Merge pull request #222994 from v-hgampala/veracode

Product Backlog Item 2272955: SaaS App Tutorial: Veracode Update

Author: 19BMG00

articles/active-directory/saas-apps/media/veracode-tutorial/just-in-time.png

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/21/2022
+ms.date: 01/05/2023
 ms.author: jeedes
 ---
 
@@ -72,11 +72,11 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section,  find **Certificate (Base64)**. Select **Download** to download the certificate and save it on your computer.
 
-	![Screenshot of SAML Signing Certificate section, with Download link highlighted](common/certificatebase64.png)
+	![Screenshot of SAML Signing Certificate section, with Download link highlighted.](common/certificatebase64.png)
 
 1. Veracode expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
 
-	![Screenshot of User Attributes & Claims section](common/default-attributes.png)
+	![Screenshot of User Attributes & Claims section.](common/default-attributes.png)
 
 1. Veracode also expects a few more attributes to be passed back in the SAML response. These attributes are also pre-populated, but you can review them per your requirements.
 
@@ -88,7 +88,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. On the **Set up Veracode** section, copy the appropriate URL(s) based on your requirement.
 
-	![Screenshot of Set up Veracode section, with configuration URLs highlighted](common/copy-configuration-urls.png)
+	![Screenshot of Set up Veracode section, with configuration URLs highlighted.](common/copy-configuration-urls.png)
 
 ### Create an Azure AD test user
 
@@ -116,43 +116,52 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure Veracode SSO
 
-1. In a different web browser window, sign in to your Veracode company site as an administrator.
+Notes:
+
+* These instructions assume you are using the new [Single Sign On/Just-in-Time Provisioning feature from Veracode](https://docs.veracode.com/r/Signing_On). To activate this feature if it is not already active, please contact Veracode Support.  
+* These instructions are valid for all [Veracode regions](https://docs.veracode.com/r/Region_Domains_for_Veracode_APIs).
+
+1. In a different web browser window, sign in to your Veracode company site as an administrator. 
 
 1. From the menu on the top, select **Settings** > **Admin**.
 
-    ![Screenshot of Veracode Administration, with Settings icon and Admin highlighted](./media/veracode-tutorial/admin.png "Administration")
+    ![Screenshot of Veracode Administration, with Settings icon and Admin highlighted.](./media/veracode-tutorial/admin.png "Administration")
 
 1. Select the **SAML** tab.
 
-1. In the **Organization SAML Settings** section, perform the following steps:
+1. In the **SAML Certificate** section, perform the following steps:
 
-    ![Screenshot of Organization SAML Settings section](./media/veracode-tutorial/saml.png "Administration")
+    ![Screenshot of Organization SAML Settings section.](./media/veracode-tutorial/saml.png "Administration")
 
     a.  For **Issuer**, paste the value of the **Azure AD Identifier** that you've copied from the Azure portal.
 
     b. For **Assertion Signing Certificate**, select **Choose File** to upload your downloaded certificate from the Azure portal.
 
-    c. For **Self Registration**, select **Enable Self Registration**.
+    c. Note the values of the three URLs (**SAML Assertion URL**, **SAML Audience URL**, **Relay state URL**). 
+
+    d. Click **Save**.
+    
+1. Take the values of the **SAML Assertion URL**, **SAML Audience URL** and **Relay state URL** and update them in the Azure Active Directory settings for the Veracode integration.
+
+1. Select the **JIT Provisioning** tab.
+
+    ![Screenshot of JIT Provisioning tab, with various options highlighted.](./media/veracode-tutorial/just-in-time.png "JIT Provisioning")
 
-1. In the **Self Registration Settings** section, perform the following steps, and then select **Save**:
+1. In the **Organization Settings** section, toggle the **Configure Default Settings for Just-in-Time user provisioning** setting to **On**. 
 
-    ![Screenshot of Self Registration Settings section, with various options highlighted](./media/veracode-tutorial/save.png "Administration")
+1. In the **Basic Settings** section, for **User Data Updates**, select **Prefer Veracode User Data**.
 
-    a. For **New User Activation**, select **No Activation Required**.
+1. In the **Access Settings** section, under **User Roles**, select from the following For more information about Veracode user roles, see the [Veracode Documentation](https://docs.veracode.com/r/c_role_permissions):
 
-    b. For **User Data Updates**, select **Preference Veracode User Data**.
+    ![Screenshot of JIT Provisioning User Roles, with various options highlighted.](./media/veracode-tutorial/user-roles.png "JIT Provisioning")
 
-    c. For **SAML Attribute Details**, select the following:
-      * **User Roles**
       * **Policy Administrator**
       * **Reviewer**
       * **Security Lead**
       * **Executive**
       * **Submitter**
       * **Creator**
       * **All Scan Types**
-      * **Team Memberships**
-      * **Default Team**
 
 ### Create Veracode test user