PR review quality fixes

Author: ktoliver

articles/active-directory/saas-apps/cloud-academy-sso-tutorial.md

@@ -47,7 +47,6 @@ To configure the integration of Cloud Academy into Azure AD, you need to add Clo
 1. In the **Add from the gallery** section, enter **Cloud Academy** in the search box.
 1. Select **Cloud Academy** in the results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
-
 ## Configure and test Azure AD SSO for Cloud Academy
 
 You'll configure and test Azure AD SSO with Cloud Academy by using a test user named **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the corresponding user in Cloud Academy.
@@ -72,43 +71,42 @@ Follow these steps to enable Azure AD SSO in the Azure portal:
    ![Screenshot that shows the pencil button for editing the basic SAML configuration.](common/edit-urls.png)
 
 1. In the **Basic SAML Configuration** section, update the **Identifier** text box, type the following URLs and proceed:
-    
+  
     | Identifier |
     |--------------|
     | `urn:federation:cloudacademy` |
-    
-3. In the **Basic SAML Configuration** section, update the **Reply URL** text box, type one of the following URLs and proceed:
-    
+  
+1. In the **Basic SAML Configuration** section, update the **Reply URL** text box, type one of the following URLs and proceed:
+  
     | Reply URL |
     |--------------|
     | `https://cloudacademy.com/labs/social/complete/saml/` |
     | `https://app.qa.com/labs/social/complete/saml/` |
-    
-5. In the **Basic SAML Configuration** section, update the **Sign-on URL** text box, type one of the following URLs and save it:
-    
+  
+1. In the **Basic SAML Configuration** section, update the **Sign-on URL** text box, type one of the following URLs and save it:
+  
     | Sign-on URL |
     |--------------|
     | `https://cloudacademy.com/login/enterprise/` |
     | `https://app.qa.com/login/enterprise/` |
-    
-    
+  
 1. Select the pencil button for **SAML Signing Certificate** to edit the settings:
 
-   ![Screenshot that shows how to edit the ceritificate.](common/edit-certificate.png)
+   ![Screenshot that shows how to edit the certificate.](common/edit-certificate.png)
 
 1. Download the **PEM certificate**:
 
-   ![Screenshot that shows how to download the PEM ceritificate.](common/certificate-base64-download.png)
-    
+   ![Screenshot that shows how to download the P E M certificate.](common/certificate-base64-download.png)
+  
 1. On the **Set up Cloud Academy** section, copy the **Login URL**:
 
-	![Screenshot that shows the copy button for the login URL.](common/copy_configuration_urls.png)
+   ![Screenshot that shows the copy button for the login U R L.](common/copy_configuration_urls.png)
 
 ### Create an Azure AD test user
 
 In this section, you'll create a test user called B.Simon in the Azure portal.
 
-1. In the left pane of the Azure portal, select **Azure Active Directory**. Select **Users**, and then select **All users**.
+1. In the left menu of the Azure portal, select **Azure Active Directory**. Select **Users**, and then select **All users**.
 1. Select **New user** at the top of the screen.
 1. In the **User** properties, complete these steps:
    1. In the **Name** box, enter **B.Simon**.  
@@ -132,81 +130,87 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting t
 
 1. In a different browser window, sign in to your Cloud Academy company site as administrator.
 
-1. On the home page, click the **Azure Integration Team** icon and then select **Settings** in the left menu.
+1. On the home page, click the **Azure Integration Team** icon, and then select **Settings** in the left menu.
 
 1. On the **INTEGRATIONS** tab, select the **SSO** card.
 
     ![Screenshot that shows the Settings & Integrations option.](./media/cloud-academy-sso-tutorial/integrations.png)
 
-1. Click on **Start Configuring** to set up SSO.
+1. Select **Start Configuring** to set up SSO.
 
-    ![Screenshot that shows the Integrations > SSO page.](./media/cloud-academy-sso-tutorial/start-configuring.png)
+    ![Screenshot that shows the Integrations and S S O page.](./media/cloud-academy-sso-tutorial/start-configuring.png)
 
-1. Complete the following steps in General Settings page:
+1. On the **General Settings** page, complete the following steps:
 
-    ![Screenshot that shows the Integrations in general settings.](./media/cloud-academy-sso-tutorial/general-settings.png)
+    ![Screenshot that shows integrations in general settings.](./media/cloud-academy-sso-tutorial/general-settings.png)
 
-    a. In the **SSO URL(Location)** box, paste the login URL value that you copied from the Azure portal, from point 7 of [Configure Azure AD SSO](#configure-azure-ad-sso).
+    1. In the **SSO URL(Location)** box, paste the login URL value that you copied from the Azure portal, in step 9 of [Configure Azure AD SSO](#configure-azure-ad-sso).
 
-    c. Open the downloaded Base64 certificate from the Azure portal in Notepad. Paste its contents into the **Certificate** box.
+    1. Open the downloaded Base64 certificate from the Azure portal in Notepad. Paste its contents into the **Certificate** box.
 
-    d. In the **Email Domains** box, enter all the domain values your company uses for user emails.
+    1. In the **Email Domains** box, enter all the domain values your company uses for user emails.
 
 1. Perform the following steps in the below page:
 
     ![Screenshot that shows the Integrations in additional settings.](./media/cloud-academy-sso-tutorial/additional-settings.png)
 
-    a. In the **SAML Attributes Mapping** section, fill the required fields with the source attribute values:
-    
-    
-    `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier`
-    `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
-    `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
-    `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
-
-    b. In the **Security Settings** section, select the **Authentication Requests Signed?** check box to set this value to **True**.
-
-    c. In the **Extra Settings(Optional)** section, fill the **Logout URL** box with the logout URL value that you copied from the Azure portal, from point 7 of [Configure Azure AD SSO](#configure-azure-ad-sso).
-
-1. Click **Save and Test**.
-2. After this operation, a pop-up will appear with the service provider information, from there you have to download the XML file:
-![Screenshot that show download configuration](./media/cloud-academy-sso-tutorial/setup-provider-info.png)
-3. Now that you have the XML file of the service provider, go back on the application that you've created on Azure Portal, inside the **single sign-on** section, and upload the MetaData file:
-![Screenshot that show upload metadata section on Azure application](./media/cloud-academy-sso-tutorial/upload-metadata.png)
-4. Now that you've updated the service provider metadata, you can go back on the SSO panel of your Cloud Academy company site and proceed with the test and activation. Click on **continue** from the service provider popup:
-![Screenshot that show service provider popup](./media/cloud-academy-sso-tutorial/continue-sso-activation.png)
-5. Click on **Test SSO connection** to start the test flow:
-![Screenshot that show Test SSO connection](./media/cloud-academy-sso-tutorial/test-sso-connection.png)
-> [!NOTE]
->  If you are logged in Cloud Academy as your test user created previously, proceed with test flow.
->  Otherwise close the popup, scroll up to **General Settings**, copy/paste Subdomain URL on Incognito browser tab and then log in as your test user.
->  If everything is ok, you can close Incognito tab, click on **Save and Test**. 
->  It will re-open the Service Provider popup. Now you can click on **continue**, then on **Test SSO connection** again and finally on **Test was succesfull**, because you've already test it on Incognito tab. 
->  Now you can go to the next step.
-6. If everything is ok, you can finally activate the SSO integration for the whole company:
-![Screenshot that show SSO activation](./media/cloud-academy-sso-tutorial/test-succesfull.png)
+    1. In the **SAML Attributes Mapping** section, fill in the required fields with the source attribute values:
+  
+       `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier`
+       `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
+       `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
+       `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
+
+    1. In the **Security Settings** section, select the **Authentication Requests Signed?** check box to set this value to **True**.
+
+    1. In the **Extra Settings(Optional)** section, fill the **Logout URL** box with the logout URL value that you copied from the Azure portal, in step 7 of [Configure Azure AD SSO](#configure-azure-ad-sso).
+
+1. Select **Save and Test**.
+
+1. Next, a dialog shows the service provider information. Download the XML file:
+
+    :::image type="content" source="./media/cloud-academy-sso-tutorial/set-up-provider-information.png" alt-text="Screenshot that shows downloading the metadata configuration file.":::
+
+1. Now that you have the XML file of the service provider, go back to the application you created in the Azure portal. In the **Single sign-on** section, upload the metadata file:
 
+    :::image type="content" source="./media/cloud-academy-sso-tutorial/upload-metadata.png" alt-text="Screenshot that shows uploading the metadata in the Azure application.":::
+
+1. Now that you've updated the service provider metadata, you can go back on the SSO panel of your Cloud Academy company site and proceed with the test and activation. In the service provider dialog, select **Continue**:
+
+   :::image type="content" source="./media/cloud-academy-sso-tutorial/continue-sso-activation.png" alt-text="Screenshot that shows the service provider dialog.":::
+
+1. Select **Test SSO connection** to start the test flow:
+
+    :::image type="content" source="./media/cloud-academy-sso-tutorial/test-sso-connection.png" alt-text="Screenshot that shows the Test S S O connection button.":::
+
+    > [!NOTE]
+    > If you're signed in to Cloud Academy by using the test user account you created, proceed with the test flow. Otherwise, close the dialog, scroll up to **General Settings**, copy and paste the subdomain URL in a private or incognito browser tab, and then sign in as the test user. If sign-in is successful, you can close the browser tab and select **Save and Test**. A browser tab will reopen the service provider dialog. Select **continue**, and then select **Test SSO connection** again. Finally, select **Test was successful** because you've already tested it sign-in by using a private or incognito tab.
+    >
+    > Continue to the next step.
+
+1. If sign-in is successful, you can activate SSO integration for the entire organization:
+
+    :::image type="content" source="./media/cloud-academy-sso-tutorial/test-successful.png" alt-text="Screenshot that shows S S O activation is successful..":::
 
 > [!NOTE]
-> For more information on how to configure the Cloud Academy, see [Setting Up Single Sign-On](https://support.cloudacademy.com/hc/articles/360043908452-Setting-Up-Single-Sign-On).
+> For more information about how to configure Cloud Academy, see [Setting Up Single Sign-On](https://support.cloudacademy.com/hc/articles/360043908452-Setting-Up-Single-Sign-On).
 
 ### Create a Cloud Academy test user
 
-In this section, a user called Britta Simon is created in Cloud Academy. Cloud Academy supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Cloud Academy, a new one is created after authentication.
-
-Cloud Academy also supports automatic user provisioning, you can find more details [here](./cloud-academy-sso-provisioning-tutorial.md) on how to configure automatic user provisioning.
+In this section, a user called B.Simon is created in Cloud Academy. Cloud Academy supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Cloud Academy, a new one is created after authentication.
 
-## Test SSO 
+Cloud Academy also supports automatic user provisioning. For more information, see the [Cloud Academy SSO provisioning tutorial](./cloud-academy-sso-provisioning-tutorial.md).
 
-In this section, you test your Azure AD single sign-on configuration with following options. 
+## Test SSO
 
-* Click on **Test this application** in Azure portal. This will redirect to Cloud Academy Sign-on URL where you can initiate the login flow. 
+In this section, you test your Azure AD SSO configuration by using one of the following options:
 
-* Go to Cloud Academy Sign-on URL directly and initiate the login flow from there.
+* In the Azure portal, select **Test this application**. You're redirected to the Cloud Academy sign-on URL and you can initiate the sign-in flow.
 
-* You can use Microsoft My Apps. When you click the Cloud Academy tile in the My Apps, this will redirect to Cloud Academy Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
+* Go to Cloud Academy sign-on URL directly and initiate the sign-in flow from there.
 
+* You can use Microsoft My Apps. When you click the Cloud Academy tile in the My Apps portal, this will redirect to Cloud Academy sign-on URL. For more information about the My Apps portal, see [Introduction to My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
 ## Next steps
 
-Once you configure Cloud Academy you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+After you configure Cloud Academy, you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).