Skip to content

Commit a506ee6

Browse files
authored
Merge pull request #223241 from MicrosoftDocs/main
1/06 PM Publish
2 parents cba1fef + 6f5cd81 commit a506ee6

File tree

178 files changed

+2064
-1347
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

178 files changed

+2064
-1347
lines changed

articles/active-directory-b2c/partner-akamai-secure-hybrid-access.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -385,8 +385,8 @@ Once the Application is deployed in a private environment and a connector is cap
385385

386386
| Header Name | Attribute |
387387
|--------------|-----------|
388-
| ps-sso-first | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
389-
| ps-sso-last | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
388+
| ps-sso-first | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` |
389+
| ps-sso-last | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname` |
390390
| ps-sso-EmailAddress | emailaddress |
391391
| ps-sso-uid | objectId |
392392

articles/active-directory/develop/active-directory-jwt-claims-customization.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: Customize app JSON Web Token (JWT) claims
2+
title: Customize app JSON Web Token (JWT) claims (Preview)
33
description: Learn how to customize the claims issued by Microsoft identity platform in the JSON web token (JWT) token for enterprise applications.
44
services: active-directory
55
author: davidmu1
@@ -13,11 +13,11 @@ ms.author: davidmu
1313
ms.custom: aaddev
1414
---
1515

16-
# Customize claims issued in the JSON web token (JWT) for enterprise applications
16+
# Customize claims issued in the JSON web token (JWT) for enterprise applications (Preview)
1717

1818
The Microsoft identity platform supports single sign-on (SSO) with most enterprise applications, including both applications pre-integrated in the Azure AD app gallery and custom applications. When a user authenticates to an application through the Microsoft identity platform using the OIDC protocol, the Microsoft identity platform sends a token to the application. And then, the application validates and uses the token to log the user in instead of prompting for a username and password.
1919

20-
These JSON Web tokens (JWT) used by OIDC & OAuth applications contain pieces of information about the user known as *claims*. A *claim* is information that an identity provider states about a user inside the token they issue for that user.
20+
These JSON Web tokens (JWT) used by OIDC & OAuth applications (preview) contain pieces of information about the user known as *claims*. A *claim* is information that an identity provider states about a user inside the token they issue for that user.
2121

2222
In an [OIDC response](v2-protocols-oidc.md), *claims* data is typically contained in the ID Token issued by the identity provider in the form of a JWT.
2323

articles/active-directory/fundamentals/azure-active-directory-b2c-deployment-plans.md

Lines changed: 156 additions & 192 deletions
Large diffs are not rendered by default.

articles/active-directory/saas-apps/atlassian-cloud-tutorial.md

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: 'Tutorial: Azure Active Directory integration with Atlassian Cloud'
2+
title: 'Tutorial: Azure Active Directory SSO integration with Atlassian Cloud'
33
description: Learn how to configure single sign-on between Azure Active Directory and Atlassian Cloud.
44
services: active-directory
55
author: jeevansd
@@ -9,10 +9,10 @@ ms.service: active-directory
99
ms.subservice: saas-app-tutorial
1010
ms.workload: identity
1111
ms.topic: tutorial
12-
ms.date: 11/21/2022
12+
ms.date: 01/06/2023
1313
ms.author: jeedes
1414
---
15-
# Tutorial: Integrate Atlassian Cloud with Azure Active Directory
15+
# Tutorial: Azure Active Directory SSO integration with Atlassian Cloud
1616

1717
In this tutorial, you'll learn how to integrate Atlassian Cloud with Azure Active Directory (Azure AD). When you integrate Atlassian Cloud with Azure AD, you can:
1818

@@ -49,8 +49,6 @@ To configure the integration of Atlassian Cloud into Azure AD, you need to add A
4949
1. In the **Add from the gallery** section, type **Atlassian Cloud** in the search box.
5050
1. Select **Atlassian Cloud** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
5151

52-
Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, as well as walk through the SSO configuration as well. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides)
53-
5452
Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, as well as walk through the SSO configuration as well. You can learn more about O365 wizards [here](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide&preserve-view=true).
5553

5654
## Configure and test Azure AD SSO
@@ -228,15 +226,15 @@ In this section, you test your Azure AD single sign-on configuration with follow
228226

229227
#### SP initiated:
230228

231-
* Click on **Test this application** in Azure portal. This will redirect to Atlassian Cloud Sign on URL where you can initiate the login flow.
229+
* Click on **Test this application** in Azure portal. This will redirect to Atlassian Cloud Sign-on URL where you can initiate the login flow.
232230

233231
* Go to Atlassian Cloud Sign-on URL directly and initiate the login flow from there.
234232

235233
#### IDP initiated:
236234

237235
* Click on **Test this application** in Azure portal and you should be automatically signed in to the Atlassian Cloud for which you set up the SSO.
238236

239-
You can also use Microsoft My Apps to test the application in any mode. When you click the Atlassian Cloud tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Atlassian Cloud for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
237+
You can also use Microsoft My Apps to test the application in any mode. When you click the Atlassian Cloud tile in the My Apps, if configured in SP mode you would be redirected to the application sign-on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Atlassian Cloud for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
240238

241239
## Next steps
242240

articles/active-directory/saas-apps/canvas-lms-tutorial.md

Lines changed: 17 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.subservice: saas-app-tutorial
1010
ms.workload: identity
1111
ms.topic: tutorial
12-
ms.date: 11/21/2022
12+
ms.date: 01/06/2023
1313
ms.author: jeedes
1414
---
1515
# Tutorial: Azure AD SSO integration with Canvas
@@ -80,17 +80,9 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
8080
> [!NOTE]
8181
> These values are not real. Update these values with the actual Identifier and Sign on URL. Contact [Canvas Client support team](https://community.canvaslms.com/community/help) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
8282
83-
5. In the **SAML Signing Certificate** section, click **Edit** button to open **SAML Signing Certificate** dialog.
83+
1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
8484

85-
![Edit SAML Signing Certificate](common/edit-certificate.png)
86-
87-
6. In the **SAML Signing Certificate** section, copy the **THUMBPRINT** and save it on your computer.
88-
89-
![Copy Thumbprint value](common/copy-thumbprint.png)
90-
91-
7. On the **Set up Canvas** section, copy the appropriate URL(s) as per your requirement.
92-
93-
![Copy configuration URLs](common/copy-configuration-urls.png)
85+
![The Certificate download link](common/copy-metadataurl.png)
9486

9587
### Create an Azure AD test user
9688

@@ -120,33 +112,18 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
120112

121113
1. In a different web browser window, log in to your Canvas company site as an administrator.
122114

123-
2. Go to **Courses \> Managed Accounts \> Microsoft**.
124-
125-
![Canvas](./media/canvas-lms-tutorial/course.png "Canvas")
126-
127-
3. In the navigation pane on the left, select **Authentication**, and then click **Add New SAML Config**.
128-
129-
![Authentication](./media/canvas-lms-tutorial/tools.png "Authentication")
130-
131-
4. On the Current Integration page, perform the following steps:
132-
133-
![Current Integration](./media/canvas-lms-tutorial/save.png "Current Integration")
115+
2. Go to **Admin > Microsoft OneNote > Authentication**.
116+
3. Choose an authentication service as **SAML**.
134117

135-
a. In **IdP Entity ID** textbox, paste the value of **Azure Ad Identifier** which you have copied from Azure portal.
118+
![Canvas](./media/canvas-lms-tutorial/admin.png "Canvas")
136119

137-
b. In **Log On URL** textbox, paste the value of **Login URL** which you have copied from Azure portal .
120+
4. On the **Current Provider** page, perform the following steps:
138121

139-
c. In **Log Out URL** textbox, paste the value of **Logout URL** which you have copied from Azure portal.
122+
![Current Integration](./media/canvas-lms-tutorial/current-provider.png "Current Integration")
140123

141-
d. In **Change Password Link** textbox, paste the value of **Change Password URL** which you have copied from Azure portal.
124+
a. In **IdP Metadata URI** textbox, paste the value of **App Federation Metadata URL** value, which you have copied from Azure portal.
142125

143-
e. In **Certificate Fingerprint** textbox, paste the **Thumbprint** value of certificate which you have copied from Azure portal.
144-
145-
f. From the **Login Attribute** list, select **NameID**.
146-
147-
g. From the **Identifier Format** list, select **emailAddress**.
148-
149-
h. Click **Save Authentication Settings**.
126+
b. Click **Save**.
150127

151128
### Create Canvas test user
152129

@@ -156,31 +133,19 @@ To enable Azure AD users to log in to Canvas, they must be provisioned into Canv
156133

157134
1. Log in to your **Canvas** tenant.
158135

159-
2. Go to **Courses \> Managed Accounts \> Microsoft**.
160-
161-
![Canvas](./media/canvas-lms-tutorial/course.png "Canvas")
162-
163-
3. Click **Users**.
136+
2. Go to **Admin > Microsoft OneNote > People**.
164137

165-
![Screenshot shows Canvas menu with Users selected.](./media/canvas-lms-tutorial/user.png "Users")
138+
3. Click **+People**.
166139

167-
4. Click **Add New User**.
140+
4. On the Add a New User dialog page, perform the following steps:
168141

169-
![Screenshot shows the Add a new User button.](./media/canvas-lms-tutorial/add-user.png "Users")
170-
171-
5. On the Add a New User dialog page, perform the following steps:
172-
173-
![Add User](./media/canvas-lms-tutorial/name.png "Add User")
142+
![Add User](./media/canvas-lms-tutorial/new-user.png "Add User")
174143

175144
a. In the **Full Name** textbox, enter the name of user like **BrittaSimon**.
176145

177146
b. In the **Email** textbox, enter the email of user like **brittasimon\@contoso.com**.
178147

179-
c. In the **Login** textbox, enter the user’s Azure AD email address like **brittasimon\@contoso.com**.
180-
181-
d. Select **Email the user about this account creation**.
182-
183-
e. Click **Add User**.
148+
c. Click **Add User**.
184149

185150
> [!NOTE]
186151
> You can use any other Canvas user account creation tools or APIs provided by Canvas to provision Azure AD user accounts.
@@ -189,9 +154,9 @@ To enable Azure AD users to log in to Canvas, they must be provisioned into Canv
189154

190155
In this section, you test your Azure AD single sign-on configuration with following options.
191156

192-
* Click on **Test this application** in Azure portal. This will redirect to Canvas Sign-on URL where you can initiate the login flow.
157+
* Click on **Test this application** in Azure portal. This will redirect to Canvas Sign on URL where you can initiate the login flow.
193158

194-
* Go to Canvas Sign-on URL directly and initiate the login flow from there.
159+
* Go to Canvas Sign on URL directly and initiate the login flow from there.
195160

196161
* You can use Microsoft My Apps. When you click the Canvas tile in the My Apps, you should be automatically signed in to the Canvas for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
197162

articles/active-directory/saas-apps/cch-tagetik-tutorial.md

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with CCH Tagetik | Microsoft Docs'
2+
title: 'Tutorial: Azure Active Directory SSO integration with CCH Tagetik'
33
description: Learn how to configure single sign-on between Azure Active Directory and CCH Tagetik.
44
services: active-directory
55
author: jeevansd
@@ -9,11 +9,11 @@ ms.service: active-directory
99
ms.subservice: saas-app-tutorial
1010
ms.workload: identity
1111
ms.topic: tutorial
12-
ms.date: 11/21/2022
12+
ms.date: 01/06/2023
1313
ms.author: jeedes
1414
---
1515

16-
# Tutorial: Azure Active Directory single sign-on (SSO) integration with CCH Tagetik
16+
# Tutorial: Azure Active Directory SSO integration with CCH Tagetik
1717

1818
In this tutorial, you'll learn how to integrate CCH Tagetik with Azure Active Directory (Azure AD). When you integrate CCH Tagetik with Azure AD, you can:
1919

@@ -69,31 +69,31 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
6969
1. On the **Select a single sign-on method** page, select **SAML**.
7070
1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
7171

72-
![Edit Basic SAML Configuration](common/edit-urls.png)
72+
![Screenshot shows how to edit Basic SAML Configuration.](common/edit-urls.png "Basic Configuration")
7373

74-
1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode,perform the following steps:
74+
1. On the **Basic SAML Configuration** section, perform the following steps:
7575

7676
a. In the **Identifier** text box, type a URL using the following pattern:
7777
`https://<CUSTOMER_NAME>.saastagetik.com/prod/5/`
7878

7979
b. In the **Reply URL** text box, type a URL using the following pattern:
8080
`https://<CUSTOMER_NAME>.saastagetik.com/prod/5/`
8181

82-
1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
82+
1. Perform the following step if you wish to configure the application in **SP** initiated mode:
8383

8484
In the **Sign-on URL** text box, type a URL using the following pattern:
85-
`https://<CUSTOMER_NAME>.saastagetik.com/prod/5/`
85+
`https://<CUSTOMER_NAME>.saastagetik.com/prod/`
8686

8787
> [!NOTE]
8888
> These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [CCH Tagetik Client support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
8989

9090
1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
9191

92-
![The Certificate download link](common/metadataxml.png)
92+
![Screenshot shows the Certificate download link.](common/metadataxml.png "Certificate")
9393

9494
1. On the **Set up CCH Tagetik** section, copy the appropriate URL(s) based on your requirement.
9595

96-
![Copy configuration URLs](common/copy-configuration-urls.png)
96+
![Screenshot shows to copy configuration appropriate URL.](common/copy-configuration-urls.png "Metadata")
9797

9898
### Create an Azure AD test user
9999

@@ -133,15 +133,15 @@ In this section, you test your Azure AD single sign-on configuration with follow
133133

134134
#### SP initiated:
135135

136-
* Click on **Test this application** in Azure portal. This will redirect to CCH Tagetik Sign on URL where you can initiate the login flow.
136+
* Click on **Test this application** in Azure portal. This will redirect to CCH Tagetik Sign-on URL where you can initiate the login flow.
137137

138138
* Go to CCH Tagetik Sign-on URL directly and initiate the login flow from there.
139139

140140
#### IDP initiated:
141141

142142
* Click on **Test this application** in Azure portal and you should be automatically signed in to the CCH Tagetik for which you set up the SSO.
143143

144-
You can also use Microsoft My Apps to test the application in any mode. When you click the CCH Tagetik tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the CCH Tagetik for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
144+
You can also use Microsoft My Apps to test the application in any mode. When you click the CCH Tagetik tile in the My Apps, if configured in SP mode you would be redirected to the application sign-on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the CCH Tagetik for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
145145

146146
## Next steps
147147

0 commit comments

Comments
 (0)