From 009873d6edc96151bff677c20a4a4de49be43f01 Mon Sep 17 00:00:00 2001
From: ditaccms-bot <ditaccms-bot@sap.com>
Date: Wed, 27 Nov 2024 15:46:55 +0000
Subject: [PATCH] Update from SAP DITA CMS (squashed):

commit 3ca1b364b2509aeb64ccbdd1948c6c17e7b7c408
Author: REDACTED
Date:   Wed Nov 27 14:37:31 2024 +0000

    Update from SAP DITA CMS 2024-11-27 14:37:31

    Project: dita-all/wbz1500991557538
    Project map: 1334e860f4d64684a929f6a7afeea339.ditamap
    Output: loio629f7cb06f6947988dcaf8bedbe45873
    Language: en-US
    Builddable map: 542fb1b8806149fc8f6953d896e46f50.ditamap

commit 981ab53c61c5d81598629b427982fa8d95ce1be1
Author: REDACTED
Date:   Wed Nov 27 11:36:56 2024 +0000

    Update from SAP DITA CMS 2024-11-27 11:36:56

    Project: dita-all/wbz1500991557538
    Project map: 1334e860f4d64684a929f6a7afeea339.ditamap
    Output: loio629f7cb06f6947988dcaf8bedbe45873
    Language: en-US
    Builddable map: 542fb1b8806149fc8f6953d896e46f50.ditamap

commit eeb72f0f41deb06fd89babf86cf30db688559eb4
Author: REDACTED
Date:   Wed Nov 27 01:54:50 2024 +0000

    Update from SAP DITA CMS 2024-11-27 01:54:50

    Project: dita-all/wbz1500991557538
    Project map: 1334e860f4d64684a929f6a7afeea339.ditamap

##################################################
[Remaining squash message was removed before commit...]
---
 ...tions-section-on-sign-in-screen-c9e717e.md |   2 +-
 .../change-a-tenant-s-display-name-a513c91.md |   2 +-
 ...exts-via-administration-console-c24b1d0.md |   2 +-
 ...igure-allowed-logon-identifiers-3adf1ff.md |   2 +-
 ...console-restricted-availability-fe6e30c.md |   2 +-
 ...t-language-for-end-user-screens-2cb73c3.md |   2 +-
 ...-all-applications-in-the-tenant-1aab51a.md |   2 +-
 .../configure-idp-initiated-sso-5d59caa.md    | 168 +++++++++---------
 ...assword-and-email-link-validity-f8093f4.md |   2 +-
 ...links-section-on-sign-in-screen-060c032.md |   2 +-
 ...erver-for-application-processes-ccc7ba1.md |   2 +-
 ...exts-via-administration-console-c068ac9.md |   2 +-
 .../configure-p-user-next-index-045bb1c.md    |   2 +-
 ...ure-radius-server-settings-beta-03043ae.md |   2 +-
 .../configure-session-timeout-5ca23e4.md      |   2 +-
 ...rvice-in-administration-console-3fdc9e1.md |   2 +-
 .../configure-tenant-images-8742046.md        |   2 +-
 ...igure-trust-this-browser-option-5b8377e.md |   2 +-
 ...2-0-corporate-identity-provider-33832e5.md |   2 +-
 .../configure-trusted-domains-08fa1fe.md      |   2 +-
 ...gure-user-identifier-attributes-8b9fa88.md |   2 +-
 ...ficates-for-user-authentication-52c7dcb.md |   2 +-
 .../edit-an-authorization-policy-c76aca6.md   |   2 +
 ...of-totp-two-factor-authenticati-782935e.md |   2 +-
 ...-authenticate-with-certificates-4cf818a.md |   2 +-
 ...-2-0-idp-metadata-via-parameter-2c76690.md |   2 +-
 .../logout-uri-rules-789c752.md               |  10 +-
 .../password-recovery-options-777cee1.md      |   2 +-
 ...ants-for-different-customer-ids-ebd0258.md |   2 +-
 .../rotate-signing-certificates-6621ad5.md    |   2 +-
 .../send-security-alert-emails-c977464.md     |   2 +-
 ...system-notifications-via-emails-aa04a8b.md |   2 +-
 ...t-openid-connect-configurations-3d6abcc.md |   2 +-
 .../tenant-saml-2-0-configurations-e81a19b.md |   2 +-
 ...main-in-identity-authentication-c4db840.md |   2 +-
 docs/sap-concur-032fd80.md                    |   8 +-
 36 files changed, 125 insertions(+), 127 deletions(-)

diff --git a/docs/Operation-Guide/add-instructions-section-on-sign-in-screen-c9e717e.md b/docs/Operation-Guide/add-instructions-section-on-sign-in-screen-c9e717e.md
index 6524bb8..9af23a0 100644
--- a/docs/Operation-Guide/add-instructions-section-on-sign-in-screen-c9e717e.md
+++ b/docs/Operation-Guide/add-instructions-section-on-sign-in-screen-c9e717e.md
@@ -99,7 +99,7 @@ The default value of the `logon.ui.login.instructions` key is empty and nothing
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/change-a-tenant-s-display-name-a513c91.md b/docs/Operation-Guide/change-a-tenant-s-display-name-a513c91.md
index 1c9b553..9c6b974 100644
--- a/docs/Operation-Guide/change-a-tenant-s-display-name-a513c91.md
+++ b/docs/Operation-Guide/change-a-tenant-s-display-name-a513c91.md
@@ -94,7 +94,7 @@ To edit the tenant's display name, proceed as follows:
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/change-tenant-texts-via-administration-console-c24b1d0.md b/docs/Operation-Guide/change-tenant-texts-via-administration-console-c24b1d0.md
index 2fb0183..29f5b06 100644
--- a/docs/Operation-Guide/change-tenant-texts-via-administration-console-c24b1d0.md
+++ b/docs/Operation-Guide/change-tenant-texts-via-administration-console-c24b1d0.md
@@ -122,7 +122,7 @@ The default tenant texts are changed with the custom ones. It may take up to 2 m
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-allowed-logon-identifiers-3adf1ff.md b/docs/Operation-Guide/configure-allowed-logon-identifiers-3adf1ff.md
index 254dc80..c4525d9 100644
--- a/docs/Operation-Guide/configure-allowed-logon-identifiers-3adf1ff.md
+++ b/docs/Operation-Guide/configure-allowed-logon-identifiers-3adf1ff.md
@@ -228,7 +228,7 @@ Users can logon to the applications in the tenant only with the selected logon i
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-customer-managed-keys-in-administration-console-restricted-availability-fe6e30c.md b/docs/Operation-Guide/configure-customer-managed-keys-in-administration-console-restricted-availability-fe6e30c.md
index a934488..76214ea 100644
--- a/docs/Operation-Guide/configure-customer-managed-keys-in-administration-console-restricted-availability-fe6e30c.md
+++ b/docs/Operation-Guide/configure-customer-managed-keys-in-administration-console-restricted-availability-fe6e30c.md
@@ -251,7 +251,7 @@ To configure the customer managed keys via the administration console for SAP Cl
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-default-language-for-end-user-screens-2cb73c3.md b/docs/Operation-Guide/configure-default-language-for-end-user-screens-2cb73c3.md
index e9fde74..472abe4 100644
--- a/docs/Operation-Guide/configure-default-language-for-end-user-screens-2cb73c3.md
+++ b/docs/Operation-Guide/configure-default-language-for-end-user-screens-2cb73c3.md
@@ -116,7 +116,7 @@ The language for the end user screens is set according to the following order of
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-default-risk-based-authentication-for-all-applications-in-the-tenant-1aab51a.md b/docs/Operation-Guide/configure-default-risk-based-authentication-for-all-applications-in-the-tenant-1aab51a.md
index 81c3b8a..31b8166 100644
--- a/docs/Operation-Guide/configure-default-risk-based-authentication-for-all-applications-in-the-tenant-1aab51a.md
+++ b/docs/Operation-Guide/configure-default-risk-based-authentication-for-all-applications-in-the-tenant-1aab51a.md
@@ -206,7 +206,7 @@ The rule is valid for any *IP range*, *Forwarded IP Range*, *Group*, *Authentica
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-idp-initiated-sso-5d59caa.md b/docs/Operation-Guide/configure-idp-initiated-sso-5d59caa.md
index b823b5d..96b2ff3 100644
--- a/docs/Operation-Guide/configure-idp-initiated-sso-5d59caa.md
+++ b/docs/Operation-Guide/configure-idp-initiated-sso-5d59caa.md
@@ -2,76 +2,11 @@
 
 # Configure IdP-Initiated SSO
 
-**Related Information**  
-
-
-[Tenant SAML 2.0 Configurations](tenant-saml-2-0-configurations-e81a19b.md "You as a tenant administrator can view and download the tenant SAML 2.0 metadata. You can also change the name format and update your certificate used by the identity provider to digitally sign the messages for the applications.")
-
-[Get SAML 2.0 IdP Metadata via Parameter](get-saml-2-0-idp-metadata-via-parameter-2c76690.md "Tenant administrator can get the SAML 2.0 metadata via specific parameters.")
-
-[Rotate Signing Certificates](rotate-signing-certificates-6621ad5.md "Tenant administrators must replace existing signing certificates with new ones before they expire. This ensures uninterrupted and secure communication between SAML 2.0 applications (referred to as service providers) and Identity Authentication as the identity provider.")
-
-[Tenant OpenID Connect Configurations](tenant-openid-connect-configurations-3d6abcc.md "You as a tenant administrator can view and configure the tenant OpenID Connect configurations.")
-
-[Change Tenant Texts Via Administration Console](change-tenant-texts-via-administration-console-c24b1d0.md "The change tenant texts option can be used to change the predefined texts and messages for end-user screens available per tenant in Identity Authentication via the administration console.")
-
-[Configure Master Data Texts Via Administration Console](configure-master-data-texts-via-administration-console-c068ac9.md "The master data texts option can be used to configure the predefined master data for each resource in Identity Authentication via the administration console.")
-
-[Configure Links Section on Sign-In Screen](configure-links-section-on-sign-in-screen-060c032.md "You can configure links to appear on the sign-in screen of your applications.")
-
-[Add Instructions Section on Sign-In Screen](add-instructions-section-on-sign-in-screen-c9e717e.md "You can customize the sign-in screen of the Horizon theme with instructions for the user.")
-
-[Configure X.509 Client Certificates for User Authentication](configure-x-509-client-certificates-for-user-authentication-52c7dcb.md "Tenant administrators can configure X.509 client certificates for user authentication as an alternative to authenticating with a user name and a password.")
-
-[Enable Users to Generate and Authenticate with Certificates](enable-users-to-generate-and-authenticate-with-certificates-4cf818a.md "Allow users to generate and authenticate with certificates.")
-
-[Configure Tenant Images](configure-tenant-images-8742046.md "You can configure a custom global logo and, or a background image on the forms for sign-in in, registration, upgrade, password update, and account activation for all applications in a tenant. You can also set a favicon for tenant.")
-
-[Configure Allowed Logon Identifiers](configure-allowed-logon-identifiers-3adf1ff.md "Tenant administrators can choose the allowed logon identifiers for the users.")
-
-[Configure User Identifier Attributes](configure-user-identifier-attributes-8b9fa88.md "Tenant administrators can configure user identifier attributes as required and unique for the tenant.")
-
-[Configure Trust this browser Option](configure-trust-this-browser-option-5b8377e.md "Tenant administrator can set the number of days for which the users won't get prompted for second-factor authentication, if they sign in from the same browser.")
-
-[Enable Back-Up Channels to Send Passcode for Deactivation of TOTP Two-Factor Authentication Devices](enable-back-up-channels-to-send-passcode-for-deactivation-of-totp-two-factor-authenticati-782935e.md "Tenant administrator can configure back-up channels to send TOTP deactivation passcodes to the user.")
-
-[Password Recovery Options](password-recovery-options-777cee1.md "Enable users to reset their password via security questions, PIN code, or email link.")
-
-[Configure Initial Password and Email Link Validity](configure-initial-password-and-email-link-validity-f8093f4.md "As a tenant administrator, you can configure the validity of the initial password and link sent to a user in the various application processes.")
-
-[Configure Session Timeout](configure-session-timeout-5ca23e4.md "As a tenant administrator, you can configure when the session, created at the Identity Authentication tenant, expires.")
-
-[Configure Trusted Domains](configure-trusted-domains-08fa1fe.md "Service providers that delegate authentication to Identity Authentication can protect their applications when using embedded frames, also called overlays, or when allowing user self-registration.")
-
-[Use Custom Domain in Identity Authentication](use-custom-domain-in-identity-authentication-c4db840.md "Identity Authentication allows you to use a custom domain that is different from the default ones (<tenant ID>.accounts.ondemand.com or <tenant ID>.accounts.cloud.sap) - for example www.mytenant.com.")
-
-[Change a Tenant's Display Name](change-a-tenant-s-display-name-a513c91.md "You can configure the tenant's name from the administration console for SAP Cloud Identity Services.")
+Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.
 
-[Configure Default Risk-Based Authentication for All Applications in the Tenant](configure-default-risk-based-authentication-for-all-applications-in-the-tenant-1aab51a.md#loio1aab51ae62b94f79b4c6dac7a00857c2 "You can define rules for authentication according to different risk factors and apply actions like Allow, Deny, and Two-Factor Authentication for all applications in a tenant.")
 
-[Configure Sinch Service in Administration Console](configure-sinch-service-in-administration-console-3fdc9e1.md "Configure Sinch Service to enable Phone Verification via SMS or SMS Two-Factor Authentication in the administration console.")
 
-[Configure RADIUS Server Settings \(Beta\)](configure-radius-server-settings-beta-03043ae.md "Configure Remote Authentication Dial-In User Service (RADIUS) server settings in the administration console for SAP Cloud Identity Services.")
-
-[Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
-
-[Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
-
-[Send System Notifications via Emails](send-system-notifications-via-emails-aa04a8b.md "You can configure the administration console to send emails with information about expiring certificates, system notifications, new administrators, and new applications to specific email addresses or to the emails of all administrators.")
-
-[Configure Customer Managed Keys in Administration Console \(Restricted Availability\)](configure-customer-managed-keys-in-administration-console-restricted-availability-fe6e30c.md "")
-
-[Configure Default Language for End User Screens](configure-default-language-for-end-user-screens-2cb73c3.md "Select the language that the end user screen uses if the language of the browser isn’t in the list of supported languages.")
-
-[Configure P-User Next Index](configure-p-user-next-index-045bb1c.md "Set the value for the P-user next index.")
-
-[Reuse SAP Cloud Identity Services Tenants for Different Customer IDs](reuse-sap-cloud-identity-services-tenants-for-different-customer-ids-ebd0258.md "You as a tenant administrator can reuse an existing tenant for configurations and automated subscriptions.")
-
-[Configure IdP-Initiated SSO with Corporate Identity Providers](configure-idp-initiated-sso-with-corporate-identity-providers-d483a52.md#loiod483a52be22946d5a05951b0fa16221f "This document shows you how to configure identity provider (IdP) initiated single sign-on (SSO) with corporate identity providers.")
-
-<a name="idp_initiated_overview"/>
-
-<!-- idp\_initiated\_overview -->
+<a name="loio5d59caa4a0124dd88f58d285e25ae84d__idp_initiated_overview"/>
 
 ## Overview
 
@@ -165,6 +100,8 @@ The link for IdP-Initiated SSO follows the pattern: `https://<tenant_ID>.account
 > </td>
 > <td valign="top">
 > 
+> No
+> 
 > > ### Note:  
 > > You can choose by the index the correct ACS endpoint for unsolicited SAML response processing. Provide the `index` parameter when the default ACS endpoint, which has been configured via the administration console can't process unsolicited SAML responses.
 > 
@@ -219,28 +156,25 @@ The link for IdP-Initiated SSO follows the pattern: `https://<tenant_ID>.account
 > </tr>
 > </table>
 
+> ### Example:  
+> Richard Wilson, tenant administrator at Company A, would like to set up an IdP-initiated SSO process and has configured the default assertion consumer service \(ACS\) endpoint correctly at the cloud identity provider. Dona Moore, who is an employee at Company A, tries to access the identity provider, but because she does not have a valid session she is prompted to provide credentials. Once Dona has logged in at the IdP, a session is created for her. She is automatically redirected to her application \(the default ACS URL as specified in the service provider \(SP\) metadata\)\).
+> 
+> ![](images/IdP-Initiated_SSO_b493bf7.png)
+> 
+> 1.  User provides credentials; logs on.
+> 2.  Identity Authentication sends assertions.
+> 3.  Service provider validates assertions; gives access rights.
+> 4.  User accesses content.
 
 
-### Example
-
-Richard Wilson, tenant administrator at Company A, would like to set up an IdP-initiated SSO process and has configured the default assertion consumer service \(ACS\) endpoint correctly at the cloud identity provider. Dona Moore, who is an employee at Company A, tries to access the identity provider, but because she does not have a valid session she is prompted to provide credentials. Once Dona has logged in at the IdP, a session is created for her. She is automatically redirected to her application \(the default ACS URL as specified in the service provider \(SP\) metadata\)\).
-
-![](images/IdP-Initiated_SSO_b493bf7.png)
-
-1.  User provides credentials; logs on.
-2.  Identity Authentication sends assertions.
-3.  Service provider validates assertions; gives access rights.
-4.  User accesses content.
-
-<a name="disable_idp_initiated_sso"/>
 
-<!-- disable\_idp\_initiated\_sso -->
+<a name="loio5d59caa4a0124dd88f58d285e25ae84d__section_bm3_4hy_mdc"/>
 
 ## Enable or Disable IdP-Initiated SSO
 
 
 
-## Prerequisites
+### Prerequisites
 
 -   You are assigned the *Manage Tenant Configuration* role. For more information about how to assign administrator roles, see [Edit Administrator Authorizations](edit-administrator-authorizations-86ee374.md).
 
@@ -249,7 +183,7 @@ Richard Wilson, tenant administrator at Company A, would like to set up an IdP-i
 
 
 
-## Context
+### Context
 
 By default, IdP-Initiated SSO is enabled in Identity Authentication. The tenant administrator can disable the IdP-Initiated SSO process via the administration console for SAP Cloud Identity Services.
 
@@ -263,16 +197,78 @@ Use this procedure to disable or enable the IdP-Initiated SSO process.
 
 
 
-## Procedure
+### Procedure
 
 1.  Sign in to the administration console for SAP Cloud Identity Services.
-
 2.  Choose *Application Resources* \> *Tenant Settings*.
-
 3.  Under *Single-Sign-On*, choose *IdP-Initiated SSO*.
-
 4.  Use the slider under the *Settings* section to disable or enable it.
 
     If the operation is successful, you receive a confirmation message.
 
 
+**Related Information**  
+
+
+[Tenant SAML 2.0 Configurations](tenant-saml-2-0-configurations-e81a19b.md "You as a tenant administrator can view and download the tenant SAML 2.0 metadata. You can also change the name format and update your certificate used by the identity provider to digitally sign the messages for the applications.")
+
+[Get SAML 2.0 IdP Metadata via Parameter](get-saml-2-0-idp-metadata-via-parameter-2c76690.md "Tenant administrator can get the SAML 2.0 metadata via specific parameters.")
+
+[Rotate Signing Certificates](rotate-signing-certificates-6621ad5.md "Tenant administrators must replace existing signing certificates with new ones before they expire. This ensures uninterrupted and secure communication between SAML 2.0 applications (referred to as service providers) and Identity Authentication as the identity provider.")
+
+[Tenant OpenID Connect Configurations](tenant-openid-connect-configurations-3d6abcc.md "You as a tenant administrator can view and configure the tenant OpenID Connect configurations.")
+
+[Change Tenant Texts Via Administration Console](change-tenant-texts-via-administration-console-c24b1d0.md "The change tenant texts option can be used to change the predefined texts and messages for end-user screens available per tenant in Identity Authentication via the administration console.")
+
+[Configure Master Data Texts Via Administration Console](configure-master-data-texts-via-administration-console-c068ac9.md "The master data texts option can be used to configure the predefined master data for each resource in Identity Authentication via the administration console.")
+
+[Configure Links Section on Sign-In Screen](configure-links-section-on-sign-in-screen-060c032.md "You can configure links to appear on the sign-in screen of your applications.")
+
+[Add Instructions Section on Sign-In Screen](add-instructions-section-on-sign-in-screen-c9e717e.md "You can customize the sign-in screen of the Horizon theme with instructions for the user.")
+
+[Configure X.509 Client Certificates for User Authentication](configure-x-509-client-certificates-for-user-authentication-52c7dcb.md "Tenant administrators can configure X.509 client certificates for user authentication as an alternative to authenticating with a user name and a password.")
+
+[Enable Users to Generate and Authenticate with Certificates](enable-users-to-generate-and-authenticate-with-certificates-4cf818a.md "Allow users to generate and authenticate with certificates.")
+
+[Configure Tenant Images](configure-tenant-images-8742046.md "You can configure a custom global logo and, or a background image on the forms for sign-in in, registration, upgrade, password update, and account activation for all applications in a tenant. You can also set a favicon for tenant.")
+
+[Configure Allowed Logon Identifiers](configure-allowed-logon-identifiers-3adf1ff.md "Tenant administrators can choose the allowed logon identifiers for the users.")
+
+[Configure User Identifier Attributes](configure-user-identifier-attributes-8b9fa88.md "Tenant administrators can configure user identifier attributes as required and unique for the tenant.")
+
+[Configure Trust this browser Option](configure-trust-this-browser-option-5b8377e.md "Tenant administrator can set the number of days for which the users won't get prompted for second-factor authentication, if they sign in from the same browser.")
+
+[Enable Back-Up Channels to Send Passcode for Deactivation of TOTP Two-Factor Authentication Devices](enable-back-up-channels-to-send-passcode-for-deactivation-of-totp-two-factor-authenticati-782935e.md "Tenant administrator can configure back-up channels to send TOTP deactivation passcodes to the user.")
+
+[Password Recovery Options](password-recovery-options-777cee1.md "Enable users to reset their password via security questions, PIN code, or email link.")
+
+[Configure Initial Password and Email Link Validity](configure-initial-password-and-email-link-validity-f8093f4.md "As a tenant administrator, you can configure the validity of the initial password and link sent to a user in the various application processes.")
+
+[Configure Session Timeout](configure-session-timeout-5ca23e4.md "As a tenant administrator, you can configure when the session, created at the Identity Authentication tenant, expires.")
+
+[Configure Trusted Domains](configure-trusted-domains-08fa1fe.md "Service providers that delegate authentication to Identity Authentication can protect their applications when using embedded frames, also called overlays, or when allowing user self-registration.")
+
+[Use Custom Domain in Identity Authentication](use-custom-domain-in-identity-authentication-c4db840.md "Identity Authentication allows you to use a custom domain that is different from the default ones (<tenant ID>.accounts.ondemand.com or <tenant ID>.accounts.cloud.sap) - for example www.mytenant.com.")
+
+[Change a Tenant's Display Name](change-a-tenant-s-display-name-a513c91.md "You can configure the tenant's name from the administration console for SAP Cloud Identity Services.")
+
+[Configure Default Risk-Based Authentication for All Applications in the Tenant](configure-default-risk-based-authentication-for-all-applications-in-the-tenant-1aab51a.md#loio1aab51ae62b94f79b4c6dac7a00857c2 "You can define rules for authentication according to different risk factors and apply actions like Allow, Deny, and Two-Factor Authentication for all applications in a tenant.")
+
+[Configure Sinch Service in Administration Console](configure-sinch-service-in-administration-console-3fdc9e1.md "Configure Sinch Service to enable Phone Verification via SMS or SMS Two-Factor Authentication in the administration console.")
+
+[Configure RADIUS Server Settings \(Beta\)](configure-radius-server-settings-beta-03043ae.md "Configure Remote Authentication Dial-In User Service (RADIUS) server settings in the administration console for SAP Cloud Identity Services.")
+
+[Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
+
+[Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
+
+[Send System Notifications via Emails](send-system-notifications-via-emails-aa04a8b.md "You can configure the administration console to send emails with information about expiring certificates, system notifications, new administrators, and new applications to specific email addresses or to the emails of all administrators.")
+
+[Configure Customer Managed Keys in Administration Console \(Restricted Availability\)](configure-customer-managed-keys-in-administration-console-restricted-availability-fe6e30c.md "")
+
+[Configure Default Language for End User Screens](configure-default-language-for-end-user-screens-2cb73c3.md "Select the language that the end user screen uses if the language of the browser isn’t in the list of supported languages.")
+
+[Configure P-User Next Index](configure-p-user-next-index-045bb1c.md "Set the value for the P-user next index.")
+
+[Reuse SAP Cloud Identity Services Tenants for Different Customer IDs](reuse-sap-cloud-identity-services-tenants-for-different-customer-ids-ebd0258.md "You as a tenant administrator can reuse an existing tenant for configurations and automated subscriptions.")
+
diff --git a/docs/Operation-Guide/configure-initial-password-and-email-link-validity-f8093f4.md b/docs/Operation-Guide/configure-initial-password-and-email-link-validity-f8093f4.md
index b123589..c546869 100644
--- a/docs/Operation-Guide/configure-initial-password-and-email-link-validity-f8093f4.md
+++ b/docs/Operation-Guide/configure-initial-password-and-email-link-validity-f8093f4.md
@@ -201,7 +201,7 @@ To change the validity period of the initial password and the links, follow the
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-links-section-on-sign-in-screen-060c032.md b/docs/Operation-Guide/configure-links-section-on-sign-in-screen-060c032.md
index f6ccb70..fc4a772 100644
--- a/docs/Operation-Guide/configure-links-section-on-sign-in-screen-060c032.md
+++ b/docs/Operation-Guide/configure-links-section-on-sign-in-screen-060c032.md
@@ -172,7 +172,7 @@ To configure your logon links, proceed as follows:
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-mail-server-for-application-processes-ccc7ba1.md b/docs/Operation-Guide/configure-mail-server-for-application-processes-ccc7ba1.md
index a22fc64..5077141 100644
--- a/docs/Operation-Guide/configure-mail-server-for-application-processes-ccc7ba1.md
+++ b/docs/Operation-Guide/configure-mail-server-for-application-processes-ccc7ba1.md
@@ -89,7 +89,7 @@ To configure the mail server, choose one of the procedures below:
 
 [Configure RADIUS Server Settings \(Beta\)](configure-radius-server-settings-beta-03043ae.md "Configure Remote Authentication Dial-In User Service (RADIUS) server settings in the administration console for SAP Cloud Identity Services.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-master-data-texts-via-administration-console-c068ac9.md b/docs/Operation-Guide/configure-master-data-texts-via-administration-console-c068ac9.md
index 315799f..1e3f961 100644
--- a/docs/Operation-Guide/configure-master-data-texts-via-administration-console-c068ac9.md
+++ b/docs/Operation-Guide/configure-master-data-texts-via-administration-console-c068ac9.md
@@ -263,7 +263,7 @@ To change the master data texts via the administration console, proceed as follo
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-p-user-next-index-045bb1c.md b/docs/Operation-Guide/configure-p-user-next-index-045bb1c.md
index dace9eb..1ed1207 100644
--- a/docs/Operation-Guide/configure-p-user-next-index-045bb1c.md
+++ b/docs/Operation-Guide/configure-p-user-next-index-045bb1c.md
@@ -85,7 +85,7 @@ Every user in Identity Authentication has a `User ID` which is an automatically
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-radius-server-settings-beta-03043ae.md b/docs/Operation-Guide/configure-radius-server-settings-beta-03043ae.md
index edf16f5..b9ac246 100644
--- a/docs/Operation-Guide/configure-radius-server-settings-beta-03043ae.md
+++ b/docs/Operation-Guide/configure-radius-server-settings-beta-03043ae.md
@@ -223,7 +223,7 @@ Configure an application to require RADIUS PIN code as a second factor apart fro
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-session-timeout-5ca23e4.md b/docs/Operation-Guide/configure-session-timeout-5ca23e4.md
index 4b62042..d7f2e8f 100644
--- a/docs/Operation-Guide/configure-session-timeout-5ca23e4.md
+++ b/docs/Operation-Guide/configure-session-timeout-5ca23e4.md
@@ -118,7 +118,7 @@ To configure the session timeout period via the administration console for SAP C
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-sinch-service-in-administration-console-3fdc9e1.md b/docs/Operation-Guide/configure-sinch-service-in-administration-console-3fdc9e1.md
index 7c0d6f7..d186d5d 100644
--- a/docs/Operation-Guide/configure-sinch-service-in-administration-console-3fdc9e1.md
+++ b/docs/Operation-Guide/configure-sinch-service-in-administration-console-3fdc9e1.md
@@ -184,7 +184,7 @@ To configure the administration console, follow the procedure below:
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-tenant-images-8742046.md b/docs/Operation-Guide/configure-tenant-images-8742046.md
index b2e6c9f..a24897c 100644
--- a/docs/Operation-Guide/configure-tenant-images-8742046.md
+++ b/docs/Operation-Guide/configure-tenant-images-8742046.md
@@ -160,7 +160,7 @@ To configure a custom tenant logo a background image, and or a favicon, follow p
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-trust-this-browser-option-5b8377e.md b/docs/Operation-Guide/configure-trust-this-browser-option-5b8377e.md
index f3ebdad..c5874e8 100644
--- a/docs/Operation-Guide/configure-trust-this-browser-option-5b8377e.md
+++ b/docs/Operation-Guide/configure-trust-this-browser-option-5b8377e.md
@@ -93,7 +93,7 @@ The *Trust this browser* checkbox appears at sign-in when a second factor is req
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-trust-with-saml-2-0-corporate-identity-provider-33832e5.md b/docs/Operation-Guide/configure-trust-with-saml-2-0-corporate-identity-provider-33832e5.md
index 780b5e0..1626179 100644
--- a/docs/Operation-Guide/configure-trust-with-saml-2-0-corporate-identity-provider-33832e5.md
+++ b/docs/Operation-Guide/configure-trust-with-saml-2-0-corporate-identity-provider-33832e5.md
@@ -300,7 +300,7 @@ Set up trust with a corporate identity provider in the administration console fo
 
 [Edit Administrator Authorizations](edit-administrator-authorizations-86ee374.md "As a tenant administrator, you can edit both your own authorizations and other administrators' authorizations in the administration console for SAP Cloud Identity Services. By editing the administrator authorizations you can also delete an administrator.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Choose Identity Provider Type](choose-identity-provider-type-0838379.md "This topic shows you how to choose a type for the corporate identity provider.")
 
diff --git a/docs/Operation-Guide/configure-trusted-domains-08fa1fe.md b/docs/Operation-Guide/configure-trusted-domains-08fa1fe.md
index f05c58d..6889d92 100644
--- a/docs/Operation-Guide/configure-trusted-domains-08fa1fe.md
+++ b/docs/Operation-Guide/configure-trusted-domains-08fa1fe.md
@@ -106,7 +106,7 @@ You also have to add as trusted the domains for those applications that allow se
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-user-identifier-attributes-8b9fa88.md b/docs/Operation-Guide/configure-user-identifier-attributes-8b9fa88.md
index d1f72d8..69269b3 100644
--- a/docs/Operation-Guide/configure-user-identifier-attributes-8b9fa88.md
+++ b/docs/Operation-Guide/configure-user-identifier-attributes-8b9fa88.md
@@ -328,7 +328,7 @@ Choose the allowed logon identifiers for the users. For more information, see [C
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/configure-x-509-client-certificates-for-user-authentication-52c7dcb.md b/docs/Operation-Guide/configure-x-509-client-certificates-for-user-authentication-52c7dcb.md
index 037506f..26cbd8a 100644
--- a/docs/Operation-Guide/configure-x-509-client-certificates-for-user-authentication-52c7dcb.md
+++ b/docs/Operation-Guide/configure-x-509-client-certificates-for-user-authentication-52c7dcb.md
@@ -170,7 +170,7 @@ To configure a trusted X.509 certificate, proceed as follows:
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/edit-an-authorization-policy-c76aca6.md b/docs/Operation-Guide/edit-an-authorization-policy-c76aca6.md
index 59b14e3..5961170 100644
--- a/docs/Operation-Guide/edit-an-authorization-policy-c76aca6.md
+++ b/docs/Operation-Guide/edit-an-authorization-policy-c76aca6.md
@@ -56,4 +56,6 @@ When you edit an existing custom authorization policy, you can add or delete res
 
 11. Save your changes.
 
+12. To assign users, choose the *Assignments* tab. See [Assign Authorization Policies](assign-authorization-policies-eac8e5e.md).
+
 
diff --git a/docs/Operation-Guide/enable-back-up-channels-to-send-passcode-for-deactivation-of-totp-two-factor-authenticati-782935e.md b/docs/Operation-Guide/enable-back-up-channels-to-send-passcode-for-deactivation-of-totp-two-factor-authenticati-782935e.md
index 0aa3ea3..6d885ef 100644
--- a/docs/Operation-Guide/enable-back-up-channels-to-send-passcode-for-deactivation-of-totp-two-factor-authenticati-782935e.md
+++ b/docs/Operation-Guide/enable-back-up-channels-to-send-passcode-for-deactivation-of-totp-two-factor-authenticati-782935e.md
@@ -119,7 +119,7 @@ Users can choose from the back-up channel options on their profile page if they
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/enable-users-to-generate-and-authenticate-with-certificates-4cf818a.md b/docs/Operation-Guide/enable-users-to-generate-and-authenticate-with-certificates-4cf818a.md
index 4ebf25b..5d4c283 100644
--- a/docs/Operation-Guide/enable-users-to-generate-and-authenticate-with-certificates-4cf818a.md
+++ b/docs/Operation-Guide/enable-users-to-generate-and-authenticate-with-certificates-4cf818a.md
@@ -105,7 +105,7 @@ Enable the *Credential change* security alert emailing to inform the user when a
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/get-saml-2-0-idp-metadata-via-parameter-2c76690.md b/docs/Operation-Guide/get-saml-2-0-idp-metadata-via-parameter-2c76690.md
index 050a528..75d324f 100644
--- a/docs/Operation-Guide/get-saml-2-0-idp-metadata-via-parameter-2c76690.md
+++ b/docs/Operation-Guide/get-saml-2-0-idp-metadata-via-parameter-2c76690.md
@@ -133,7 +133,7 @@ The value is the name of the application as it appears in the *Name* field in th
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/logout-uri-rules-789c752.md b/docs/Operation-Guide/logout-uri-rules-789c752.md
index 802aa38..aadd69a 100644
--- a/docs/Operation-Guide/logout-uri-rules-789c752.md
+++ b/docs/Operation-Guide/logout-uri-rules-789c752.md
@@ -14,7 +14,7 @@ The front and back-channel logout URI must be in the following format:
 
 For example: `https://example.com:70/logout?abc=123`.
 
-When you construct the front and back-channel URIs have the following in mind:
+When you construct the front and back-channel URIs, have the following in mind:
 
 
 
@@ -42,20 +42,20 @@ The length is limited to 499 characters.
     > 
     > https://localhost/logout
 
--   Wildcard - It's allowed in the domain part. The wildcard support is mainly for multitenant applications.
+-   Wildcard - It's allowed in the domain part. Wildcards are only supported in front-channel flows. Although there's no restriction on using wildcards with single tenant apps, the use of wildcards was developed with multitenant applications in mind.
 
     > ### Example:  
     > https://\*.example.com/logout
     > 
     > Allow during authorize call to register a URI with parameter `logout_uri`, for example: `https://app1.example.com/logout`.
 
--   IP Addresses - Usage of IP addresses is not allowed.
+-   IP Addresses - Usage of IP addresses isn't allowed.
 
 
 
 ## Ports \(optional\)
 
-After the domain part you can put the port numbers. Always use a leading colon \(`:`\).
+After the domain part, you can put the port numbers. Always use a leading colon \(`:`\).
 
 > ### Example:  
 > https://example.com:8080/logout
@@ -67,7 +67,7 @@ After the domain part you can put the port numbers. Always use a leading colon \
 ## Fragments
 
 > ### Restriction:  
-> Usage of fragment identifier \(`#`\) is not allowed. For example, you can't use `https://example.com/path#index.html`.
+> Usage of fragment identifier \(`#`\) isn't allowed. For example, you can't use `https://example.com/path#index.html`.
 
 **Related Information**  
 
diff --git a/docs/Operation-Guide/password-recovery-options-777cee1.md b/docs/Operation-Guide/password-recovery-options-777cee1.md
index 5fbe150..f7751a3 100644
--- a/docs/Operation-Guide/password-recovery-options-777cee1.md
+++ b/docs/Operation-Guide/password-recovery-options-777cee1.md
@@ -55,7 +55,7 @@ Enable users to reset their password via security questions, PIN code, or email
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/reuse-sap-cloud-identity-services-tenants-for-different-customer-ids-ebd0258.md b/docs/Operation-Guide/reuse-sap-cloud-identity-services-tenants-for-different-customer-ids-ebd0258.md
index 089df9c..17d6465 100644
--- a/docs/Operation-Guide/reuse-sap-cloud-identity-services-tenants-for-different-customer-ids-ebd0258.md
+++ b/docs/Operation-Guide/reuse-sap-cloud-identity-services-tenants-for-different-customer-ids-ebd0258.md
@@ -92,7 +92,7 @@ Customers that have subsidiaries can reuse existing Identity Authentication tena
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/rotate-signing-certificates-6621ad5.md b/docs/Operation-Guide/rotate-signing-certificates-6621ad5.md
index fd23d38..6ad94a2 100644
--- a/docs/Operation-Guide/rotate-signing-certificates-6621ad5.md
+++ b/docs/Operation-Guide/rotate-signing-certificates-6621ad5.md
@@ -169,7 +169,7 @@ You have received an email notification that your signing certificate is about t
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/send-security-alert-emails-c977464.md b/docs/Operation-Guide/send-security-alert-emails-c977464.md
index fe7b4e8..31753ed 100644
--- a/docs/Operation-Guide/send-security-alert-emails-c977464.md
+++ b/docs/Operation-Guide/send-security-alert-emails-c977464.md
@@ -103,7 +103,7 @@ The security alert e-mails are disabled by default. To start sending security al
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send System Notifications via Emails](send-system-notifications-via-emails-aa04a8b.md "You can configure the administration console to send emails with information about expiring certificates, system notifications, new administrators, and new applications to specific email addresses or to the emails of all administrators.")
 
diff --git a/docs/Operation-Guide/send-system-notifications-via-emails-aa04a8b.md b/docs/Operation-Guide/send-system-notifications-via-emails-aa04a8b.md
index 7e904a1..ed0d3ab 100644
--- a/docs/Operation-Guide/send-system-notifications-via-emails-aa04a8b.md
+++ b/docs/Operation-Guide/send-system-notifications-via-emails-aa04a8b.md
@@ -116,7 +116,7 @@ To start sending system notifications via emails, proceed as follows:
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/tenant-openid-connect-configurations-3d6abcc.md b/docs/Operation-Guide/tenant-openid-connect-configurations-3d6abcc.md
index 59c9b64..09b94e4 100644
--- a/docs/Operation-Guide/tenant-openid-connect-configurations-3d6abcc.md
+++ b/docs/Operation-Guide/tenant-openid-connect-configurations-3d6abcc.md
@@ -290,7 +290,7 @@ To change the default certificate for the tenant, choose the new one from the li
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/tenant-saml-2-0-configurations-e81a19b.md b/docs/Operation-Guide/tenant-saml-2-0-configurations-e81a19b.md
index 9150d52..f65835b 100644
--- a/docs/Operation-Guide/tenant-saml-2-0-configurations-e81a19b.md
+++ b/docs/Operation-Guide/tenant-saml-2-0-configurations-e81a19b.md
@@ -210,7 +210,7 @@ To change the default certificate for the tenant, choose the new one from the li
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/Operation-Guide/use-custom-domain-in-identity-authentication-c4db840.md b/docs/Operation-Guide/use-custom-domain-in-identity-authentication-c4db840.md
index d8fcad4..464744e 100644
--- a/docs/Operation-Guide/use-custom-domain-in-identity-authentication-c4db840.md
+++ b/docs/Operation-Guide/use-custom-domain-in-identity-authentication-c4db840.md
@@ -486,7 +486,7 @@ The custom domain configuration is enabled with the upgrade of Identity Authenti
 
 [Configure Mail Server for Application Processes](configure-mail-server-for-application-processes-ccc7ba1.md "Configure mail server for the emails sent to the end users in the different application processes.")
 
-[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md)
+[Configure IdP-Initiated SSO](configure-idp-initiated-sso-5d59caa.md "Enable or disable IdP-Initiated SSO via the administration console for SAP Cloud Identity Services.")
 
 [Send Security Alert Emails](send-security-alert-emails-c977464.md "Send security alert emails to end-users or administrators when changes in their accounts are made.")
 
diff --git a/docs/sap-concur-032fd80.md b/docs/sap-concur-032fd80.md
index 2ef05fb..6cd537e 100644
--- a/docs/sap-concur-032fd80.md
+++ b/docs/sap-concur-032fd80.md
@@ -837,14 +837,14 @@ To create SAP Concur as a target system, proceed as follows:
     > > ### Code Syntax:  
     > > ```
     > > {
-    > >    "condition":"$.email[?(@.primary== true)] empty false",
-    > >    "sourcePath":"$.email[?(@.primary== true)].value",
+    > >    "condition":"$.emails[?(@.primary== true)] empty false",
+    > >    "sourcePath":"$.emails[?(@.primary== true)].value",
     > >    "targetPath":"$.userName",
     > >    "optional":true
     > > },
     > > {
-    > >    "condition":"$.email[?(@.primary== true)] empty true",
-    > >    "sourcePath":"$.email[0].value",
+    > >    "condition":"$.emails[?(@.primary== true)] empty true",
+    > >    "sourcePath":"$.emails[0].value",
     > >    "targetPath":"$.userName",
     > >    "optional":true
     > > },