Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/active-directory-b2c/tutorial-create-user-flows.md

@@ -343,7 +343,7 @@ As you upload the files, Azure adds the prefix `B2C_1A_` to each.
 In this article, you learned how to:
 
 > [!div class="checklist"]
-> * Create a sig- up and sign in user flow
+> * Create a sign-up and sign in user flow
 > * Create a profile editing user flow
 > * Create a password reset user flow
 

articles/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial.md

@@ -1,6 +1,6 @@
 ---
-title: 'Tutorial: Configure AWS Single Sign-On for automatic user provisioning with Azure Active Directory | Microsoft Docs'
-description: Learn how to automatically provision and de-provision user accounts from Azure AD to AWS Single Sign-On.
+title: 'Tutorial: Configure AWS IAM Identity Center (successor to AWS Single Sign-On) for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to automatically provision and de-provision user accounts from Azure AD to AWS IAM Identity Center.
 services: active-directory
 documentationcenter: ''
 author: twimmers
@@ -17,46 +17,48 @@ ms.date: 02/23/2021
 ms.author: thwimmer
 ---
 
-# Tutorial: Configure AWS Single Sign-On for automatic user provisioning
+# Tutorial: Configure AWS IAM Identity Center (successor to AWS Single Sign-On) for automatic user provisioning
 
-This tutorial describes the steps you need to perform in both AWS Single Sign-On and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [AWS Single Sign-On](https://console.aws.amazon.com/singlesignon) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md). 
+This tutorial describes the steps you need to perform in both AWS IAM Identity Center (successor to AWS Single Sign-On) and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [AWS IAM Identity Center](https://console.aws.amazon.com/singlesignon) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md). 
 
 
 ## Capabilities Supported
 > [!div class="checklist"]
-> * Create users in AWS Single Sign-On
-> * Remove users in AWS Single Sign-On when they no longer require access
-> * Keep user attributes synchronized between Azure AD and AWS Single Sign-On
-> * Provision groups and group memberships in AWS Single Sign-On
-> * [Single Sign-On]() to AWS Single Sign-On
+> * Create users in AWS IAM Identity Center
+> * Remove users in AWS IAM Identity Center when they no longer require access
+> * Keep user attributes synchronized between Azure AD and AWS IAM Identity Center
+> * Provision groups and group memberships in AWS IAM Identity Center
+> * [Single Sign-On](aws-single-sign-on-tutorial.md) to AWS IAM Identity Center
 
 ## Prerequisites
 
 The scenario outlined in this tutorial assumes that you already have the following prerequisites:
 
 * [An Azure AD tenant](../develop/quickstart-create-new-tenant.md) 
 * A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator). 
-* A SAML connection from your Azure AD account to AWS SSO, as described in Tutorial
+* A SAML connection from your Azure AD account to AWS IAM Identity Center, as described in Tutorial
 
 ## Step 1. Plan your provisioning deployment
 1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
 2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
-3. Determine what data to [map between Azure AD and AWS Single Sign-On](../app-provisioning/customize-application-attributes.md). 
+3. Determine what data to [map between Azure AD and AWS IAM Identity Center](../app-provisioning/customize-application-attributes.md). 
 
-## Step 2. Configure AWS Single Sign-On to support provisioning with Azure AD
+## Step 2. Configure AWS IAM Identity Center to support provisioning with Azure AD
 
-1. Open the [AWS SSO Console](https://console.aws.amazon.com/singlesignon).
+1. Open the [AWS IAM Identity Center](https://console.aws.amazon.com/singlesignon).
 
 2. Choose **Settings** in the left navigation pane
 
-3. Navigate to **Settings** -> **Identity source** -> **Provisioning** -> choose **Enable automatic provisioning**.
+3. In **Settings**, click on Enable in the Automatic provisioning section.
 
-4. In the Inbound automatic provisioning dialog box, copy and save the **SCIM endpoint** and **Access Token**. These values will be entered in the **Tenant URL** and **Secret Token** field in the Provisioning tab of your AWS Single Sign-On application in the Azure portal.
+	![Screenshot of enabling automatic provisioning.](media/aws-single-sign-on-provisioning-tutorial/automatic-provisioning.png)
 
+4. In the Inbound automatic provisioning dialog box, copy and save the **SCIM endpoint** and **Access Token** (visible after clicking on Show Token). These values will be entered in the **Tenant URL** and **Secret Token** field in the Provisioning tab of your AWS IAM Identity Center application in the Azure portal.
+	![Screenshot of extracting provisioning configurations.](media/aws-single-sign-on-provisioning-tutorial/inbound-provisioning.png)
 
-## Step 3. Add AWS Single Sign-On from the Azure AD application gallery
+## Step 3. Add AWS IAM Identity Center from the Azure AD application gallery
 
-Add AWS Single Sign-On from the Azure AD application gallery to start managing provisioning to AWS Single Sign-On. If you have previously setup AWS Single Sign-On for SSO, you can use the same application. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md). 
+Add AWS IAM Identity Center from the Azure AD application gallery to start managing provisioning to AWS IAM Identity Center. If you have previously setup AWS IAM Identity Center for SSO, you can use the same application. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md). 
 
 ## Step 4. Define who will be in scope for provisioning 
 
@@ -67,19 +69,19 @@ The Azure AD provisioning service allows you to scope who will be provisioned ba
 * If you need additional roles, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add new roles.
 
 
-## Step 5. Configure automatic user provisioning to AWS Single Sign-On 
+## Step 5. Configure automatic user provisioning to AWS IAM Identity Center 
 
 This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in TestApp based on user and/or group assignments in Azure AD.
 
-### To configure automatic user provisioning for AWS Single Sign-On in Azure AD:
+### To configure automatic user provisioning for AWS IAM Identity Center in Azure AD:
 
 1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
 
 	![Enterprise applications blade](common/enterprise-applications.png)
 
-2. In the applications list, select **AWS Single Sign-On**.
+2. In the applications list, select **AWS IAM Identity Center**.
 
-	![The AWS Single Sign-On link in the Applications list](common/all-applications.png)
+	![Screenshot of the AWS IAM Identity Center link in the Applications list.](common/all-applications.png)
 
 3. Select the **Provisioning** tab.
 
@@ -89,7 +91,7 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 	![Provisioning tab automatic](common/provisioning-automatic.png)
 
-5. Under the **Admin Credentials** section, input your AWS Single Sign-On **Tenant URL** and **Secret Token** retrieved earlier in Step 2. Click **Test Connection** to ensure Azure AD can connect to AWS Single Sign-On.
+5. Under the **Admin Credentials** section, input your AWS IAM Identity Center **Tenant URL** and **Secret Token** retrieved earlier in Step 2. Click **Test Connection** to ensure Azure AD can connect to AWS IAM Identity Center.
 
  	![Token](common/provisioning-testconnection-tenanturltoken.png)
 
@@ -99,9 +101,9 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 7. Select **Save**.
 
-8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to AWS Single Sign-On**.
+8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to AWS IAM Identity Center**.
 
-9. Review the user attributes that are synchronized from Azure AD to AWS Single Sign-On in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in AWS Single Sign-On for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the AWS Single Sign-On API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+9. Review the user attributes that are synchronized from Azure AD to AWS IAM Identity Center in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in AWS IAM Identity Center for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the AWS IAM Identity Center API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
 
    |Attribute|Type|Supported for Filtering|
    |---|---|---|
@@ -131,9 +133,9 @@ This section guides you through the steps to configure the Azure AD provisioning
    |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization|String|
    |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager|Reference|
 
-10. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to AWS Single Sign-On**.
+10. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to AWS IAM Identity Center**.
 
-11. Review the group attributes that are synchronized from Azure AD to AWS Single Sign-On in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in AWS Single Sign-On for update operations. Select the **Save** button to commit any changes.
+11. Review the group attributes that are synchronized from Azure AD to AWS IAM Identity Center in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in AWS IAM Identity Center for update operations. Select the **Save** button to commit any changes.
 
       |Attribute|Type|Supported for Filtering|
       |---|---|---|
@@ -143,11 +145,11 @@ This section guides you through the steps to configure the Azure AD provisioning
 
 12. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
 
-13. To enable the Azure AD provisioning service for AWS Single Sign-On, change the **Provisioning Status** to **On** in the **Settings** section.
+13. To enable the Azure AD provisioning service for AWS IAM Identity Center, change the **Provisioning Status** to **On** in the **Settings** section.
 
 	![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
 
-14. Define the users and/or groups that you would like to provision to AWS Single Sign-On by choosing the desired values in **Scope** in the **Settings** section.
+14. Define the users and/or groups that you would like to provision to AWS IAM Identity Center by choosing the desired values in **Scope** in the **Settings** section.
 
 	![Provisioning Scope](common/provisioning-scope.png)
 
@@ -196,9 +198,9 @@ There are two ways to resolve this
 2. Remove the duplicate attributes. For example, having two different attributes being mapped from Azure AD both mapped to "phoneNumber___" on the AWS side  would result in the error if both attributes have values in Azure AD. Only having one attribute mapped to a "phoneNumber____ " attribute would resolve the error.
 
 ### Invalid characters
-Currently AWS SSO is not allowing some other characters that Azure AD supports like tab (\t), new line (\n), return carriage (\r), and characters such as " <|>|;|:% ".
+Currently AWS IAM Identity Center is not allowing some other characters that Azure AD supports like tab (\t), new line (\n), return carriage (\r), and characters such as " <|>|;|:% ".
 
-You can also check the AWS SSO troubleshooting tips [here](https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html#azure-ad-troubleshooting) for more troubleshooting tips
+You can also check the AWS IAM Identity Center  troubleshooting tips [here](https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html#azure-ad-troubleshooting) for more troubleshooting tips
 
 ## Additional resources
 

articles/active-directory/saas-apps/g-suite-provisioning-tutorial.md

@@ -174,9 +174,6 @@ This section guides you through the steps to configure the Azure AD provisioning
    |emails.[type eq "work"].address|String|
    |organizations.[type eq "work"].department|String|
    |organizations.[type eq "work"].title|String|
-   |phoneNumbers.[type eq "work"].value|String|
-   |phoneNumbers.[type eq "mobile"].value|String|
-   |phoneNumbers.[type eq "work_fax"].value|String|
    |addresses.[type eq "home"].country|String|
    |addresses.[type eq "home"].formatted|String|
    |addresses.[type eq "home"].locality|String|

articles/active-directory/saas-apps/media/aws-single-sign-on-provisioning-tutorial/automatic-provisioning.png

@@ -2649,7 +2649,7 @@
         href: autodesk-sso-provisioning-tutorial.md
       - name: Azure Databricks SCIM Connector
         href: /azure/databricks/administration-guide/users-groups/scim/aad?bc=%2fazure%2factive-directory%2fsaas-apps%2fbreadcrumb%2ftoc.json&toc=%2fazure%2factive-directory%2fsaas-apps%2ftoc.json
-      - name: AWS Single Sign-On
+      - name: AWS IAM Identity Center
         href: aws-single-sign-on-provisioning-tutorial.md
       - name: BenQ IAM
         href: benq-iam-provisioning-tutorial.md 

articles/active-directory/saas-apps/media/aws-single-sign-on-provisioning-tutorial/inbound-provisioning.png

@@ -102,6 +102,10 @@ When you use App Configuration in client applications, ensure that you consider
 
 To address these concerns, we recommend that you use a proxy service between your client applications and your App Configuration store. The proxy service can securely authenticate with your App Configuration store without a security issue of leaking authentication information. You can build a proxy service by using one of the App Configuration provider libraries, so you can take advantage of built-in caching and refresh capabilities for optimizing the volume of requests sent to App Configuration. For more information about using App Configuration providers, see articles in Quickstarts and Tutorials. The proxy service serves the configuration from its cache to your client applications, and you avoid the two potential issues that are discussed in this section.
 
+## Multitenant applications in App Configuration
+
+A multitenant application is built on an architecture where a shared instance of your application serves multiple customers or tenants. For example, you may have an email service that offers your users separate accounts and customized experiences. Your application usually manages different configurations for each tenant. Here are some architectural considerations for [using App Configuration in a multitenant application](/azure/architecture/guide/multitenant/service/app-configuration).
+
 ## Configuration as Code
 
 Configuration as code is a practice of managing configuration files under your source control system, for example, a git repository. It gives you benefits like traceability and approval process for any configuration changes. If you adopt configuration as code, App Configuration has tools to assist you in [managing your configuration data in files](./concept-config-file.md) and deploying them as part of your build, release, or CI/CD process. This way, your applications can access the latest data from your App Configuration store(s).

articles/active-directory/saas-apps/toc.yml

@@ -26,15 +26,15 @@ The following providers and their corresponding Kubernetes distributions have su
 | Provider name | Distribution name | Version |
 | ------------ | ----------------- | ------- |
 | RedHat       | [OpenShift Container Platform](https://www.openshift.com/products/container-platform) | [4.7.18+](https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html), [4.9.17+](https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html), [4.10.0+](https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html) |
-| VMware       | [Tanzu Kubernetes Grid](https://tanzu.vmware.com/kubernetes-grid) | TKGm 1.4.0; upstream K8s v1.21.2+vmware.1 <br>TKGm 1.3.1; upstream K8s v1.20.5_vmware.2 <br>TKGm 1.2.1; upstream K8s v1.19.3+vmware.1 |
-| Canonical    | [Charmed Kubernetes](https://ubuntu.com/kubernetes) | [1.19](https://ubuntu.com/kubernetes/docs/1.19/components) |
+| VMware       | [Tanzu Kubernetes Grid](https://tanzu.vmware.com/kubernetes-grid) | TKGm 1.5.3; upstream K8s v1.22.8+vmware.1 <br>TKGm 1.4.0; upstream K8s v1.21.2+vmware.1 <br>TKGm 1.3.1; upstream K8s v1.20.5_vmware.2 <br>TKGm 1.2.1; upstream K8s v1.19.3+vmware.1 |
+| Canonical    | [Charmed Kubernetes](https://ubuntu.com/kubernetes) | [1.24](https://ubuntu.com/kubernetes/docs/1.24/components) |
 | SUSE Rancher      | [Rancher Kubernetes Engine](https://rancher.com/products/rke/) | RKE CLI version: [v1.2.4](https://github.com/rancher/rke/releases/tag/v1.2.4); Kubernetes versions: [1.19.6](https://github.com/kubernetes/kubernetes/releases/tag/v1.19.6)), [1.18.14](https://github.com/kubernetes/kubernetes/releases/tag/v1.18.14)), [1.17.16](https://github.com/kubernetes/kubernetes/releases/tag/v1.17.16))  |
 | Nutanix      | [Karbon](https://www.nutanix.com/products/karbon)    | Version 2.2.1 |
 | Platform9      | [Platform9 Managed Kubernetes (PMK)](https://platform9.com/managed-kubernetes/)    | PMK Version [5.3.0](https://platform9.com/docs/kubernetes/release-notes#platform9-managed-kubernetes-version-53-release-notes); Kubernetes versions: v1.20.5, v1.19.6, v1.18.10 |
 | Cisco	| [Intersight Kubernetes Service (IKS)](https://www.cisco.com/c/en/us/products/cloud-systems-management/cloud-operations/intersight-kubernetes-service.html) Distribution | Upstream K8s version: 1.19.5 |
-| Kublr	| [Kublr Managed K8s](https://kublr.com/managed-kubernetes/) Distribution | Upstream K8s Version: 1.21.3 |
+| Kublr	| [Kublr Managed K8s](https://kublr.com/managed-kubernetes/) Distribution | Upstream K8s Version: 1.22.10 <br> Upstream K8s Version: 1.21.3 |
 | Mirantis | [Mirantis Kubernetes Engine](https://www.mirantis.com/software/mirantis-kubernetes-engine/) | MKE Version 3.5.1 <br> MKE Version 3.4.7 |
-| Wind River | [Wind River Cloud Platform](https://www.windriver.com/studio/operator/cloud-platform) | Wind River Cloud Platform 21.12; Upstream K8s version: 1.21.8 <br>Wind River Cloud Platform 21.05; Upstream K8s version: 1.18.1 |
+| Wind River | [Wind River Cloud Platform](https://www.windriver.com/studio/operator/cloud-platform) | Wind River Cloud Platform 22.06; Upstream K8s version: 1.23.1 <br>Wind River Cloud Platform 21.12; Upstream K8s version: 1.21.8 <br>Wind River Cloud Platform 21.05; Upstream K8s version: 1.18.1 |
 
 The Azure Arc team also ran the conformance tests and validated Azure Arc-enabled Kubernetes scenarios on the following public cloud providers: