87 changes: 38 additions & 49 deletions articles/active-directory/active-directory-saas-absorblms-tutorial.md
View file
Expand Up @@ -5,14 +5,15 @@ services: active-directory
documentationCenter: na
author: jeevansd
manager: femila
ms.reviewer: joflore

ms.assetid: ba9f1b3d-a4a0-4ff7-b0e7-428e0ed92142
ms.service: active-directory
ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
ms.date: 04/20/2017
ms.date: 07/26/2017
ms.author: jeedes

---
Expand Down Expand Up @@ -41,7 +42,7 @@ To configure Azure AD integration with Absorb LMS, you need the following items:
To test the steps in this tutorial, you should follow these recommendations:

- Do not use your production environment, unless it is necessary.
- If you don't have an Azure AD trial environment, you can get a one-month trial [here](https://azure.microsoft.com/pricing/free-trial/).
- If you don't have an Azure AD trial environment, you can [get a one-month trial](https://azure.microsoft.com/pricing/free-trial/).

## Scenario description
In this tutorial, you test Azure AD single sign-on in a test environment.
Expand All @@ -57,25 +58,22 @@ To configure the integration of Absorb LMS in to Azure AD, you need to add Absor

1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.

![Active Directory][1]
![The Azure Active Directory button][1]

2. Navigate to **Enterprise applications**. Then go to **All applications**.

![Applications][2]
![The Enterprise applications blade][2]

3. To add new application, click **New application** button on the top of dialog.

![Applications][3]
![The New application button][3]

4. In the search box, type **Absorb LMS**.
4. In the search box, type **Absorb LMS**, select **Absorb LMS** from result panel then click **Add** button to add the application.

![Creating an Azure AD test user](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_search.png)
![Absorb LMS in the results list](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_addfromgallery.png)

5. In the results panel, select **Absorb LMS**, and then click **Add** button to add the application.
## Configure and test Azure AD single sign-on

![Creating an Azure AD test user](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_addfromgallery.png)

## Configuring and testing Azure AD single sign-on
In this section, you configure and test Azure AD single sign-on with Absorb LMS based on a test user called "Britta Simon."

For single sign-on to work, Azure AD needs to know what the counterpart user in Absorb LMS is to a user in Azure AD. In other words, a link relationship between an Azure AD user and the related user in Absorb LMS needs to be established.
Expand All @@ -84,54 +82,48 @@ This link relationship is established by assigning the value of the **user name*

To configure and test Azure AD single sign-on with Absorb LMS, you need to complete the following building blocks:

1. **[Configuring Azure AD Single Sign-On](#configuring-azure-ad-single-sign-on)** - to enable your users to use this feature.
2. **[Creating an Azure AD test user](#creating-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
3. **[Creating an Absorb LMS test user](#creating-an-absorb-lms-test-user)** - to have a counterpart of Britta Simon in Absorb LMS that is linked to the Azure AD representation of user.
4. **[Assigning the Azure AD test user](#assigning-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
5. **[Testing Single Sign-On](#testing-single-sign-on)** - to verify whether the configuration works.
1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
2. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
3. **[Create an Absorb LMS test user](#create-an-absorb-lms-test-user)** - to have a counterpart of Britta Simon in Absorb LMS that is linked to the Azure AD representation of user.
4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
5. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.

### Configuring Azure AD single sign-on
### Configure Azure AD single sign-on

In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your Absorb LMS application.

**To configure Azure AD single sign-on with Absorb LMS, perform the following steps:**

1. In the Azure portal, on the **Absorb LMS** application integration page, click **Single sign-on**.

![Configure Single Sign-On][4]
![Configure single sign-on link][4]

2. On the **Single sign-on** dialog, select **Mode** as **SAML-based Sign-on** to enable single sign-on.

![Configure Single Sign-On](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_samlbase.png)
![Single sign-on dialog box](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_samlbase.png)

3. On the **Absorb LMS Domain and URLs** section, If you wish to configure the application in **IDP** initiated mode:
3. On the **Absorb LMS Domain and URLs** section, perform the following steps:

![Configure Single Sign-On](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_url.png)
![Absorb LMS Domain and URLs single sign-on information](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_url.png)

a. In the **Identifier** textbox, type a URL using the following pattern: `https://<subdomain>.myabsorb.com/Account/SAML`

b. In the **Reply URL** textbox, type a URL using the following pattern: `https://<subdomain>.myabsorb.com/Account/SAML`

4. Check **Show advanced URL settings**. If you wish to configure the application in **SP** initiated mode:

![Configure Single Sign-On](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_url2.png)

In the **Sign-on URL** textbox, type a URL using the following pattern: `https://<subdomain>.myabsorb.com/`
> [!NOTE]
> These values are not the real. Update these values with the actual Identifier and Reply URL and Sign-On URL. Here we suggest you to use the unique value of string in the Identifier, Reply URL, and Sign-On URL. Contact [Absorb LMS Client support team](https://www.absorblms.com/support) to get these values.
> These values are not the real. Update these values with the actual Identifier and Reply URL. Contact [Absorb LMS Client support team](https://www.absorblms.com/support) to get these values.

5. On the **SAML Signing Certificate** section, click **Metadata XML** and then save the metadata file on your computer.
4. On the **SAML Signing Certificate** section, click **Metadata XML** and then save the metadata file on your computer.

![Configure Single Sign-On](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_certificate.png)
![The Certificate download link](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_certificate.png)

6. Click **Save** button.

![Configure Single Sign-On](./media/active-directory-saas-absorblms-tutorial/tutorial_general_400.png)
![Configure Single Sign-On Save button](./media/active-directory-saas-absorblms-tutorial/tutorial_general_400.png)

7. On the **Absorb LMS Configuration** section, click **Configure Absorb LMS** to open **Configure sign-on** window. Copy the **Sign-Out URL and SAML Single Sign-On Service URL** from the **Quick Reference section.**

![Configure Single Sign-On](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_configure.png)
![Absorb LMS Configuration](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_configure.png)

8. In a different web browser window, log in to your Absorb LMS company site as an administrator.

Expand All @@ -153,9 +145,6 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf

a. Select the appropriate **Mode**.

> [!NOTE]
> Mode: Both IdP & SP initiated are supported.
b. Open the Certificate that you have downloaded from the Azure portal in notepad, remove the **---BEGIN CERTIFICATE---** and **---END CERTIFICATE---** tag and then paste the remaining content in the **Key** textbox.

c. In the **Id Property**, select the appropriate attribute which you have configured as the user identifier in the Azure AD (For example, If the userprinciplename is selected in Azure AD, then Username would be selected here.)
Expand All @@ -173,28 +162,29 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
> [!TIP]
> You can now read a concise version of these instructions inside the [Azure portal](https://portal.azure.com), while you are setting up the app! After adding this app from the **Active Directory > Enterprise Applications** section, simply click the **Single Sign-On** tab and access the embedded documentation through the **Configuration** section at the bottom. You can read more about the embedded documentation feature here: [Azure AD embedded documentation]( https://go.microsoft.com/fwlink/?linkid=845985)
### Creating an Azure AD test user
### Create an Azure AD test user

The objective of this section is to create a test user in the Azure portal called Britta Simon.

![Create Azure AD User][100]
![Create an Azure AD test user][100]

**To create a test user in Azure AD, perform the following steps:**

1. In the **Azure portal**, on the left navigation pane, click **Azure Active Directory** icon.

![Creating an Azure AD test user](./media/active-directory-saas-absorblms-tutorial/create_aaduser_01.png)
![The Azure Active Directory button](./media/active-directory-saas-absorblms-tutorial/create_aaduser_01.png)

2. To display the list of users, go to **Users and groups** and click **All users**.

![Creating an Azure AD test user](./media/active-directory-saas-absorblms-tutorial/create_aaduser_02.png)
![The "Users and groups" and "All users" links](./media/active-directory-saas-absorblms-tutorial/create_aaduser_02.png)

3. At the top of the dialog click **Add** to open the **User** dialog.

![Creating an Azure AD test user](./media/active-directory-saas-absorblms-tutorial/create_aaduser_03.png)
![The Add button](./media/active-directory-saas-absorblms-tutorial/create_aaduser_03.png)

4. On the **User** dialog page, perform the following steps:

![Creating an Azure AD test user](./media/active-directory-saas-absorblms-tutorial/create_aaduser_04.png)
![The User dialog box](./media/active-directory-saas-absorblms-tutorial/create_aaduser_04.png)

a. In the **Name** textbox, type **BrittaSimon**.

Expand All @@ -204,7 +194,7 @@ The objective of this section is to create a test user in the Azure portal calle

d. Click **Create**.

### Creating an Absorb LMS test user
### Create an Absorb LMS test user

To enable Azure AD users to log in to Absorb LMS, they must be provisioned in to Absorb LMS.
For Absorb LMS, provisioning is a manual task.
Expand Down Expand Up @@ -243,11 +233,11 @@ For Absorb LMS, provisioning is a manual task.

6. Click **"Save."**

### Assigning the Azure AD test user
### Assign the Azure AD test user

In this section, you enable Britta Simon to use Azure single sign-on by granting access to Absorb LMS.

![Assign User][200]
![Assign the user role][200]

**To assign Britta Simon to Absorb LMS, perform the following steps:**

Expand All @@ -257,23 +247,23 @@ In this section, you enable Britta Simon to use Azure single sign-on by granting

2. In the applications list, select **Absorb LMS**.

![Configure Single Sign-On](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_app.png)
![The Absorb LMS link in the Applications list](./media/active-directory-saas-absorblms-tutorial/tutorial_absorblms_app.png)

3. In the menu on the left, click **Users and groups**.

![Assign User][202]
![The "Users and groups" link][202]

4. Click **Add** button. Then select **Users and groups** on **Add Assignment** dialog.

![Assign User][203]
![The Add Assignment pane][203]

5. On **Users and groups** dialog, select **Britta Simon** in the Users list.

6. Click **Select** button on **Users and groups** dialog.

7. Click **Assign** button on **Add Assignment** dialog.

### Testing single sign-on
### Test single sign-on

In this section, you test your Azure AD single sign-on configuration using the Access Panel.

Expand All @@ -285,7 +275,6 @@ Click the Absorb LMS tile in the Access Panel, you will get automatically signed
* [What is application access and single sign-on with Azure Active Directory?](active-directory-appssoaccess-whatis.md)



<!--Image references-->

[1]: ./media/active-directory-saas-absorblms-tutorial/tutorial_general_01.png
Expand Down
34 changes: 20 additions & 14 deletions ...s/active-directory/active-directory-saas-cernercentral-provisioning-tutorial.md
View file
@@ -1,6 +1,6 @@
---
title: 'Tutorial: Configuring Cerner Central for automatic user provisioning with Azure Active Directory | Microsoft Docs'
description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Cerner Central.
description: Learn how to configure Azure Active Directory to automatically provision users to a roster in Cerner Central.
services: active-directory
documentationcenter: ''
author: asmalser-msft
Expand All @@ -19,47 +19,48 @@ ms.author: asmalser-msft

# Tutorial: Configuring Cerner Central for Automatic User Provisioning

The objective of this tutorial is to show you the steps you need to perform in Cerner Central and Azure AD to automatically provision and de-provision user accounts from Azure AD to a user roster in Cerner Central.

The objective of this tutorial is to show you the steps you need to perform in Cerner Central and Azure AD to automatically provision and de-provision user accounts from Azure AD to Cerner Central.

## Prerequisites

The scenario outlined in this tutorial assumes that you already have the following items:

* An Azure Active Directory tenant
* A Cerner Central tenant
* An administrator account in Cerner Central

> [!NOTE]
> Azure Active Directory integrates with Cerner Central using the [SCIM](http://www.simplecloud.info/) protocol.
## Assigning users to Cerner Central

Azure Active Directory uses a concept called "assignments" to determine which users should receive access to selected apps. In the context of automatic user account provisioning, only the users and groups that have been "assigned" to an application in Azure AD will be synchronized.
Azure Active Directory uses a concept called "assignments" to determine which users should receive access to selected apps. In the context of automatic user account provisioning, only the users and groups that have been "assigned" to an application in Azure AD are synchronized.

Before configuring and enabling the provisioning service, you will need to decide what users and/or groups in Azure AD represent the users who need access to Cerner Central. Once decided, you can assign these users to Cerner Central by following the instructions here:
Before configuring and enabling the provisioning service, you should decide what users and/or groups in Azure AD represent the users who need access to Cerner Central. Once decided, you can assign these users to Cerner Central by following the instructions here:

[Assign a user or group to an enterprise app](active-directory-coreapps-assign-user-azure-portal.md)

### Important tips for assigning users to Cerner Central

* It is recommended that a single Azure AD user be assigned to Cerner Central to test the provisioning configuration. Additional users and/or groups may be assigned later.

* When assigning a user to Cerner Central, you must select the **User** role in the assignment dialog. The "Default Access" role does not work for provisioning.
* Once initial testing is complete for a single user, Cerner Central recommends assigning the entire list of users intended to access any Cerner solution (not just Cerner Central) to be provisioned to Cerner’s user roster. Other Cerner solutions leverage this list of users in the user roster.

* When assigning a user to Cerner Central, you must select the **User** role in the assignment dialog. Users with the "Default Access" role are excluded from provisioning.


## Configuring user provisioning to Cerner Central

This section guides you through connecting your Azure AD to Cerner Central's SCIM user account provisioning API, and configuring the provisioning service to create, update and disable assigned user accounts in Cerner Central based on user and group assignment in Azure AD.
This section guides you through connecting your Azure AD to Cerner Central’s User Roster using Cerner's SCIM user account provisioning API, and configuring the provisioning service to create, update, and disable assigned user accounts in Cerner Central based on user and group assignment in Azure AD.

> [!TIP]
> You may also choose to enabled SAML-based Single Sign-On for Cerner Central, following the instructions provided in [Azure portal (https://portal.azure.com). Single sign-on can be configured independently of automatic provisioning, though these two features complement each other.
> You may also choose to enabled SAML-based Single Sign-On for Cerner Central, following the instructions provided in [Azure portal (https://portal.azure.com). Single sign-on can be configured independently of automatic provisioning, though these two features complement each other. For more information, see the [Cerner Central single sign-on tutorial](active-directory-saas-cernercentral-tutorial.md).

### To configure automatic user account provisioning to Cerner Central in Azure AD:


In order to provision user accounts to Cerner Central, you'll need to create a system account and generate an OAuth bearer token that Azure AD can use to connect to Cerner's SCIM endpoint. It is also strongly recommended that the integration be performed in a Cerner sandbox environment before deploying to production.
In order to provision user accounts to Cerner Central, you’ll need to request a Cerner Central system account from Cerner, and generate an OAuth bearer token that Azure AD can use to connect to Cerner's SCIM endpoint. It is also recommended that the integration be performed in a Cerner sandbox environment before deploying to production.

1. The first step is to ensure the people managing the Cerner and Azure AD integration have a CernerCare account, which is required to access the documentation necessary to complete the instructions. If necessary, use the URLs below to create CernerCare accounts in each applicable environment.

Expand All @@ -83,7 +84,7 @@ In order to provision user accounts to Cerner Central, you'll need to create a s

* Production: https://cernercentral.com/system-accounts/

4. Finally, you'll need to acquire a User Roster Realm ID in Cerner to complete the configuration with Azure AD. For information on how to acquire this, see: https://wiki.ucern.com/display/public/reference/Publishing+Identity+Data+Using+SCIM.
4. Finally, you need to acquire User Roster Realm IDs for both the sandbox and production environments in Cerner to complete the configuration. For information on how to acquire this, see: https://wiki.ucern.com/display/public/reference/Publishing+Identity+Data+Using+SCIM.

5. Now you can configure Azure AD to provision user accounts to Cerner. Sign in to the [Azure portal](https://portal.azure.com), and browse to the **Azure Active Directory > Enterprise Apps > All applications** section.

Expand All @@ -95,32 +96,37 @@ In order to provision user accounts to Cerner Central, you'll need to create a s

![Cerner Central Provisioning](./media/active-directory-saas-cernercentral-provisioning-tutorial/Cerner.PNG)

9. Fill in the following fields under **Admin Credentials** :
9. Fill in the following fields under **Admin Credentials**:

* In the **Tenant URL** field, enter a URL in the format below, replacing "User-Roster-Realm-ID" with the realm ID you acquired in step #4.

> Sandbox:
> https://user-roster-api.sandboxcernercentral.com/scim/v1/Realms/User-Roster-Realm-ID/Users
* In the **Secret Token** field, enter the OAuth bearer token you generated in step #3 and click **Test Connection** .
> Production:
> https://user-roster-api.cernercentral.com/scim/v1/Realms/User-Roster-Realm-ID/Users
* In the **Secret Token** field, enter the OAuth bearer token you generated in step #3 and click **Test Connection**.

* You should see a success notification on the upper­right side of your portal.

10. Enter the email address of a person or group who should receive provisioning error notifications in the **Notification Email** field, and check the checkbox below.

11. Click **Save**.

12. In the **Attribute Mappings** section, review the user and group attributes that will be synchronized from Azure AD to Cerner Central. Note that the attributes selected as **Matching** properties will be used to match the user accounts and groups in Cerner Central for update operations. Select the Save button to commit any changes.
12. In the **Attribute Mappings** section, review the user and group attributes to be synchronized from Azure AD to Cerner Central. The attributes selected as **Matching** properties are used to match the user accounts and groups in Cerner Central for update operations. Select the Save button to commit any changes.

13. To enable the Azure AD provisioning service for Cerner Central, change the **Provisioning Status** to **On** in the **Settings** section

14. Click **Save**.

This will start the initial synchronization of any users and/or groups assigned to Cerner Central in the Users and Groups section. Note that the initial sync will take longer to perform than subsequent syncs, which occur approximately every 20 minutes as long as the service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity reports, which describe all actions performed by the provisioning service on your Cerner Central app.
This starts the initial synchronization of any users and/or groups assigned to Cerner Central in the Users and Groups section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 20 minutes as long as the Azure AD provisioning service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity reports, which describe all actions performed by the provisioning service on your Cerner Central app.

For more information on how to read the Azure AD provisioning logs, see [Reporting on automatic user account provisioning](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-provisioning-reporting).

## Additional resources

* [Cerner Central: Publishing identity data using Azure AD](https://wiki.ucern.com/display/public/reference/Publishing+Identity+Data+Using+Azure+AD)
* [Tutorial: Configuring Cerner Central for single sign-on with Azure Active Directory](active-directory-saas-cernercentral-tutorial.md)
* [Managing user account provisioning for Enterprise Apps](active-directory-enterprise-apps-manage-provisioning.md)
* [What is application access and single sign-on with Azure Active Directory?](active-directory-appssoaccess-whatis.md)
Expand Down
223 changes: 223 additions & 0 deletions articles/active-directory/active-directory-saas-intime-tutorial.md
View file
@@ -0,0 +1,223 @@
---
title: 'Tutorial: Azure Active Directory integration with InTime | Microsoft Docs'
description: Learn how to configure single sign-on between Azure Active Directory and InTime.
services: active-directory
documentationCenter: na
author: jeevansd
manager: femila
ms.reviewer: joflore

ms.assetid: d4e2c6e1-ae5d-4d2c-8ffc-1b24534d376a
ms.service: active-directory
ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
ms.date: 08/05/2017
ms.author: jeedes

---
# Tutorial: Azure Active Directory integration with InTime

In this tutorial, you learn how to integrate InTime with Azure Active Directory (Azure AD).

Integrating InTime with Azure AD provides you with the following benefits:

- You can control in Azure AD who has access to InTime.
- You can enable your users to automatically get signed-on to InTime (Single Sign-On) with their Azure AD accounts.
- You can manage your accounts in one central location - the Azure portal.

If you want to know more details about SaaS app integration with Azure AD, see [what is application access and single sign-on with Azure Active Directory](active-directory-appssoaccess-whatis.md).

## Prerequisites

To configure Azure AD integration with InTime, you need the following items:

- An Azure AD subscription
- A InTime single sign-on enabled subscription

> [!NOTE]
> To test the steps in this tutorial, we do not recommend using a production environment.
To test the steps in this tutorial, you should follow these recommendations:

- Do not use your production environment, unless it is necessary.
- If you don't have an Azure AD trial environment, you can [get a one-month trial](https://azure.microsoft.com/pricing/free-trial/).

## Scenario description
In this tutorial, you test Azure AD single sign-on in a test environment.
The scenario outlined in this tutorial consists of two main building blocks:

1. Adding InTime from the gallery
2. Configuring and testing Azure AD single sign-on

## Adding InTime from the gallery
To configure the integration of InTime into Azure AD, you need to add InTime from the gallery to your list of managed SaaS apps.

**To add InTime from the gallery, perform the following steps:**

1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.

![The Azure Active Directory button][1]

2. Navigate to **Enterprise applications**. Then go to **All applications**.

![The Enterprise applications blade][2]

3. To add new application, click **New application** button on the top of dialog.

![The New application button][3]

4. In the search box, type **InTime**, select **InTime** from result panel then click **Add** button to add the application.

![InTime in the results list](./media/active-directory-saas-intime-tutorial/tutorial_intime_addfromgallery.png)

## Configure and test Azure AD single sign-on

In this section, you configure and test Azure AD single sign-on with InTime based on a test user called "Britta Simon".

For single sign-on to work, Azure AD needs to know what the counterpart user in InTime is to a user in Azure AD. In other words, a link relationship between an Azure AD user and the related user in InTime needs to be established.

In InTime, assign the value of the **user name** in Azure AD as the value of the **Username** to establish the link relationship.

To configure and test Azure AD single sign-on with InTime, you need to complete the following building blocks:

1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
2. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
3. **[Create a InTime test user](#create-a-intime-test-user)** - to have a counterpart of Britta Simon in InTime that is linked to the Azure AD representation of user.
4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
5. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.

### Configure Azure AD single sign-on

In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your InTime application.

**To configure Azure AD single sign-on with InTime, perform the following steps:**

1. In the Azure portal, on the **InTime** application integration page, click **Single sign-on**.

![Configure single sign-on link][4]

2. On the **Single sign-on** dialog, select **Mode** as **SAML-based Sign-on** to enable single sign-on.

![Single sign-on dialog box](./media/active-directory-saas-intime-tutorial/tutorial_intime_samlbase.png)

3. On the **InTime Domain and URLs** section, perform the following steps:

![InTime Domain and URLs single sign-on information](./media/active-directory-saas-intime-tutorial/tutorial_intime_url.png)

a. In the **Sign-on URL** textbox, type the URL: `https://intime6.intimesoft.com/mytime/login/login.xhtml`

b. In the **Identifier** textbox, type the URL: `https://auth.intimesoft.com/auth/realms/master`

4. On the **SAML Signing Certificate** section, click **Metadata XML** and then save the metadata file on your computer.

![The Certificate download link](./media/active-directory-saas-intime-tutorial/tutorial_intime_certificate.png)

5. Click **Save** button.

![Configure Single Sign-On Save button](./media/active-directory-saas-intime-tutorial/tutorial_general_400.png)

6. On the **InTime Configuration** section, click **Configure InTime** to open **Configure sign-on** window. Copy the **Sign-Out URL, and SAML Single Sign-On Service URL** from the **Quick Reference section.**

![InTime Configuration](./media/active-directory-saas-intime-tutorial/tutorial_intime_configure.png)

7. To configure single sign-on on **InTime** side, you need to send the downloaded **Metadata XML**, **Sign-Out URL, and SAML Single Sign-On Service URL** to [InTime support team](mailto:hdollard@intimesoft.com). They set this setting to have the SAML SSO connection set properly on both sides.

> [!TIP]
> You can now read a concise version of these instructions inside the [Azure portal](https://portal.azure.com), while you are setting up the app! After adding this app from the **Active Directory > Enterprise Applications** section, simply click the **Single Sign-On** tab and access the embedded documentation through the **Configuration** section at the bottom. You can read more about the embedded documentation feature here: [Azure AD embedded documentation]( https://go.microsoft.com/fwlink/?linkid=845985)
>
### Create an Azure AD test user

The objective of this section is to create a test user in the Azure portal called Britta Simon.

![Create an Azure AD test user][100]

**To create a test user in Azure AD, perform the following steps:**

1. In the Azure portal, in the left pane, click the **Azure Active Directory** button.

![The Azure Active Directory button](./media/active-directory-saas-intime-tutorial/create_aaduser_01.png)

2. To display the list of users, go to **Users and groups**, and then click **All users**.

![The "Users and groups" and "All users" links](./media/active-directory-saas-intime-tutorial/create_aaduser_02.png)

3. To open the **User** dialog box, click **Add** at the top of the **All Users** dialog box.

![The Add button](./media/active-directory-saas-intime-tutorial/create_aaduser_03.png)

4. In the **User** dialog box, perform the following steps:

![The User dialog box](./media/active-directory-saas-intime-tutorial/create_aaduser_04.png)

a. In the **Name** box, type **BrittaSimon**.

b. In the **User name** box, type the email address of user Britta Simon.

c. Select the **Show Password** check box, and then write down the value that's displayed in the **Password** box.

d. Click **Create**.

### Create a InTime test user

In this section, you create a user called Britta Simon in InTime. Work with [InTime support team](mailto:hdollard@intimesoft.com) to add the users in the InTime platform. Users must be created and activated before you use single sign-on.

### Assign the Azure AD test user

In this section, you enable Britta Simon to use Azure single sign-on by granting access to InTime.

![Assign the user role][200]

**To assign Britta Simon to InTime, perform the following steps:**

1. In the Azure portal, open the applications view, and then navigate to the directory view and go to **Enterprise applications** then click **All applications**.

![Assign User][201]

2. In the applications list, select **InTime**.

![The InTime link in the Applications list](./media/active-directory-saas-intime-tutorial/tutorial_intime_app.png)

3. In the menu on the left, click **Users and groups**.

![The "Users and groups" link][202]

4. Click **Add** button. Then select **Users and groups** on **Add Assignment** dialog.

![The Add Assignment pane][203]

5. On **Users and groups** dialog, select **Britta Simon** in the Users list.

6. Click **Select** button on **Users and groups** dialog.

7. Click **Assign** button on **Add Assignment** dialog.

### Test single sign-on

In this section, you test your Azure AD single sign-on configuration using the Access Panel.

When you click the InTime tile in the Access Panel, you should get the login page of your InTime application. Click the **Login** button, then a series of IdPs will be displayed on a list of buttons. click **IDP name** given by [InTime support team](mailto:hdollard@intimesoft.com) to login into your InTime application. For more information about the Access Panel, see [Introduction to the Access Panel](active-directory-saas-access-panel-introduction.md).

## Additional resources

* [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](active-directory-saas-tutorial-list.md)
* [What is application access and single sign-on with Azure Active Directory?](active-directory-appssoaccess-whatis.md)



<!--Image references-->

[1]: ./media/active-directory-saas-intime-tutorial/tutorial_general_01.png
[2]: ./media/active-directory-saas-intime-tutorial/tutorial_general_02.png
[3]: ./media/active-directory-saas-intime-tutorial/tutorial_general_03.png
[4]: ./media/active-directory-saas-intime-tutorial/tutorial_general_04.png

[100]: ./media/active-directory-saas-intime-tutorial/tutorial_general_100.png

[200]: ./media/active-directory-saas-intime-tutorial/tutorial_general_200.png
[201]: ./media/active-directory-saas-intime-tutorial/tutorial_general_201.png
[202]: ./media/active-directory-saas-intime-tutorial/tutorial_general_202.png
[203]: ./media/active-directory-saas-intime-tutorial/tutorial_general_203.png

224 changes: 224 additions & 0 deletions articles/active-directory/active-directory-saas-merchlogix-tutorial.md
View file
@@ -0,0 +1,224 @@
---
title: 'Tutorial: Azure Active Directory integration with Merchlogix | Microsoft Docs'
description: Learn how to configure single sign-on between Azure Active Directory and Merchlogix.
services: active-directory
documentationCenter: na
author: jeevansd
manager: femila
ms.reviewer: joflore

ms.assetid: a1f49bb8-6b17-433d-8f25-9d26fb390e77
ms.service: active-directory
ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
ms.date: 08/05/2017
ms.author: jeedes

---
# Tutorial: Azure Active Directory integration with Merchlogix

In this tutorial, you learn how to integrate Merchlogix with Azure Active Directory (Azure AD).

Integrating Merchlogix with Azure AD provides you with the following benefits:

- You can control in Azure AD who has access to Merchlogix.
- You can enable your users to automatically get signed-on to Merchlogix (Single Sign-On) with their Azure AD accounts.
- You can manage your accounts in one central location - the Azure portal.

If you want to know more details about SaaS app integration with Azure AD, see [what is application access and single sign-on with Azure Active Directory](active-directory-appssoaccess-whatis.md).

## Prerequisites

To configure Azure AD integration with Merchlogix, you need the following items:

- An Azure AD subscription
- A Merchlogix single sign-on enabled subscription

> [!NOTE]
> To test the steps in this tutorial, we do not recommend using a production environment.
To test the steps in this tutorial, you should follow these recommendations:

- Do not use your production environment, unless it is necessary.
- If you don't have an Azure AD trial environment, you can [get a one-month trial](https://azure.microsoft.com/pricing/free-trial/).

## Scenario description
In this tutorial, you test Azure AD single sign-on in a test environment.
The scenario outlined in this tutorial consists of two main building blocks:

1. Adding Merchlogix from the gallery
2. Configuring and testing Azure AD single sign-on

## Adding Merchlogix from the gallery
To configure the integration of Merchlogix into Azure AD, you need to add Merchlogix from the gallery to your list of managed SaaS apps.

**To add Merchlogix from the gallery, perform the following steps:**

1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.

![The Azure Active Directory button][1]

2. Navigate to **Enterprise applications**. Then go to **All applications**.

![The Enterprise applications blade][2]

3. To add new application, click **New application** button on the top of dialog.

![The New application button][3]

4. In the search box, type **Merchlogix**, select **Merchlogix** from result panel then click **Add** button to add the application.

![Merchlogix in the results list](./media/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_addfromgallery.png)

## Configure and test Azure AD single sign-on

In this section, you configure and test Azure AD single sign-on with Merchlogix based on a test user called "Britta Simon".

For single sign-on to work, Azure AD needs to know what the counterpart user in Merchlogix is to a user in Azure AD. In other words, a link relationship between an Azure AD user and the related user in Merchlogix needs to be established.

In Merchlogix, assign the value of the **user name** in Azure AD as the value of the **Username** to establish the link relationship.

To configure and test Azure AD single sign-on with Merchlogix, you need to complete the following building blocks:

1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
2. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
3. **[Create a Merchlogix test user](#create-a-merchlogix-test-user)** - to have a counterpart of Britta Simon in Merchlogix that is linked to the Azure AD representation of user.
4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
5. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.

### Configure Azure AD single sign-on

In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your Merchlogix application.

**To configure Azure AD single sign-on with Merchlogix, perform the following steps:**

1. In the Azure portal, on the **Merchlogix** application integration page, click **Single sign-on**.

![Configure single sign-on link][4]

2. On the **Single sign-on** dialog, select **Mode** as **SAML-based Sign-on** to enable single sign-on.

![Single sign-on dialog box](./media/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_samlbase.png)

3. On the **Merchlogix Domain and URLs** section, perform the following steps:

![Merchlogix Domain and URLs single sign-on information](./media/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_url.png)

a. In the **Sign-on URL** textbox, type a URL using the following pattern: `https://<domain>/login.php?saml=true`

b. In the **Identifier** textbox, type a URL using the following pattern: `https://<domain>/simplesaml/module.php/saml/sp/metadata.php/login-windows-net`

4. On the **SAML Signing Certificate** section, click **Certificate (Base64)** and then save the certificate file on your computer.

![The Certificate download link](./media/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_certificate.png)

5. Click **Save** button.

![Configure Single Sign-On Save button](./media/active-directory-saas-merchlogix-tutorial/tutorial_general_400.png)

6. On the **Merchlogix Configuration** section, click **Configure Merchlogix** to open **Configure sign-on** window. Copy the **Sign-Out URL, SAML Entity ID, and SAML Single Sign-On Service URL** from the **Quick Reference section.**

![Merchlogix Configuration](./media/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_configure.png)

7. To configure single sign-on on **Merchlogix** side, you need to send the downloaded **Certificate (Base64)**, **Sign-Out URL, SAML Entity ID, and SAML Single Sign-On Service URL** to [Merchlogix support team](http://www.merchlogix.com/contact/). They set this setting to have the SAML SSO connection set properly on both sides.

> [!TIP]
> You can now read a concise version of these instructions inside the [Azure portal](https://portal.azure.com), while you are setting up the app! After adding this app from the **Active Directory > Enterprise Applications** section, simply click the **Single Sign-On** tab and access the embedded documentation through the **Configuration** section at the bottom. You can read more about the embedded documentation feature here: [Azure AD embedded documentation]( https://go.microsoft.com/fwlink/?linkid=845985)
>
### Create an Azure AD test user

The objective of this section is to create a test user in the Azure portal called Britta Simon.

![Create an Azure AD test user][100]

**To create a test user in Azure AD, perform the following steps:**

1. In the Azure portal, in the left pane, click the **Azure Active Directory** button.

![The Azure Active Directory button](./media/active-directory-saas-merchlogix-tutorial/create_aaduser_01.png)

2. To display the list of users, go to **Users and groups**, and then click **All users**.

![The "Users and groups" and "All users" links](./media/active-directory-saas-merchlogix-tutorial/create_aaduser_02.png)

3. To open the **User** dialog box, click **Add** at the top of the **All Users** dialog box.

![The Add button](./media/active-directory-saas-merchlogix-tutorial/create_aaduser_03.png)

4. In the **User** dialog box, perform the following steps:

![The User dialog box](./media/active-directory-saas-merchlogix-tutorial/create_aaduser_04.png)

a. In the **Name** box, type **BrittaSimon**.

b. In the **User name** box, type the email address of user Britta Simon.

c. Select the **Show Password** check box, and then write down the value that's displayed in the **Password** box.

d. Click **Create**.

### Create a Merchlogix test user

In this section, you create a user called Britta Simon in Merchlogix. Work with [Merchlogix support team](http://www.merchlogix.com/contact/) to add the users in the Merchlogix platform.

### Assign the Azure AD test user

In this section, you enable Britta Simon to use Azure single sign-on by granting access to Merchlogix.

![Assign the user role][200]

**To assign Britta Simon to Merchlogix, perform the following steps:**

1. In the Azure portal, open the applications view, and then navigate to the directory view and go to **Enterprise applications** then click **All applications**.

![Assign User][201]

2. In the applications list, select **Merchlogix**.

![The Merchlogix link in the Applications list](./media/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_app.png)

3. In the menu on the left, click **Users and groups**.

![The "Users and groups" link][202]

4. Click **Add** button. Then select **Users and groups** on **Add Assignment** dialog.

![The Add Assignment pane][203]

5. On **Users and groups** dialog, select **Britta Simon** in the Users list.

6. Click **Select** button on **Users and groups** dialog.

7. Click **Assign** button on **Add Assignment** dialog.

### Test single sign-on

In this section, you test your Azure AD single sign-on configuration using the Access Panel.

When you click the Merchlogix tile in the Access Panel, you should get automatically signed-on to your Merchlogix application.
For more information about the Access Panel, see [Introduction to the Access Panel](active-directory-saas-access-panel-introduction.md).

## Additional resources

* [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](active-directory-saas-tutorial-list.md)
* [What is application access and single sign-on with Azure Active Directory?](active-directory-appssoaccess-whatis.md)



<!--Image references-->

[1]: ./media/active-directory-saas-merchlogix-tutorial/tutorial_general_01.png
[2]: ./media/active-directory-saas-merchlogix-tutorial/tutorial_general_02.png
[3]: ./media/active-directory-saas-merchlogix-tutorial/tutorial_general_03.png
[4]: ./media/active-directory-saas-merchlogix-tutorial/tutorial_general_04.png

[100]: ./media/active-directory-saas-merchlogix-tutorial/tutorial_general_100.png

[200]: ./media/active-directory-saas-merchlogix-tutorial/tutorial_general_200.png
[201]: ./media/active-directory-saas-merchlogix-tutorial/tutorial_general_201.png
[202]: ./media/active-directory-saas-merchlogix-tutorial/tutorial_general_202.png
[203]: ./media/active-directory-saas-merchlogix-tutorial/tutorial_general_203.png

34 changes: 16 additions & 18 deletions articles/active-directory/active-directory-saas-springerlink-tutorial.md
View file
Expand Up @@ -13,7 +13,7 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
ms.date: 07/19/2017
ms.date: 08/03/2017
ms.author: jeedes

---
Expand Down Expand Up @@ -84,9 +84,8 @@ To configure and test Azure AD single sign-on with Springer Link, you need to co

1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
2. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
3. **[Create a Springer Link test user](#create-a-springer-link-test-user)** - to have a counterpart of Britta Simon in Springer Link that is linked to the Azure AD representation of user.
4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
5. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
3. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
4. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.

### Configure Azure AD single sign-on

Expand All @@ -102,22 +101,25 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf

![Single sign-on dialog box](./media/active-directory-saas-springerlink-tutorial/tutorial_springerlink_samlbase.png)

3. On the **Springer Link Domain and URLs** section, perform the following steps:
3. On the **Springer Link Domain and URLs** section, If you wish to configure the application in **IDP** initiated mode:

![Springer Link Domain and URLs single sign-on information](./media/active-directory-saas-springerlink-tutorial/tutorial_springerlink_url.png)
![Springer Link Domain and URLs single sign-on information](./media/active-directory-saas-springerlink-tutorial/tutorial_springerlink_url1.png)

a. In the **Sign-on URL** textbox, type a URL using the following pattern: `https://<companyname>.live.cf.public.springer.com/athens-shibboleth-login?previousUrl=https%3A%2F%2Fcore-qa.live.cf.public.springer.com%2F`
a. In the **Identifier** textbox, type the URL: `https://fsso.springer.com`

b. In the **Identifier** textbox, type a URL using the following pattern: `https://<companyname>.springer.com`
b. In the **Reply URL** textbox, type the URL: `https://fsso-qa1.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider`

> [!NOTE]
> These values are not real. Update these values with the actual Sign-On URL and Identifier. Contact [Springer Link Client support team](https://www.springer.com/gp/help/contact) to get these values.
4. Check **Show advanced URL settings**. If you wish to configure the application in **SP** initiated mode:

4. Click **Save** button.
![Springer Link Domain and URLs single sign-on information](./media/active-directory-saas-springerlink-tutorial/tutorial_springerlink_url.png)

In the **Sign-on URL** textbox, type the URL : `https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider`

5. Click **Save** button.

![Configure Single Sign-On Save button](./media/active-directory-saas-springerlink-tutorial/tutorial_general_400.png)

5. To generate the **Metadata** url, perform the following steps:
6. To generate the **Metadata** url, perform the following steps:

a. Click **App registrations**.

Expand All @@ -137,11 +139,11 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf

e. Generate the **Metadata URL** using the following pattern: `<FEDERATION METADATA DOCUMENT url>?appid=<application id>`

6. To configure single sign-on on **Springer Link** side, you need to send the generated **Metadata URL** to [Springer Link support team](http://www.springer.com/gp/help/contact).
7. To configure single sign-on on **Springer Link** side, you need to send the generated **Metadata URL** to [Springer Link support team](mailto:identity@springernature.com).

> [!TIP]
> You can now read a concise version of these instructions inside the [Azure portal](https://portal.azure.com), while you are setting up the app! After adding this app from the **Active Directory > Enterprise Applications** section, simply click the **Single Sign-On** tab and access the embedded documentation through the **Configuration** section at the bottom. You can read more about the embedded documentation feature here: [Azure AD embedded documentation]( https://go.microsoft.com/fwlink/?linkid=845985)
>

### Create an Azure AD test user

Expand Down Expand Up @@ -175,10 +177,6 @@ The objective of this section is to create a test user in the Azure portal calle

d. Click **Create**.

### Create a Springer Link test user

In this section, you create a user called Britta Simon in Springer Link. Work with [Springer Link support team](http://www.springer.com/gp/help/contact) to add the users in the Springer Link platform. Users must be created and activated before you use single sign-on.

### Assign the Azure AD test user

In this section, you enable Britta Simon to use Azure single sign-on by granting access to Springer Link.
Expand Down
333 changes: 231 additions & 102 deletions articles/active-directory/active-directory-saas-timeoffmanager-tutorial.md
View file

Large diffs are not rendered by default.

15 changes: 9 additions & 6 deletions articles/active-directory/active-directory-saas-tutorial-list.md
View file
Expand Up @@ -39,7 +39,7 @@ For the comprehensive list of SaaS apps that have been pre-integrated into Azure
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_360Online.png)| [360 Online](active-directory-saas-360online-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-8x8virtualoffice-tutorial.png)| [8x8 Virtual Office](active-directory-saas-8x8virtualoffice-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-abintegro-tutorial.png)| [Abintegro](active-directory-saas-abintegro-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/saasapp_absorblms.png)| [Absorb LMS](active-directory-saas-absorblms-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-absorblms-tutorial.png)| [Absorb LMS](active-directory-saas-absorblms-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_AdaptiveSuite.png)| [Adaptive Suite](active-directory-saas-adaptivesuite-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_AdobeCreateiveCloud.png)| [Adobe Creative Cloud](active-directory-saas-adobe-creative-cloud-tutorial.md)
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_AdobeEchoSign.png)| [Adobe EchoSign](active-directory-saas-adobe-echosign-tutorial.md)|
Expand Down Expand Up @@ -145,7 +145,7 @@ For the comprehensive list of SaaS apps that have been pre-integrated into Azure
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-freshgrade-tutorial.png)| [FreshGrade](active-directory-saas-freshgrade-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Freshservice.png)| [FreshService](active-directory-saas-freshservice-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-front-tutorial.png)| [Front](active-directory-saas-front-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Fuse.png)| [Fuse](active-directory-saas-fuse-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-fuse-tutorial.png)| [Fuse](active-directory-saas-fuse-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Fuze.png)| [Fuze](active-directory-saas-fuze-tutorial.md)
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_GaggleAMP.png)| [GaggleAMP](active-directory-saas-gaggleamp-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Gigya.png)| [Gigya](active-directory-saas-gigya-tutorial.md)|
Expand All @@ -170,7 +170,7 @@ For the comprehensive list of SaaS apps that have been pre-integrated into Azure
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_IglooSoftware.png)| [Igloo Software](active-directory-saas-igloo-software-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/saasapp_ilms.png)| [iLMS](active-directory-saas-ilms-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_ImageRelay.png)| [Image Relay](active-directory-saas-imagerelay-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_InforRetail.png)| [Infor Retail – Information Management](active-directory-saas-inforretailinformationmanagement-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-inforretailinformationmanagement-tutorial.png)| [Infor Retail – Information Management](active-directory-saas-inforretailinformationmanagement-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Inkling.png)| [Inkling](active-directory-saas-inkling-tutorial.md)
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-innotas-tutorial.png)| [Innotas](active-directory-saas-innotas-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-insideview-tutorial.png)| [InsideView](active-directory-saas-insideview-tutorial.md)|
Expand Down Expand Up @@ -241,10 +241,10 @@ For the comprehensive list of SaaS apps that have been pre-integrated into Azure
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_NewSignature.png)| [New Signature Cloud Management Portal for Microsoft Azure](active-directory-saas-newsignature-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Nexonia.png)| [Nexonia](active-directory-saas-nexonia-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-nomadesk-tutorial.png)| [Nomadesk](active-directory-saas-nomadesk-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Nomadic.png)| [Nomadic](active-directory-saas-nomadic-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-nomadic-tutorial.png)| [Nomadic](active-directory-saas-nomadic-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-novatus-tutorial.png)| [Novatus](active-directory-saas-novatus-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-oc-tanner-tutorial.png)| [O. C. Tanner - AppreciateHub](active-directory-saas-oc-tanner-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_OfficeSpaceSoftware.png)| [OfficeSpace Software](active-directory-saas-officespace-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-officespace-tutorial.png)| [OfficeSpace Software](active-directory-saas-officespace-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-oneteam-tutorial.png)| [Oneteam](active-directory-saas-oneteam-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-onit-tutorial.png)| [Onit](active-directory-saas-onit-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-opsgenie-tutorial.png)| [OpsGenie](active-directory-saas-opsgenie-tutorial.md)|
Expand Down Expand Up @@ -274,11 +274,12 @@ For the comprehensive list of SaaS apps that have been pre-integrated into Azure
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-promapp-tutorial.png)| [Promapp](active-directory-saas-promapp-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_ProofpointOnDemand.png)| [Proofpoint on Demand](active-directory-saas-proofpoint-ondemand-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/saasapp_purelyhr.png)| [PurelyHR](active-directory-saas-purelyhr-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_QlikSenseEnterprise.png)| [Qlik Sense Enterprise](active-directory-saas-qliksense-enterprise-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-qliksense-enterprise-tutorial.png)| [Qlik Sense Enterprise](active-directory-saas-qliksense-enterprise-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Qualtrics.png)| [Qualtrics](active-directory-saas-qualtrics-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Questetra_BPM_Suite.png)| [Questetra BPM Suite](active-directory-saas-questetra-bpm-suite-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-quickhelp-tutorial.png)| [QuickHelp](active-directory-saas-quickhelp-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_RallySoftware.png)| [Rally Software](active-directory-saas-rally-software-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-realtimeboard-tutorial.png)| [RealtimeBoard](active-directory-saas-realtimeboard-tutorial.md)||
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-recognize-tutorial.png)| [Recognize](active-directory-saas-recognize-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-redvector-tutorial.png)| [RedVector](active-directory-saas-redvector-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Replicon.png)| [Replicon](active-directory-saas-replicon-tutorial.md)|
Expand Down Expand Up @@ -331,6 +332,7 @@ For the comprehensive list of SaaS apps that have been pre-integrated into Azure
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_SuccessFactors.png)| [SuccessFactors](active-directory-saas-successfactors-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-sugarcrm-tutorial.png)| [SugarCRM](active-directory-saas-sugarcrm-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-sumologic-tutorial.png)| [SumoLogic](active-directory-saas-sumologic-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-symantec-tutorial.png)| [Symantec Web Security Service (WSS)](active-directory-saas-symantec-tutorial.md)||
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Syncplicity.png)| [Syncplicity](active-directory-saas-syncplicity-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Synergi.png)| [Synergi](active-directory-saas-synergi-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/saasapp_tandeexpress.png)| [T&E Express](active-directory-saas-tyeexpress-tutorial.md)|
Expand Down Expand Up @@ -384,6 +386,7 @@ For the comprehensive list of SaaS apps that have been pre-integrated into Azure
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-yonyx-tutorial.png)| [Yonyx Interactive Guides](active-directory-saas-yonyx-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-youearnedit-tutorial.png)| [YouEarnedIt](active-directory-saas-youearnedit-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/SaaSApp_Zendesk.png)| [Zendesk](active-directory-saas-zendesk-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-zivver-tutorial.png)| [ZIVVER](active-directory-saas-zivver-tutorial.md)
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-zoho-mail-tutorial.png)| [Zoho Mail](active-directory-saas-zoho-mail-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-zoom-tutorial.png)| [Zoom](active-directory-saas-zoom-tutorial.md)|
| ![logo](./media/active-directory-saas-tutorial-list/active-directory-saas-zscaler-beta-tutorial.png)| [Zscaler Beta](active-directory-saas-zscaler-beta-tutorial.md)|
Expand Down
2 changes: 1 addition & 1 deletion articles/active-directory/application-proxy-network-topology-considerations.md
View file
Expand Up @@ -125,7 +125,7 @@ This is a simple pattern. You optimize hop 3 by placing the connector near the a

**Scenario:** The app is in an organization's network in the US, with users spread out globally. No ExpressRoute or VPN exists between the Azure datacenter and the corporate network.

**Recommendation:** Follow pattern 2, explained in the previous section.
**Recommendation:** Follow pattern 1, explained in the previous section.

Again, the common pattern is to optimize hop 3, where you place the connector near the app. Hop 3 is not typically expensive, if it is all within the same region. However, hop 1 can be more expensive depending on where the user is, because users across the world must access the Application Proxy instance in the US. It's worth noting that any proxy solution has similar characteristics regarding users being spread out globally.

Expand Down
12 changes: 7 additions & 5 deletions articles/active-directory/application-proxy-security-considerations.md
View file
Expand Up @@ -12,7 +12,7 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
ms.date: 07/28/2017
ms.date: 08/03/2017
ms.author: kgremban
ms.reviewer: harshja
ms.custom: it-pro
Expand Down Expand Up @@ -56,13 +56,15 @@ Because Azure AD Application Proxy is a reverse-proxy, all traffic to back-end a

You don't need to open inbound connections to the corporate network.

Azure AD connectors only use outbound connections to the Azure AD Application Proxy service, which means that there is no need to open firewall ports for incoming connections. Traditional proxies required a perimeter network (also known as *DMZ*, *demilitarized zone*, or *screened subnet*) and allowed access to unauthenticated connections at the network edge. This scenario required many additional investments in web application firewall products to analyze traffic and offer addition protections to the environment. With Application Proxy, you don't need a perimeter network because all connections are outbound and take place over a secure channel.
Application Proxy connectors only use outbound connections to the Azure AD Application Proxy service, which means that there is no need to open firewall ports for incoming connections. Traditional proxies required a perimeter network (also known as *DMZ*, *demilitarized zone*, or *screened subnet*) and allowed access to unauthenticated connections at the network edge. This scenario required many additional investments in web application firewall products to analyze traffic and offer addition protections to the environment. With Application Proxy, you don't need a perimeter network because all connections are outbound and take place over a secure channel.

For more information about connectors, see [Understand Azure AD Application Proxy connectors](application-proxy-understand-connectors.md).

### Cloud-scale analytics and machine learning

Get cutting-edge security protection.

[Azure AD Identity Protection](active-directory-identityprotection.md) with machine learning-driven intelligence with data is fed from our Digital Crimes Unit and Microsoft Security Response Center. Together we proactively identify compromised accounts and offer real-time protection from high-risk sign-ins. We take into account numerous factors, such as access from infected devices, through anonymizing networks, and from atypical and unlikely locations.
Because it's part of Azure Active Directory, Application Proxy can leverage [Azure AD Identity Protection](active-directory-identityprotection.md), with machine learning-driven intelligence and data from the Microsoft Security Response Center and Digital Crimes Unit. Together we proactively identify compromised accounts and offer real-time protection from high-risk sign-ins. We take into account numerous factors, such as access from infected devices, through anonymizing networks, and from atypical and unlikely locations.

Many of these reports and events are already available through an API for integration with your security information and event management (SIEM) systems.

Expand Down Expand Up @@ -114,7 +116,7 @@ Whenever the Application Proxy service updates the configuration settings, the f

When users access a published application, the following events take place between the Application Proxy service and the Application Proxy connector:

1. [The service checks the configuration settings for the app](#the-service-checks-the-configuration-settings-for-the-app)
1. [The service authenticates the user for the app](#the-service-checks-the-configuration-settings-for-the-app)
2. [The service places a request in the connector queue](#The-service-places-a-request-in-the-connector-queue)
3. [A connector processes the request from the queue](#the-connector-receives-the-request-from-the-queue)
4. [The connector waits for a response](#the-connector-waits-for-a-response)
Expand All @@ -123,7 +125,7 @@ When users access a published application, the following events take place betwe
To learn more about what takes place in each of these steps, keep reading.


#### 1. The service checks the configuration settings for the app
#### 1. The service authenticates the user for the app

If you configured the app to use Passthrough as its preauthentication method, the steps in this section are skipped.

Expand Down
17 changes: 8 additions & 9 deletions articles/active-directory/application-proxy-understand-connectors.md
View file
Expand Up @@ -12,7 +12,7 @@ ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
ms.date: 07/28/2017
ms.date: 08/03/2017
ms.author: kgremban
ms.reviewer: harshja
ms.custom: it-pro
Expand All @@ -33,10 +33,11 @@ To deploy Application Proxy successfully, you need at least one connector, but w
For more information about the network requirements for the connector server, see [Get started with Application Proxy and install a connector](active-directory-application-proxy-enable.md).

## Maintenance
The connectors and the service take care of all the high availability tasks. They can be added or removed dynamically. Each time a new request arrives it is routed to one of the connectors that is currently available. If a connector is temporary not available, it doesn't respond to this traffic.
The connectors and the service take care of all the high availability tasks. They can be added or removed dynamically. Each time a new request arrives it is routed to one of the connectors that is currently available. If a connector is temporarily not available, it doesn't respond to this traffic.

The connectors are stateless and have no configuration data on the machine. The only data they store is the settings for connecting the service and its authentication certificate. When they connect to the service, they pull all the required configuration data and refresh it every couple of minutes.
They also poll the server to find out whether there is a newer version of the connector. If one is found, the connectors update themselves.

Connectors also poll the server to find out whether there is a newer version of the connector. If one is found, the connectors update themselves.

You can monitor your connectors from the machine they are running on, using either the event log and performance counters. Or you can view their status from the Application Proxy page of the Azure portal:

Expand All @@ -58,13 +59,11 @@ You may experience downtime when your connector updates if:

## Creating connector groups

There are many reasons to create connector groups, including:
Connector groups enable you to assign specific connectors to serve specific applications. You can group a number of connectors together, and then assign each application to a group.

* Higher availability
* Better latency for tenants with applications in multiple regions
* Organized resources that are easier to manage
Connector groups make it easier to manage large deployments. They also improve latency for tenants that have applications hosted in different regions, because you can create location-based connector groups to serve only local applications.

To learn more about the benefits of connector groups, see [Publish applications on separate networks and locations using connector groups](active-directory-application-proxy-connectors-azure-portal.md).
To learn more about connector groups, see [Publish applications on separate networks and locations using connector groups](active-directory-application-proxy-connectors-azure-portal.md).

## Security and networking

Expand Down Expand Up @@ -136,7 +135,7 @@ The connectors have both admin and session logs. The admin logs include key even

To see the logs, go to the Event Viewer, open the **View** menu, and enable **Show analytic and debug logs**. Then, enable them to start collecting events. These logs do not appear in Web Application Proxy in Windows Server 2012 R2, as the connectors are based on a more recent version.

You can examine the state of the service in the Services window. The connector comprises two Windows Services: the actual connector, and the updater. Both of them are required to run all the time.
You can examine the state of the service in the Services window. The connector comprises two Windows Services: the actual connector, and the updater. Both of them must run all the time.

![AzureAD Services Local](./media/application-proxy-understand-connectors/aad-connector-services.png)

Expand Down
Binary file added ...rectory/media/active-directory-application-proxy-get-started/azureappproxxy.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed .../active-directory/media/active-directory-appssoaccess-whatis/azureappproxxy.png
View file
Binary file not shown.
Binary file modified .../active-directory-saas-absorblms-tutorial/tutorial_absorblms_addfromgallery.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ive-directory/media/active-directory-saas-intime-tutorial/create_aaduser_01.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ive-directory/media/active-directory-saas-intime-tutorial/create_aaduser_02.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ive-directory/media/active-directory-saas-intime-tutorial/create_aaduser_03.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ive-directory/media/active-directory-saas-intime-tutorial/create_aaduser_04.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...directory/media/active-directory-saas-intime-tutorial/tutorial_attribute_03.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...directory/media/active-directory-saas-intime-tutorial/tutorial_attribute_04.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...directory/media/active-directory-saas-intime-tutorial/tutorial_attribute_05.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...e-directory/media/active-directory-saas-intime-tutorial/tutorial_general_01.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...e-directory/media/active-directory-saas-intime-tutorial/tutorial_general_02.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...e-directory/media/active-directory-saas-intime-tutorial/tutorial_general_03.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...e-directory/media/active-directory-saas-intime-tutorial/tutorial_general_04.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...-directory/media/active-directory-saas-intime-tutorial/tutorial_general_100.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...-directory/media/active-directory-saas-intime-tutorial/tutorial_general_200.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...-directory/media/active-directory-saas-intime-tutorial/tutorial_general_201.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...-directory/media/active-directory-saas-intime-tutorial/tutorial_general_202.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...-directory/media/active-directory-saas-intime-tutorial/tutorial_general_203.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...-directory/media/active-directory-saas-intime-tutorial/tutorial_general_400.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added .../media/active-directory-saas-intime-tutorial/tutorial_intime_addfromgallery.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...e-directory/media/active-directory-saas-intime-tutorial/tutorial_intime_app.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ory/media/active-directory-saas-intime-tutorial/tutorial_intime_certificate.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ctory/media/active-directory-saas-intime-tutorial/tutorial_intime_configure.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...ectory/media/active-directory-saas-intime-tutorial/tutorial_intime_samlbase.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...e-directory/media/active-directory-saas-intime-tutorial/tutorial_intime_url.png
View file
Binary file added ...directory/media/active-directory-saas-merchlogix-tutorial/create_aaduser_01.png
View file
Binary file added ...directory/media/active-directory-saas-merchlogix-tutorial/create_aaduser_02.png
View file
Binary file added ...directory/media/active-directory-saas-merchlogix-tutorial/create_aaduser_03.png
View file
Binary file added ...directory/media/active-directory-saas-merchlogix-tutorial/create_aaduser_04.png
View file
Binary file added ...ctory/media/active-directory-saas-merchlogix-tutorial/tutorial_attribute_03.png
View file
Binary file added ...ctory/media/active-directory-saas-merchlogix-tutorial/tutorial_attribute_04.png
View file
Binary file added ...ctory/media/active-directory-saas-merchlogix-tutorial/tutorial_attribute_05.png
View file
Binary file added ...rectory/media/active-directory-saas-merchlogix-tutorial/tutorial_general_01.png
View file
Binary file added ...rectory/media/active-directory-saas-merchlogix-tutorial/tutorial_general_02.png
View file
Binary file added ...rectory/media/active-directory-saas-merchlogix-tutorial/tutorial_general_03.png
View file
Binary file added ...rectory/media/active-directory-saas-merchlogix-tutorial/tutorial_general_04.png
View file
Binary file added ...ectory/media/active-directory-saas-merchlogix-tutorial/tutorial_general_100.png
View file
Binary file added ...ectory/media/active-directory-saas-merchlogix-tutorial/tutorial_general_200.png
View file
Binary file added ...ectory/media/active-directory-saas-merchlogix-tutorial/tutorial_general_201.png
View file
Binary file added ...ectory/media/active-directory-saas-merchlogix-tutorial/tutorial_general_202.png
View file
Binary file added ...ectory/media/active-directory-saas-merchlogix-tutorial/tutorial_general_203.png
View file
Binary file added ...ectory/media/active-directory-saas-merchlogix-tutorial/tutorial_general_400.png
View file
Binary file added ...ctive-directory-saas-merchlogix-tutorial/tutorial_merchlogix_addfromgallery.png
View file
Binary file added ...ory/media/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_app.png
View file
Binary file added ...a/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_certificate.png
View file
Binary file added ...dia/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_configure.png
View file
Binary file added ...edia/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_samlbase.png
View file
Binary file added ...ory/media/active-directory-saas-merchlogix-tutorial/tutorial_merchlogix_url.png
View file
Binary file modified ...media/active-directory-saas-springerlink-tutorial/tutorial_springerlink_app.png
View file
Binary file modified ...media/active-directory-saas-springerlink-tutorial/tutorial_springerlink_url.png
View file
Binary file added ...edia/active-directory-saas-springerlink-tutorial/tutorial_springerlink_url1.png
View file
Binary file removed ...es/active-directory/media/active-directory-saas-timeoffmanager-tutorial/123.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC700993.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC700994.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC749321.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC749322.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC767830.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795909.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795910.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795911.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795912.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795913.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795914.png
View file
Diff not rendered.
Binary file modified ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795915.png
View file
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795916.png
View file
Diff not rendered.
Binary file modified ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795917.png
View file
Binary file modified ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795918.png
View file
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795919.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795920.png
View file
Diff not rendered.
Binary file removed ...tive-directory/media/active-directory-saas-timeoffmanager-tutorial/IC795922.png
View file
Diff not rendered.
Binary file added ...ctory/media/active-directory-saas-timeoffmanager-tutorial/create_aaduser_01.png
View file
Binary file added ...ctory/media/active-directory-saas-timeoffmanager-tutorial/create_aaduser_02.png
View file
Binary file added ...ctory/media/active-directory-saas-timeoffmanager-tutorial/create_aaduser_03.png
View file
Binary file added ...ctory/media/active-directory-saas-timeoffmanager-tutorial/create_aaduser_04.png
View file
Binary file added ...ory/media/active-directory-saas-timeoffmanager-tutorial/tutorial_general_01.png
View file
Binary file added ...ory/media/active-directory-saas-timeoffmanager-tutorial/tutorial_general_02.png
View file
Binary file added ...ory/media/active-directory-saas-timeoffmanager-tutorial/tutorial_general_03.png
View file
Binary file added ...ory/media/active-directory-saas-timeoffmanager-tutorial/tutorial_general_04.png
View file
Binary file added ...ry/media/active-directory-saas-timeoffmanager-tutorial/tutorial_general_100.png
View file
Binary file added ...ry/media/active-directory-saas-timeoffmanager-tutorial/tutorial_general_200.png
View file
Binary file added ...ry/media/active-directory-saas-timeoffmanager-tutorial/tutorial_general_201.png
View file
Binary file added ...ry/media/active-directory-saas-timeoffmanager-tutorial/tutorial_general_202.png
View file
Binary file added ...ry/media/active-directory-saas-timeoffmanager-tutorial/tutorial_general_203.png
View file
Binary file added ...ry/media/active-directory-saas-timeoffmanager-tutorial/tutorial_general_400.png
View file
Binary file added ...media/active-directory-saas-timeoffmanager-tutorial/tutorial_officespace_03.png
View file
Binary file added ...media/active-directory-saas-timeoffmanager-tutorial/tutorial_officespace_04.png
View file
Binary file added ...media/active-directory-saas-timeoffmanager-tutorial/tutorial_officespace_05.png
View file
Binary file added ...ive-directory-saas-timeoffmanager-tutorial/tutorial_timeoffmanager_addattrb.png
View file
Binary file added ...ve-directory-saas-timeoffmanager-tutorial/tutorial_timeoffmanager_addattrb1.png
View file
Binary file added ...rectory-saas-timeoffmanager-tutorial/tutorial_timeoffmanager_addfromgallery.png
View file
Binary file added ...a/active-directory-saas-timeoffmanager-tutorial/tutorial_timeoffmanager_app.png
View file
Binary file added ...active-directory-saas-timeoffmanager-tutorial/tutorial_timeoffmanager_attrb.png
View file
Binary file added ...-directory-saas-timeoffmanager-tutorial/tutorial_timeoffmanager_certificate.png
View file
Binary file added ...ve-directory-saas-timeoffmanager-tutorial/tutorial_timeoffmanager_configure.png
View file
Binary file added ...ive-directory-saas-timeoffmanager-tutorial/tutorial_timeoffmanager_samlbase.png
View file
Binary file added ...a/active-directory-saas-timeoffmanager-tutorial/tutorial_timeoffmanager_url.png
View file
Binary file removed ...les/active-directory/media/active-directory-saas-tutorial-list/SaaSApp_Fuse.png
View file
Diff not rendered.
Binary file removed ...ive-directory/media/active-directory-saas-tutorial-list/SaaSApp_InforRetail.png
View file
Diff not rendered.
Binary file removed .../active-directory/media/active-directory-saas-tutorial-list/SaaSApp_Nomadic.png
View file
Diff not rendered.
Binary file removed ...ctory/media/active-directory-saas-tutorial-list/SaaSApp_OfficeSpaceSoftware.png
View file
Diff not rendered.
Binary file removed ...ctory/media/active-directory-saas-tutorial-list/SaaSApp_QlikSenseEnterprise.png
View file
Diff not rendered.
0 ...-saas-tutorial-list/saasapp_absorblms.png → ...ive-directory-saas-absorblms-tutorial.png
View file
File renamed without changes
Binary file added ...dia/active-directory-saas-tutorial-list/active-directory-saas-fuse-tutorial.png
View file
Binary file added ...torial-list/active-directory-saas-inforretailinformationmanagement-tutorial.png
View file
Binary file added .../active-directory-saas-tutorial-list/active-directory-saas-nomadic-tutorial.png
View file
Binary file added ...ive-directory-saas-tutorial-list/active-directory-saas-officespace-tutorial.png
View file
Binary file added ...tory-saas-tutorial-list/active-directory-saas-qliksense-enterprise-tutorial.png
View file
Binary file added ...e-directory-saas-tutorial-list/active-directory-saas-realtimeboard-tutorial.png
View file
Binary file added ...irectory-saas-tutorial-list/active-directory-saas-springerlink-tutorial,png.png
View file
Binary file added ...active-directory-saas-tutorial-list/active-directory-saas-symantec-tutorial.png
View file
Binary file added ...a/active-directory-saas-tutorial-list/active-directory-saas-zivver-tutorial.png
View file
Binary file modified ...application-proxy-network-topologies/application-proxy-expressroute-private.png
View file
Binary file modified ...ctory/media/application-proxy-network-topologies/application-proxy-pattern1.png
View file
Binary file modified ...ctory/media/application-proxy-network-topologies/application-proxy-pattern2.png
View file
Binary file modified ...ctory/media/application-proxy-network-topologies/application-proxy-pattern3.png
View file
Binary file modified ...ctory/media/application-proxy-network-topologies/application-proxy-pattern4.png
View file
Binary file modified ...tory/media/application-proxy-network-topologies/application-proxy-pattern5a.png
View file
Binary file modified ...tory/media/application-proxy-network-topologies/application-proxy-pattern5b.png
View file
Binary file modified ...tory/media/application-proxy-network-topologies/application-proxy-pattern5c.png
View file
28 changes: 7 additions & 21 deletions articles/analysis-services/analysis-services-overview.md
View file
Expand Up @@ -30,23 +30,19 @@ With Analysis Services, you can mashup and combine data from multiple sources, d
Check out [this video](https://sec.ch9.ms/ch9/d6dd/a1cda46b-ef03-4cea-8f11-68da23c5d6dd/AzureASoverview_high.mp4) to learn how Azure Analysis Services fits in with Microsoft's overall BI capabilities, and how you can benefit from getting your data models into the cloud.

## Built on SQL Server Analysis Services
Azure Analysis Services is compatible with many great features already in SQL Server Analysis Services Enterprise Edition. Azure Analysis Services supports tabular models at the 1200 and 1400 compatibility levels. Partitions, row-level security, bi-directional relationships, and translations are all supported. In-memory and DirectQuery modes mean lightning fast queries over massive and complex datasets.
Azure Analysis Services is compatible with many great features already in SQL Server Analysis Services Enterprise Edition. Azure Analysis Services supports tabular models at the 1200 and 1400 [compatibility levels](https://docs.microsoft.com/sql/analysis-services/tabular-models/compatibility-level-for-tabular-models-in-analysis-services). Partitions, row-level security, bi-directional relationships, and translations are all supported. In-memory and DirectQuery modes mean lightning fast queries over massive and complex datasets.

Tabular models offer rapid development and are highly customizable. For developers, tabular models include the Tabular Object Model (TOM) to describe model objects. TOM is exposed in JSON through the [Tabular Model Scripting Language (TMSL)](https://docs.microsoft.com/sql/analysis-services/tabular-model-scripting-language-tmsl-reference) and the AMO data definition language through the [Microsoft.AnalysisServices.Tabular](https://msdn.microsoft.com/library/microsoft.analysisservices.tabular.aspx) namespace.

New features in tabular 1400 models support Detail Rows, Object-level security, ragged hierarchies, a modern Get Data experience in Visual Studio with SQL Server Data Tools (SSDT) for data connectivity, and many other enhancements. And because the underlying model metadata is the same, existing on-premises tabular model solutions can easily be migrated to the cloud.


## Better with Azure
Azure Analysis Services integrates with many Azure data services enabling you to build sophisticated analytics solutions.

Azure Analysis Services can consume data from Azure SQL Database, Azure SQL Data Warehouse, and Azure Blob storage. You can build enterprise data warehouse solutions in Azure using a hub-and-spoke model, with the SQL data warehouse at the center and multiple BI models around it targeting different business groups or subject areas.
Azure Analysis Services integrates with many Azure services enabling you to build sophisticated analytics solutions. Integration with [Azure Active Directory](../active-directory/active-directory-whatis.md) provides secure, role-based access to your critical data. Integrate with [Azure Data Factory](../data-factory/data-factory-introduction.md) pipelines by including an activity that loads data into the model. [Azure Automation](../automation/automation-intro.md) and [Azure Functions](../azure-functions/functions-overview.md) can be used for lightweight orchestration of models using custom code.

With Azure Data Factory you can orchestrate the movement and transformation of data, a core capability in any enterprise BI/analytics solution. Azure Analysis Services can be integrated into any Azure Data Factory pipeline by including an activity that loads data into the model. Azure Automation and Azure Functions can also be used for doing lightweight orchestration of models using custom code.
## Get up and running quickly
In Azure portal, you can [create a server](analysis-services-create-server.md) within minutes. And, with Azure Resource Manager [templates](../azure-resource-manager/resource-manager-create-first-template.md) and PowerShell, you can provision servers using a declarative template. With a single template, you can deploy multiple services along with other Azure components such as storage accounts and Azure Functions.

Azure Analysis Services is also tightly integrated with Azure Active Directory, providing secure, role-based access to your critical data.
Once you have a server created, you can create a tabular model right in Azure portal. With the new (preview) [Web designer feature](analysis-services-create-model-portal.md), you can connect to an Azure SQL Database, Azure SQL Data Warehouse data source, or import a Power BI Desktop .pbix file. Relationships between tables are created automatically, and you can create measures or edit the model.bim file in json format right from your browser.

## Scale resources to your needs
## Scale to your needs
Azure Analysis Services is available in Developer, Basic, and Standard tiers. Within each tier, plan costs vary according to processing power, QPUs, and memory size. When you create a server, you select a plan within a tier. You can change plans up or down within the same tier, or upgrade to a higher tier, but you cannot downgrade from a higher tier to a lower tier.

Scale up, scale down, or pause your server. Use the Azure portal or have total control on-the-fly by using PowerShell. You only pay for what you use. To learn more about the different plans and tiers, and use the pricing calculator to determine the right plan for you, see [Azure Analysis Services Pricing](https://azure.microsoft.com/pricing/details/analysis-services/).
Expand All @@ -60,26 +56,16 @@ Azure Analysis Services servers can be created in the following [Azure regions](

New regions are being added all the time, so this list might be incomplete. You choose a location when you create your server in Azure portal or by using Azure Resource Manager templates. To get the best performance, choose a location nearest your largest user base. Assure [high availability](analysis-services-bcdr.md) by deploying your models on redundant servers in multiple regions.

## Get up and running quickly
With Azure portal, you can [create a server](analysis-services-create-server.md) within minutes. And, with Azure Resource Manager templates and PowerShell, you can provision servers using a declarative template. With a single template, you can deploy multiple services along with other Azure components such as storage accounts. To learn more, see [Deploy resources with Resource Manager templates and Azure PowerShell](../azure-resource-manager/resource-group-template-deploy.md).

Once you have a server created, you can create a tabular model right in Azure portal. With the new (preview) Web designer feature, you can connect to an Azure SQL Database, Azure SQL Data Warehouse data source, or import a Power BI Desktop .pbix file. Relationships between tables are created automatically, and you can create measures or edit the model.bim file in json format right from your browser.

## Migrate your existing tabular models
If you already have existing on-premises SQL Server Analysis Services model solutions, you can migrate to Azure Analysis Services without significant changes. To migrate, you can use SSDT to deploy your model to your server. Or, in SSMS, you can use backup and restore or TMSL.

If you have on-premises data sources, you need to install and configure an [On-premises data gateway](analysis-services-gateway.md). If you have roles and role members already configured, your roles migrate, but you have to readd role members by using SSMS or PowerShell.


## Connect to popular data sources
Azure Analysis Services supports connecting to data sources on-premises in your organization and in the cloud. Combine data from both on-premises and cloud data sources for a hybrid solution.
Azure Analysis Services supports [connecting to data sources](analysis-services-datasource.md) on-premises in your organization and in the cloud. Combine data from both on-premises and cloud data sources for a hybrid solution.

New tabular 1400 models use the modern Get Data feature in SSDT, based on the M formula query language. With Get Data, you have more data transformation and mashup features, and the ability to create and edit your own advanced M formula language queries. For example, with tabular 1400 models, you can model on data files in Azure Blob Storage.

Azure Analysis Services supports using [DirectQuery](https://docs.microsoft.com/sql/analysis-services/tabular-models/directquery-mode-ssas-tabular) for connecting directly to Azure SQL Database, Azure SQL Data Warehouse, SQL Server, SQL Server Data Warehouse, Oracle, and Teradata relational databases.

To learn more, see [Data sources supported in Azure Analysis Services](analysis-services-datasource.md).

## Use the tools you already know

![BI developer tools](./media/analysis-services-overview/aas-overview-dev-tools.png)
Expand Down
28 changes: 10 additions & 18 deletions articles/app-service-mobile/app-service-mobile-value-prop.md
View file
Expand Up @@ -19,8 +19,8 @@ ms.author: glenga
---
# <a name="getting-started"> </a>What is Mobile Apps?
Azure App Service is a fully managed [Platform as a Service](https://azure.microsoft.com/overview/what-is-paas/) (PaaS) offering for professional developers
that brings a rich set of capabilities to web, mobile and integration scenarios. *Mobile Apps* in
*Azure App Service* offer a highly scalable, globally available mobile application development platform
that brings a rich set of capabilities to web, mobile, and integration scenarios. *Mobile Apps* in
*Azure App Service* offers a highly scalable, globally available mobile application development platform
for Enterprise Developers and System Integrators that brings a rich set of capabilities to mobile developers.

![Mobile Apps](./media/app-service-mobile-value-prop/overview.png)
Expand All @@ -32,7 +32,7 @@ to mobile developers. With Mobile Apps you can:

* **Build native and cross platform apps** - whether you're building native iOS, Android, and Windows apps
or cross-platform Xamarin or Cordova (Phonegap) apps, you can take advantage of App Service using native SDKs.
* **Connect to your enterprise systems** - with Mobile Apps you can add corporate sign on in minutes, and
* **Connect to your enterprise systems** - with Mobile Apps you can add corporate sign-on in minutes, and
connect to your enterprise on-premises or cloud resources.
* **Build offline-ready apps with data sync** - make your mobile workforce productive by building apps that
work offline and use Mobile Apps to sync data in the background when connectivity is present with any of your
Expand All @@ -44,14 +44,14 @@ to mobile developers. With Mobile Apps you can:
The following features are important to cloud-enabled mobile development:

* **Authentication and Authorization** - Select from an ever-growing list of identity providers, including
Azure Active Directory for enterprise authentication, plus social providers like Facebook, Google, Twitter
Azure Active Directory for enterprise authentication, plus social providers like Facebook, Google, Twitter,
and Microsoft Account. Azure Mobile Apps provides an OAuth 2.0 service for each provider. You can also
integrate the SDK for the identity provider for provider specific functionality.
integrate the SDK for the identity provider for provider-specific functionality.

Discover more about our [authentication features].
* **Data Access** - Azure Mobile Apps provides a mobile-friendly OData v3 data source linked to SQL Azure or
an on-premises SQL Server. This service can be based on Entity Framework, allowing you to easily integrate
with other NoSQL and SQL data providers, including [Azure Table Storage], MongoDB, [DocumentDB] and SaaS API
with other NoSQL and SQL data providers, including [Azure Table Storage], MongoDB, [DocumentDB], and SaaS API
providers like Office 365 and Salesforce.com.
* **Offline Sync** - Our Client SDKs make it easy for you to build robust and responsive mobile applications
that operate with an offline data set that can be automatically synchronized with the backend data, including
Expand All @@ -62,12 +62,12 @@ The following features are important to cloud-enabled mobile development:
Notification Hubs, allowing you to send push notifications to millions of users simultaneously.

Discover more about our [push notification features].
* **Client SDKs** - We provide a complete set of Client SDKs that cover native development ([iOS], [Android] and
[Windows]), cross-platform development ([Xamarin for iOS and Android], [Xamarin Forms]) and hybrid application
* **Client SDKs** - We provide a complete set of Client SDKs that cover native development ([iOS], [Android], and
[Windows]), cross-platform development ([Xamarin for iOS and Android], [Xamarin Forms]), and hybrid application
development ([Apache Cordova]). Each client SDK is available with an MIT license and is open-source.

## Azure App Service Features.
The following platform features are generally useful for mobile production sites.
The following platform features are useful for mobile production sites.

* **Auto Scaling** - App Service enables you to quickly scale-up or out to handle any incoming customer
load. Manually select the number and size of VMs or set up auto-scaling to scale your mobile app backend
Expand All @@ -87,7 +87,7 @@ The following platform features are generally useful for mobile production sites

Discover more about [hybrid connections], [virtual networks], and [ExpressRoute].
* **Isolated / Dedicated Environments** - App Service can be run in a fully isolated and dedicated enviroment for securely
running Azure App Service apps at high scale. This is ideal for application workloads requiring very high scale, isolation
running Azure App Service apps at high scale. This is ideal for application workloads requiring high scale, isolation
or secure network access.

Discover more about [App Service Environments].
Expand All @@ -101,14 +101,6 @@ each client application.
For more information on Azure Mobile Apps, please review our [learning map].
For more information on the Azure App Service platform, see [Azure App Service].

> [!NOTE]
> If you want to get started with Azure App Service before signing up for an
> Azure account, go to [Try App Service](https://azure.microsoft.com/try/app-service/mobile/), where
> you can immediately create a short-lived starter web app in App Service. No credit cards required;
> no commitments.
>
>
<!-- URLs. -->
[Migrate your Mobile Service to App Service]: app-service-mobile-migrating-from-mobile-services.md
[Azure App Service]: ../app-service/app-service-value-prop-what-is.md
Expand Down
5 changes: 0 additions & 5 deletions articles/app-service-mobile/app-service-mobile-windows-store-dotnet-get-started.md
View file
Expand Up @@ -37,11 +37,6 @@ To complete this tutorial, you need the following:
* An active Azure account. If you don't have an account, you can sign up for an Azure trial and get up to 10 free mobile apps that you can keep using even after your trial ends. For details, see [Azure Free Trial](https://azure.microsoft.com/pricing/free-trial/).
* [Visual Studio Community 2015] or a later version.

> [!NOTE]
> If you want to get started with Azure App Service before you sign up for an Azure account, go to [Try App Service](https://azure.microsoft.com/try/app-service/mobile/). There, you can immediately create a short-lived starter mobile app in App Service—no credit card required, and no commitments.
>
>
## Create a new Azure Mobile App backend
Follow these steps to create a new Mobile App backend.

Expand Down
7 changes: 0 additions & 7 deletions articles/app-service-mobile/app-service-mobile-xamarin-android-get-started.md
View file
Expand Up @@ -37,13 +37,6 @@ To complete this tutorial, you need the following prerequisites:
Apps. For details, see [Azure Free Trial](https://azure.microsoft.com/pricing/free-trial/).
* Visual Studio with Xamarin. See [Setup and install for Visual Studio and Xamarin](https://msdn.microsoft.com/library/mt613162.aspx) for instructions.

> [!NOTE]
> If you want to get started with Azure App Service before signing up for an Azure account, go to
> [Try App Service](https://azure.microsoft.com/try/app-service/mobile/). You can immediately create a short-lived starter Mobile
> App in App Service. No credit cards required; no commitments.
>
>
## Create an Azure Mobile App backend
Follow these steps to create a Mobile App backend.

Expand Down
5 changes: 0 additions & 5 deletions articles/app-service-mobile/app-service-mobile-xamarin-forms-get-started.md
View file
Expand Up @@ -32,11 +32,6 @@ To complete this tutorial, you need the following:
* Visual Studio with Xamarin. See [Setup and install for Visual Studio and Xamarin](https://msdn.microsoft.com/library/mt613162.aspx) for instructions.
* A Mac with Xcode v7.0 or later and Xamarin Studio Community installed. See [Setup and install for Visual Studio and Xamarin](https://msdn.microsoft.com/library/mt613162.aspx) and [Setup, install, and verifications for Mac users](https://msdn.microsoft.com/library/mt488770.aspx) (MSDN).

> [!NOTE]
> If you want to get started with Azure App Service before signing up for an Azure account, go to [Try App Service](https://azure.microsoft.com/try/app-service/mobile/), where you can immediately create a short-lived starter Mobile App in App Service. No credit cards required; no commitments.
>
>
## Create a new Azure Mobile App backend
Follow these steps to create a new Mobile App backend.

Expand Down
7 changes: 0 additions & 7 deletions articles/app-service-mobile/app-service-mobile-xamarin-ios-get-started.md
View file
Expand Up @@ -37,13 +37,6 @@ To complete this tutorial, you need the following prerequisites:
[Setup and install for Visual Studio and Xamarin](https://msdn.microsoft.com/library/mt613162.aspx) and
[Setup, install, and verifications for Mac users](https://msdn.microsoft.com/library/mt488770.aspx) (MSDN).

> [!NOTE]
> If you want to get started with Azure App Service before you sign up for an Azure account, go to
> [Try App Service](https://azure.microsoft.com/try/app-service/mobile/). You can immediately create a short-lived starter
> mobile app in App Service—no credit card required, and no commitments.
>
>
## Create an Azure Mobile App backend
Follow these steps to create a Mobile App backend.

Expand Down
3 changes: 2 additions & 1 deletion articles/application-insights/TOC.md
View file
Expand Up @@ -92,6 +92,7 @@

### Usage
#### [Overview](app-insights-usage-overview.md)
#### [Send User Context](app-insights-usage-send-user-context.md)
#### [Users, Sessions, Events](app-insights-usage-segmentation.md)
#### [Funnels](usage-funnels.md)
#### [Retention](app-insights-usage-retention.md)
Expand Down Expand Up @@ -131,7 +132,7 @@
### [Export to Power BI](app-insights-export-power-bi.md)

## Secure
### [Data collection, retention and storage](app-insights-data-retention-privacy.md)
### [Data collection, retention, and storage](app-insights-data-retention-privacy.md)
### [Resources, roles, and access control](app-insights-resources-roles-access-control.md)
### [IP addresses](app-insights-ip-addresses.md)

Expand Down
2 changes: 1 addition & 1 deletion articles/application-insights/app-insights-asp-net-trace-logs.md
View file
Expand Up @@ -192,7 +192,7 @@ In Solution Explorer, right-click `ApplicationInsights.config` and choose **Upda
It can sometimes take a while for all the events and requests to get through the pipeline.

### <a name="limits"></a>How much data is retained?
Up to 500 events per second from each application. Events are retained for seven days.
Several factors impact the amount of data retained. See the [limits](app-insights-api-custom-events-metrics.md#limits) section of the customer event metrics page for more information.

### I'm not seeing some of the log entries that I expect
If your application sends a lot of data and you are using the Application Insights SDK for ASP.NET version 2.0.0-beta3 or later, the adaptive sampling feature may operate and send only a percentage of your telemetry. [Learn more about sampling.](app-insights-sampling.md)
Expand Down
8 changes: 6 additions & 2 deletions articles/application-insights/app-insights-usage-overview.md
View file
Expand Up @@ -36,11 +36,15 @@ The best experience is obtained by installing Application Insights both in your

Publish your app to monitor your app's performance and find out what your users are doing with your app.

## Include user and session ID in your telemetry
To track users over time, Application Insights requires a way to identify them. The Events tool is the only Usage tool that does not require a user ID or a session ID.

Start sending these IDs [here](https://docs.microsoft.com/azure/application-insights/app-insights-usage-send-user-context).

## Explore usage demographics and statistics
Find out when people use your app, what pages they're most interested in, where your users are located, what browsers and operating systems they use.

The Users and Sessions reports filter your data by pages or custom events, and segment them by properties such as location, environment,and page. You can also add your own filters.
The Users and Sessions reports filter your data by pages or custom events, and segment them by properties such as location, environment, and page. You can also add your own filters.

![Users](./media/app-insights-usage-overview/users.png)

Expand Down Expand Up @@ -111,7 +115,7 @@ Or in the server side of the web app:
tc.TrackEvent("CompletedPurchase");
```

You can attach property values to these events, so that you can filter or split the events when you inspect them in the portal. In addition, a standard set of properties is attached to each event, such as anonymous user id, which allows you to trace the sequence of activities of an individual user.
You can attach property values to these events, so that you can filter or split the events when you inspect them in the portal. In addition, a standard set of properties is attached to each event, such as anonymous user ID, which allows you to trace the sequence of activities of an individual user.

Learn more about [custom events](app-insights-api-custom-events-metrics.md#trackevent) and [properties](app-insights-api-custom-events-metrics.md#properties).

Expand Down
95 changes: 95 additions & 0 deletions articles/application-insights/app-insights-usage-send-user-context.md
View file
@@ -0,0 +1,95 @@
---
title: Sending user context to enable usage experiences in Azure Application Insights | Microsoft Docs
description: Track how users move through your service after assigning each of them a unique, persistent ID string in Application Insights.
services: application-insights
documentationcenter: ''
author: abgreg
manager: carmonm

ms.service: application-insights
ms.workload: tbd
ms.tgt_pltfrm: ibiza
ms.devlang: csharp
ms.topic: article
ms.date: 08/02/2017
ms.author: cfreeman

---
# Sending user context to enable usage experiences in Azure Application Insights

## Tracking users

Application Insights enables you to monitor and track your users through a set of product usage tools:
* [Users, Sessions, Events](https://docs.microsoft.com/azure/application-insights/app-insights-usage-segmentation)
* [Funnels](https://docs.microsoft.com/azure/application-insights/usage-funnels)
* [Retention](https://docs.microsoft.com/azure/application-insights/app-insights-usage-retention)
* Cohorts
* [Workbooks](https://docs.microsoft.com/azure/application-insights/app-insights-usage-workbooks)

In order to track what a user does over time, Application Insights needs an ID for each user or session. Include these IDs in every custom event or page view.
- Users, Funnels, Retention, and Cohorts: Include user ID.
- Sessions: Include session ID.

If your app is integrated with the [JavaScript SDK](https://docs.microsoft.com/azure/application-insights/app-insights-javascript#set-up-application-insights-for-your-web-page), user ID is tracked automatically.

## Choosing user IDs

User IDs should persist across user sessions to track how users behave over time. There are various approaches for persisting the ID.
- A definition of a user that you already have in your service.
- If the service has access to a browser, it can pass the browser a cookie with an ID in it. The ID will persist for as long as the cookie remains in the user's browser.
- If necessary, you can use a new ID each session, but the results about users will be limited. For example, you won't be able to see how a user's behavior changes over time.

The ID should be a Guid or another string complex enough to identify each user uniquely. For example, it could be a long random number.

If the ID contains personally identifying information about the user, it is not an appropriate value to send to Application Insights as a user ID. You can send such an ID as an [authenticated user ID](https://docs.microsoft.com/azure/application-insights/app-insights-api-custom-events-metrics#authenticated-users), but it does not fulfill the user ID requirement for usage scenarios.

## ASP.NET Apps: Set user context in an ITelemetryInitializer

Create a telemetry initializer, as described in detail [here](https://docs.microsoft.com/azure/application-insights/app-insights-api-filtering-sampling#add-properties-itelemetryinitializer), and set the Context.User.Id and the Context.Session.Id.

This example sets the user ID to an identifier that expires after the session. If possible, use a user ID that persists across sessions.

*C#*

```C#

using System;
using System.Web;
using Microsoft.ApplicationInsights.Channel;
using Microsoft.ApplicationInsights.Extensibility;

namespace MvcWebRole.Telemetry
{
/*
* Custom TelemetryInitializer that sets the user ID.
*
*/
public class MyTelemetryInitializer : ITelemetryInitializer
{
public void Initialize(ITelemetry telemetry)
{
// For a full experience, track each user across sessions. For an incomplete view of user
// behavior within a session, store user ID on the HttpContext Session.
// Set the user ID if we haven't done so yet.
if (HttpContext.Current.Session["UserId"] == null)
{
HttpContext.Current.Session["UserId"] = Guid.NewGuid();
}

// Set the user id on the Application Insights telemetry item.
telemetry.Context.User.Id = (string)HttpContext.Current.Session["UserId"];

// Set the session id on the Application Insights telemetry item.
telemetry.Context.Session.Id = HttpContext.Current.Session.SessionID;
}
}
}
```

## Next steps
- To enable usage experiences, start sending [custom events](https://docs.microsoft.com/en-us/azure/application-insights/app-insights-api-custom-events-metrics#trackevent) or [page views](https://docs.microsoft.com/azure/application-insights/app-insights-api-custom-events-metrics#page-views).
- If you already send custom events or page views, explore the Usage tools to learn how users use your service.
- [Users, Sessions, Events](https://docs.microsoft.com/azure/application-insights/app-insights-usage-segmentation)
- [Funnels](https://docs.microsoft.com/azure/application-insights/usage-funnels)
- [Retention](https://docs.microsoft.com/azure/application-insights/app-insights-usage-retention)
- [Workbooks](https://docs.microsoft.com/azure/application-insights/app-insights-usage-workbooks)
32 changes: 16 additions & 16 deletions articles/azure-api-management-certs.md
View file
@@ -1,6 +1,6 @@
---
title: Upload an Azure Management API Certificate | Microsoft Docs
description: Learn how to upload athe Management API certficate for the Azure Classic Portal.
description: Learn how to upload athe Management API certificate for the Azure Classic Portal.
services: cloud-services
documentationcenter: .net
author: Thraka
Expand All @@ -13,41 +13,41 @@ ms.workload: tbd
ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: article
ms.date: 04/18/2016
ms.date: 08/01/2017
ms.author: adegeo

---
# Upload an Azure Management API Management Certificate
Management certificates allow you to authenticate with the Service Management API provided by Azure. Many programs and tools (such as Visual Studio or the Azure SDK) will use these certficates to automate configuration and deployment of various Azure services. **This only applies to the Azure classic portal**.
Management certificates allow you to authenticate with the classic deployment model provided by Azure. Many programs and tools (such as Visual Studio or the Azure SDK) use these certificates to automate configuration and deployment of various Azure services.

> [!WARNING]
> Be careful! These types of certificates allow anyone who authenticates with them to manage the subscription they are associated with.
>
>
More information about Azure certificates (including creating a self-signed certificate) is [available](cloud-services/cloud-services-certs-create.md#what-are-management-certificates) to you if you need it.
If you'd like more information about Azure certificates (including creating a self-signed certificate), see [Certificates overview for Azure Cloud Services](cloud-services/cloud-services-certs-create.md#what-are-management-certificates).

You can also use [Azure Active Directory](https://azure.microsoft.com/en-us/services/active-directory/) to authenticate client-code for automation purposes.

## Upload a management certificate
Once you have a management certficate created, (.cer file with only the public key) you can upload it into the portal. When the certificate is available in the portal, anyone with a matching certficiate (private key) can connect through the Management API and access the resources for the associated subscription.
Once you have a management certificate created, (.cer file with only the public key) you can upload it into the portal. When the certificate is available in the portal, anyone with a matching certificate (private key) can connect through the Management API and access the resources for the associated subscription.

1. Log into the [Azure classic portal](http://manage.windowsazure.com).
2. Make sure to select the correct subscription that you want to associate a certificate with. Press the **Subscriptions** text at the top-right of the portal.
1. Log in to the [Azure portal](http://portal.azure.com).
2. Click **More services** at the bottom Azure service list, then select **Subscriptions** in the _General_ service group.

![Settings](./media/azure-api-management-certs/subscription.png)
3. After you have the correct subscription selected, press **Settings** on the left side of the portal (you may need to scroll down).
![Subscription menu](./media/azure-api-management-certs/subscriptions_menu.png)

![Settings](./media/azure-api-management-certs/settings.png)
4. Press the **Management Certificates** tab.
3. Make sure to select the correct subscription that you want to associate with the certificate.
4. After you have selected the correct subscription, press **Management certificates** in the _Settings_ group.

![Settings](./media/azure-api-management-certs/mgmtcerts_menu.png)

![Settings](./media/azure-api-management-certs/certificates-tab.png)
5. Press the **Upload** button.

![Settings](./media/azure-api-management-certs/upload.png)
6. Fill out the dialog information and press the done **Checkmark**.
![Upload on certificates page](./media/azure-api-management-certs/certificates_page.png)
6. Fill out the dialog information and press **Upload**.

![Settings](./media/azure-api-management-certs/upload-dialog.png)
![Settings](./media/azure-api-management-certs/certificate_details.png)

## Next steps
Now that you have a management certificate associated with a subscription, you can (after you have installed the matching certificate locally) programmatically connect to the [Service Management REST API](https://msdn.microsoft.com/library/azure/mt420159.aspx) and automate the various Azure resources that are also associated with that subscription.
Now that you have a management certificate associated with a subscription, you can (after you have installed the matching certificate locally) programmatically connect to the [classic deployment model REST API](https://msdn.microsoft.com/library/azure/mt420159.aspx) and automate the various Azure resources that are also associated with that subscription.