Merge pull request #99639 from v-nagta/salesforceupdate

Product Backlog Item 884800: SaaS App Tutorial: Salesforce update

Author: ktoliver

articles/active-directory/saas-apps/media/salesforce-tutorial/salesforcexml.png

@@ -1,25 +1,25 @@
 ---
-title: 'Tutorial: Azure Active Directory Single sign-on (SSO) integration with Salesforce | Microsoft Docs'
+title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Salesforce | Microsoft Docs'
 description: Learn how to configure single sign-on between Azure Active Directory and Salesforce.
 services: active-directory
 documentationCenter: na
 author: jeevansd
-manager: daveba
+manager: mtillman
 ms.reviewer: barbkess
 
 ms.assetid: d2d7d420-dc91-41b8-a6b3-59579e043b35
 ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: tutorial
-ms.date: 08/13/2019
+ms.date: 12/23/2019
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
 ---
-# Tutorial: Azure Active Directory Single sign-on (SSO) integration with Salesforce
+
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with Salesforce
 
 In this tutorial, you'll learn how to integrate Salesforce with Azure Active Directory (Azure AD). When you integrate Salesforce with Azure AD, you can:
 
@@ -66,27 +66,23 @@ Configure and test Azure AD SSO with Salesforce using a test user called **B.Sim
 To configure and test Azure AD SSO with Salesforce, complete the following building blocks:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
-    1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
-    1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-2. **[Configure Salesforce SSO](#configure-salesforce-sso)** - to configure the Single Sign-On settings on application side.
-    1. **[Create Salesforce test user](#create-salesforce-test-user)** - to have a counterpart of B.Simon in Salesforce that is linked to the Azure AD representation of user.
-3. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+    * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+    * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Salesforce SSO](#configure-salesforce-sso)** - to configure the single sign-on settings on application side.
+    * **[Create Salesforce test user](#create-salesforce-test-user)** - to have a counterpart of B.Simon in Salesforce that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
 
 ## Configure Azure AD SSO
 
-In this section, you enable Azure AD single sign-on in the Azure portal.
-
-To configure Azure AD single sign-on with Salesforce, perform the following steps:
-
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
-1. In the [Azure portal](https://portal.azure.com/), on the **Salesforce** application integration page, find the **Manage** section and select **Single sign-on**.
-1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. In the [Azure portal](https://portal.azure.com/), on the **Salesforce** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
-1. On the **Basic SAML Configuration** section, perform the following steps:
+1. On the **Basic SAML Configuration** section, enter the values for the following fields:
 
 	a. In the **Sign-on URL** textbox, type the value using the following pattern:
 
@@ -103,11 +99,11 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
     > [!NOTE]
 	> These values are not real. Update these values with the actual Sign-on URL and Identifier. Contact [Salesforce Client support team](https://help.salesforce.com/support) to get these values.
 
-1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer.
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
 	![The Certificate download link](common/metadataxml.png)
 
-1. On the **Set up Salesforce** section, copy the appropriate URL(s) as per your requirement.
+1. On the **Set up Salesforce** section, copy the appropriate URL(s) based on your requirement.
 
 	![Copy configuration URLs](common/copy-configuration-urls.png)
 
@@ -122,9 +118,6 @@ In this section, you'll create a test user in the Azure portal called B.Simon.
    1. In the **User name** field, enter the [email protected]. For example, `[email protected]`.
    1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
    1. Click **Create**.
-   
-    > [!NOTE]
-    > Salesforce user attributes are case sensitive for SAML validation.
 
 ### Assign the Azure AD test user
 
@@ -146,48 +139,56 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure Salesforce SSO
 
-1. Open a new tab in your browser and sign in to your Salesforce administrator account.
+1. To automate the configuration within Salesforce, you need to install **My Apps Secure Sign-in browser extension** by clicking **Install the extension**.
+
+	![My apps extension](common/install-myappssecure-extension.png)
+
+1. After adding extension to the browser, click on **Set up Salesforce** will direct you to the Salesforce Single Sign-On application. From there, provide the admin credentials to sign into Salesforce Single Sign-On. The browser extension will automatically configure the application for you and automate steps 3-13.
+
+	![Setup configuration](common/setup-sso.png)
+
+1. If you want to setup Salesforce manually, open a new web browser window and sign into your Salesforce company site as an administrator and perform the following steps:
 
-2. Click on the **Setup** under **settings icon** on the top right corner of the page.
+1. Click on the **Setup** under **settings icon** on the top right corner of the page.
 
 	![Configure Single Sign-On](./media/salesforce-tutorial/configure1.png)
 
-3. Scroll down to the **SETTINGS** in the navigation pane, click **Identity** to expand the related section. Then click **Single Sign-On Settings**.
+1. Scroll down to the **SETTINGS** in the navigation pane, click **Identity** to expand the related section. Then click **Single Sign-On Settings**.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-admin-sso.png)
 
-4. On the **Single Sign-On Settings** page, click the **Edit** button.
+1. On the **Single Sign-On Settings** page, click the **Edit** button.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-admin-sso-edit.png)
 
     > [!NOTE]
     > If you are unable to enable Single Sign-On settings for your Salesforce account, you may need to contact [Salesforce Client support team](https://help.salesforce.com/support).
 
-5. Select **SAML Enabled**, and then click **Save**.
+1. Select **SAML Enabled**, and then click **Save**.
 
-      ![Configure Single Sign-On](./media/salesforce-tutorial/sf-enable-saml.png)
+    ![Configure Single Sign-On](./media/salesforce-tutorial/sf-enable-saml.png)
 
-6. To configure your SAML single sign-on settings, click **New from Metadata File**.
+1. To configure your SAML single sign-on settings, click **New from Metadata File**.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-admin-sso-new.png)
 
-7. Click **Choose File** to upload the metadata XML file which you have downloaded from the Azure portal and click **Create**.
+1. Click **Choose File** to upload the metadata XML file which you have downloaded from the Azure portal and click **Create**.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/xmlchoose.png)
 
-8. On the **SAML Single Sign-On Settings** page, fields populate automatically and click save.
+1. On the **SAML Single Sign-On Settings** page, fields populate automatically and click save.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/salesforcexml.png)
 
-9. On the left navigation pane in Salesforce, click **Company Settings** to expand the related section, and then click **My Domain**.
+1. On the left navigation pane in Salesforce, click **Company Settings** to expand the related section, and then click **My Domain**.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-my-domain.png)
 
-10. Scroll down to the **Authentication Configuration** section, and click the **Edit** button.
+1. Scroll down to the **Authentication Configuration** section, and click the **Edit** button.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-edit-auth-config.png)
 
-11. In the **Authentication Configuration** section, Check the **AzureSSO** as **Authentication Service** of your SAML SSO configuration, and then click **Save**.
+1. In the **Authentication Configuration** section, Check the **AzureSSO** as **Authentication Service** of your SAML SSO configuration, and then click **Save**.
 
     ![Configure Single Sign-On](./media/salesforce-tutorial/sf-auth-config.png)
 
@@ -237,4 +238,4 @@ When you click the Salesforce tile in the Access Panel, you should be automatica
 
 - [Configure User Provisioning](salesforce-provisioning-tutorial.md)
 
-- [Try Salesforce with Azure AD](https://aad.portal.azure.com)
+- [Try Salesforce with Azure AD](https://aad.portal.azure.com)