Update authenticate and authorize user identities

Author: a-a-ron

github/authenticate-authorize-user-identities-github/includes/1-introduction.md

@@ -1,18 +1,18 @@
-User authentication has traditionally been achieved using a User ID and password. A password is a single factor form of authentication. The fundamental issue with single-factor authentication is that it's easier for any bad actor with knowledge of the sign-on information to impersonate the valid user. To prevent a breach of security for a user account, there are authentication tools available on GitHub to promote security best practices. You can even enforce a security policy for all GitHub users within the organization.
+User authentication has traditionally been achieved using a User ID and password. A password is a single-factor form of authentication. The fundamental issue with single-factor authentication is that it's easier for any bad actor with knowledge of the sign-on information to impersonate the valid user. To prevent a breach of security for a user account, there are authentication tools available on GitHub to promote security best practices. You can even enforce a security policy for all GitHub users within the organization.
 
 Controlling access to your company's data is foundational for a secure GitHub Enterprise. GitHub is committed to helping enterprises on their security journey with authentication methods to allow for more secure account access and a better user experience. In a GitHub Enterprise, most organizations want to require extra levels of authentication for better security. Enterprise System Administrators can enforce authentication and authorization security policies across an organization. These security features allow you to ensure that users are required to sign on securely to access the correct permissions in repositories. These features also include access and tools for auditing user access and activity, identity maintenance, and authentication compliance. As an administrator, you should work with your internal resources to identify what type of authentication and authorization is appropriate. This module provides an overview of the authentication and authorization options available to you in your GitHub organization or GitHub Enterprise.
 
 ## Learning goals
 
 By the end of this module, you'll be able to:
 
-- Describe the GitHub authentication and authorization Model
-- Understand how to manage user access to your GitHub organization through Authorization and Authentication tools
-- Identify the identity providers and technologies that support secure repository access
-- Understand the implications of enabling SAML SSO
-- Identify the authorization and authentication options available, and understand the administrator’s role in enforcing a secure access strategy for a GitHub enterprise
-- Describe how users access private information in a GitHub organization
-- Evaluate the benefits of enabling Team Synchronization to manage team membership
+- Describe the GitHub authentication and authorization Model.
+- Understand how to manage user access to your GitHub organization through Authorization and Authentication tools.
+- Identify the identity providers and technologies that support secure repository access.
+- Understand the implications of enabling SAML SSO.
+- Identify the authorization and authentication options available, and understand the administrator’s role in enforcing a secure access strategy for a GitHub enterprise.
+- Describe how users access private information in a GitHub organization.
+- Evaluate the benefits of enabling Team Synchronization to manage team membership.
 
 ## Prerequisites
 

github/authenticate-authorize-user-identities-github/includes/2-user-identity-access-management.md

@@ -2,15 +2,15 @@ Controlling access to your company's data and applications is the foundation of
 
 A challenge you may face in your organization is how to balance the ease of use with an authorization process while maintaining secure best practices. Setting up your team for success requires ease of access for the user under the umbrella of secure organizational requirements.
 
-Configuring authentication is the first step in ensuring secure software development in your enterprise. The good news is that leveraging the tools available with your IdP is critical to getting the most value from GitHub.
+Configuring authentication is the first step in ensuring secure software development in your enterprise. The good news is that using the tools available with your IdP is critical to getting the most value from GitHub.
 
 ## Organization management through SAML SSO
 
-An important component of an enterprise security strategy is SAML SSO. It provides a link between the IdP authorization, and access to service providers (SaaS). This form of authentication allows users to sign in to all their applications with one set of credentials. Through SAML, the IdP authenticates users and grants authorization to services like GitHub. When a user logs into GitHub, they can view what enterprises they're members of, but if the user tries to access repository data, it will prompt for enterprise credentials (Enterprise ID).
+An important component of an enterprise security strategy is SAML SSO. It provides a link between the IdP authorization and access to service providers (SaaS). This form of authentication allows users to sign in to all their applications with one set of credentials. Through SAML, the IdP authenticates users and grants authorization to services like GitHub. When a user logs into GitHub, they can view the enterprises of which they're members. However, if the user tries to access repository data, it will prompt for enterprise credentials (Enterprise ID).
 
-As the Enterprise Administrator, you're responsible for the authorization of user access and permissions. Limiting a user's access to only the resources they need is important when securing your repository. This responsibility can also include routine audit events and maintaining tightly scoped access. As an administrator of a repository, you have an overview of every user with their specific access within the repository. You can also easy export this data to a CSV file.
+As the Enterprise Administrator, you're responsible for the authorization of user access and permissions. Limiting a user's access to only the resources they need is important when securing your repository. This responsibility can also include routine audit events and maintaining tightly scoped access. As an administrator of a repository, you have an overview of every user with their specific access within the repository. You can also easily export this data to a CSV file.
 
-:::image type="content" source="../media/repository-permission-list-example.png" alt-text="example of admin repository permission list review.":::
+:::image type="content" source="../media/repository-permission-list-example.png" alt-text="Screenshot of an example of admin repository permission list review.":::
 
 You need to configure SAML SSO for a GitHub organization with the IdP you're using. If you have specific questions on how to implement SAML SSO with your chosen IdP, you can find details in the documentation for each supported IdP. Below is a list of the SAML IdPs that GitHub currently supports:
 
@@ -22,10 +22,10 @@ You need to configure SAML SSO for a GitHub organization with the IdP you're usi
 - Shibboleth
 
 > [!NOTE]
-> GitHub offers limit support for all identity providers that implement the SAML 2.0 standard.
+> GitHub offers limited support for all identity providers that implement the SAML 2.0 standard.
 
-More access management can be accomplished when using multiple organizations. You can use organizations to create distinct groups of users within your company, such as divisions or groups working on similar projects. Public and internal repositories that belong to an organization are accessible to members of other organizations in the enterprise. Private repositories are inaccessible to anyone who isn't a member of the organization.
+You can accomplish more access management when using multiple organizations. You can use organizations to create distinct groups of users within your company, such as divisions or groups working on similar projects. Public and internal repositories that belong to an organization are accessible to members of other organizations in the enterprise. Private repositories are inaccessible to anyone who isn't a member of the organization.
 
 ## Organization private information
 
-When an organization member creates a repository, they can choose to make the repository public or private. In addition, when creating the repository in an organization that is owned by an enterprise account, they can choose to make the repository internal. Public repositories are accessible to everyone on the internet. Private repositories are only accessible to the user who created the repository and the people with whom they explicitly share access. Keep in mind that certain organization members have access to organization internal repositories.
+When an organization member creates a repository, they can choose to make the repository public or private. In addition, when creating the repository in an organization that's owned by an enterprise account, they can choose to make the repository internal. Public repositories are accessible to everyone on the internet. Private repositories are only accessible to the user who created the repository and the people with whom they explicitly share access. Keep in mind that certain organization members have access to organization internal repositories.