Merge pull request #205157 from v-hgampala/aws-client-vpn-git-issue

Product Backlog Item 1988841: SaaS App Tutorial: AWS Client VPN Update

Author: v-regandowner

articles/active-directory/saas-apps/aws-clientvpn-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 06/17/2021
+ms.date: 07/19/2022
 ms.author: jeedes
 
 ---
@@ -96,7 +96,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. Click on **Manifest** and you need to keep the Reply URL as **http** instead of **https** to get the integration working, click on **Save**.
 
-    ![manifest page](./media/aws-clientvpn-tutorial/reply-url.png)
+    ![The Screenshot for the manifest page.](./media/aws-clientvpn-tutorial/reply-url.png)
 
 1. AWS ClientVPN application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
 
@@ -107,11 +107,17 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 	| Name |  Source Attribute|
 	| -------------- | --------- |
 	| memberOf | user.groups |
+    | FirstName | user.givenname |
+    | LastName | user.surname |
 
 1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
 	![The Certificate download link](common/metadataxml.png)
 
+1. In the **SAML Signing Certificate** section, click the edit icon and change the **Signing Option** to **Sign SAML response and assertion**. Click **Save**.
+
+    ![The screenshot for the SAML Signing Certificate page.](./media/aws-clientvpn-tutorial/signing-certificate.png)
+
 1. On the **Set up AWS ClientVPN** section, copy the appropriate URL(s) based on your requirement.
 
 	![Copy configuration URLs](common/copy-configuration-urls.png)