Update aws-single-sign-on-provisioning-tutorial.md

Author: ArvindHarinder1

articles/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial.md

@@ -172,7 +172,7 @@ With PIM for Groups, you can provide just-in-time access to groups in Amazon Web
 **Configure your enterprise application for SSO and provisioning**
 1. Add AWS IAM Identity Center to your tenant and configure it for provisioning as described in the tutorial above. 
 1. Configure [single sign-on](aws-single-sign-on-provisioning-tutorial.md) for AWS IAM Identity Center.
-1. Create a group that will provide all users access to the application and assign the group to the application.
+1. Create a [group](https://learn.microsoft.com/azure/active-directory/fundamentals/how-to-manage-groups) that will provide all users access to the application and assign the group to the application.
 1. Assign your test user as a direct member of the group created in the previous step, or provide them access to the group through an access package. This group can be used for persistent, non-admin access in AWS.
 1. Use on-demand provisioning to provision the group created in step 1 into your application. At this point the group does not have any active members so this will simply create the group object in AWS.
 1. Sign-in to AWS and assign the group to the necessary role / permissions in  AWS.
@@ -184,7 +184,7 @@ With PIM for Groups, you can provide just-in-time access to groups in Amazon Web
 1. Assign your test user as [eligible for the group in PIM](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/groups-assign-member-owner) with the role set to member.
 
 
-Now any end user that was made eligible for the group in PIM can get JIT access to the group in AWS by [activating their group membership](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-activate-roles#activate-a-role). 
+Now any end user that was made eligible for the group in PIM can get JIT access to the group in AWS by [activating their group membership](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/groups-activate-roles#activate-a-role). 
 
 > [!IMPORTANT] The group membership is provisioned roughly a minute after the activation is complete. Please wait before attempting to sign-in to AWS. If the user is unable to access the necessary group in AWS, please review the troubleshooting tips below and provisioning logs to ensure that the user was successfully provisioned.