service-overview COMPLETE

Taking all of Stephen's feedback

Author: fauhse

articles/active-directory/enterprise-users/directory-overview-user-model.md

@@ -21,23 +21,23 @@ ms.collection: M365-identity-device-management
 
 This article introduces and administrator for Azure Active Directory (Azure AD), part of Microsoft Entra, to the relationship between top [identity management](../fundamentals/active-directory-whatis.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context) tasks for users in terms of their groups, licenses, deployed enterprise apps, and administrator roles. As your organization grows, you can use Azure AD groups and administrator roles to:
 
-* Assign licenses to groups instead of to individually
-* Delegate permissions to distribute the work of Azure AD management to less-privileged roles
-* Assign enterprise app access to groups
+* Assign licenses to groups instead of to individual users.
+* Delegate permissions to distribute the work of Azure AD management to less-privileged roles.
+* Assign enterprise app access to groups.
 
 ## Assign users to groups
 
 You can use groups in Azure AD to assign licenses to large numbers of users, or to assign user access to deployed enterprise apps. You can use groups to assign all administrator roles except for Global Administrator in Azure AD, or you can grant access to resources that are external, such as SaaS applications or SharePoint sites.
 
-For additional flexibility and to reduce the work of managing group membership, you can use [dynamic groups](groups-create-rule.md) in Azure AD to expand and contract group membership automatically. You'll need an Azure AD Premium P1 license for each unique user that is a member of one or more dynamic groups.
+For additional flexibility and to reduce group membership management work, you can use [dynamic groups](groups-create-rule.md) in Azure AD to expand and contract group membership automatically. You'll need an Azure AD Premium P1 license for each unique user that is a member of one or more dynamic groups.
 
 ## Assign licenses to groups
 
 Assigning or removing licenses from users individually can demand time and attention. If you [assign licenses to groups](../fundamentals/license-users-groups.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context) instead, you can make your large-scale license management easier.
 
-In Azure AD, when users join a licensed group, they're automatically assigned the appropriate licenses. When users leave the group, Azure AD removes their license assignments. Without Azure AD groups, you'd have to write a PowerShell script or use Graph API to bulk add or remove user licenses for users joining or leaving the organization.
+Azure AD users who join a licensed group are automatically assigned the appropriate licenses. When users leave the group, Azure AD removes their license assignments. Without Azure AD groups, you'd have to write a PowerShell script or use Graph API to bulk add or remove user licenses for users joining or leaving the organization.
 
-If there are not enough available licenses, or an issue occurs like service plans that can't be assigned at the same time, you can see status of any licensing issue for the group in the Azure portal.
+If there aren't enough licenses available, or an issue occurs like service plans that can't be assigned at the same time, you can see status of any licensing issue for the group in the Azure portal.
 
 ## Delegate administrator roles
 

articles/active-directory/saas-apps/infor-cloudsuite-provisioning-tutorial.md

@@ -68,6 +68,14 @@ Before configuring and enabling automatic user provisioning, you should decide w
 5. To generate the bearer token, copy the **User Identifier** and **SCIM Password**. Paste them in notepad++ separated by a colon. Encode the string value by navigating to **Plugins > MIME Tools > Basic64 Encode**. 
 
 	:::image type="content" source="media/infor-cloudsuite-provisioning-tutorial/token.png" alt-text="Screenshot of a Notepad++ document. In the Plugins menu, MIME tools is highlighted. In the MIME tools menu, Base64 encode is highlighted." border="false":::
+	
+	To generate the bearer token using PowerShell instead of Notepad++, use the following commands:
+	 ```powershell
+    $Identifier = "<User Identifier>"
+	$SCIMPassword = "<SCIM Password>"
+	$bytes = [System.Text.Encoding]::UTF8.GetBytes($($Identifier):$($SCIMPassword))
+	[Convert]::ToBase64String($bytes)
+   	 ```
 
 3.	Copy the bearer token. This value will be entered in the Secret Token field in the Provisioning tab of your Infor CloudSuite application in the Azure portal.
 

articles/active-directory/saas-apps/keylight-tutorial.md

@@ -1,6 +1,6 @@
 ---
-title: 'Tutorial: Azure Active Directory integration with LockPath Keylight | Microsoft Docs'
-description: Learn how to configure single sign-on between Azure Active Directory and LockPath Keylight.
+title: 'Tutorial: Azure Active Directory integration with NAVEX IRM (Lockpath/Keylight) | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and NAVEX IRM (Lockpath/Keylight).
 services: active-directory
 author: jeevansd
 manager: CelesteDG
@@ -9,53 +9,53 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 06/11/2021
+ms.date: 09/09/2022
 ms.author: jeedes
 ---
-# Tutorial: Azure Active Directory integration with LockPath Keylight
+# Tutorial: Azure Active Directory integration with NAVEX IRM (Lockpath/Keylight)
 
-In this tutorial, you'll learn how to integrate LockPath Keylight with Azure Active Directory (Azure AD). When you integrate LockPath Keylight with Azure AD, you can:
+In this tutorial, you'll learn how to integrate NAVEX IRM (Lockpath/Keylight) with Azure Active Directory (Azure AD). When you integrate NAVEX IRM (Lockpath/Keylight) with Azure AD, you can:
 
-* Control in Azure AD who has access to LockPath Keylight.
-* Enable your users to be automatically signed-in to LockPath Keylight with their Azure AD accounts.
+* Control in Azure AD who has access to NAVEX IRM (Lockpath/Keylight).
+* Enable your users to be automatically signed-in to NAVEX IRM (Lockpath/Keylight) with their Azure AD accounts.
 * Manage your accounts in one central location - the Azure portal.
 
 ## Prerequisites
 
-To configure Azure AD integration with LockPath Keylight, you need the following items:
+To configure Azure AD integration with NAVEX IRM (Lockpath/Keylight), you need the following items:
 
 * An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/).
-* LockPath Keylight single sign-on enabled subscription.
+* NAVEX IRM (Lockpath/Keylight) single sign-on enabled subscription.
 
 ## Scenario description
 
 In this tutorial, you configure and test Azure AD single sign-on in a test environment.
 
-* LockPath Keylight supports **SP** initiated SSO.
-* LockPath Keylight supports **Just In Time** user provisioning.
+* NAVEX IRM (Lockpath/Keylight) supports **SP** initiated SSO.
+* NAVEX IRM (Lockpath/Keylight) supports **Just In Time** user provisioning.
 
-## Add LockPath Keylight from the gallery
+## Add NAVEX IRM (Lockpath/Keylight) from the gallery
 
-To configure the integration of LockPath Keylight into Azure AD, you need to add LockPath Keylight from the gallery to your list of managed SaaS apps.
+To configure the integration of NAVEX IRM (Lockpath/Keylight) into Azure AD, you need to add NAVEX IRM (Lockpath/Keylight) from the gallery to your list of managed SaaS apps.
 
 1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
 1. On the left navigation pane, select the **Azure Active Directory** service.
 1. Navigate to **Enterprise Applications** and then select **All Applications**.
 1. To add new application, select **New application**.
-1. In the **Add from the gallery** section, type **LockPath Keylight** in the search box.
-1. Select **LockPath Keylight** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
+1. In the **Add from the gallery** section, type **NAVEX IRM (Lockpath/Keylight)** in the search box.
+1. Select **NAVEX IRM (Lockpath/Keylight)** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
-## Configure and test Azure AD SSO for LockPath Keylight
+## Configure and test Azure AD SSO for NAVEX IRM (Lockpath/Keylight)
 
-Configure and test Azure AD SSO with LockPath Keylight using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in LockPath Keylight.
+Configure and test Azure AD SSO with NAVEX IRM (Lockpath/Keylight) using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in NAVEX IRM (Lockpath/Keylight).
 
-To configure and test Azure AD SSO with LockPath Keylight, perform the following steps:
+To configure and test Azure AD SSO with NAVEX IRM (Lockpath/Keylight), perform the following steps:
 
 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
     1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
     1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-1. **[Configure LockPath Keylight SSO](#configure-lockpath-keylight-sso)** - to configure the single sign-on settings on application side.
-    1. **[Create LockPath Keylight test user](#create-lockpath-keylight-test-user)** - to have a counterpart of B.Simon in LockPath Keylight that is linked to the Azure AD representation of user.
+1. **[Configure NAVEX IRM (Lockpath/Keylight) SSO](#configure-navex-irm-lockpathkeylight-sso)** - to configure the single sign-on settings on application side.
+    1. **[Create NAVEX IRM (Lockpath/Keylight) test user](#create-navex-irm-lockpathkeylight-test-user)** - to have a counterpart of B.Simon in NAVEX IRM (Lockpath/Keylight) that is linked to the Azure AD representation of user.
 1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
 
 ## Configure Azure AD SSO
@@ -64,7 +64,7 @@ In this section, you enable Azure AD single sign-on in the Azure portal.
 
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
-1. In the Azure portal, on the **LockPath Keylight** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **NAVEX IRM (Lockpath/Keylight)** application integration page, find the **Manage** section and select **single sign-on**.
 1. On the **Select a single sign-on method** page, select **SAML**.
 1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
 
@@ -81,13 +81,13 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
     `https://<COMPANY_NAME>.keylightgrc.com/`
 
 	> [!NOTE]
-	> These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [LockPath Keylight Client support team](https://www.lockpath.com/contact/) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [NAVEX IRM (Lockpath/Keylight) Client support team](https://www.lockpath.com/contact/) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
 5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Raw)** from the given options as per your requirement and save it on your computer.
 
 	![The Certificate download link](common/certificateraw.png)
 
-6. On the **Set up LockPath Keylight** section, copy the appropriate URL(s) as per your requirement.
+6. On the **Set up NAVEX IRM (Lockpath/Keylight)** section, copy the appropriate URL(s) as per your requirement.
 
 	![Copy configuration URLs](common/copy-configuration-urls.png)
 
@@ -105,29 +105,29 @@ In this section, you'll create a test user in the Azure portal called B.Simon.
 
 ### Assign the Azure AD test user
 
-In this section, you'll enable B.Simon to use Azure single sign-on by granting access to LockPath Keylight.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to NAVEX IRM (Lockpath/Keylight).
 
 1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
-1. In the applications list, select **LockPath Keylight**.
+1. In the applications list, select **NAVEX IRM (Lockpath/Keylight)**.
 1. In the app's overview page, find the **Manage** section and select **Users and groups**.
 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
 1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
 1. In the **Add Assignment** dialog, click the **Assign** button.
 
-## Configure LockPath Keylight SSO
+## Configure NAVEX IRM (Lockpath/Keylight) SSO
 
-1. To enable SSO in LockPath Keylight, perform the following steps:
+1. To enable SSO in NAVEX IRM (Lockpath/Keylight), perform the following steps:
 
-    a. Sign-on to your LockPath Keylight account as administrator.
+    a. Sign-on to your NAVEX IRM (Lockpath/Keylight) account as administrator.
 
-    b. In the menu on the top, click **Person**, and select **Keylight Setup**.
+    b. In the menu on the top, click **User Icon**, and select **Setup**.
 
     ![Screenshot that shows the "Person" icon selected, and "Keylight Setup" selected from the drop-down.](./media/keylight-tutorial/setup-icon.png)
 
     c. In the treeview on the left, click **SAML**.
 
-    ![Screenshot that shows "S A M L" selected in the tree view.](./media/keylight-tutorial/treeview.png)
+    ![Screenshot that shows "S A M L" selected in the tree view.](./media/keylight-tutorial/tree-view.png)
 
     d. On the **SAML Settings** dialog, click **Edit**.
 
@@ -143,11 +143,11 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
     c. In the **Identity Provider Logout URL** textbox, paste the **Logout URL** value which you have copied from the Azure portal.
 
-    d. Click **Choose File** to select your downloaded LockPath Keylight certificate, and then click **Open** to upload the certificate.
+    d. Click **Choose File** to select your downloaded NAVEX IRM (Lockpath/Keylight) certificate, and then click **Open** to upload the certificate.
 
     e. Set **SAML User Id location** to **NameIdentifier element of the subject statement**.
 
-    f. Provide the **Keylight Service Provider** using the following pattern: `https://<CompanyName>.keylightgrc.com`.
+    f. Provide the **Service Provider Entity Id** using the following pattern: `https://<CompanyName>.keylightgrc.com`.
 
     g. Set **Auto-provision users** to **Active**.
 
@@ -165,20 +165,20 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
     n. Click **Save**.
 
-### Create LockPath Keylight test user
+### Create NAVEX IRM (Lockpath/Keylight) test user
 
-In this section, a user called Britta Simon is created in LockPath Keylight. LockPath Keylight supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in LockPath Keylight, a new one is created after authentication. If you need to create a user manually, you need to contact the [LockPath Keylight Client support team](https://www.lockpath.com/contact/).
+In this section, a user called Britta Simon is created in NAVEX IRM (Lockpath/Keylight). NAVEX IRM (Lockpath/Keylight) supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in NAVEX IRM (Lockpath/Keylight), a new one is created after authentication. If you need to create a user manually, you need to contact the [NAVEX IRM (Lockpath/Keylight) Customer support team](https://www.lockpath.com/contact/).
 
 ## Test SSO
 
 In this section, you test your Azure AD single sign-on configuration with following options. 
 
-* Click on **Test this application** in Azure portal. This will redirect to LockPath Keylight Sign-on URL where you can initiate the login flow. 
+* Click on **Test this application** in Azure portal. This will redirect to NAVEX IRM (Lockpath/Keylight) Sign-on URL where you can initiate the login flow. 
 
-* Go to LockPath Keylight Sign-on URL directly and initiate the login flow from there.
+* Go to NAVEX IRM (Lockpath/Keylight) Sign-on URL directly and initiate the login flow from there.
 
-* You can use Microsoft My Apps. When you click the LockPath Keylight tile in the My Apps, this will redirect to LockPath Keylight Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
+* You can use Microsoft My Apps. When you click the NAVEX IRM (Lockpath/Keylight) tile in the My Apps, this will redirect to NAVEX IRM (Lockpath/Keylight) Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
 ## Next steps
 
-Once you configure LockPath Keylight you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-aad).
+Once you configure NAVEX IRM (Lockpath/Keylight) you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-aad).