MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/custom-policy-get-started.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/custom-policy-get-started.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md
Lines changed: 4 additions & 0 deletions b/‎articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎articles/active-directory/develop/active-directory-v2-protocols.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/develop/active-directory-v2-protocols.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/develop/single-sign-on-saml-protocol.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/develop/single-sign-on-saml-protocol.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/saas-apps/bizagi-studio-for-digital-process-automation-tutorial.md
Lines changed: 44 additions & 35 deletions b/‎articles/active-directory/saas-apps/bizagi-studio-for-digital-process-automation-tutorial.md
Lines changed: 44 additions & 35 deletions
diff --git a/‎articles/app-service/webjobs-sdk-get-started.md
Lines changed: 1 addition & 2 deletions b/‎articles/app-service/webjobs-sdk-get-started.md
Lines changed: 1 addition & 2 deletions
@@ -134,7 +134,7 @@ Next, specify that the application should be treated as a public client:
 
 1. Under **Manage**, select **Authentication**.
 1. Select **Try out the new experience** (if shown).
-1. Under **Advanced settings**, enable **Treat application as a public client** (select **Yes**).
+1. Under **Advanced settings**, enable **Treat application as a public client** (select **Yes**). Ensure that **"allowPublicClient": true** is set in the application manifest. 
 1. Select **Save**.
 
 Now, grant permissions to the API scope you exposed earlier in the *IdentityExperienceFramework* registration:
 
@@ -115,6 +115,10 @@ In addition to the Microsoft apps, administrators can add any Azure AD registere
 - [Custom applications not in the gallery](../manage-apps/add-non-gallery-app.md)
 - [Legacy applications published through app delivery controllers and networks](../manage-apps/secure-hybrid-access.md)
 
+> [!NOTE]
+> Since Conditional access policy sets the requirements for accessing a service you are not able to apply it to a client (public/native) application. Other words the policy is not set directly on a client (public/native) application, but is applied when a client calls a service. For example, a policy set on SharePoint service applies to the clients calling SharePoint. A policy set on Exchange applies to the attempt to access the email using Outlook client. That is why client (public/native) applications are not available for selection in the Cloud Apps picker and Conditional Access option is not available in the application settings for the client (public/native) application registered in your tenant. 
+
+
 ## User actions
 
 User actions are tasks that can be performed by a user. The only currently supported action is **Register security information**, which allows Conditional Access policy to enforce when users who are enabled for combined registration attempt to register their security information. More information can be found in the article, [Combined security information registration](../authentication/concept-registration-mfa-sspr-combined.md).
 
@@ -18,7 +18,7 @@ ms.custom: aaddev
 
 # OAuth 2.0 and OpenID Connect protocols on Microsoft identity platform
 
-The Microsoft identity platform endpoint for identity-as-a-service with industry standard protocols, OpenID Connect (OIDC) and OAuth 2.0. While the service is standards-compliant, there can be subtle differences between any two implementations of these protocols. The information here will be useful if you choose to write your code by directly sending and handling HTTP requests or use a third-party open-source library, rather than using one of our [open-source libraries](reference-v2-libraries.md).
+The Microsoft identity platform endpoint for identity-as-a-service implements authentication and authorization with industry standard protocols OpenID Connect (OIDC) and OAuth 2.0, respectively. While the service is standards-compliant, there can be subtle differences between any two implementations of these protocols. The information here will be useful if you choose to write your code by directly sending and handling HTTP requests or use a third-party open-source library, rather than using one of our [open-source libraries](reference-v2-libraries.md).
 
 ## The basics
 
 
@@ -89,10 +89,10 @@ The `Scoping` element, which includes a list of identity providers, is optional
 If provided, don't include the `ProxyCount` attribute, `IDPListOption` or `RequesterID` element, as they aren't supported.
 
 ### Signature
-Don't include a `Signature` element in `AuthnRequest` elements, as Azure AD does not support signed authentication requests.
+Don't include a `Signature` element in `AuthnRequest` elements. Azure AD does not validate signed authentication requests. Requestor verification is provided for by only responding to registered Assertion Consumer Service URLs.
 
 ### Subject
-Azure AD ignores the `Subject` element of `AuthnRequest` elements.
+Don't include a `Subject` element. Azure AD doesn't support specifying a subject for a request and will return an error if one is provided.
 
 ## Response
 When a requested sign-on completes successfully, Azure AD posts a response to the cloud service. A response to a successful sign-on attempt looks like the following sample:
 
@@ -1,6 +1,6 @@
 ---
-title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bizagi Studio for Digital Process Automation | Microsoft Docs'
-description: Learn how to configure single sign-on between Azure Active Directory and Bizagi Studio for Digital Process Automation.
+title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Bizagi for Digital Process Automation | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and Bizagi for Digital Process Automation.
 services: active-directory
 documentationCenter: na
 author: jeevansd
@@ -19,12 +19,12 @@ ms.author: jeedes
 ms.collection: M365-identity-device-management
 ---
 
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with Bizagi Studio for Digital Process Automation
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with Bizagi for Digital Process Automation
 
-In this tutorial, you'll learn how to integrate Bizagi Studio for Digital Process Automation with Azure Active Directory (Azure AD). When you integrate Bizagi Studio for Digital Process Automation with Azure AD, you can:
+In this tutorial, you'll learn how to integrate Bizagi for Digital Process Automation Services or Server with Azure Active Directory (Azure AD). When you integrate Bizagi for Digital Process Automation with Azure AD, you can:
 
-* Control in Azure AD who has access to Bizagi Studio for Digital Process Automation.
-* Enable your users to be automatically signed-in to Bizagi Studio for Digital Process Automation with their Azure AD accounts.
+* Control in Azure AD who has access to a Bizagi project for Digital Process Automation Services or Server.
+* Enable your users to be automatically signed-in to a project of Bizagi for Digital Process AutomationServices or Server with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
 To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-appssoaccess-whatis).
@@ -34,65 +34,74 @@ To learn more about SaaS app integration with Azure AD, see [What is application
 To get started, you need the following items:
 
 * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* Bizagi Studio for Digital Process Automation single sign-on (SSO) enabled subscription.
+* A Bizagi project using Automation Services or Server. 
+* Have your own certificates for SAML assertion signatures. This certificates must be generate in p12 or pfx format.
+* Have a metadata file in XML format generated from the Bizagi project. 
 
 ## Scenario description
 
-In this tutorial, you configure and test Azure AD SSO in a test environment.
+In this tutorial, you configure and test Azure AD SSO in a Bizagi project using Automation services or server.
 
-* Bizagi Studio for Digital Process Automation supports **SP** initiated SSO
-* Once you configure Bizagi Studio for Digital Process Automation you can enforce session controls, which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+* Bizagi for Digital Process Automation supports **SP** initiated SSO
+* Once you configure Bizagi for Digital Process Automation you can enforce session controls, which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
 
-## Adding Bizagi Studio for Digital Process Automation from the gallery
+## Adding Bizagi for Digital Process Automation from the gallery
 
-To configure the integration of Bizagi Studio for Digital Process Automation into Azure AD, you need to add Bizagi Studio for Digital Process Automation from the gallery to your list of managed SaaS apps.
+To configure the integration of Bizagi for Digital Process Automation into Azure AD, you need to add Bizagi for Digital Process Automation from the gallery to your list of managed SaaS apps.
 
 1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
 1. On the left navigation pane, select the **Azure Active Directory** service.
 1. Navigate to **Enterprise Applications** and then select **All Applications**.
 1. To add new application, select **New application**.
-1. In the **Add from the gallery** section, type **Bizagi Studio for Digital Process Automation** in the search box.
-1. Select **Bizagi Studio for Digital Process Automation** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
+1. In the **Add from the gallery** section, type **Bizagi for Digital Process Automation** in the search box.
+1. Select **Bizagi for Digital Process Automation** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
-## Configure and test Azure AD single sign-on for Bizagi Studio for Digital Process Automation
+## Configure and test Azure AD single sign-on for Bizagi for Digital Process Automation
 
-Configure and test Azure AD SSO with Bizagi Studio for Digital Process Automation using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Bizagi Studio for Digital Process Automation.
+Configure and test Azure AD SSO with Bizagi for Digital Process Automation using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in the Bizagi project.
 
-To configure and test Azure AD SSO with Bizagi Studio for Digital Process Automation, complete the following building blocks:
+To configure and test Azure AD SSO with Bizagi for Digital Process Automation, complete the following building blocks:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
-    1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+    1. **[Create an Azure AD test user](#create-an-azure-ad-test)** - to test Azure AD single sign-on with B.Simon.
     1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-1. **[Configure Bizagi Studio for Digital Process Automation SSO](#configure-bizagi-studio-for-digital-process-automation-sso)** - to configure the single sign-on settings on application side.
-    1. **[Create Bizagi Studio for Digital Process Automation test user](#create-bizagi-studio-for-digital-process-automation-test-user)** - to have a counterpart of B.Simon in Bizagi Studio for Digital Process Automation that is linked to the Azure AD representation of user.
+1. **[Configure Bizagi for Digital Process Automation SSO](#configure-bizagi-for-digital-process-automation-sso)** - to configure the single sign-on settings on application side.
+    1. **[Create Bizagi for Digital Process Automation test user](#create-bizagi-for-digital-process-automation-test-user)** - to have a counterpart of B.Simon in Bizagi for Digital Process Automation that is linked to the Azure AD representation of user.
 1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
 
 ## Configure Azure AD SSO
 
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
-1. In the [Azure portal](https://portal.azure.com/), on the **Bizagi Studio for Digital Process Automation** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the [Azure portal](https://portal.azure.com/), on the **Bizagi for Digital Process Automation** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. Upload the Bizagi metadata file in the **Upload metadata file** option.
+1. Review the configuration. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
 1. On the **Basic SAML Configuration** section, enter the values for the following fields:
 
-	a. In the **Sign on URL** text box, type a URL:
+	a. In the **Sign on URL** text box, type the URL of your Bizagi project:
     `https://<COMPANYNAME>.bizagi.com/<PROJECTNAME>`
 
-    b. In the **Identifier (Entity ID)** text box, type a URL:
+    b. In the **Identifier (Entity ID)** text box, type the URL of your Bizagi project:
     `https://<COMPANYNAME>.bizagi.com/<PROJECTNAME>`
 
 	> [!NOTE]
-	> These values are not real. Update these values with the actual Sign-on URL and Identifier. Contact [Bizagi Studio for Digital Process Automation support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> These values are not real. Update these values with the actual Sign-on URL and Identifier. Contact [Bizagi for Digital Process Automation support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
 1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
 
 	![The Certificate download link](common/copy-metadataurl.png)
+	
+	This metadata URL must be registered in the authentication options of your Bizagi project.
+	
+1. On the **Set up single sign-on with SAML**page, click the edit/pen icon for **User Attributes & Claims** to edit the Unique User Identifier.
+	
+	Set the Unique User Identifier as the user.mail.
 
-### Create an Azure AD test user
+### Create an Azure AD test 
 
 In this section, you'll create a test user in the Azure portal called B.Simon.
 
@@ -106,10 +115,10 @@ In this section, you'll create a test user in the Azure portal called B.Simon.
 
 ### Assign the Azure AD test user
 
-In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Bizagi Studio for Digital Process Automation.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Bizagi for Digital Process Automation.
 
 1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
-1. In the applications list, select **Bizagi Studio for Digital Process Automation**.
+1. In the applications list, select **Bizagi for Digital Process Automation**.
 1. In the app's overview page, find the **Manage** section and select **Users and groups**.
 
    ![The "Users and groups" link](common/users-groups-blade.png)
@@ -122,19 +131,19 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
 1. In the **Add Assignment** dialog, click the **Assign** button.
 
-## Configure Bizagi Studio for Digital Process Automation SSO
+## Configure Bizagi for Digital Process Automation SSO
 
-To configure single sign-on on **Bizagi Studio for Digital Process Automation** side, you need to send the **App Federation Metadata Url** to [Bizagi Studio for Digital Process Automation support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **Bizagi for Digital Process Automation** side, you need to send the **App Federation Metadata Url** to [Bizagi for Digital Process Automation support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
 
-### Create Bizagi Studio for Digital Process Automation test user
+### Create Bizagi for Digital Process Automation test user
 
-In this section, you create a user called Britta Simon in Bizagi Studio for Digital Process Automation. Work with [Bizagi Studio for Digital Process Automation support team](mailto:[email protected]) to add the users in the Bizagi Studio for Digital Process Automation platform. Users must be created and activated before you use single sign-on.
+In this section, you create a user called Britta Simon in Bizagi for Digital Process Automation. Work with [Bizagi for Digital Process Automation support team](mailto:[email protected]) to add the users in the Bizagi for Digital Process Automation platform. Users must be created and activated before you use single sign-on.
 
 ## Test SSO
 
 In this section, you test your Azure AD single sign-on configuration using the Access Panel.
 
-When you click the Bizagi Studio for Digital Process Automation tile in the Access Panel, you should be automatically signed in to the Bizagi Studio for Digital Process Automation for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+When you click the Bizagi for Digital Process Automation tile in the Access Panel, you should be automatically signed in to the portal of Bizagi for Digital Process Automation for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
 
 ## Additional resources
 
@@ -144,6 +153,6 @@ When you click the Bizagi Studio for Digital Process Automation tile in the Acce
 
 - [What is conditional access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
 
-- [Try Bizagi Studio for Digital Process Automation with Azure AD](https://aad.portal.azure.com/)
+- [Try Bizagi for Digital Process Automation with Azure AD](https://aad.portal.azure.com/)
 
-- [What is session control in Microsoft Cloud App Security?](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
+- [What is session control in Microsoft Cloud App Security?](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
@@ -86,15 +86,14 @@ In this section, you set up console logging that uses the [ASP.NET Core logging
    ```powershell
    Install-Package Microsoft.Extensions.Logging.Console -version <3_X_VERSION>
    ```
+   In this command, replace `<3_X_VERSION>` with a supported 3.x version of the package.
 
 1. In *Program.cs*, add a `using` statement:
 
    ```cs
    using Microsoft.Extensions.Logging;
    ```
 
-    In this command, replace `<3_X_VERSION>` with a supported 3.x version of the package.
-
 1. Call the [`ConfigureLogging`](/dotnet/api/microsoft.aspnetcore.hosting.webhostbuilderextensions.configurelogging) method on [`HostBuilder`](/dotnet/api/microsoft.extensions.hosting.hostbuilder). The [`AddConsole`](/dotnet/api/microsoft.extensions.logging.consoleloggerextensions.addconsole) method adds console logging to the configuration.
 
     ```cs