Merge pull request #241188 from MicrosoftDocs/main

Publish to live, Monday 4 AM PST, 6/12

Author: ttorble

articles/active-directory/external-identities/customers/how-to-single-page-app-vanillajs-configure-authentication.md

@@ -278,4 +278,4 @@ The application uses *authPopup.js* to handle the authentication flow when the u
 ## Next steps
 
 > [!div class="nextstepaction"]
-> [Sign in and sign out of the Vanilla JS SPA](./how-to-single-page-app-vanillajs-sign-in-sign-out.md)
+> [Sign in and sign out of the vanilla JS SPA](./how-to-single-page-app-vanillajs-sign-in-sign-out.md)

articles/active-directory/external-identities/customers/how-to-single-page-app-vanillajs-prepare-tenant.md

@@ -14,7 +14,7 @@ ms.date: 06/09/2023
 #Customer intent: As a developer, I want to learn how to configure a vanilla JavaScript single-page app (SPA) to sign in and sign out users with my Azure Active Directory (AD) for customers tenant.
 ---
 
-# Tutorial: Prepare your customer tenant to authenticate a Vanilla JavaScript single-page app (SPA)
+# Tutorial: Prepare your customer tenant to authenticate a vanilla JavaScript single-page app (SPA)
 
 This tutorial series demonstrates how to build a vanilla JavaScript single-page application (SPA) and prepare it for authentication using the Microsoft Entra admin center. You'll use the [Microsoft Authentication Library for JavaScript](/javascript/api/overview/msal-overview) library to authenticate your app with your Azure Active Directory (Azure AD) for customers tenant. Finally, you'll run the application and test the sign-in and sign-out experiences.
 

articles/active-directory/external-identities/customers/how-to-use-app-roles-customers.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: ciam
 ms.topic: how-to
-ms.date: 06/10/2023
+ms.date: 06/13/2023
 ms.author: mimart
 ms.custom: it-pro
 ---
@@ -48,6 +48,8 @@ Though you can use app roles or groups for authorization, key differences betwee
 
 [!INCLUDE [ciam-assign-user-and-groups-to-roles](./includes/access-control/assign-users-groups-roles.md)]
 
+To test your application, sign out and sign in again with the user you assigned the roles. Inspect the security token to make sure that it contains the user's role. 
+
 ## Add group claims to security tokens
 
 [!INCLUDE [ciam-add-group-claim-to-token](./includes/access-control/add-group-claim-in-token.md)]
@@ -56,6 +58,8 @@ Though you can use app roles or groups for authorization, key differences betwee
 
 [!INCLUDE [ciam-add-member-to-group](./includes/access-control/add-member-to-group.md)]
 
+To test your application, sign out, and then sign in again with the user you added to the security group. Inspect the security token to make sure that it contains the user's group membership. 
+
 ## Groups and application roles support
 
 A customer tenant follows the Azure AD user and group management model and application assignment. Many of the core Azure AD features are being phased into customer tenants.
@@ -80,4 +84,4 @@ The following table shows which features are currently available.
 | Change security group members using the Microsoft Entra admin center | Yes |
 | Change security group members using the Microsoft Graph API | Yes |
 | Scale up to 50,000 users and 50,000 groups | Not currently available |
-| Add 50,000 users to at least two groups | Not currently available |
+| Add 50,000 users to at least two groups | Not currently available |

articles/active-directory/external-identities/customers/includes/access-control/add-member-to-group.md

@@ -15,5 +15,5 @@ Now that you've added app groups claim in your application, add users to the sec
 1. Select  **Members**.
 1. Select **+ Add members**.
 1. Scroll through the list or enter a name in the search box. You can choose multiple names. When you're ready, choose **Select**.
-2. The **Group Overview** page updates to show the number of members who are now added to the group.
-3. To test your application, sign out, and then sign in again with the user you added to the security group.
+1. The **Group Overview** page updates to show the number of members who are now added to the group.
+

articles/active-directory/external-identities/customers/includes/access-control/assign-users-groups-roles.md

@@ -3,7 +3,7 @@ author: kengaderdus
 ms.service: active-directory
 ms.subservice: ciam
 ms.topic: include
-ms.date: 06/10/2023
+ms.date: 06/13/2023
 ms.author: kengaderdus
 ---
 Once you've added app roles in your application, administrator can assign users and groups to the roles. Assignment of users and groups to roles can be done through the admin center, or programmatically using [Microsoft Graph](/graph/api/user-post-approleassignments). When the users assigned to the various app roles sign in to the application, their tokens have their assigned roles in the `roles` claim.
@@ -19,8 +19,7 @@ To assign users and groups to application roles by using the Azure portal:
 1. Select **Add user** to open the **Add Assignment** pane.
 1. In the **Add Assignment** pane, select **Users and groups**. A list of users and security groups appears. You can select multiple users and groups in the list.
 1. Once you've selected users and groups, choose **Select**.
-2. In the **Add assignment** pane, choose **Select a role**. All the roles you defined for the application appear.
-3. Select a role, and then choose **Select**.
-4. Select **Assign** to finish the assignment of users and groups to the app.
-5. Confirm that the users and groups you added appear in the **Users and groups** list.
-6. To test your application, sign out and sign in again with the user you assigned the roles.
+1. In the **Add assignment** pane, choose **Select a role**. All the roles you defined for the application appear.
+1. Select a role, and then choose **Select**.
+1. Select **Assign** to finish the assignment of users and groups to the app.
+1. Confirm that the users and groups you added appear in the **Users and groups** list.

articles/active-directory/external-identities/customers/includes/register-app/add-platform-redirect-url-node.md

@@ -3,7 +3,7 @@ author: kengaderdus
 ms.service: active-directory
 ms.subservice: ciam
 ms.topic: include
-ms.date: 03/30/2023
+ms.date: 06/13/2023
 ms.author: kengaderdus
 ---
 To specify your app type to your app registration, follow these steps: 
@@ -12,5 +12,5 @@ To specify your app type to your app registration, follow these steps:
 1. On the **Platform configurations** page, select **Add a platform**, and then select **Web** option.
 1. For the **Redirect URIs** enter `http://localhost:3000/auth/redirect`
 1. Select **Configure** to save your changes.
-1. Back on the **Platform configurations** page, in the new **Single-page application** that has appeared, select **Add URI**, then enter `http://localhost:3000/`
+1. On the **Platform configurations** page, under **Web**, select **Add URI**, then enter `http://localhost:3000/`
 1. Select **Save** to save your changes, and ensure that both URIs are listed.

articles/active-directory/external-identities/customers/includes/register-app/add-platform-redirect-url-vanilla-js.md

@@ -3,13 +3,13 @@ author: kengaderdus
 ms.service: active-directory
 ms.subservice: ciam
 ms.topic: include
-ms.date: 03/30/2023
+ms.date: 06/12/2023
 ms.author: kengaderdus
 ---
 To specify your app type to your app registration, follow these steps: 
 
 1. Under **Manage**, select **Authentication**.
-1. On the **Platform configurations** page, select **Add a platform**, and then select **Web** option.
+1. On the **Platform configurations** page, select **Add a platform**, and then select **SPA** option.
 1. For the **Redirect URIs** enter `http://localhost:3000/auth/redirect`
 1. Select **Configure** to save your changes.
 1. Back on the **Platform configurations** page, in the new **Single-page application** that has appeared, select **Add URI**, then enter `http://localhost:3000/`

articles/active-directory/saas-apps/markit-procurement-service-provisioning-tutorial.md

@@ -40,7 +40,7 @@ The scenario outlined in this tutorial assumes that you already have the followi
 1. Determine what data to [map between Azure AD and Markit Procurement Service](../app-provisioning/customize-application-attributes.md).
 
 ## Step 2. Configure Markit Procurement Service to support provisioning with Azure AD
-Contact Markit Procurement Service support to configure Markit Procurement Service to support provisioning with Azure AD.
+You can begin the process of connecting your Markit environment to Azure AD provisioning by reaching out to the [Markit support team](mailto:[email protected]) or directly with your Markit account manager. You're provided a document that contains your **Tenant URL**, along with a **Secret Token**. Markit account managers can assist you with setting up this integration and are available to answer any questions about its configuration or use.
 
 ## Step 3. Add Markit Procurement Service from the Azure AD application gallery
 
@@ -57,7 +57,7 @@ The Azure AD provisioning service allows you to scope who will be provisioned ba
 
 ## Step 5. Configure automatic user provisioning to Markit Procurement Service 
 
-This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users in TestApp based on user assignments in Azure AD.
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users in Markit Procurement Service  based on user assignments in Azure AD.
 
 ### To configure automatic user provisioning for Markit Procurement Service in Azure AD:
 
@@ -89,6 +89,10 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 1. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Markit Procurement Service**.
 
+1. Uncheck **Create** checkbox. Markit recommends unchecking the create option. By unchecking create options, users are created on demand during first time user login.
+
+	![Screenshot of Uncheck create option.](media/markit-procurement-service-provisioning-tutorial/create-uncheck.png)
+
 1. Review the user attributes that are synchronized from Azure AD to Markit Procurement Service in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Markit Procurement Service for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you need to ensure that the Markit Procurement Service API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
 
    |Attribute|Type|Supported for filtering|Required by Markit Procurement Service|