. Once you've built your SCIM endpoint, you'll want to test it out. You can use the collection of [postman tests](https://github.com/AzureAD/SCIMReferenceCode/wiki/Test-Your-SCIM-Endpoint) provided as part of the reference code or run through the sample requests / responses provided [above](https://docs.microsoft.com/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#user-operations).  
 
-Here’s how it works:
+ Here’s how it works:
 
 1. Azure AD provides a common language infrastructure (CLI) library named Microsoft.SystemForCrossDomainIdentityManagement, included with the code samples describe below. System integrators and developers can use this library to create and deploy a SCIM-based web service endpoint that can connect Azure AD to any application’s identity store.
 2. Mappings are implemented in the web service to map the standardized user schema to the user schema and protocol required by the application. 
@@ -822,7 +822,6 @@ The easiest way to implement a SCIM endpoint that can accept provisioning reques
 1. Once your configuration is complete, set the **Provisioning Status** to **On**.
 1. Select **Save** to start the Azure AD provisioning service.
 1. If syncing only assigned users and groups (recommended), be sure to select the **Users and groups** tab and assign the users or groups you want to sync.
-
 Once the initial cycle has started, you can select **Audit logs** in the left panel to monitor progress, which shows all actions done by the provisioning service on your app. For more information on how to read the Azure AD provisioning logs, see [Reporting on automatic user account provisioning](check-status-user-account-provisioning.md).
 
 The final step in verifying the sample is to open the TargetFile.csv file in the \AzureAD-BYOA-Provisioning-Samples\ProvisioningAgent\bin\Debug folder on your Windows machine. Once the provisioning process is run, this file shows the details of all assigned and provisioned users and groups.
@@ -960,7 +959,6 @@ Requests from Azure Active Directory include an OAuth 2.0 bearer token.   Any se
    > [!NOTE]
    > It's ***not*** recommended to leave this field blank and rely on a token generated by Azure AD. This option is primarily available for testing purposes.
 Developers using the CLI libraries provided by Microsoft for building a SCIM service can authenticate requests from Azure Active Directory using the Microsoft.Owin.Security.ActiveDirectory package by following these steps: 
-
 First, in a provider, implement the Microsoft.SystemForCrossDomainIdentityManagement.IProvider.StartupBehavior property by having it return a method to be called whenever the service is started: 
 
 ```csharp
@@ -1008,159 +1006,6 @@ Next, add the following code to that method to have any request to any of the se
   }
 ```
 
-### Handling provisioning and deprovisioning of users
-
-***Example 1. Query the service for a matching user***
-
-Azure Active Directory queries the service for a user with an externalId attribute value matching the mailNickname attribute value of a user in Azure AD. The query is expressed as a Hypertext Transfer Protocol (HTTP) request such as this example, wherein jyoung is a sample of a mailNickname of a user in Azure Active Directory.
-
->[!NOTE]
-> This is an example only. Not all users will have a mailNickname attribute, and the value a user has may not be unique in the directory. Also, the attribute used for matching (which in this case is externalId) is configurable in the [Azure AD attribute mappings](customize-application-attributes.md).
-```
-GET https://.../scim/Users?filter=externalId eq jyoung HTTP/1.1
- Authorization: Bearer ...
-```
-
-If the service was built using the CLI libraries provided by Microsoft for implementing SCIM services, then the request is translated into a call to the Query method of the service’s provider.  Here is the signature of that method: 
-
-```csharp
- // System.Threading.Tasks.Tasks is defined in mscorlib.dll.  
- // Microsoft.SystemForCrossDomainIdentityManagement.Resource is defined in 
- // Microsoft.SystemForCrossDomainIdentityManagement.Schemas.  
- // Microsoft.SystemForCrossDomainIdentityManagement.IQueryParameters is defined in 
- // Microsoft.SystemForCrossDomainIdentityManagement.Protocol.  
- System.Threading.Tasks.Task<Microsoft.SystemForCrossDomainIdentityManagement.Resource[]> Query(
-   Microsoft.SystemForCrossDomainIdentityManagement.IQueryParameters parameters, 
-   string correlationIdentifier);
-```
-
-Here is the definition of the Microsoft.SystemForCrossDomainIdentityManagement.IQueryParameters interface: 
-
-```csharp
- public interface IQueryParameters: 
-   Microsoft.SystemForCrossDomainIdentityManagement.IRetrievalParameters
- {
-     System.Collections.Generic.IReadOnlyCollection <Microsoft.SystemForCrossDomainIdentityManagement.IFilter> AlternateFilters 
-     { get; }
- }
- public interface Microsoft.SystemForCrossDomainIdentityManagement.IRetrievalParameters
- {
-   system.Collections.Generic.IReadOnlyCollection<string> ExcludedAttributePaths 
-   { get; }
-   System.Collections.Generic.IReadOnlyCollection<string> RequestedAttributePaths 
-   { get; }
-   string SchemaIdentifier 
-   { get; }
- }
-```
-
-```
-    GET https://.../scim/Users?filter=externalId eq jyoung HTTP/1.1
-    Authorization: Bearer ...
-```
-
-If the service was built using the Common Language Infrastructure libraries provided by Microsoft for implementing SCIM services, then the request is translated into a call to the Query method of the service’s provider.  Here is the signature of that method: 
-
-```csharp
-  // System.Threading.Tasks.Tasks is defined in mscorlib.dll.  
-  // Microsoft.SystemForCrossDomainIdentityManagement.Resource is defined in 
-  // Microsoft.SystemForCrossDomainIdentityManagement.Schemas.  
-  // Microsoft.SystemForCrossDomainIdentityManagement.IQueryParameters is defined in 
-  // Microsoft.SystemForCrossDomainIdentityManagement.Protocol.  
-  System.Threading.Tasks.Task<Microsoft.SystemForCrossDomainIdentityManagement.Resource[]>  Query(
-    Microsoft.SystemForCrossDomainIdentityManagement.IQueryParameters parameters, 
-    string correlationIdentifier);
-```
-
-Here is the definition of the Microsoft.SystemForCrossDomainIdentityManagement.IQueryParameters interface: 
-
-```csharp
-  public interface IQueryParameters: 
-    Microsoft.SystemForCrossDomainIdentityManagement.IRetrievalParameters
-  {
-      System.Collections.Generic.IReadOnlyCollection  <Microsoft.SystemForCrossDomainIdentityManagement.IFilter> AlternateFilters 
-      { get; }
-  }
-  public interface Microsoft.SystemForCrossDomainIdentityManagement.IRetrievalParameters
-  {
-    system.Collections.Generic.IReadOnlyCollection<string> ExcludedAttributePaths 
-    { get; }
-    System.Collections.Generic.IReadOnlyCollection<string> RequestedAttributePaths 
-    { get; }
-    string SchemaIdentifier 
-    { get; }
-  }
-  public interface Microsoft.SystemForCrossDomainIdentityManagement.IFilter
-  {
-      Microsoft.SystemForCrossDomainIdentityManagement.IFilter AdditionalFilter 
-        { get; set; }
-      string AttributePath 
-        { get; } 
-      Microsoft.SystemForCrossDomainIdentityManagement.ComparisonOperator FilterOperator 
-        { get; }
-      string ComparisonValue 
-        { get; }
-  }
-  public enum Microsoft.SystemForCrossDomainIdentityManagement.ComparisonOperator
-  {
-      Equals
-  }
-```
-
-In the following sample of a query for a user with a given value for the externalId attribute, values of the arguments passed to the Query method are: 
-* parameters.AlternateFilters.Count: 1
-* parameters.AlternateFilters.ElementAt(0).AttributePath: "externalId"
-* parameters.AlternateFilters.ElementAt(0).ComparisonOperator: ComparisonOperator.Equals
-* parameters.AlternateFilter.ElementAt(0).ComparisonValue: "jyoung"
-* correlationIdentifier: System.Net.Http.HttpRequestMessage.GetOwinEnvironment["owin.RequestId"] 
-
-***Example 2. Provision a user***
-
-If the response to a query to the web service for a user with an externalId attribute value that matches the mailNickname attribute value of a user doesn't return any users, then Azure Active Directory requests that the service provision a user corresponding to the one in Azure Active Directory.  Here is an example of such a request: 
-
-```
- POST https://.../scim/Users HTTP/1.1
- Authorization: Bearer ...
- Content-type: application/scim+json
- {
-   "schemas":
-   [
-     "urn:ietf:params:scim:schemas:core:2.0:User",
-     "urn:ietf:params:scim:schemas:extension:enterprise:2.0User"],
-   "externalId":"jyoung",
-   "userName":"jyoung",
-   "active":true,
-   "addresses":null,
-   "displayName":"Joy Young",
-   "emails": [
-     {
-       "type":"work",
-       "value":"jyoung@Contoso.com",
-       "primary":true}],
-   "meta": {
-     "resourceType":"User"},
-    "name":{
-     "familyName":"Young",
-     "givenName":"Joy"},
-   "phoneNumbers":null,
-   "preferredLanguage":null,
-   "title":null,
-   "department":null,
-   "manager":null}
-```
-
-The CLI libraries provided by Microsoft for implementing SCIM services would translate that request into a call to the Create method of the service’s provider.  The Create method has this signature:
-
-```csharp
- // System.Threading.Tasks.Tasks is defined in mscorlib.dll.  
- // Microsoft.SystemForCrossDomainIdentityManagement.Resource is defined in 
- // Microsoft.SystemForCrossDomainIdentityManagement.Schemas.  
- System.Threading.Tasks.Task<Microsoft.SystemForCrossDomainIdentityManagement.Resource> Create(
-   Microsoft.SystemForCrossDomainIdentityManagement.Resource resource, 
-   string correlationIdentifier);
-```
-
-In a request to provision a user, the value of the resource argument is an instance of the Microsoft.SystemForCrossDomainIdentityManagement. Core2EnterpriseUser class, defined in the Microsoft.SystemForCrossDomainIdentityManagement.Schemas library.  If the request to provision the user succeeds, then the implementation of the method is expected to return an instance of the Microsoft.SystemForCrossDomainIdentityManagement. Core2EnterpriseUser class, with the value of the Identifier property set to the unique identifier of the newly provisioned user. 
 
 ## Step 4: Integrate your SCIM endpoint with the Azure AD SCIM client
 
