bhlee90
diff --git a/‎articles/active-directory/active-directory-saas-linkedinelevate-provisioning-tutorial.md‎
Lines changed: 131 additions & 0 deletions b/‎articles/active-directory/active-directory-saas-linkedinelevate-provisioning-tutorial.md‎
Lines changed: 131 additions & 0 deletions
diff --git a/‎articles/active-directory/active-directory-saas-wingspanetmf-tutorial.md‎
Lines changed: 225 additions & 0 deletions b/‎articles/active-directory/active-directory-saas-wingspanetmf-tutorial.md‎
Lines changed: 225 additions & 0 deletions
@@ -0,0 +1,131 @@
+---
+title: 'Tutorial: Configuring LinkedIn Elevate for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to LinkedIn Elevate.
+services: active-directory
+documentationcenter: ''
+author: asmalser-msft
+writer: asmalser-msft
+manager: stevenpo
+
+ms.assetid: d4ca2365-6729-48f7-bb7f-c0f5ffe740a3
+ms.service: active-directory
+ms.workload: identity
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: article
+ms.date: 04/15/2017
+ms.author: asmalser-msft
+---
+
+# Tutorial: Configuring LinkedIn Elevate for Automatic User Provisioning
+
+
+The objective of this tutorial is to show you the steps you need to perform in LinkedIn Elevate and Azure AD to automatically provision and de-provision user accounts from Azure AD to LinkedIn Elevate. 
+
+## Prerequisites
+
+The scenario outlined in this tutorial assumes that you already have the following items:
+
+*   An Azure Active Directory tenant
+*   A LinkedIn Elevate tenant 
+*   An administrator account in LinkedIn Elevate with access to the LinkedIn Account Center
+
+> [!NOTE]
+> Azure Active Directory integrates with LinkedIn Elevate using the [SCIM](http://www.simplecloud.info/) protocol.
+
+## Assigning users to LinkedIn Elevate
+
+Azure Active Directory uses a concept called "assignments" to determine which users should receive access to selected apps. In the context of automatic user account provisioning, only the users and groups that have been "assigned" to an application in Azure AD will be synchronized. 
+
+Before configuring and enabling the provisioning service, you will need to decide what users and/or groups in Azure AD represent the users who need access to LinkedIn Elevate. Once decided, you can assign these users to LinkedIn Elevate by following the instructions here:
+
+[Assign a user or group to an enterprise app](active-directory-coreapps-assign-user-azure-portal.md)
+
+### Important tips for assigning users to LinkedIn Elevate
+
+*	It is recommended that a single Azure AD user be assigned to LinkedIn Elevate to test the provisioning configuration. Additional users and/or groups may be assigned later.
+
+*	When assigning a user to LinkedIn Elevate, you must select the **User** role in the assignment dialog. The "Default Access" role does not work for provisioning.
+
+
+## Configuring user provisioning to LinkedIn Elevate
+
+This section guides you through connecting your Azure AD to LinkedIn Elevate's SCIM user account provisioning API, and configuring the provisioning service to create, update and disable assigned user accounts in LinkedIn Elevate based on user and group assignment in Azure AD.
+
+**Tip:** You may also choose to enabled SAML-based Single Sign-On for LinkedIn Elevate, following the instructions provided in [Azure portal](https://portal.azure.com). Single sign-on can be configured independently of automatic provisioning, though these two features complement each other.
+
+
+### To configure automatic user account provisioning to LinkedIn Elevate in Azure AD:
+
+
+The first step is to retrieve your LinkedIn access token. If you are an Enterprise administrator, you can self-provision an
+    access token. In your account center, go to **Settings &gt; Global Settings** and open the **SCIM Setup** panel.
+
+> [!NOTE]
+> If you are accessing the account center directly rather than through a link, you can reach it using the following steps.
+
+1)  Sign in to Account Center.
+
+2)  Select **Admin &gt; Admin Settings** .
+
+3)  Click **Advanced Integrations** on the left sidebar. You are
+    directed to the account center.
+
+4)  Click **+ Add new SCIM configuration** and follow the procedure by
+    filling in each field.
+
+> When autoassign licenses is not enabled, it means that only user
+> data is synced.
+
+![LinkedIn Elevate Provisioning](./media/active-directory-saas-linkedin-elevate-provisioning-tutorial/linkedin_elevate1.PNG)
+
+> When autolicense assignment is enabled, you need to note the
+> application instance and license type. Licenses are assigned on a
+> first come, first serve basis until all the licenses are taken.
+
+![LinkedIn Elevate Provisioning](./media/active-directory-saas-linkedin-elevate-provisioning-tutorial/linkedin_elevate2.PNG)
+
+5)  Click **Generate token**. You should see your access token display
+    under the **Access token** field.
+
+6)  Save your access token to your clipboard or computer before leaving
+    the page.
+
+7) Next, sign in to the [Azure portal](https://portal.azure.com), and browse to the **Azure Active Directory > Enterprise Apps > All applications**  section.
+
+8) If you have already configured LinkedIn Elevate for single sign-on, search for your instance of LinkedIn Elevate using the search field. Otherwise, select **Add** and search for **LinkedIn Elevate** in the application gallery. Select LinkedIn Elevate from the search results, and add it to your list of applications.
+
+9)	Select your instance of LinkedIn Elevate, then select the **Provisioning** tab.
+
+10)	Set the **Provisioning Mode** to **Automatic**.
+
+![LinkedIn Elevate Provisioning](./media/active-directory-saas-linkedin-elevate-provisioning-tutorial/linkedin_elevate3.PNG)
+
+11)  Fill in the following fields under **Admin Credentials** :
+
+* In the **Tenant URL** field, enter https://api.linkedin.com.
+
+* In the **Secret Token** field, enter the access token you generated in step 1 and click **Test Connection** .
+
+* You should see a success notification on the upperright side of
+    your portal.
+
+12) Enter the email address of a person or group who should receive provisioning error notifications in the **Notification Email** field, and check the checkbox below.
+
+13) Click **Save**. 
+
+14) In the **Attribute Mappings** section, review the user and group attributes that will be synchronized from Azure AD to LinkedIn Elevate. Note that the attributes selected as **Matching** properties will be used to match the user accounts and groups in LinkedIn Elevate for update operations. Select the Save button to commit any changes.
+
+![LinkedIn Elevate Provisioning](./media/active-directory-saas-linkedin-elevate-provisioning-tutorial/linkedin_elevate4.PNG)
+
+15) To enable the Azure AD provisioning service for LinkedIn Elevate, change the **Provisioning Status** to **On** in the **Settings** section
+
+16) Click **Save**. 
+
+This will start the initial synchronization of any users and/or groups assigned to LinkedIn Elevate in the Users and Groups section. Note that the initial sync will take longer to perform than subsequent syncs, which occur approximately every 20 minutes as long as the service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity reports, which describe all actions performed by the provisioning service on your LinkedIn Elevate app.
+
+
+## Additional Resources
+
+* [Managing user account provisioning for Enterprise Apps](active-directory-enterprise-apps-manage-provisioning.md)
+* [What is application access and single sign-on with Azure Active Directory?](active-directory-appssoaccess-whatis.md)
@@ -0,0 +1,225 @@
+---
+title: 'Tutorial: Azure Active Directory integration with Wingspan eTMF | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and Wingspan eTMF.
+services: active-directory
+documentationCenter: na
+author: jeevansd
+manager: femila
+
+ms.assetid: ace320d3-521c-449c-992f-feabe7538de7
+ms.service: active-directory
+ms.workload: identity
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: article
+ms.date: 04/19/2017
+ms.author: jeedes
+
+---
+# Tutorial: Azure Active Directory integration with Wingspan eTMF
+
+In this tutorial, you learn how to integrate Wingspan eTMF with Azure Active Directory (Azure AD).
+
+Integrating Wingspan eTMF with Azure AD provides you with the following benefits:
+
+- You can control in Azure AD who has access to Wingspan eTMF
+- You can enable your users to automatically get signed-on to Wingspan eTMF (Single Sign-On) with their Azure AD accounts
+- You can manage your accounts in one central location - the Azure portal
+
+If you want to know more details about SaaS app integration with Azure AD, see [what is application access and single sign-on with Azure Active Directory](active-directory-appssoaccess-whatis.md).
+
+## Prerequisites
+
+To configure Azure AD integration with Wingspan eTMF, you need the following items:
+
+- An Azure AD subscription
+- A Wingspan eTMF single-sign on enabled subscription
+
+> [!NOTE]
+> To test the steps in this tutorial, we do not recommend using a production environment.
+
+To test the steps in this tutorial, you should follow these recommendations:
+
+- Do not use your production environment, unless it is necessary.
+- If you don't have an Azure AD trial environment, you can get a one-month trial [here](https://azure.microsoft.com/pricing/free-trial/).
+
+## Scenario description
+In this tutorial, you test Azure AD single sign-on in a test environment. 
+The scenario outlined in this tutorial consists of two main building blocks:
+
+1. Adding Wingspan eTMF from the gallery
+2. Configuring and testing Azure AD single sign-on
+
+## Adding Wingspan eTMF from the gallery
+To configure the integration of Wingspan eTMF into Azure AD, you need to add Wingspan eTMF from the gallery to your list of managed SaaS apps.
+
+**To add Wingspan eTMF from the gallery, perform the following steps:**
+
+1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon. 
+
+	![Active Directory][1]
+
+2. Navigate to **Enterprise applications**. Then go to **All applications**.
+
+	![Applications][2]
+	
+3. To add new application, click **New application** button on the top of dialog.
+
+	![Applications][3]
+
+4. In the search box, type **Wingspan eTMF**.
+
+	![Creating an Azure AD test user](./media/active-directory-saas-wingspanetmf-tutorial/tutorial_wingspanetmf_search.png)
+
+5. In the results panel, select **Wingspan eTMF**, and then click **Add** button to add the application.
+
+	![Creating an Azure AD test user](./media/active-directory-saas-wingspanetmf-tutorial/tutorial_wingspanetmf_addfromgallery.png)
+
+##  Configuring and testing Azure AD single sign-on
+In this section, you configure and test Azure AD single sign-on with Wingspan eTMF based on a test user called "Britta Simon."
+
+For single sign-on to work, Azure AD needs to know what the counterpart user in Wingspan eTMF is to a user in Azure AD. In other words, a link relationship between an Azure AD user and the related user in Wingspan eTMF needs to be established.
+
+This link relationship is established by assigning the value of the **user name** in Azure AD as the value of the **Username** in Wingspan eTMF.
+
+To configure and test Azure AD single sign-on with Wingspan eTMF, you need to complete the following building blocks:
+
+1. **[Configuring Azure AD Single Sign-On](#configuring-azure-ad-single-sign-on)** - to enable your users to use this feature.
+2. **[Creating an Azure AD test user](#creating-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
+3. **[Creating a Wingspan eTMF test user](#creating-a-wingspan-etmf-test-user)** - to have a counterpart of Britta Simon in Wingspan eTMF that is linked to the Azure AD representation of user.
+4. **[Assigning the Azure AD test user](#assigning-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
+5. **[Testing Single Sign-On](#testing-single-sign-on)** - to verify whether the configuration works.
+
+### Configuring Azure AD single sign-on
+
+In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your Wingspan eTMF application.
+
+**To configure Azure AD single sign-on with Wingspan eTMF, perform the following steps:**
+
+1. In the Azure portal, on the **Wingspan eTMF** application integration page, click **Single sign-on**.
+
+	![Configure Single Sign-On][4]
+
+2. On the **Single sign-on** dialog, select **Mode** as	**SAML-based Sign-on** to enable single sign-on.
+ 
+	![Configure Single Sign-On](./media/active-directory-saas-wingspanetmf-tutorial/tutorial_wingspanetmf_samlbase.png)
+
+3. On the **Wingspan eTMF Domain and URLs** section, perform the following steps:
+
+	![Configure Single Sign-On](./media/active-directory-saas-wingspanetmf-tutorial/tutorial_wingspanetmf_url11.png)
+
+    a. In the **Sign-on URL** textbox, type a URL using the following pattern: `https://<customer name>.<instance name>.mywingspan.com/saml`
+
+    b. In the **Identifier** textbox, type a URL using the following pattern: `http://saml.<instance name>.wingspan.com/shibboleth`
+
+	c. In the **Reply URL** textbox, type a URL using the following pattern: `https://<customer name>.<instance name>.mywingspan.com/`
+	 
+	> [!NOTE] 
+	> These values are not the real. Update these values with the actual Sign-On URL, Identifier and Reply URL including the actual customer name and instance name. Contact [Wingspan eTMF Client support team](http://www.wingspan.com/contact-us/) to get these values. 
+
+4. On the **SAML Signing Certificate** section, click **Metadata XML** and then save the metadata file on your computer.
+
+	![Configure Single Sign-On](./media/active-directory-saas-wingspanetmf-tutorial/tutorial_wingspanetmf_certificate.png) 
+
+5. Click **Save** button.
+
+	![Configure Single Sign-On](./media/active-directory-saas-wingspanetmf-tutorial/tutorial_general_400.png)
+
+6. To configure single sign-on on **Wingspan eTMF** side, you need to send the downloaded **Metadata XML** to [Wingspan eTMF support](http://www.wingspan.com/contact-us/). They set this up to have the SAML SSO connection set properly on both sides.
+
+> [!TIP]
+> You can now read a concise version of these instructions inside the [Azure portal](https://portal.azure.com), while you are setting up the app!  After adding this app from the **Active Directory > Enterprise Applications** section, simply click the **Single Sign-On** tab and access the embedded documentation through the **Configuration** section at the bottom. You can read more about the embedded documentation feature here: [Azure AD embedded documentation]( https://go.microsoft.com/fwlink/?linkid=845985)
+ 
+
+### Creating an Azure AD test user
+The objective of this section is to create a test user in the Azure portal called Britta Simon.
+
+![Create Azure AD User][100]
+
+**To create a test user in Azure AD, perform the following steps:**
+
+1. In the **Azure portal**, on the left navigation pane, click **Azure Active Directory** icon.
+
+	![Creating an Azure AD test user](./media/active-directory-saas-wingspanetmf-tutorial/create_aaduser_01.png) 
+
+2. To display the list of users, go to **Users and groups** and click **All users**.
+	
+	![Creating an Azure AD test user](./media/active-directory-saas-wingspanetmf-tutorial/create_aaduser_02.png) 
+
+3. To open the **User** dialog, click **Add** on the top of the dialog.
+ 
+	![Creating an Azure AD test user](./media/active-directory-saas-wingspanetmf-tutorial/create_aaduser_03.png) 
+
+4. On the **User** dialog page, perform the following steps:
+ 
+	![Creating an Azure AD test user](./media/active-directory-saas-wingspanetmf-tutorial/create_aaduser_04.png) 
+
+    a. In the **Name** textbox, type **BrittaSimon**.
+
+    b. In the **User name** textbox, type the **email address** of BrittaSimon.
+
+	c. Select **Show Password** and write down the value of the **Password**.
+
+    d. Click **Create**.
+ 
+### Creating a Wingspan eTMF test user
+
+In this section, you create a user called Britta Simon in Wingspan eTMF. Work with [Wingspan eTMF support](http://www.wingspan.com/contact-us/) to add the users in the Wingspan eTMF application. Users must be created and activated before you use single sign-on.
+
+### Assigning the Azure AD test user
+
+In this section, you enable Britta Simon to use Azure single sign-on by granting access to Wingspan eTMF.
+
+![Assign User][200] 
+
+**To assign Britta Simon to Wingspan eTMF, perform the following steps:**
+
+1. In the Azure portal, open the applications view, and then navigate to the directory view and go to **Enterprise applications** then click **All applications**.
+
+	![Assign User][201] 
+
+2. In the applications list, select **Wingspan eTMF**.
+
+	![Configure Single Sign-On](./media/active-directory-saas-wingspanetmf-tutorial/tutorial_wingspanetmf_app.png) 
+
+3. In the menu on the left, click **Users and groups**.
+
+	![Assign User][202] 
+
+4. Click **Add** button. Then select **Users and groups** on **Add Assignment** dialog.
+
+	![Assign User][203]
+
+5. On **Users and groups** dialog, select **Britta Simon** in the Users list.
+
+6. Click **Select** button on **Users and groups** dialog.
+
+7. Click **Assign** button on **Add Assignment** dialog.
+	
+### Testing single sign-on
+
+In this section, you test your Azure AD single sign-on configuration using the Access Panel. 
+
+Click the Wingspan eTMF tile in the Access Panel, you will be redirected to Organization sign on page. After successful login, you will be signed-on to your Wingspan eTMF application. For more information about the Access Panel, see [Introduction to the Access Panel](https://msdn.microsoft.com/library/dn308586).
+
+## Additional resources
+
+* [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](active-directory-saas-tutorial-list.md)
+* [What is application access and single sign-on with Azure Active Directory?](active-directory-appssoaccess-whatis.md)
+
+
+
+<!--Image references-->
+
+[1]: ./media/active-directory-saas-wingspanetmf-tutorial/tutorial_general_01.png
+[2]: ./media/active-directory-saas-wingspanetmf-tutorial/tutorial_general_02.png
+[3]: ./media/active-directory-saas-wingspanetmf-tutorial/tutorial_general_03.png
+[4]: ./media/active-directory-saas-wingspanetmf-tutorial/tutorial_general_04.png
+
+[100]: ./media/active-directory-saas-wingspanetmf-tutorial/tutorial_general_100.png
+
+[200]: ./media/active-directory-saas-wingspanetmf-tutorial/tutorial_general_200.png
+[201]: ./media/active-directory-saas-wingspanetmf-tutorial/tutorial_general_201.png
+[202]: ./media/active-directory-saas-wingspanetmf-tutorial/tutorial_general_202.png
+[203]: ./media/active-directory-saas-wingspanetmf-tutorial/tutorial_general_203.png
+