Merge pull request #101370 from v-hagamp/featuredapp7

v-albemi · web-flow · commit 7681c8e162f9 · 2020-01-20T14:03:16.000-08:00
Product Backlog Item 897190: SaaS App Tutorial: Description Update fo…
diff --git a/articles/active-directory/saas-apps/netsuite-tutorial.md b/articles/active-directory/saas-apps/netsuite-tutorial.md
@@ -13,7 +13,7 @@ ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
 ms.topic: tutorial
-ms.date: 01/10/2020
+ms.date: 01/16/2020
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
@@ -45,6 +45,7 @@ NetSuite supports:
 * IDP-initiated SSO.
 * JIT (just-in-time) user provisioning.
 * [Automated user provisioning](NetSuite-provisioning-tutorial.md).
+* Once you configure the NetSuite you can enforce session controls, which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-aad)
 
 > [!NOTE]
 > Because the identifier of this application is a fixed string value, only one instance can be configured in one tenant.
@@ -262,3 +263,6 @@ When you select the NetSuite tile in the Access Panel, you should be automatical
 - [What is application access and single sign-on with Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/active-directory-appssoaccess-whatis)
 - [What is conditional access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
 - [Try NetSuite with Azure AD](https://aad.portal.azure.com/)
+- [What is session control in Microsoft Cloud App Security?](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
+
+- [How to protect NetSuite with advanced visibility and controls](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
diff --git a/articles/active-directory/saas-apps/oracle-cloud-tutorial.md b/articles/active-directory/saas-apps/oracle-cloud-tutorial.md
@@ -12,9 +12,8 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: tutorial
-ms.date: 07/26/2019
+ms.date: 01/16/2020
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
@@ -39,7 +38,10 @@ To get started, you need the following items:
 
 ## Scenario description
 
-In this tutorial, you configure and test Azure AD SSO in a test environment. Oracle Cloud Infrastructure Console supports **SP** initiated SSO.
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* Oracle Cloud Infrastructure Console supports **SP** initiated SSO.
+* Once you configure the Oracle Cloud Infrastructure Console you can enforce session controls, which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-aad)
 
 ## Adding Oracle Cloud Infrastructure Console from the gallery
 
@@ -59,10 +61,10 @@ Configure and test Azure AD SSO with Oracle Cloud Infrastructure Console using a
 To configure and test Azure AD SSO with Oracle Cloud Infrastructure Console, complete the following building blocks:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** to enable your users to use this feature.
+    1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** to test Azure AD single sign-on with B. Simon.
+    1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** to enable B. Simon to use Azure AD single sign-on.
 1. **[Configure Oracle Cloud Infrastructure Console](#configure-oracle-cloud-infrastructure-console)** to configure the SSO settings on application side.
-1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** to test Azure AD single sign-on with B. Simon.
-1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** to enable B. Simon to use Azure AD single sign-on.
-1. **[Create Oracle Cloud Infrastructure Console test user](#create-oracle-cloud-infrastructure-console-test-user)** to have a counterpart of B. Simon in Oracle Cloud Infrastructure Console that is linked to the Azure AD representation of user.
+    1. **[Create Oracle Cloud Infrastructure Console test user](#create-oracle-cloud-infrastructure-console-test-user)** to have a counterpart of B. Simon in Oracle Cloud Infrastructure Console that is linked to the Azure AD representation of user.
 1. **[Test SSO](#test-sso)** to verify whether the configuration works.
 
 ### Configure Azure AD SSO
@@ -135,39 +137,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
    ![Copy configuration URLs](common/copy-configuration-urls.png)
 
-### Configure Oracle Cloud Infrastructure Console
 
-1. In a different web browser window, sign in to Oracle Cloud Infrastructure Console as an Administrator.
-
-1. Click on the left side of the menu and click on **Identity** then navigate to **Federation**.
-
-   ![Configuration](./media/oracle-cloud-tutorial/config01.png)
-
-1. Save the **Service Provider metadata file** by clicking the **Download this document** link and upload it into the **Basic SAML Configuration** section of Azure portal and then click on **Add Identity Provider**.
-
-   ![Configuration](./media/oracle-cloud-tutorial/config02.png)
-
-1. On the **Add Identity Provider** pop-up, perform the following steps:
-
-   ![Configuration](./media/oracle-cloud-tutorial/config03.png)
-
-   1. In the **NAME** text box, enter your name.
-
-   1. In the **DESCRIPTION** text box, enter your description.
-
-   1. Select **MICROSOFT ACTIVE DIRECTORY FEDERATION SERVICE (ADFS) OR SAML 2.0 COMPLIANT IDENTITY PROVIDER** as **TYPE**.
-
-   1. Click **Browse** to upload the Federation Metadata XML, which you have downloaded from Azure portal.
-
-   1. Click **Continue** and on the **Edit Identity Provider** section perform the following steps:
-
-      ![Configuration](./media/oracle-cloud-tutorial/config09.png)
-
-   1. The **IDENTITY PROVIDER GROUP** should be selected as Custom Group. The GROUP ID should be the GUID of the group from Azure Active Directory. The group needs to be mapped with corresponding group in **OCI GROUP** field.
-
-   1. You can map multiple groups as per your setup in Azure portal and your organization need. Click on **+ Add mapping** to add as many groups as you need.
-
-   1. Click **Submit**.
 
 ### Create an Azure AD test user
 
@@ -199,6 +169,40 @@ In this section, you'll enable B. Simon to use Azure single sign-on by granting
 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
 1. In the **Add Assignment** dialog, click the **Assign** button.
 
+## Configure Oracle Cloud Infrastructure Console
+
+1. In a different web browser window, sign in to Oracle Cloud Infrastructure Console as an Administrator.
+
+1. Click on the left side of the menu and click on **Identity** then navigate to **Federation**.
+
+   ![Configuration](./media/oracle-cloud-tutorial/config01.png)
+
+1. Save the **Service Provider metadata file** by clicking the **Download this document** link and upload it into the **Basic SAML Configuration** section of Azure portal and then click on **Add Identity Provider**.
+
+   ![Configuration](./media/oracle-cloud-tutorial/config02.png)
+
+1. On the **Add Identity Provider** pop-up, perform the following steps:
+
+   ![Configuration](./media/oracle-cloud-tutorial/config03.png)
+
+   1. In the **NAME** text box, enter your name.
+
+   1. In the **DESCRIPTION** text box, enter your description.
+
+   1. Select **MICROSOFT ACTIVE DIRECTORY FEDERATION SERVICE (ADFS) OR SAML 2.0 COMPLIANT IDENTITY PROVIDER** as **TYPE**.
+
+   1. Click **Browse** to upload the Federation Metadata XML, which you have downloaded from Azure portal.
+
+   1. Click **Continue** and on the **Edit Identity Provider** section perform the following steps:
+
+      ![Configuration](./media/oracle-cloud-tutorial/config09.png)
+
+   1. The **IDENTITY PROVIDER GROUP** should be selected as Custom Group. The GROUP ID should be the GUID of the group from Azure Active Directory. The group needs to be mapped with corresponding group in **OCI GROUP** field.
+
+   1. You can map multiple groups as per your setup in Azure portal and your organization need. Click on **+ Add mapping** to add as many groups as you need.
+
+   1. Click **Submit**.
+   
 ### Create Oracle Cloud Infrastructure Console test user
 
  Oracle Cloud Infrastructure Console supports just-in-time provisioning, which is by default. There is no action item for you in this section. A new user does not get created during an attempt to access and also no need to create the user.
@@ -216,3 +220,5 @@ When you select the Oracle Cloud Infrastructure Console tile in the Access Panel
 - [What is application access and single sign-on with Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/active-directory-appssoaccess-whatis)
 
 - [What is Conditional Access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
+
+- [How to protect Oracle Cloud Infrastructure Console with advanced visibility and controls](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
