Merge pull request #211450 from MicrosoftDocs/main

9/15 OOB Publish

Author: huypub

.openpublishing.redirection.json

@@ -29353,6 +29353,11 @@
             "source_path_from_root": "/articles/virtual-machines/linux/copy-files-to-linux-vm-using-scp.md",
             "redirect_url": "/azure/virtual-machines/copy-files-to-vm-using-scp",
             "redirect_document_id": false
-        }
+        },
+        {
+            "source_path_from_root": "/articles/virtual-machines/workloads/sap/ha-setup-with-stonith.md",
+            "redirect_url": "/azure/virtual-machines/workloads/sap/ha-setup-with-fencing-device",
+            "redirect_document_id": false
+        },
     ]
-}
+}

articles/active-directory/app-provisioning/media/scim-validator-tutorial/postman-collection.png

@@ -0,0 +1,129 @@
+---
+title: Tutorial - Test your SCIM endpoint for compatibility with the Azure Active Directory (Azure AD) provisioning service.
+description: This tutorial describes how to use the Azure AD SCIM Validator to validate that your provisioning server is compatible with the Azure SCIM client.
+author: kenwith
+ms.author: kenwith
+manager: amycolannino
+ms.service: active-directory
+ms.subservice: app-provisioning
+ms.workload: identity
+ms.topic: tutorial
+ms.date: 09/13/2022
+ms.custom: template-tutorial
+ms.reviewer: arvinh
+---
+
+
+# Tutorial: Validate a SCIM endpoint
+
+This tutorial describes how to use the Azure AD SCIM Validator to validate that your provisioning server is compatible with the Azure SCIM client. The tutorial is intended for developers who want to build a SCIM compatible server to manage their identities with the Azure AD provisioning service.
+
+In this tutorial, you learn how to:
+
+> [!div class="checklist"]
+> * Select a testing method
+> * Configure the testing method
+> * Validate your SCIM endpoint
+
+## Prerequisites
+
+- An Azure Active Directory account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- A SCIM endpoint that conforms to the SCIM 2.0 standard and meets the provision service requirements. To learn more, see [Tutorial: Develop and plan provisioning for a SCIM endpoint in Azure Active Directory](use-scim-to-provision-users-and-groups.md).
+
+
+## Select a testing method
+The first step is to select a testing method to validate your SCIM endpoint.
+
+1. Open your web browser and navigate to the SCIM Validator: [https://scimvalidator.microsoft.com/](https://scimvalidator.microsoft.com/).
+1. Select one of the three test options. You can use default attributes, automatically discover the schema, or upload a schema.
+
+    :::image type="content" source="./media/scim-validator-tutorial/scim-validator.png" alt-text="Screenshot of SCIM Validator main page." lightbox="./media/scim-validator-tutorial/scim-validator.png":::
+
+**Use default attributes** - The system provides the default attributes, and you modify them to meet your need.
+
+**Discover schema** - If your end point supports /Schema, this option will allow the tool to discover the supported attributes. We recommend this option as it reduces the overhead of updating your app as you build it out.
+
+**Upload Azure AD Schema** - Upload the schema you've downloaded from your sample app on Azure AD.
+
+
+## Configure the testing method
+Now that you've selected a testing method, the next step is to configure it.
+
+:::image type="content" source="./media/scim-validator-tutorial/scim-validator-attributes.png" alt-text="Screenshot of SCIM Validator attributes page." lightbox="./media/scim-validator-tutorial/scim-validator-attributes.png":::
+
+1. If you're using the default attributes option, then fill in all of the indicated fields.
+2. If you're using the discover schema option, then enter the SCIM endpoint URL and token.
+3. If you're uploading a schema, then select your .json file to upload. The option accepts a .json file exported from your sample app on the Azure portal. To learn how to export a schema, see [How-to: Export provisioning configuration and roll back to a known good state](export-import-provisioning-configuration.md#export-your-provisioning-configuration). 
+> [!NOTE]
+> To test *group attributes*, make sure to select **Enable Group Tests**.
+
+4. Edit the list attributes as desired for both the user and group types using the ‘Add Attribute’ option at the end of the attribute list and minus (-) sign on the right side of the page. 
+5. Select the joining property from both the user and group attributes list. 
+> [!NOTE]
+> The joining property, also known as matching attribute, is an attribute that user and group resources can be uniquely queried on at the source and matched in the target system.
+
+
+## Validate your SCIM endpoint
+Finally, you need to test and validate your endpoint.
+
+1. Select **Test Schema** to begin the test.
+1. Review the results with a summary of passed and failed tests.
+1. Select the **show details** tab and review and fix issues.
+1. Continue to test your schema until all tests pass.
+
+    :::image type="content" source="./media/scim-validator-tutorial/scim-validator-results.png" alt-text="Screenshot of SCIM Validator results page." lightbox="./media/scim-validator-tutorial/scim-validator-results.png":::
+
+### Use Postman to test endpoints (optional)
+
+In addition to using the SCIM Validator tool, you can also use Postman to validate an endpoint. This example provides a set of tests in Postman that validate CRUD (create, read, update, and delete) operations on users and groups, filtering, updates to group membership, and disabling users.
+
+The endpoints are in the `{host}/scim/` directory, and you can use standard HTTP requests to interact with them. To modify the `/scim/` route, see *ControllerConstant.cs* in **AzureADProvisioningSCIMreference** > **ScimReferenceApi** > **Controllers**.
+
+> [!NOTE]
+> You can only use HTTP endpoints for local tests. The Azure AD provisioning service requires that your endpoint support HTTPS.
+
+1. Download [Postman](https://www.getpostman.com/downloads/) and start the application.
+1. Copy and paste this link into Postman to import the test collection: `https://aka.ms/ProvisioningPostman`.
+
+    ![Screenshot that shows importing the test collection in Postman.](media/scim-validator-tutorial/postman-collection.png)
+
+1. Create a test environment that has these variables:
+
+   |Environment|Variable|Value|
+   |-|-|-|
+   |Run the project locally by using IIS Express|||
+   ||**Server**|`localhost`|
+   ||**Port**|`:44359` *(don't forget the **`:`**)*|
+   ||**Api**|`scim`|
+   |Run the project locally by using Kestrel|||
+   ||**Server**|`localhost`|
+   ||**Port**|`:5001` *(don't forget the **`:`**)*|
+   ||**Api**|`scim`|
+   |Host the endpoint in Azure|||
+   ||**Server**|*(input your SCIM URL)*|
+   ||**Port**|*(leave blank)*|
+   ||**Api**|`scim`|
+
+1. Use **Get Key** from the Postman collection to send a **GET** request to the token endpoint and retrieve a security token to be stored in the **token** variable for subsequent requests.
+
+   ![Screenshot that shows the Postman Get Key folder.](media/scim-validator-tutorial/postman-get-key.png)
+
+   > [!NOTE]
+   > To make a SCIM endpoint secure, you need a security token before you connect. The tutorial uses the `{host}/scim/token` endpoint to generate a self-signed token.
+
+That's it! You can now run the **Postman** collection to test the SCIM endpoint functionality.
+
+## Clean up resources
+
+If you created any Azure resources in your testing that are no longer needed, don't forget to delete them.
+
+## Known Issues with Azure AD SCIM Validator
+
+- Soft deletes (disables) aren’t yet supported.
+- The time zone format is randomly generated and will fail for systems that try to validate it.
+- The preferred language format is randomly generated and will fail for systems that try to validate it.
+- The patch user remove attributes may attempt to remove mandatory/required attributes for certain systems. Such failures should be ignored.
+
+
+## Next steps
+- [Learn how to add an app that is not in the Azure AD app gallery](../manage-apps/overview-application-gallery.md)

articles/active-directory/app-provisioning/media/scim-validator-tutorial/postman-get-key.png

@@ -19,6 +19,8 @@ items:
         href: use-scim-to-provision-users-and-groups.md
       - name: Develop a sample SCIM endpoint
         href: use-scim-to-build-users-and-groups-endpoints.md
+      - name: Validate a SCIM endpoint
+        href: scim-validator-tutorial.md
     - name: On-prem app provisioning tutorials
       items:
       - name: Provisioning to On-premises SCIM-enabled apps

articles/active-directory/app-provisioning/media/scim-validator-tutorial/scim-validator-attributes.png

@@ -132,50 +132,10 @@ The default token validation code is configured to use an Azure AD token and req
 }
 ```
 
-### Use Postman to test endpoints
-
-After you deploy the SCIM endpoint, you can test to ensure that it's compliant with SCIM RFC. This example provides a set of tests in Postman that validate CRUD (create, read, update, and delete) operations on users and groups, filtering, updates to group membership, and disabling users.
-
-The endpoints are in the `{host}/scim/` directory, and you can use standard HTTP requests to interact with them. To modify the `/scim/` route, see *ControllerConstant.cs* in **AzureADProvisioningSCIMreference** > **ScimReferenceApi** > **Controllers**.
-
-> [!NOTE]
-> You can only use HTTP endpoints for local tests. The Azure AD provisioning service requires that your endpoint support HTTPS.
-
-1. Download [Postman](https://www.getpostman.com/downloads/) and start the application.
-1. Copy and paste this link into Postman to import the test collection: `https://aka.ms/ProvisioningPostman`.
-
-    ![Screenshot that shows importing the test collection in Postman.](media/use-scim-to-build-users-and-groups-endpoints/postman-collection.png)
-
-1. Create a test environment that has these variables:
-
-   |Environment|Variable|Value|
-   |-|-|-|
-   |Run the project locally by using IIS Express|||
-   ||**Server**|`localhost`|
-   ||**Port**|`:44359` *(don't forget the **`:`**)*|
-   ||**Api**|`scim`|
-   |Run the project locally by using Kestrel|||
-   ||**Server**|`localhost`|
-   ||**Port**|`:5001` *(don't forget the **`:`**)*|
-   ||**Api**|`scim`|
-   |Host the endpoint in Azure|||
-   ||**Server**|*(input your SCIM URL)*|
-   ||**Port**|*(leave blank)*|
-   ||**Api**|`scim`|
-
-1. Use **Get Key** from the Postman collection to send a **GET** request to the token endpoint and retrieve a security token to be stored in the **token** variable for subsequent requests.
-
-   ![Screenshot that shows the Postman Get Key folder.](media/use-scim-to-build-users-and-groups-endpoints/postman-get-key.png)
-
-   > [!NOTE]
-   > To make a SCIM endpoint secure, you need a security token before you connect. The tutorial uses the `{host}/scim/token` endpoint to generate a self-signed token.
-
-That's it! You can now run the **Postman** collection to test the SCIM endpoint functionality.
-
 ## Next steps
 
 To develop a SCIM-compliant user and group endpoint with interoperability for a client, see [SCIM client implementation](http://www.simplecloud.info/#Implementations2).
 
-> [!div class="nextstepaction"]
-> [Tutorial: Develop and plan provisioning for a SCIM endpoint](use-scim-to-provision-users-and-groups.md)
-> [Tutorial: Configure provisioning for a gallery app](configure-automatic-user-provisioning-portal.md)
+- [Tutorial: Validate a SCIM endpoint](scim-validator-tutorial.md)
+- [Tutorial: Develop and plan provisioning for a SCIM endpoint](use-scim-to-provision-users-and-groups.md)
+- [Tutorial: Configure provisioning for a gallery app](configure-automatic-user-provisioning-portal.md)

articles/active-directory/app-provisioning/media/scim-validator-tutorial/scim-validator-results.png

@@ -38,7 +38,7 @@ In this tutorial you learn how to:
 
 To complete this tutorial, you need the following resources and privileges:
 
-* A working Azure AD tenant with at least an Azure AD Premium P1 or trial license enabled.
+* A working Azure AD tenant with Azure AD Premium P1 or trial licenses enabled.
     * If you need to, [create one for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 
 * An account with *Conditional Access Administrator*, *Security Administrator*, or *Global Administrator* privileges. Some MFA settings can also be managed by an *Authentication Policy Administrator*. For more information, see [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).