RC: SAML Domain Verification - integration guides

content/operate/rc/security/access-control/saml-sso/saml-integration-auth0.md

@@ -15,6 +15,8 @@ This guide shows how to configure [Auth0](https://auth0.com/docs) as a SAML sing
 
 To learn more about Redis Cloud support for SAML, see [SAML single sign-on]({{< relref "/operate/rc/security/access-control/saml-sso" >}}).
 
+Before completing this guide, you must [verify ownership of any domains]({{< relref "/operate/rc/security/access-control/saml-sso#verify-domain" >}}) you want to associate with your SAML setup.
+
 ## Step 1: Set up your identity provider (IdP)
 
 ### Specify the SAML owner
@@ -117,17 +119,13 @@ To activate SAML, you need to have a local user (or social sign-on user) with th
     * **IdP server URL**: Identity Provider Login URL from Auth0
     * **Assertion signing certificate**: Certificate value from Auth0
 
-    You will also have to add:
-
-    * **Email domain binding**: The domain used in your company's email addresses
-
-    {{<image filename="images/rc/saml/auth0_saml_11.png" >}}
+    {{<image filename="images/rc/saml/sm_saml_1.png" >}}
 
     Once you click **Enable**, wait a few seconds for the status to change.
 
 1. Download the service provider (SP) metadata. Save the file to your local hard disk.
 
-    {{<image filename="images/rc/saml/auth0_saml_15.png" >}}
+    {{<image filename="images/rc/saml/sm_saml_3.png" >}}
 
 1. Open the file in any text editor. Save the following text from the metadata:
 
@@ -190,6 +188,3 @@ Replace `ID` so it matches the `AssertionConsumerService` Location URL ID (the c
 1. Enter your SAML email and select **Login**. 
 
 You have successfully configured SAML as an identification provider.
-
-{{<image filename="images/rc/saml/auth0_saml_14.png" >}}
-

content/operate/rc/security/access-control/saml-sso/saml-integration-aws-identity-center.md

@@ -15,6 +15,8 @@ This guide shows how to configure [AWS IAM Identity Center](https://aws.amazon.c
 
 To learn more about Redis Cloud support for SAML, see [SAML single sign-on]({{< relref "/operate/rc/security/access-control/saml-sso" >}}).
 
+Before completing this guide, you must [verify ownership of any domains]({{< relref "/operate/rc/security/access-control/saml-sso#verify-domain" >}}) you want to associate with your SAML setup.
+
 ## Step 1: Setup your identity provider (IdP)
 
 ### Create the AWS IAM Identity Center SAML application
@@ -68,35 +70,29 @@ Sign in to your account on the [Redis Cloud console](https://app.redislabs.com/#
 
 To activate SAML, you must have a local user (or social sign-on user) with the `owner` role. If you have the correct permissions, you will see the **Single Sign-On** tab.
 
-   {{<image filename="images/rc/saml/aws_iam_identity_center_saml_7.png" >}}
-
 1. Add the information you saved previously in the **Configuration setup** screen. This includes:
 
    * **Issuer (IdP Entity ID)**: IAM Identity Center SAML issuer URL.
    * **IdP server URL**: IAM Identity Center sign-in URL.
    * **Assertion signing certificate**: Drag and drop the certificate file you downloaded to disk in the form text area.
 
-   Also add:
-
-   * **Email domain binding** - The domain used in your company's email addresses.
-
-     {{<image filename="images/rc/saml/aws_iam_identity_center_saml_8.png" >}}
+     {{<image filename="images/rc/saml/sm_saml_1.png" >}}
 
    Select **Enable** and wait a few seconds for the status to change.
 
 1. Select **Download** to get the service provider (SP) metadata. Save the file to your local hard disk.
 
-   {{<image filename="images/rc/saml/aws_iam_identity_center_saml_9.png" >}}
+   {{<image filename="images/rc/saml/sm_saml_3.png" >}}
 
 1. Open the file in any text editor. Save the following text from the metadata:
 
    * **EntityID** - The unique name of the service provider (SP).
 
      {{<image filename="images/rc/saml/sm_saml_4.png" >}}
 
-* **Location** : The location of the assertion consumer service.
+   * **Location** : The location of the assertion consumer service.
 
-  {{<image filename="images/rc/saml/sm_saml_5.png" >}}
+      {{<image filename="images/rc/saml/sm_saml_5.png" >}}
 
 ## Step 3: Finish SAML configuration in AWS IAM Identity Center's Redis Cloud Application
 
@@ -140,11 +136,11 @@ The final step in our SAML integration with AWS IAM identity Center is to activa
 
 1. In the Single Sign-On screen, select **Activate**.
 
-   {{<image filename="images/rc/saml/aws_iam_identity_center_saml_15.png" >}}
+   {{<image filename="images/rc/saml/sm_saml_8.png" >}}
 
   A logout notification screen displays, letting you know that you are redirected to AWS IAM Identity Center's login screen.
 
-   {{<image filename="images/rc/saml/aws_iam_identity_center_saml_16.png" >}}
+   {{<image filename="images/rc/saml/sm_saml_9.png" >}}
 
 1. Enter your AWS IAM Identity Center credentials.
 
@@ -157,5 +153,3 @@ The final step in our SAML integration with AWS IAM identity Center is to activa
   A message displays, stating that your local user is now converted to a SAML user. Select **Confirm**.
 
    You have successfully configured AWS IAM Identity Center as an identification provider.
-
-   {{<image filename="images/rc/saml/aws_iam_identity_center_saml_22.png" >}}

content/operate/rc/security/access-control/saml-sso/saml-integration-azure-ad.md

@@ -15,6 +15,8 @@ This guide shows how to configure [Microsoft Azure Active Directory](https://lea
 
 To learn more about Redis Cloud support for SAML, see [SAML single sign on]({{< relref "/operate/rc/security/access-control/saml-sso" >}}).
 
+Before completing this guide, you must [verify ownership of any domains]({{< relref "/operate/rc/security/access-control/saml-sso#verify-domain" >}}) you want to associate with your SAML setup.
+
 ## Step 1: Set up your identity provider (IdP)
 
 To create the Azure AD SAML Toolkit integration application:
@@ -84,17 +86,13 @@ To activate SAML, you must have a local user (or social sign-on user) with the *
    * **IdP server URL**: Login URL
    * **Assertion signing certificate**: Drag-and-drop the certificate file you downloaded to disk in the form text area
 
-   Also add:
-
-   * **Email domain binding**: The domain used in your company's email addresses
-
      {{<image filename="images/rc/saml/sm_saml_1.png" >}}
 
-   Once you click the **enable** button, wait a few seconds for the status to change.
+   Once you click the **Enable** button, wait a few seconds for the status to change.
 
 1. You will then be able to **download** the service provider (SP) metadata. Save the file to your local hard disk.
 
-    {{<image filename="images/rc/saml/ad_saml_10.png" >}}
+    {{<image filename="images/rc/saml/sm_saml_3.png" >}}
 
 1. Open the file in any text editor. Save the following text from the metadata:
 
@@ -176,8 +174,6 @@ To activate SAML, you must have a local user (or social sign-on user) with the *
 
    You have successfully configured SAML as an identification provider.
 
-    {{<image filename="images/rc/saml/ad_saml_22.png" >}}
-
 ## Claim conditions and user groups
 
 If your users are going to be part of different Groups, you can create a Claim Condition for the `redisAccountMapping` attribute.

content/operate/rc/security/access-control/saml-sso/saml-integration-google.md

@@ -15,6 +15,8 @@ This guide shows how to configure [Google Workspace](https://workspace.google.co
 
 To learn more about Redis Cloud support for SAML, see [SAML single sign-on]({{< relref "/operate/rc/security/access-control/saml-sso" >}}).
 
+Before completing this guide, you must [verify ownership of any domains]({{< relref "/operate/rc/security/access-control/saml-sso#verify-domain" >}}) you want to associate with your SAML setup.
+
 ## Step 1: Set up your identity provider (IdP)
 
 ### Create the Google Workspace SAML application
@@ -55,25 +57,19 @@ Sign in to your account on the [Redis Cloud console](https://app.redislabs.com/#
 
 To activate SAML, you must have a local user (or social sign-on user) with the `owner` role. If you have the correct permissions, you will see the **Single Sign-On** tab.
 
-{{<image filename="images/rc/saml/aws_iam_identity_center_saml_7.png" >}}
-
 1. Add the information you saved previously in the **Google identity provider details** screen. This includes:
 
     * **Issuer (IdP Entity ID)**: `Entity ID`.
     * **IdP server URL**: `SSO URL`.
     * **Assertion signing certificate**: `Certificate`.
 
-   Also add:
-
-    * **Email domain binding**: The domain used in your company's email addresses.
-
-      {{<image filename="images/rc/saml/google_workspace_saml_4.png" >}}
+   {{<image filename="images/rc/saml/sm_saml_1.png" >}}
 
    Select **Enable** and wait a few seconds for the status to change.
 
 1. Select **Download** to get the service provider (SP) metadata. Save the file to your local hard disk.
 
-   {{<image filename="images/rc/saml/google_workspace_saml_5.png" >}}
+   {{<image filename="images/rc/saml/sm_saml_3.png" >}}
 
 1. Open the file in any text editor. Save the following text from the metadata:
 
@@ -159,7 +155,7 @@ The final step in our SAML integration with AWS IAM identity Center is to activa
 
 1. In the Single Sign-On screen, select **Activate**.
 
-   {{<image filename="images/rc/saml/google_workspace_saml_17.png" >}}
+   {{<image filename="images/rc/saml/sm_saml_8.png" >}}
 
 A logout notification screen displays, letting you know that you are redirected to Google's login screen.
 
@@ -174,5 +170,3 @@ A logout notification screen displays, letting you know that you are redirected
 A message displays, stating that your local user is now converted to a SAML user. Select **Confirm**.
 
 You have successfully configured Google Workspace as an identification provider.
-
-{{<image filename="images/rc/saml/google_workspace_saml_20.png" >}}

content/operate/rc/security/access-control/saml-sso/saml-integration-okta-generic.md

@@ -17,6 +17,8 @@ Learn how to use the generic application template. You can also refer to the [Or
 
 To learn more about Redis Cloud support for SAML, see [SAML single sign-on]({{< relref "/operate/rc/security/access-control/saml-sso" >}}).
 
+Before completing this guide, you must [verify ownership of any domains]({{< relref "/operate/rc/security/access-control/saml-sso#verify-domain" >}}) you want to associate with your SAML setup.
+
 ## Step 1: Set up your demo identity provider (IdP)
 
 To create the Okta SAML integration application:
@@ -43,10 +45,7 @@ To create the Okta SAML integration application:
 
     * **Single sign-on URL**: `http://www.fake.com`. This is a temporary mock URL that you will modify later.
     * **Audience URI (SP Entity ID)**: `http://www.fake.com`. This is a temporary mock URL that you will modify later.
-
-    > Complete the **Default RelayState** field only if you need your SAML flow to be IdP initiated.
-
-    * **Default RelayState**: `https://app.redislabs.com/#/login/?idpId=XXXXXX`. You will need to complete this URL with the `idpId` later. 
+    * **Default RelayState**: `https://app.redislabs.com/#/login/?idpId=XXXXXX`. You will need to complete this URL with the `idpId` later. _Complete this field only if you need your SAML flow to be IdP initiated._
     * **Name ID forma**: `Unspecified`
     * **Application username**: `Okta username`
     * **Update application username on**: `Create and update`
@@ -214,14 +213,12 @@ To activate SAML, you must have a local user (or social sign-on user) with the *
 
 1. Fill in the information you saved in step 6 in the **setup** form, including:
 
-    * **Identity Provider Single Sign-On URL:**
-    * **Identity Provider Issuer**
-    * **X.509 Certificate**
+    * **IdP Server URL**: Identity Provider Single Sign-On URL
+    * **Issuer**: Identity Provider Issuer
+    * **Assertion signing certificate**: X.509 Certificate
 
     {{<image filename="images/rc/saml/sm_saml_1.png" >}}
 
-    {{<image filename="images/rc/saml/sm_saml_2.png" >}}
-
 1. Select **Enable** and wait a few seconds for the status to change. You are then able to download the service provider (SP) metadata. Save the file to your local hard disk.
 
     {{<image filename="images/rc/saml/sm_saml_3.png" >}}
@@ -256,7 +253,7 @@ To activate SAML, you must have a local user (or social sign-on user) with the *
 
     {{<image filename="images/rc/saml/sm_saml_8.png" >}}
 
-  A popup appears, stating that to test the SAML connection, you need to log in with Okta credentials of the user defined in the Redis Cloud group. This user is part of the group to which you assigned the Redis Cloud application.
+    A popup appears, stating that to test the SAML connection, you need to log in with Okta credentials of the user defined in the Redis Cloud group. This user is part of the group to which you assigned the Redis Cloud application.
 
     {{<image filename="images/rc/saml/sm_saml_9.png" >}}
 
@@ -272,14 +269,8 @@ To activate SAML, you must have a local user (or social sign-on user) with the *
 
     {{<image filename="images/rc/saml/okta_saml_app_int_15.png" >}}
 
-1. If only one user is defined in Redis Cloud console, you get a popup window where you select **Confirm** to convert the local user to a SAML user. 
-
-    > Consider setting up one more local user other than a SAML user.
+1. If only one user is defined in Redis Cloud console, you get a popup window where you select **Confirm** to convert the local user to a SAML user. Consider setting up one more local user other than a SAML user.
 
     {{<image filename="images/rc/saml/okta_saml_app_int_16.png" >}}
 
 1. You have successfully configured SAML as an identity provider.
-
-    {{<image filename="images/rc/saml/okta_saml_app_int_17.png" >}}
-
-    {{<image filename="images/rc/saml/okta_saml_app_int_18.png" >}}

content/operate/rc/security/access-control/saml-sso/saml-integration-okta-org2org.md

@@ -17,6 +17,8 @@ This guide shows how to use the Org2Org application template. You can also use t
 
 To learn more about Redis Cloud support for SAML, see [SAML single sign-on]({{< relref "/operate/rc/security/access-control/saml-sso" >}}).
 
+Before completing this guide, you must [verify ownership of any domains]({{< relref "/operate/rc/security/access-control/saml-sso#verify-domain" >}}) you want to associate with your SAML setup.
+
 ## Step 1: Set up your identity provider 
 
 ### Create the Okta SAML integration application
@@ -190,14 +192,12 @@ To activate SAML, you must have a local user (or social sign-on user) with the *
 
 1. Add the information you saved previously in the **setup** form (step 1), including:
 
-   * **Issuer (IdP Entity ID)**: _Required_
-   * **IdP server URL**: _Required_
+   * **Issuer (IdP Entity ID)**: IdP Issuer URI
+   * **IdP server URL**: IdP Single Sign-On Url
    * **Assertion signing certificate**: Drag and drop the file you downloaded to disk in the form text area.
 
     {{<image filename="images/rc/saml/sm_saml_1.png" alt="Use the Okta admin console to locate the Org2Org application template." >}}
 
-    {{<image filename="images/rc/saml/sm_saml_2.png" >}}
-
 1. Select **Enable** and wait a few seconds for the status to change. Then, download the service provider (SP) metadata. Save the file to your local hard disk.
 
     {{<image filename="images/rc/saml/sm_saml_3.png" >}}
@@ -257,6 +257,4 @@ Replace `<ID>` so it matches the AssertionConsumerService Location URL ID (the c
 
     {{<image filename="images/rc/saml/sm_saml_12.png" >}}
 
-You have successfully configured SAML as an identity provider.
-
-{{<image filename="images/rc/saml/sm_saml_13.png" >}}
+You have successfully configured SAML as an identity provider.

content/operate/rc/security/access-control/saml-sso/saml-integration-ping-identity.md

@@ -15,6 +15,8 @@ This guide shows how to configure [PingIdentity](https://docs.pingidentity.com/p
 
 To learn more about Redis Cloud support for SAML, see [SAML single sign-on]({{< relref "/operate/rc/security/access-control/saml-sso" >}}).
 
+Before completing this guide, you must [verify ownership of any domains]({{< relref "/operate/rc/security/access-control/saml-sso#verify-domain" >}}) you want to associate with your SAML setup.
+
 ## Step 1: Set up your identity provider (IdP)
 
 ### Add the `redisAccountMapping` attribute
@@ -118,13 +120,13 @@ To activate SAML, you must have a local user (or social sign-on user) with the *
 
     * **Email domain binding**: The domain used in your company's email addresses
 
-    {{<image filename="images/rc/saml/ping_identity_saml_12.png" >}}
+    {{<image filename="images/rc/saml/sm_saml_1.png" >}}
 
     Select **Enable** and wait a few seconds for the status to change.
 
 1. You will then be able to **Download** the service provider (SP) metadata. Save the file to your local hard disk.
 
-    {{<image filename="images/rc/saml/ping_identity_saml_18.png" >}}
+    {{<image filename="images/rc/saml/sm_saml_3.png" >}}
 
 1. Open the file in any text editor. Save the following text from the metadata:
 
@@ -164,7 +166,7 @@ To activate SAML, you must have a local user (or social sign-on user) with the *
 
 1. A popup appears, explaining that to test the SAML connection, you need to log in with credentials of a user defined in Ping Federate.
 
-    {{<image filename="images/rc/saml/sm_saml_13.png" >}}
+    {{<image filename="images/rc/saml/sm_saml_9.png" >}}
 
 1. The Ping Federate login screen will appear. Enter the credentials and select **Sign In**.
 
@@ -180,8 +182,6 @@ To activate SAML, you must have a local user (or social sign-on user) with the *
 
    You have successfully configured SAML as an identity provider.
 
-    {{<image filename="images/rc/saml/ping_identity_saml_15.png" >}}
-
 ## IdP-initiated SSO
 
 `https://app.redislabs.com/#/login/?idpId=`