Merge pull request #248883 from MicrosoftDocs/main

8/21/2023 AM Publish

Author: Taojunshen

articles/active-directory/app-provisioning/user-provisioning.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: overview
 ms.workload: identity
-ms.date: 03/14/2023
+ms.date: 08/14/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -20,9 +20,17 @@ In Azure Active Directory (Azure AD), the term *app provisioning* refers to auto
 
 Azure AD application provisioning refers to automatically creating user identities and roles in the applications that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change. Common scenarios include provisioning an Azure AD user into SaaS applications like [Dropbox](../../active-directory/saas-apps/dropboxforbusiness-provisioning-tutorial.md), [Salesforce](../../active-directory/saas-apps/salesforce-provisioning-tutorial.md), [ServiceNow](../../active-directory/saas-apps/servicenow-provisioning-tutorial.md), and many more.
 
-Azure AD also supports provisioning users into applications hosted on-premises or in a virtual machine, without having to open up any firewalls. Your application must support [SCIM](https://aka.ms/scimoverview). Or, you must build a SCIM gateway to connect to your legacy application. If so, you can use the Azure AD Provisioning agent to [directly connect](./on-premises-scim-provisioning.md) with your application and automate provisioning and deprovisioning. If you have legacy applications that don't support SCIM and rely on an [LDAP](./on-premises-ldap-connector-configure.md) user store or a [SQL](./tutorial-ecma-sql-connector.md) database, Azure AD can support these applications as well. 
-
-App provisioning lets you:
+Azure AD also supports provisioning users into applications hosted on-premises or in a virtual machine, without having to open up any firewalls. The table below provides a mapping of protocols to connectors supported. 
+
+|Protocol |Connector|
+|-----|-----|
+| SCIM | [SCIM - SaaS](use-scim-to-provision-users-and-groups.md) <br />[SCIM - On-prem / Private network](./on-premises-scim-provisioning.md) |
+| LDAP | [LDAP](./on-premises-ldap-connector-configure.md)|
+| SQL  | [SQL](./tutorial-ecma-sql-connector.md) |
+| REST | [Web Services](./on-premises-web-services-connector.md)|
+| SOAP | [Web Services](./on-premises-web-services-connector.md)|
+| Flat-file| [PowerShell](./on-premises-powershell-connector.md) |
+| Custom | [Custom ECMA connectors](./on-premises-custom-connector.md) <br /> [Connectors and gateways built by partners](./partner-driven-integrations.md)|
 
 - **Automate provisioning**: Automatically create new accounts in the right systems for new people when they join your team or organization.
 - **Automate deprovisioning**: Automatically deactivate accounts in the right systems when people leave the team or organization.

articles/active-directory/architecture/recoverability-overview.md

@@ -100,7 +100,7 @@ Create a process of predefined communications to make others aware of the issue
 Document the state of your tenant and its objects regularly. Then if a hard delete or misconfiguration occurs, you have a roadmap to recovery. The following tools can help you document your current state:
 
 - [Microsoft Graph APIs](/graph/overview) can be used to export the current state of many Azure AD configurations.
-- [Azure AD Exporter](https://github.com/microsoft/azureadexporter) is a tool you can use to export your configuration settings.
+- [Entra Exporter](https://github.com/microsoft/entraexporter) is a tool you can use to export your configuration settings.
 - [Microsoft 365 Desired State Configuration](https://github.com/microsoft/Microsoft365DSC/wiki/What-is-Microsoft365DSC) is a module of the PowerShell Desired State Configuration framework. You can use it to export configurations for reference and application of the prior state of many settings.
 - [Conditional Access APIs](https://github.com/Azure-Samples/azure-ad-conditional-access-apis) can be used to manage your Conditional Access policies as code.
 

articles/active-directory/saas-apps/cloudbees-ci-tutorial.md

@@ -71,9 +71,7 @@ Complete the following steps to enable Azure AD single sign-on in the Azure port
     | `https://cjoc.<CustomerDomain>/securityRealm/finishLogin` |
     | `https://<Environment>.<CustomerDomain>/securityRealm/finishLogin` |
 
-1. Perform the following step, if you wish to configure the application in **SP** initiated mode:
-
-	In the **Sign on URL** textbox, type the URL using one of the following patterns:
+	c. In the **Sign on URL** textbox, type the URL using one of the following patterns:
 
 	| **Sign on URL** |
     |------------|

articles/active-directory/saas-apps/google-apps-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/21/2022
+ms.date: 08/16/2023
 ms.author: jeedes
 ---
 
@@ -94,8 +94,6 @@ To configure the integration of Google Cloud / G Suite Connector by Microsoft in
 
  Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, as well as walk through the SSO configuration as well. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides)
 
-Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, as well as walk through the SSO configuration as well. You can learn more about O365 wizards [here](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide&preserve-view=true).
-
 ## Configure and test Azure AD single sign-on for Google Cloud / G Suite Connector by Microsoft
 
 Configure and test Azure AD SSO with Google Cloud / G Suite Connector by Microsoft using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Google Cloud / G Suite Connector by Microsoft.

articles/active-directory/saas-apps/hornbill-tutorial.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 04/19/2023
+ms.date: 08/16/2023
 ms.author: jeedes
 ---
 # Tutorial: Azure AD SSO integration with Hornbill
@@ -76,15 +76,26 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 4. On the **Basic SAML Configuration** section, perform the following steps:
 
 	a. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
-    `https://sso.hornbill.com/<INSTANCE_NAME>/<SUBDOMAIN>`
+`https://sso.hornbill.com/<INSTANCE_NAME>/live`
 
-	b. In the **Sign on URL** text box, type a URL using the following pattern:
-    `https://<SUBDOMAIN>.hornbill.com/<INSTANCE_NAME>/`
+	> [!NOTE]
+	> If you are deploying the Hornbill Mobile Catalog to your organization, you will need to add an additional identifier URL, as so:
+`https://sso.hornbill.com/hornbill/mcatalog`
+    
+	b. In the **Reply URL (Assertion Consumer Service URL)** section, add the following:
+`https://<API_SUBDOMAIN>.hornbill.com/<INSTANCE_NAME>/xmlmc/sso/saml2/authorize/user/live`
+
+	> [!NOTE]
+	> If you are deploying the Hornbill Mobile Catalog to your organization, you will need to add an additional Reply URL, as so:
+`https://<API_SUBDOMAIN>.hornbill.com/hornbill/xmlmc/sso/saml2/authorize/user/mcatalog`
+   
+	c. In the **Sign on URL** text box, type a URL using the following pattern:
+`https://live.hornbill.com/<INSTANCE_NAME>/`
 
 	> [!NOTE]
-	> These values are not real. Update these values with the actual Identifier and Sign on URL. Contact [Hornbill Client support team](https://www.hornbill.com/support/?request/) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> These values are not real. Update the <INSTANCE_NAME> and <API_SUBDOMAIN> values with the actual values in the Identifier(s), Reply URL(s) and Sign on URL. These values can be retrieved from the Hornbill Solution Center in your Hornbill instance, under **_Your usage > Support_**.  Contact [Hornbill Support](https://www.hornbill.com/support) for assistance in getting these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
-5. On the **Set up Single Sign-On with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
+6. On the **Set up Single Sign-On with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
 
 	![The Certificate download link](common/copy-metadataurl.png)
 

articles/active-directory/saas-apps/tanium-sso-tutorial.md

@@ -73,7 +73,10 @@ Complete the following steps to enable Azure AD single sign-on in the Azure port
     > [!NOTE]
     > These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [Tanium SSO support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
-1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
+    > [!NOTE]
+    > If deploying Tanium in an on-premises configuration, your values may look different than those shown above. The values to use can be retrieved from the **Administration > SAML Configuration** menu in the Tanium console. Details can be found in the [Tanium Console User Guide: Integrating with a SAML IdP](https://docs.tanium.com/platform_user/platform_user/console_using_saml.html?cloud=false "Integrating with a SAML IdP Guide").
+
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer. If deploying to Tanium in an on-premises configuration, click the edit button and set the **Response Signing Option** to "Sign response and assertion".
 
 	[ ![Screenshot shows the Certificate download link.](common/copy-metadataurl.png "Certificate") ](common/copy-metadataurl.png#lightbox)
 

articles/ai-services/includes/quickstarts/management-azportal.md

@@ -19,20 +19,7 @@ ms.author: aahi
 
 ## Create a new multi-service resource
 
-The multi-service resource is listed under **Azure AI services** > **Multipurpose** in the portal. The multi-service resource enables access to the following Azure AI services with a single key and endpoint:
-
-| Service | Description |
-| --- | --- |
-| ![Content Moderator icon](../../media/service-icons/content-moderator.svg) [Content Moderator](../../content-moderator/index.yml) (retired) | Detect potentially offensive or unwanted content |
-| ![Custom Vision icon](../../media/service-icons/custom-vision.svg) [Custom Vision](../../custom-vision-service/index.yml) | Customize image recognition to fit your business |
-| ![Document Intelligence icon](../../media/service-icons/document-intelligence.svg) [Document Intelligence](../../document-intelligence/index.yml) | Turn documents into usable data at a fraction of the time and cost |
-| ![Face icon](../../media/service-icons/face.svg) [Face](../../computer-vision/overview-identity.md) | Detect and identify people and emotions in images |
-| ![Language icon](../../media/service-icons/language.svg) [Language](../../language-service/index.yml) | Build apps with industry-leading natural language understanding capabilities |
-| ![Speech icon](../../media/service-icons/speech.svg) [Speech](../../speech-service/index.yml) | Speech to text, text to speech, translation and speaker recognition |
-| ![Translator icon](../../media/service-icons/translator.svg) [Translator](../../translator/index.yml) | Translate more than 100 languages and dialects |
-| ![Vision icon](../../media/service-icons/vision.svg) [Vision](../../computer-vision/index.yml) | Analyze content in images and videos |
-
-To create a multi-service resource follow these instructions:
+The multi-service resource is listed under **Azure AI services** > **Azure AI services multi-service account** in the portal. To create a multi-service resource follow these instructions:
 1. Select this link to create a multi-service resource: [https://portal.azure.com/#create/Microsoft.CognitiveServicesAllInOne](https://portal.azure.com/#create/Microsoft.CognitiveServicesAllInOne)
 
 1. On the **Create** page, provide the following information:

articles/ai-services/media/cognitive-services-apis-create-account/cognitive-services-resource-deployed.png

@@ -29,6 +29,21 @@ You can access Azure AI services through two different resources: A multi-servic
 
 Azure AI services are represented by Azure [resources](../azure-resource-manager/management/manage-resources-portal.md) that you create under your Azure subscription. After you create a resource, you can use the keys and endpoint generated to authenticate your applications.
 
+## Supported services with a multi-service resource
+
+The multi-service resource enables access to the following Azure AI services with a single key and endpoint. Use these links to find quickstart articles, samples, and more to start using your resource.
+
+| Service | Description |
+| --- | --- |
+| ![Content Moderator icon](./media/service-icons/content-moderator.svg) [Content Moderator](./content-moderator/index.yml) (retired) | Detect potentially offensive or unwanted content |
+| ![Custom Vision icon](./media/service-icons/custom-vision.svg) [Custom Vision](./custom-vision-service/index.yml) | Customize image recognition to fit your business |
+| ![Document Intelligence icon](./media/service-icons/document-intelligence.svg) [Document Intelligence](./document-intelligence/index.yml) | Turn documents into usable data at a fraction of the time and cost |
+| ![Face icon](./media/service-icons/face.svg) [Face](./computer-vision/overview-identity.md) | Detect and identify people and emotions in images |
+| ![Language icon](./media/service-icons/language.svg) [Language](./language-service/index.yml) | Build apps with industry-leading natural language understanding capabilities |
+| ![Speech icon](./media/service-icons/speech.svg) [Speech](./speech-service/index.yml) | Speech to text, text to speech, translation and speaker recognition |
+| ![Translator icon](./media/service-icons/translator.svg) [Translator](./translator/index.yml) | Translate more than 100 languages and dialects |
+| ![Vision icon](./media/service-icons/vision.svg) [Vision](./computer-vision/index.yml) | Analyze content in images and videos |
+
 ::: zone pivot="azportal"
 
 [!INCLUDE [Azure Portal quickstart](includes/quickstarts/management-azportal.md)]
@@ -67,12 +82,4 @@ Azure AI services are represented by Azure [resources](../azure-resource-manager
 
 ## Next steps
 
-* Now that you have a resource, you can authenticate your API requests to the following Azure AI services. Use these links to find quickstart articles, samples and more to start using your resource.
-    * [Content Moderator](./content-moderator/index.yml) (retired) 
-    * [Custom Vision](./custom-vision-service/index.yml) 
-    * [Document Intelligence](./document-intelligence/index.yml)
-    * [Face](./computer-vision/overview-identity.md) 
-    * [Language](./language-service/index.yml)
-    * [Speech](./speech-service/index.yml) 
-    * [Translator](./translator/index.yml)
-    * [Vision](./computer-vision/index.yml) 
+* Now that you have a resource, you can authenticate your API requests to one of the [supported Azure AI services](#supported-services-with-a-multi-service-resource).