Merge pull request #213050 from omondiatieno/sso-refresh

sso refresh

Author: v-dirichards

articles/active-directory/manage-apps/add-application-portal-setup-sso.md

@@ -1,27 +1,27 @@
 ---
-title: 'Quickstart: Enable single sign-on for an enterprise application'
+title: Enable single sign-on for an enterprise application
 description: Enable single sign-on for an enterprise application in Azure Active Directory.
 services: active-directory
-author: davidmu1
+author: omondiatieno
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: app-mgmt
-ms.topic: quickstart
+ms.topic: how-to
 ms.workload: identity
-ms.date: 09/21/2021
-ms.author: davidmu
+ms.date: 09/29/2022
+ms.author: jomondi
 ms.reviewer: ergleenl
 ms.custom: contperf-fy22q2, mode-other
 #Customer intent: As an administrator of an Azure AD tenant, I want to enable single sign-on for an enterprise application.
 ---
 
-# Quickstart: Enable single sign-on for an enterprise application
+# Enable single sign-on for an enterprise application
 
-In this quickstart, you use the Azure Active Directory Admin Center to enable single sign-on (SSO) for an enterprise application that you added to your Azure Active Directory (Azure AD) tenant. After you configure SSO, your users can sign in by using their Azure AD credentials. 
+In this article, you use the Azure Active Directory Admin Center to enable single sign-on (SSO) for an enterprise application that you added to your Azure Active Directory (Azure AD) tenant. After you configure SSO, your users can sign in by using their Azure AD credentials. 
 
-Azure AD has a gallery that contains thousands of pre-integrated applications that use SSO. This quickstart uses an enterprise application named **Azure AD SAML Toolkit** as an example, but the concepts apply for most pre-configured enterprise applications in the gallery.
+Azure AD has a gallery that contains thousands of pre-integrated applications that use SSO. This article uses an enterprise application named **Azure AD SAML Toolkit 1** as an example, but the concepts apply for most pre-configured enterprise applications in the gallery.
 
-It is recommended that you use a non-production environment to test the steps in this quickstart.
+It is recommended that you use a non-production environment to test the steps in this article.
 
 ## Prerequisites
 
@@ -39,7 +39,7 @@ To enable SSO for an application:
 1. In the left menu, select **Enterprise applications**. The **All applications** pane opens and displays a list of the applications in your Azure AD tenant. Search for and select the application that you want to use. For example, **Azure AD SAML Toolkit 1**.
 1. In the **Manage** section of the left menu, select **Single sign-on** to open the **Single sign-on** pane for editing.
 1. Select **SAML** to open the SSO configuration page. After the application is configured, users can sign in to it by using their credentials from the Azure AD tenant.
-1. The process of configuring an application to use Azure AD for SAML-based SSO varies depending on the application. For any of the enterprise applications in the gallery, use the link to find information about the steps needed to configure the application. The steps for the **Azure AD SAML Toolkit** are listed in this quickstart.
+1. The process of configuring an application to use Azure AD for SAML-based SSO varies depending on the application. For any of the enterprise applications in the gallery, use the **configuration guide** link to find information about the steps needed to configure the application. The steps for the **Azure AD SAML Toolkit 1** are listed in this article.
 
     :::image type="content" source="media/add-application-portal-setup-sso/saml-configuration.png" alt-text="Configure single sign-on for an enterprise application.":::
 
@@ -55,7 +55,7 @@ To configure SSO in Azure AD:
 1. For **Reply URL (Assertion Consumer Service URL)**, enter `https://samltoolkit.azurewebsites.net/SAML/Consume`.
 1. For **Sign on URL**, enter `https://samltoolkit.azurewebsites.net/`.
 1. Select **Save**.
-1. In the **SAML Signing Certificate** section, select **Download** for **Certificate (Raw)** to download the SAML signing certificate and save it to be used later.
+1. In the **SAML Certificates** section, select **Download** for **Certificate (Raw)** to download the SAML signing certificate and save it to be used later.
 
 ## Configure single sign-on in the application
 
@@ -70,15 +70,15 @@ To register a user account with the application:
 
     :::image type="content" source="media/add-application-portal-setup-sso/toolkit-register.png" alt-text="Register a user account in the Azure AD SAML Toolkit application.":::
 
-1. For **Email**, enter the email address of the user that will access the application. For example, in a previous quickstart, the user account was created that uses the address of `[email protected]`. Be sure to change `contoso.com` to the domain of your tenant.
+1. For **Email**, enter the email address of the user that will access the application. Ensure that the user account is already assigned to the application.
 1. Enter a **Password** and confirm it.
 1. Select **Register**.
 
 ### Configure SAML settings
 
-To configure SAML setting for the application:
+To configure SAML settings for the application:
 
-1. Signed in with the credentials of the user account that you created, select **SAML Configuration** at the upper-left corner of the page.
+1. Signed in with the credentials of the user account that you already assigned to the application, select **SAML Configuration** at the upper-left corner of the page.
 1. Select **Create** in the middle of the page.
 1. For **Login URL**, **Azure AD Identifier**, and **Logout URL**, enter the values that you recorded earlier.
 1. Select **Choose file** to upload the certificate that you previously downloaded.
@@ -102,15 +102,12 @@ You can test the single sign-on configuration from the **Set up single sign-on**
 
 To test SSO:
 
-1. In the **Test single sign-on with Azure AD SAML Toolkit 1** section, on the **Set up single sign-on** pane, select **Test**.
+1. In the **Test single sign-on with Azure AD SAML Toolkit 1** section, on the **Set up single sign-on with SAML** pane, select **Test**.
 1. Sign in to the application using the Azure AD credentials of the user account that you assigned to the application.
 
-## Clean up resources
-
-If you are planning to complete the next quickstart, keep the enterprise application that you created. Otherwise, you can consider deleting it to clean up your tenant.
 
 ## Next steps
 
-Learn how to configure the properties of an enterprise application.
-> [!div class="nextstepaction"]
-> [Configure an application](add-application-portal-configure.md)
+- [Manage self service access](manage-self-service-access.md)
+- [Configure user consent](configure-user-consent.md)
+- [Grant tenant-wide admin consent](grant-admin-consent.md)

articles/active-directory/manage-apps/index.yml

@@ -101,6 +101,10 @@ landingContent:
             url: configure-permission-classifications.md
           - text: Manage entitlement
             url: ../governance/entitlement-management-scenarios.md
+      - linkListType: learn
+        links:
+          - text: Configure admin consent workflow
+            url: /training/modules/configure-admin-consent-workflow/
   - title: Maintain an app
     linkLists:
       - linkListType: how-to-guide

articles/active-directory/manage-apps/plan-sso-deployment.md

@@ -108,4 +108,4 @@ The following SSO protocols are available to use:
 
 ## Next steps
 
-- Consider completing the single sign-on training in [Enable single sign-on for applications by using Azure Active Directory](/training/modules/enable-single-sign-on).
+- [Enable single sign-on for applications by using Azure Active Directory](add-application-portal-setup-sso.md).

articles/active-directory/manage-apps/toc.yml

@@ -212,11 +212,13 @@
         href: silverfort-azure-ad-integration.md
     - name: Single sign-on
       items:
-      - name: Linked
+      - name: Enable single sign-on with SAML
+        href: add-application-portal-setup-oidc-sso.md
+      - name: Enable Linked based single sign-on
         href: configure-linked-sign-on.md
-      - name: OpenID Connect
+      - name: Enable OpenID Connect based single sign-on
         href: add-application-portal-setup-oidc-sso.md
-      - name: Password
+      - name: Enable Password based single sign-on
         href: configure-password-single-sign-on-non-gallery-applications.md
     - name: Troubleshoot
       items:

articles/active-directory/manage-apps/what-is-application-management.md

@@ -61,13 +61,13 @@ To [manage access](what-is-access-management.md) for an application, you want to
 
 You can [manage user consent settings](configure-user-consent.md) to choose whether users can allow an application or service to access user profiles and organizational data. When applications are granted access, users can sign in to applications integrated with Azure AD, and the application can access your organization's data to deliver rich data-driven experiences.
 
-Users often are unable to consent to the permissions an application is requesting. Configure the admin consent workflow to allow users to provide a justification and request an administrator's review and approval of an application. For training on how to configure admin consent workflow in your Azure AD tenant, see [Configure admin consent workflow](/training/modules/configure-admin-consent-workflow).
+Users often are unable to consent to the permissions an application is requesting. Configure the admin consent workflow to allow users to provide a justification and request an administrator's review and approval of an application. To learn how to configure admin consent workflow in your Azure AD tenant, see [Configure admin consent workflow](configure-admin-consent-workflow.md).
 
 As an administrator, you can [grant tenant-wide admin consent](grant-admin-consent.md) to an application. Tenant-wide admin consent is necessary when an application requires permissions that regular users aren't allowed to grant, and allows organizations to implement their own review processes. Always carefully review the permissions the application is requesting before granting consent. When an application has been granted tenant-wide admin consent, all users are able to sign into the application unless it has been configured to require user assignment.
 
 ### Single sign-on
 
-Consider implementing SSO in your application. You can manually configure most applications for SSO. The most popular options in Azure AD are [SAML-based SSO and OpenID Connect-based SSO](../develop/active-directory-v2-protocols.md). Before you start, make sure that you understand the requirements for SSO and how to [plan for deployment](plan-sso-deployment.md). For training related to configuring SAML-based SSO for an enterprise application in your Azure AD tenant, see [Enable single sign-on for an application by using Azure Active Directory](/training/modules/enable-single-sign-on).
+Consider implementing SSO in your application. You can manually configure most applications for SSO. The most popular options in Azure AD are [SAML-based SSO and OpenID Connect-based SSO](../develop/active-directory-v2-protocols.md). Before you start, make sure that you understand the requirements for SSO and how to [plan for deployment](plan-sso-deployment.md). For more information on how to configure SAML-based SSO for an enterprise application in your Azure AD tenant, see [Enable single sign-on for an application by using Azure Active Directory](add-application-portal-setup-sso.md).
 
 ### User, group, and owner assignment