Merge pull request #102490 from v-hagamp/tanner

GitHubber17 · web-flow · commit bfb3431d3e33 · 2020-02-03T20:33:40.000-08:00
update for oc-tanner
diff --git a/articles/active-directory/saas-apps/oc-tanner-tutorial.md b/articles/active-directory/saas-apps/oc-tanner-tutorial.md
@@ -12,116 +12,77 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: tutorial
-ms.date: 03/27/2019
+ms.date: 01/28/2020
 ms.author: jeedes
 
 ---
-# Tutorial: Azure Active Directory integration with O.C. Tanner - AppreciateHub
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with O.C. Tanner - AppreciateHub
 
-In this tutorial, you learn how to integrate O.C. Tanner - AppreciateHub with Azure Active Directory (Azure AD).
-Integrating O.C. Tanner - AppreciateHub with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate O.C. Tanner - AppreciateHub with Azure Active Directory (Azure AD). When you integrate O.C. Tanner - AppreciateHub with Azure AD, you can:
 
-* You can control in Azure AD who has access to O.C. Tanner - AppreciateHub.
-* You can enable your users to be automatically signed-in to O.C. Tanner - AppreciateHub (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
+* Control in Azure AD who has access to O.C. Tanner - AppreciateHub.
+* Enable your users to be automatically signed-in to O.C. Tanner - AppreciateHub with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
 
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-appssoaccess-whatis).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-appssoaccess-whatis).
 
 ## Prerequisites
 
-To configure Azure AD integration with O.C. Tanner - AppreciateHub, you need the following items:
+To get started, you need the following items:
 
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* O.C. Tanner - AppreciateHub single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* O.C. Tanner - AppreciateHub single sign-on (SSO) enabled subscription.
 
 ## Scenario description
 
-In this tutorial, you configure and test Azure AD single sign-on in a test environment.
+In this tutorial, you configure and test Azure AD SSO in a test environment.
 
 * O.C. Tanner - AppreciateHub supports **IDP** initiated SSO
 
+* Once you configure the O.C. Tanner - AppreciateHub you can enforce session controls, which protect exfiltration and infiltration of your organization’s sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+
 ## Adding O.C. Tanner - AppreciateHub from the gallery
 
 To configure the integration of O.C. Tanner - AppreciateHub into Azure AD, you need to add O.C. Tanner - AppreciateHub from the gallery to your list of managed SaaS apps.
 
-**To add O.C. Tanner - AppreciateHub from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
-	![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
-	![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
-	![The New application button](common/add-new-app.png)
-
-4. In the search box, type **O.C. Tanner - AppreciateHub**, select **O.C. Tanner - AppreciateHub** from result panel then click **Add** button to add the application.
-
-	 ![O.C. Tanner - AppreciateHub in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with O.C. Tanner - AppreciateHub based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in O.C. Tanner - AppreciateHub needs to be established.
-
-To configure and test Azure AD single sign-on with O.C. Tanner - AppreciateHub, you need to complete the following building blocks:
-
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure O.C. Tanner - AppreciateHub Single Sign-On](#configure-oc-tanner---appreciatehub-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create O.C. Tanner - AppreciateHub test user](#create-oc-tanner---appreciatehub-test-user)** - to have a counterpart of Britta Simon in O.C. Tanner - AppreciateHub that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
-
-### Configure Azure AD single sign-on
-
-In this section, you enable Azure AD single sign-on in the Azure portal.
-
-To configure Azure AD single sign-on with O.C. Tanner - AppreciateHub, perform the following steps:
-
-1. In the [Azure portal](https://portal.azure.com/), on the **O.C. Tanner - AppreciateHub** application integration page, select **Single sign-on**.
-
-    ![Configure single sign-on link](common/select-sso.png)
-
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
-
-    ![Single sign-on select mode](common/select-saml-option.png)
-
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
+1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **O.C. Tanner - AppreciateHub** in the search box.
+1. Select **O.C. Tanner - AppreciateHub** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
-	![Edit Basic SAML Configuration](common/edit-urls.png)
+## Configure and test Azure AD single sign-on for O.C. Tanner - AppreciateHub
 
-4. On the **Basic SAML Configuration** section, if you have **Service Provider metadata file**, perform the following steps:
+Configure and test Azure AD SSO with O.C. Tanner - AppreciateHub using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in O.C. Tanner - AppreciateHub.
 
-	>[!NOTE]
-	>You can download the **Service Provider metadata file** from [here](https://fed.appreciatehub.com/fed/sp/metadata)
+To configure and test Azure AD SSO with O.C. Tanner - AppreciateHub, complete the following building blocks:
 
-	a. Click **Upload metadata file**.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+    * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+    * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure O.C. Tanner - AppreciateHub SSO](#configure-oc-tanner---appreciatehub-sso)** - to configure the single sign-on settings on application side.
+    * **[Create O.C. Tanner - AppreciateHub test user](#create-oc-tanner---appreciatehub-test-user)** - to have a counterpart of B.Simon in O.C. Tanner - AppreciateHub that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
 
-    ![Upload metadata file](common/upload-metadata.png)
+## Configure Azure AD SSO
 
-	b. Click on **folder logo** to select the metadata file and click **Upload**.
+Follow these steps to enable Azure AD SSO in the Azure portal.
 
-	![choose metadata file](common/browse-upload-metadata.png)
+1. In the [Azure portal](https://portal.azure.com/), on the **O.C. Tanner - AppreciateHub** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
 
-	c. After the metadata file is successfully uploaded, the **Identifier** and **Reply URL** values get auto populated in Basic SAML Configuration section.
+   ![Edit Basic SAML Configuration](common/edit-urls.png)
 
-	 ![O.C. Tanner - AppreciateHub Domain and URLs single sign-on information](common/idp-intiated.png)
+1. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.
 
-	> [!Note]
-	> If the **Identifier** and **Reply URL** values do not get auto polulated, then please fill in the values manually according to your requirement. Contact [O.C. Tanner - AppreciateHub Client support team](mailto:sso@octanner.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
-
-5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer.
+1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer.
 
 	![The Certificate download link](common/metadataxml.png)
 
-6. On the **Set up O.C. Tanner - AppreciateHub** section, copy the appropriate URL(s) as per your requirement.
+1. On the **Set up O.C. Tanner - AppreciateHub** section, copy the appropriate URL(s) as per your requirement.
 
 	![Copy configuration URLs](common/copy-configuration-urls.png)
 
@@ -131,59 +92,39 @@ To configure Azure AD single sign-on with O.C. Tanner - AppreciateHub, perform t
 
 	c. Logout URL
 
-### Configure O.C. Tanner - AppreciateHub Single Sign-On
-
-To configure single sign-on on **O.C. Tanner - AppreciateHub** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [O.C. Tanner - AppreciateHub support team](mailto:sso@octanner.com). They set this setting to have the SAML SSO connection set properly on both sides.
-
-### Create an Azure AD test user 
-
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
-    ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
-    ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
+### Create an Azure AD test user
 
-    ![The User dialog box](common/user-properties.png)
+In this section, you'll create a test user in the Azure portal called B.Simon.
 
-    a. In the **Name** field enter **BrittaSimon**.
-  
-    b. In the **User name** field type user like BrittaSimon@contoso.com.
-
-    c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
-    d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+   1. In the **Name** field, enter `B.Simon`.  
+   1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+   1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+   1. Click **Create**.
 
 ### Assign the Azure AD test user
 
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to O.C. Tanner - AppreciateHub.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **O.C. Tanner - AppreciateHub**.
-
-	![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the applications list, select **O.C. Tanner - AppreciateHub**.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to O.C. Tanner - AppreciateHub.
 
-	![The O.C. Tanner - AppreciateHub link in the Applications list](common/all-applications.png)
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **O.C. Tanner - AppreciateHub**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
 
-3. In the menu on the left, select **Users and groups**.
+   ![The "Users and groups" link](common/users-groups-blade.png)
 
-    ![The "Users and groups" link](common/users-groups-blade.png)
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
 
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
+	![The Add User link](common/add-assign-user.png)
 
-    ![The Add Assignment pane](common/add-assign-user.png)
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. In the **Add Assignment** dialog, click the **Assign** button.
 
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
+## Configure O.C. Tanner - AppreciateHub SSO
 
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
+To configure single sign-on on **O.C. Tanner - AppreciateHub** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [O.C. Tanner - AppreciateHub support team](mailto:sso@octanner.com). They set this setting to have the SAML SSO connection set properly on both sides.
 
 ### Create O.C. Tanner - AppreciateHub test user
 
@@ -193,16 +134,22 @@ The objective of this section is to create a user called Britta Simon in O.C. Ta
 
 Ask your [O.C. Tanner - AppreciateHub support team](mailto:sso@octanner.com) to create a user that has as nameID attribute the same value as the user name of Britta Simon in Azure AD.
 
-### Test single sign-on 
+## Test SSO
 
 In this section, you test your Azure AD single sign-on configuration using the Access Panel.
 
 When you click the O.C. Tanner - AppreciateHub tile in the Access Panel, you should be automatically signed in to the O.C. Tanner - AppreciateHub for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
 
-## Additional Resources
+## Additional resources
+
+- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](https://docs.microsoft.com/azure/active-directory/active-directory-saas-tutorial-list)
+
+- [What is application access and single sign-on with Azure Active Directory? ](https://docs.microsoft.com/azure/active-directory/active-directory-appssoaccess-whatis)
+
+- [What is conditional access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
 
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-saas-tutorial-list)
+- [Try O.C. Tanner - AppreciateHub with Azure AD](https://aad.portal.azure.com/)
 
-- [What is application access and single sign-on with Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/active-directory-appssoaccess-whatis)
+- [What is session control in Microsoft Cloud App Security?](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
 
-- [What is Conditional Access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
+- [How to protect O.C. Tanner - AppreciateHub with advanced visibility and controls](https://docs.microsoft.com/cloud-app-security/proxy-intro-aad)
