Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into nat-rename

Author: asudbring

articles/active-directory/saas-apps/hornbill-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/21/2022
+ms.date: 04/19/2023
 ms.author: jeedes
 ---
 # Tutorial: Azure AD SSO integration with Hornbill
@@ -116,37 +116,33 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 1. In a different web browser window, log in to Hornbill as a Security Administrator.
 
-2. On the Home page, click **System**.
+2. On the Home page, click the **Configuration** settings icon at the bottom left of the page.
 
-	![Screenshot shows the Hornbill system.](./media/hornbill-tutorial/system.png   "Hornbill system")
+	![Screenshot shows the Hornbill system.](./media/hornbill-tutorial/settings.png   "Hornbill system")
 
-3. Navigate to **Security**.
+3. Navigate to **Platform Configuration**.
 
-	![Screenshot shows the Hornbill security.](./media/hornbill-tutorial/security.png "Hornbill security")
+	![Screenshot shows the Hornbill platform configuration.](./media/hornbill-tutorial/platform-configuration.png "Hornbill security")
 
-4. Click **SSO Profiles**.
+4. Click **SSO Profiles** under Security.
 
-	![Screenshot shows the Hornbill single.](./media/hornbill-tutorial/profile.png "Hornbill single")
+	![Screenshot shows the Hornbill single.](./media/hornbill-tutorial/profiles.png "Hornbill single")
 
-5. On the right side of the page, click on **Add logo**.
+5. On the right side of the page, click on **+ Create New Profile**.
 
-	![Screenshot shows to add the logo.](./media/hornbill-tutorial/add-logo.png "Hornbill add")
+	![Screenshot shows to add the logo.](./media/hornbill-tutorial/create-new-profile.png "Hornbill create")
 
-6. On the **Profile Details** bar, click on **Import SAML Meta logo**.
+6. On the **Profile Details** bar, click on the **Import IDP Meta Data** button.
 
-	![Screenshot shows Hornbill Meta logo.](./media/hornbill-tutorial/logo.png "Hornbill logo")
+	![Screenshot shows Hornbill Meta logo.](./media/hornbill-tutorial/import-metadata.png "Hornbill logo")
 
-7. On the Pop-up page in the **URL** text box, paste the **App Federation Metadata Url**, which you have copied from Azure portal and click **Process**.
+7. On the pop-up, in the **URL** text box, paste the **App Federation Metadata Url**, which you have copied from Azure portal and click **Process**.
 
-	![Screenshot shows Hornbill process.](./media/hornbill-tutorial/process.png "Hornbill process")
+	![Screenshot shows Hornbill process.](./media/hornbill-tutorial/metadata-url.png "Hornbill process")
 
 8. After clicking process the values get auto populated automatically under **Profile Details** section.
 
-	![Screenshot shows Hornbill profile](./media/hornbill-tutorial/page.png "Hornbill profile")
-
-	![Screenshot shows Hornbill details.](./media/hornbill-tutorial/services.png "Hornbill details")
-
-	![Screenshot shows Hornbill certificate.](./media/hornbill-tutorial/details.png "Hornbill certificate")
+	![Screenshot shows Hornbill profile](./media/hornbill-tutorial/profile-details.png "Hornbill profile")
 
 9. Click **Save Changes**.
 
@@ -155,7 +151,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 In this section, a user called Britta Simon is created in Hornbill. Hornbill supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Hornbill, a new one is created after authentication.
 
 > [!Note]
-> If you need to create a user manually, contact [Hornbill Client support team](https://www.hornbill.com/support/?request/).
+> If you need to create a user manually, contact [Hornbill Client support team](https://www.hornbill.com/support/?request/).
 
 ## Test SSO
 

articles/active-directory/saas-apps/media/hornbill-tutorial/create-new-profile.png

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/21/2022
+ms.date: 04/18/2023
 ms.author: jeedes
 ---
 
@@ -73,7 +73,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 1. On the **Select a Single sign-on method** page, select **SAML**.
 1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
-   ![Edit Basic SAML Configuration](common/edit-urls.png)
+   ![Screenshot showing Edit Basic SAML Configuration.](common/edit-urls.png)
 
 1. On the **Basic SAML Configuration** page, enter the values for the following fields:
 
@@ -90,7 +90,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 	> These values are not the real. Update these values with the actual Sign-on URL, Reply URL and Logout URL. Your reply URL must have a subdomain for example: www, wd2, wd3, wd3-impl, wd5, wd5-impl).
     > Using something like `http://www.myworkday.com` works but `http://myworkday.com` does not. Contact [Workday Client support team](https://www.workday.com/en-us/partners-services/services/support.html) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
-1. Your Workday application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes, where as **nameidentifier** is mapped with **user.userprincipalname**. Workday application expects **nameidentifier** to be mapped with **user.mail**, **UPN**, etc., so you need to edit the attribute mapping by clicking on **Edit** icon and change the attribute mapping.
+1. Your Workday application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes, whereas **nameidentifier** is mapped with **user.userprincipalname**. Workday application expects **nameidentifier** to be mapped with **user.mail**, **UPN**, etc., so you need to edit the attribute mapping by clicking on **Edit** icon and change the attribute mapping.
 
 	![Screenshot shows User Attributes with the Edit icon selected.](common/edit-attribute.png)
 
@@ -99,21 +99,21 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
 
-   ![The Certificate download link](common/metadataxml.png)
+   ![Screenshot showing The Certificate download link.](common/metadataxml.png)
 
 1. To modify the **Signing** options as per your requirement, click **Edit** button to open **SAML Signing Certificate** dialog.
 
-	![Certificate](common/edit-certificate.png) 
-
-	![SAML Signing Certificate](./media/workday-tutorial/signing-option.png)
+	![Screenshot showing Certificate.](common/edit-certificate.png) 
 
 	a. Select **Sign SAML response and assertion** for **Signing Option**.
 
+    ![Screenshot showing SAML Signing Certificate.](./media/workday-tutorial/signing-option.png)
+
 	b. Click **Save**
 
 1. On the **Set up Workday** section, copy the appropriate URL(s) based on your requirement.
 
-   ![Copy configuration URLs](common/copy-configuration-urls.png)
+   ![Screenshot showing Copy configuration URLs.](common/copy-configuration-urls.png)
 
 ### Create an Azure AD test user
 
@@ -136,7 +136,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 1. In the app's overview page, find the **Manage** section and select **Users and groups**.
 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been setup for this app, you see "Default Access" role selected.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
 1. In the **Add Assignment** dialog, click the **Assign** button.
 
 ## Configure Workday
@@ -145,28 +145,28 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 1. In the **Search box**, search with the name **Edit Tenant Setup – Security** on the top left side of the home page.
 
-    ![Edit Tenant Security](./media/workday-tutorial/search-box.png "Edit Tenant Security")
+    ![Screenshot showing Edit Tenant Security.](./media/workday-tutorial/search-box.png "Edit Tenant Security")
 
 
 1. In the **SAML Setup** section, click on **Import Identity Provider**.
 
-    ![SAML Setup](./media/workday-tutorial/saml-setup.png "SAML Setup")
+    ![Screenshot showing SAML Setup.](./media/workday-tutorial/saml-setup.png "SAML Setup")
 
 1. In **Import Identity Provider** section, perform the below steps:
 
-    ![Importing Identity Provider](./media/workday-tutorial/import-identity-provider.png)
+    ![Screenshot showing Importing Identity Provider.](./media/workday-tutorial/import-identity-provider.png)
 
     a. Give the **Identity Provider Name** like `AzureAD` in the textbox.
 
     b. In **Used for Environments** textbox, select the appropriate environment names from the dropdown.
 
     c. Click on **Select files** to upload the downloaded **Federation Metadata XML** file.
 
-    d. Click on **OK** and then **Done**.
+    d. Click on **OK**.
 
-1. After clicking **Done**, a new row will be added in the **SAML Identity Providers** and then you can add the below steps for the newly created row.
+1. After clicking **OK**, a new row will be added in the **SAML Identity Providers** and then you can add the below steps for the newly created row.
 
-    ![SAML Identity Providers.](./media/workday-tutorial/saml-identity-providers.png "SAML Identity Providers")
+    ![Screenshot showing SAML Identity Providers.](./media/workday-tutorial/saml-identity-providers.png "SAML Identity Providers")
 
     a. Click on **Enable IDP Initiated Logout** checkbox.
 
@@ -180,21 +180,11 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
     f. In the **Service Provider ID** textbox, type **http://www.workday.com**.
 
-    g Select **Do Not Deflate SP-initiated Authentication Request**.
-
-1. Perform the following steps in the below image.
-
-    ![Workday](./media/workday-tutorial/service-provider.png "SAML Identity Providers")
-
-    a. In the **Service Provider ID (Will be Deprecated)** textbox, type **http://www.workday.com**.
-
-    b. In the **IDP SSO Service URL (Will be Deprecated)** textbox, type **Login URL** value.
-
-    c. Select **Do Not Deflate SP-initiated Authentication Request (Will be Deprecated)**.
+    g. Select **Do Not Deflate SP-initiated Authentication Request**.
 
-    d. For **Authentication Request Signature Method**, select **SHA256**.
+    h. Click **Ok**.
 
-    e. Click **OK**.
+    i. If the task was completed successfully, click **Done**.
 
     > [!NOTE]
     > Please ensure you set up single sign-on correctly. In case you enable single sign-on with incorrect setup, you may not be able to enter the application with your credentials and get locked out. In this situation, Workday provides a backup log-in URL where users can sign-in using their normal username and password in the following format:[Your Workday URL]/login.flex?redirect=n
@@ -207,13 +197,13 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 1. In the **Directory** page, select **Find Workers** in view tab.
 
-    ![Find workers](./media/workday-tutorial/user-directory.png)
+    ![Screenshot showing Find workers.](./media/workday-tutorial/user-directory.png)
 
 1.  In the **Find Workers** page, select the user from the results.
 
 1. In the following page,select **Job > Worker Security** and the **Workday account** has to match with the Azure active directory as the **Name ID** value.
 
-    ![Worker Security](./media/workday-tutorial/worker-security.png)
+    ![Screenshot showing Worker Security.](./media/workday-tutorial/worker-security.png)
 
 > [!NOTE]
 > For more information on how to create a workday test user, please contact [Workday Client support team](https://www.workday.com/en-us/partners-services/services/support.html).

articles/active-directory/saas-apps/media/hornbill-tutorial/import-metadata.png

@@ -152,8 +152,8 @@ The following sections describe the syslog output syntax for each format.
 
 | Name | Description |
 |--|--|
-| Date and Time | Date and time that the syslog server machine received the information. |
 | Priority | User.Alert |
+| Date and Time | Date and time that the syslog server machine received the information. |
 | Hostname | Sensor IP |
 | Message | Sensor name: The name of the appliance. <br /> Alert time: The time that the alert was detected: Can vary from the time of the syslog server machine, and depends on the time-zone configuration of the forwarding rule. <br /> Alert title: The title of the alert. <br /> Alert message: The message of the alert. <br /> Alert severity: The severity of the alert: **Warning**, **Minor**, **Major**, or **Critical**. <br /> Alert type: **Protocol Violation**, **Policy Violation**, **Malware**, **Anomaly**, or **Operational**. <br /> Protocol: The protocol of the alert.  <br /> **Source_MAC**: IP address, name, vendor, or OS of the source device. <br /> Destination_MAC: IP address, name, vendor, or OS of the destination. If data is missing, the value will be **N/A**. <br /> alert_group: The alert group associated with the alert. |
 
@@ -170,8 +170,8 @@ The following sections describe the syslog output syntax for each format.
 
 | Name | Description |
 |--|--|
-| Date and time | Date and time that the sensor sent the information, in UTC format |
 | Priority | User.Alert |
+| Date and time | Date and time that the sensor sent the information, in UTC format |
 | Hostname | Sensor IP |
 | Message | Sensor name: The name of the Microsoft Defender for IoT appliance. <br />LEEF:1.0 <br />Microsoft Defender for IoT <br />Sensor  <br />Sensor version <br />Microsoft Defender for IoT Alert <br />title: The title of the alert. <br />msg: The message of the alert. <br />protocol: The protocol of the alert.<br />severity: **Warning**, **Minor**, **Major**, or **Critical**. <br />type: The type of the alert: **Protocol Violation**, **Policy Violation**, **Malware**, **Anomaly**, or **Operational**. <br />start: The time of the alert. It may be different from the time of the syslog server machine, and depends on the time-zone configuration. <br />src_ip: IP address of the source device.<br />dst_ip: IP address of the destination device. <br />cat: The alert group associated with the alert. |