Merge pull request #5391 from MicrosoftDocs/main

Publish to Live Wednesday 4AM PST, 10/2
MicrosoftDocs · Oct 2, 2024 · 2343d3a · 2343d3a
2 parents 8cedc3c + edd5296
commit 2343d3a
Show file tree

Hide file tree

Showing 100 changed files with 1,430 additions and 496 deletions.
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
@@ -70,6 +70,11 @@
       "redirect_url": "/entra/identity/monitoring-health/howto-analyze-activity-logs-with-microsoft-graph",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/docs/identity/monitoring-health/overview-flagged-sign-ins.md",
+      "redirect_url": "/entra/identity/monitoring-health/concept-flagged-sign-ins",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/docs/identity/monitoring-health/howto-enable-microsoft-graph-activity-logs.md",
       "redirect_url": "/entra/identity/monitoring-health/howto-analyze-activity-logs-with-microsoft-graph",
@@ -1046,6 +1051,11 @@
       "source_path_from_root": "/docs/identity-platform/quickstart-v2-netcore-daemon.md",
       "redirect_url": "/entra/identity-platform/quickstart-daemon-dotnet-acquire-token",
       "redirect_document_id": false
+    },
+    {      
+    "source_path_from_root": "/docs/identity/saas-apps/concur-provisioning-tutorial.md",
+    "redirect_url": "/entra/identity/saas-apps/sap-concur-provisioning-tutorial",
+    "redirect_document_id": false
     }
   ]
 }
diff --git a/docs/id-governance/apps.md b/docs/id-governance/apps.md
@@ -222,7 +222,6 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [Communifire](~/identity/saas-apps/communifire-tutorial.md) |  | ● |
 | [Community Spark](~/identity/saas-apps/community-spark-tutorial.md) |  | ● |
 | [Compliance Genie](~/identity/saas-apps/compliance-genie-tutorial.md) |  | ● |
-| [Concur](~/identity/saas-apps/concur-provisioning-tutorial.md) | ● | ● |
 | [Condeco](~/identity/saas-apps/condeco-tutorial.md) |  | ● |
 | [Confirmit Horizons](~/identity/saas-apps/confirmit-horizons-tutorial.md) |  | ● |
 | [Connecter](~/identity/saas-apps/connecter-provisioning-tutorial.md) | ● |  |
@@ -261,7 +260,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [Directory Services](~/identity/saas-apps/directory-services-tutorial.md) |  | ● |
 | [directprint.io Cloud Print Administration](~/identity/saas-apps/directprint-io-cloud-print-administration-tutorial.md) |  | ● |
 | [Directprint.io](~/identity/saas-apps/directprint-io-provisioning-tutorial.md) | ● | ● |
-| [Docker](~/identity/saas-apps/docker-tutorial.md) |  | ● |
+| [Docker Business](~/identity/saas-apps/docker-tutorial.md) |  | ● |
 | [Documo](~/identity/saas-apps/documo-provisioning-tutorial.md) | ● | ● |
 | [DocuSign](~/identity/saas-apps/docusign-provisioning-tutorial.md) | ● | ● |
 | [Domo](~/identity/saas-apps/domo-tutorial.md) |  | ● |
@@ -332,6 +331,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [Freshservice Provisioning](~/identity/saas-apps/freshservice-provisioning-tutorial.md) | ● | ● |
 | [FTAPI](~/identity/saas-apps/ftapi-tutorial.md) |  | ● |
 | [Fulcrum](~/identity/saas-apps/fulcrum-tutorial.md) |  | ● |
+| [Fullstory SAML](~/identity/saas-apps/fullstory-saml-tutorial.md) |  | ● |
 | [Funnel Leasing](~/identity/saas-apps/funnel-leasing-provisioning-tutorial.md) | ● | ● |
 | [Fuze](~/identity/saas-apps/fuze-provisioning-tutorial.md) | ● | ● |
 | [G Suite](~/identity/saas-apps/g-suite-provisioning-tutorial.md) | ● |  |
@@ -356,6 +356,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [GoProfiles](~/identity/saas-apps/goprofiles-tutorial.md) |  | ● |
 | [GoSearch](~/identity/saas-apps/gosearch-tutorial.md) |  | ● |
 | [GoToMeeting](~/identity/saas-apps/citrixgotomeeting-provisioning-tutorial.md) | ● | ● |
+| [Graebel Single Sign On with globalCONNECT](~/identity/saas-apps/graebel-single-sign-on-with-globalconnect-tutorial.md) |  | ● |
 | [Grammarly](~/identity/saas-apps/grammarly-provisioning-tutorial.md) | ● | ● |
 | [Granite](~/identity/saas-apps/granite-tutorial.md) |  | ● |
 | [GreenOrbit](~/identity/saas-apps/greenorbit-tutorial.md) |  | ● |
@@ -492,9 +493,11 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [Mailosaur](~/identity/saas-apps/mailosaur-tutorial.md) |  | ● |
 | [Mapiq](~/identity/saas-apps/mapiq-tutorial.md) |  | ● |
 | [Maptician](~/identity/saas-apps/maptician-provisioning-tutorial.md) | ● | ● |
+| [Marker.io](~/identity/saas-apps/marker-io-tutorial.md) |  | ● |
 | [Markit Procurement Service](~/identity/saas-apps/markit-procurement-service-provisioning-tutorial.md) | ● |  |
 | [MDComune Business](~/identity/saas-apps/mdcomune-business-tutorial.md) |  | ● |
 | [MediusFlow](~/identity/saas-apps/mediusflow-provisioning-tutorial.md) | ● |  |
+| [Mend.io](~/identity/saas-apps/mend-io-tutorial.md) |  | ● |
 | [Mercell](~/identity/saas-apps/mercell-tutorial.md) |  | ● |
 | [MerchLogix](~/identity/saas-apps/merchlogix-provisioning-tutorial.md) | ● | ● |
 | [Meta Networks Connector](~/identity/saas-apps/meta-networks-connector-provisioning-tutorial.md) | ● | ● |
@@ -603,6 +606,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [Podbean](~/identity/saas-apps/podbean-tutorial.md) |  | ● |
 | [PolicyStat](~/identity/saas-apps/policystat-tutorial.md) |  | ● |
 | [PoliteMail - SSO](~/identity/saas-apps/politemail-sso-tutorial.md) |  | ● |
+| [Postman](~/identity/saas-apps/postman-provisioning-tutorial.md) | ● | ● |
 | [Preciate](~/identity/saas-apps/preciate-provisioning-tutorial.md) | ● |  |
 | [PressReader](~/identity/saas-apps/pressreader-tutorial.md) |  | ● |
 | [PrinterLogic SaaS](~/identity/saas-apps/printer-logic-saas-provisioning-tutorial.md) | ● | ● |
@@ -675,12 +679,12 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [SAP Business Technology Platform](~/identity/saas-apps/sap-hana-cloud-platform-tutorial.md) |  | ● |
 | [SAP Cloud for Customer](~/identity/saas-apps/sap-customer-cloud-tutorial.md) |  | ● |
 | [SAP Cloud Identity Services](~/identity/saas-apps/sap-cloud-platform-identity-authentication-provisioning-tutorial.md) | ● | ● |
-| [SAP Concur Travel and Expense](~/identity/saas-apps/concur-travel-and-expense-tutorial.md) |  | ● |
+| [SAP Concur](~/identity/saas-apps/sap-concur-provisioning-tutorial.md) | ● | ● |
 | [SAP Fieldglass](~/identity/saas-apps/fieldglass-tutorial.md) | |  ● |
 | [SAP Fiori](~/identity/saas-apps/sap-fiori-tutorial.md) |  | ● |
-| [SAP HANA](~/identity/saas-apps/saphana-tutorial.md) | | ● |
+| [SAP HANA](~/identity/saas-apps/sap-hana-provisioning-tutorial.md) | | ● |
 | [SAP Litmos](~/identity/saas-apps/litmos-tutorial.md) |  | ● |
-| [SAP NetWeaver](~/identity/app-provisioning/on-premises-sap-connector-configure.md) |● |  ● |
+| [SAP NetWeaver](~/identity/app-provisioning/on-premises-sap-connector-configure.md) | ● |  ● |
 | [SAP R/3 and ERP](~/identity/app-provisioning/on-premises-sap-connector-configure.md) | ● | ●  |
 | [SAP SuccessFactors to Active Directory](~/identity/saas-apps/sap-successfactors-inbound-provisioning-tutorial.md) | ● | ● |
 | [SAP SuccessFactors to Microsoft Entra ID](~/identity/saas-apps/sap-successfactors-inbound-provisioning-cloud-only-tutorial.md) | ● | ● |
@@ -699,6 +703,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [ScreenPal](~/identity/saas-apps/screencast-tutorial.md) |  | ● |
 | [ScreenSteps](~/identity/saas-apps/screensteps-provisioning-tutorial.md) | ● | ● |
 | [SDS & Chemical Information Management](~/identity/saas-apps/sds-chemical-information-management-tutorial.md) |  | ● |
+| [Second Nature AI](~/identity/saas-apps/second-nature-ai-tutorial.md) |  | ● |
 | [Secure Deliver](~/identity/saas-apps/securedeliver-tutorial.md) |  | ● |
 | [SecureLogin](~/identity/saas-apps/secure-login-provisioning-tutorial.md) | ● |  |
 | [SeekOut](~/identity/saas-apps/seekout-tutorial.md) |  | ● |
@@ -791,10 +796,12 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [Terraform Enterprise](~/identity/saas-apps/terraform-enterprise-tutorial.md) |  | ● |
 | [TerraTrue](~/identity/saas-apps/terratrue-provisioning-tutorial.md) | ● | ● |
 | [tesma](~/identity/saas-apps/tesma-tutorial.md) |  | ● |
+| [TestingBot](~/identity/saas-apps/testingbot-tutorial.md) |  | ● |
 | [TextExpander](~/identity/saas-apps/textexpander-tutorial.md) |  | ● |
 | [Textline](~/identity/saas-apps/textline-tutorial.md) |  | ● |
 | [TextMagic](~/identity/saas-apps/textmagic-tutorial.md) |  | ● |
 | [TheOrgWiki](~/identity/saas-apps/theorgwiki-provisioning-tutorial.md) | ● |  |
+| [Thoropass](~/identity/saas-apps/thoropass-tutorial.md) |  | ● |
 | [ThousandEyes](~/identity/saas-apps/thousandeyes-provisioning-tutorial.md) | ● | ● |
 | [ThreatQ Platform](~/identity/saas-apps/threatq-platform-tutorial.md) |  | ● |
 | [Thrive LXP](~/identity/saas-apps/thrive-lxp-provisioning-tutorial.md) | ● | ● |
@@ -836,6 +843,7 @@ Microsoft Entra ID Governance can be integrated with many other applications, us
 | [Velpic SAML](~/identity/saas-apps/velpicsaml-tutorial.md) |  | ● |
 | [Velpic](~/identity/saas-apps/velpic-provisioning-tutorial.md) | ● | ● |
 | [Vera Suite](~/identity/saas-apps/vera-suite-tutorial.md) |  | ● |
+| [Verity](~/identity/saas-apps/verity-tutorial.md) |  | ● |
 | [Veza](~/identity/saas-apps/veza-tutorial.md) |  | ● |
 | [VIDA](~/identity/saas-apps/vida-tutorial.md) |  | ● |
 | [Vidyard](~/identity/saas-apps/vidyard-tutorial.md) |  | ● |

diff --git a/docs/identity-platform/TOC.yml b/docs/identity-platform/TOC.yml
@@ -713,6 +713,9 @@
           href: /entra/msal/python/
     - name: Protocol reference (OAuth, OIDC, SAML)
       items:
+        - name: OAuth 2.0 application types
+          displayName: App types, OAuth
+          href: v2-app-types.md
         - name: OAuth 2.0 and OpenID Connect (OIDC)
           items:
             - name: Token grant flows
@@ -733,9 +736,6 @@
                   href: v2-oauth-ropc.md
                 - name: OpenID Connect
                   href: v2-protocols-oidc.md
-            - name: OAuth 2.0 application types
-              displayName: App types, OAuth
-              href: v2-app-types.md
             - name: Certificate credentials
               href: certificate-credentials.md
             - name: Signing key rollover

diff --git a/docs/identity-platform/app-objects-and-service-principals.md b/docs/identity-platform/app-objects-and-service-principals.md
@@ -5,7 +5,7 @@ author: rwike77
 manager: CelesteDG
 ms.author: ryanwi
 ms.custom: has-azure-ad-ps-ref
-ms.date: 04/26/2024
+ms.date: 10/01/2024
 ms.reviewer: sureshja
 ms.service: identity-platform
 
@@ -70,7 +70,7 @@ The application object is the *global* representation of your application for us
 An application object has:
 
 - A one-to-one relationship with the software application, and
-- A one-to-many relationship with its corresponding service principal object(s)
+- A one-to-many relationship with its corresponding service principal objects
 
 A service principal must be created in each tenant where the application is used, enabling it to establish an identity for sign-in and/or access to resources being secured by the tenant. A single-tenant application has only one service principal (in its home tenant), created and consented for use during application registration. A multitenant application also has a service principal created in each tenant where a user from that tenant has consented to its use.
 

diff --git a/docs/identity-platform/federation-metadata.md b/docs/identity-platform/federation-metadata.md
@@ -5,7 +5,7 @@ author: rwike77
 manager: CelesteDG
 ms.author: ryanwi
 ms.custom:
-ms.date: 09/07/2023
+ms.date: 10/01/2024
 ms.reviewer: ludwignick
 ms.service: identity-platform
 ms.topic: concept-article
@@ -51,7 +51,7 @@ The following metadata shows a sample tenant-specific `EntityDescriptor` element
 <EntityDescriptor
 xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
 ID="_00aa00aa-bb11-cc22-dd33-44ee44ee44ee"
-entityID="https://sts.windows.net/11bb11bb-cc22-dd33-ee44-55ff55ff55ff/">
+entityID="https://sts.windows.net/aaaabbbb-0000-cccc-1111-dddd2222eeee/">
 ```
 
 You can replace the tenant ID in the tenant-independent endpoint with your tenant ID to create a tenant-specific `EntityID` value. The resulting value will be the same as the token issuer. The strategy allows a multitenant application to validate the issuer for a given tenant.
@@ -61,7 +61,7 @@ The following metadata shows a sample tenant-independent `EntityID` element. Ple
 ```xml
 <EntityDescriptor
 xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
-ID="="_11bb11bb-cc22-dd33-ee44-55ff55ff55ff"
+ID="="_aaaabbbb-0000-cccc-1111-dddd2222eeee"
 entityID="https://sts.windows.net/{tenant}/">
 ```
 
@@ -78,7 +78,7 @@ The following metadata shows a sample `KeyDescriptor` element with a signing key
 <KeyInfo xmlns="https://www.w3.org/2000/09/xmldsig#">
 <X509Data>
 <X509Certificate>
-A1bC2dE3fH4iJ5...kL6mN7oP8qR9sT0u
+aB1cD2eF-3gH4i...J5kL6-mN7oP8qR=
 </X509Certificate>
 </X509Data>
 </KeyInfo>
@@ -144,7 +144,7 @@ The following metadata shows a sample `PassiveResistorEndpoint` for a tenant-spe
 <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
 …
     <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/contoso.onmicrosoft.com/saml2" />
-    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/contoso.onmicrosoft.com /saml2" />
+    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/contoso.onmicrosoft.com/saml2" />
   </IDPSSODescriptor>
 ```
 

diff --git a/docs/identity-platform/includes/suggest-msal-from-protocols.md b/docs/identity-platform/includes/suggest-msal-from-protocols.md
@@ -15,4 +15,4 @@ ms.reviewer: ludwignick
 ms.custom: 
 ---
 
-This article describes how to program directly against the protocol in your application to request tokens from Microsoft Entra ID.  When possible, we recommend you use the supported Microsoft Authentication Libraries (MSAL) instead to [acquire tokens and call secured web APIs](../authentication-flows-app-scenarios.md#scenarios-and-supported-authentication-flows).  Also take a look at the [sample apps that use MSAL](../sample-v2-code.md).
+This article describes how to program directly against the protocol in your application to request tokens from Microsoft Entra ID. When possible, we recommend you use the supported Microsoft Authentication Libraries (MSAL) instead to [acquire tokens and call secured web APIs](../authentication-flows-app-scenarios.md#scenarios-and-supported-authentication-flows). For a list of code samples that use MSAL refer to the [Microsoft identity platform code samples](../sample-v2-code.md).
diff --git a/docs/identity-platform/quickstart-create-new-tenant.md b/docs/identity-platform/quickstart-create-new-tenant.md
@@ -5,7 +5,7 @@ author: OwenRichards1
 manager: CelesteDG
 ms.author: ryanwi
 ms.custom: fasttrack-edit, mode-other
-ms.date: 01/10/2024
+ms.date: 10/01/2024
 ms.reviewer: jmprieur
 ms.service: identity-platform
 
@@ -77,7 +77,7 @@ You'll provide the following information to create your new tenant:
 
 ## Social and local accounts
 
-To begin building external facing applications that sign in social and local accounts, create a tenant with customer configurations. To begin, see [Create a tenant with customer configuration (preview)](../external-id/customers/quickstart-tenant-setup.md).
+To begin building external facing applications that sign in social and local accounts, create a tenant with external configurations. To begin, see [Create a tenant with external configuration](../external-id/customers/quickstart-tenant-setup.md).
 
 ## Next steps
 

diff --git a/docs/identity-platform/v2-app-types.md b/docs/identity-platform/v2-app-types.md
@@ -44,7 +44,7 @@ The app types supported by the Microsoft identity platform are;
 
 ## Single-page apps
 
-Many modern apps have a single-page app (SPA) front end written primarily in JavaScript, often with a framework like Angular, React, or Vue. The Microsoft identity platform supports these apps by using the [OpenID Connect](v2-protocols-oidc.md) protocol for authentication and one of two types of authorization grants defined by OAuth 2.0. Use the [authorization code flow with PKCE](https://devblogs.microsoft.com/identity/migrate-to-auth-code-flow/) when developing SPAs. Do not use the implicit flow.
+Many modern apps have a single-page app (SPA) front end written primarily in JavaScript, often with a framework like Angular, React, or Vue. The Microsoft identity platform supports these apps by using the [OpenID Connect](v2-protocols-oidc.md) protocol for authentication and one of two types of authorization grants defined by OAuth 2.0. Use the [authorization code flow with PKCE](https://devblogs.microsoft.com/identity/migrate-to-auth-code-flow/) when developing SPAs. This flow is more secure than the implicit flow, which is no longer recommended. For more information, see [prefer the auth code flow](v2-oauth2-implicit-grant-flow.md#prefer-the-auth-code-flow).
 
 The flow diagram demonstrates the OAuth 2.0 authorization code grant flow (with details around PKCE omitted), where the app receives a code from the Microsoft identity platform `authorize` endpoint, and redeems it for an access token and a refresh token using cross-site web requests. For SPAs, the access token is valid for 1 hour, and once expired, must request another code using the refresh token. In addition to the access token, an `id_token` that represents the signed-in user to the client application is typically also requested through the same flow and/or a separate OpenID Connect request (not shown here).