diff --git a/code/easyfranchise/source/business-partner-mock-server/server.js b/code/easyfranchise/source/business-partner-mock-server/server.js
index 0975c63..ac92f99 100644
--- a/code/easyfranchise/source/business-partner-mock-server/server.js
+++ b/code/easyfranchise/source/business-partner-mock-server/server.js
@@ -17,7 +17,7 @@ app.get('/sap/opu/odata/sap/API_BUSINESS_PARTNER/A_BusinessPartner', function (r
});
})
-var server = app.listen(8081, '127.0.0.1', function () {
+var server = app.listen(8081, '0.0.0.0', function () {
var host = server.address().address;
if (host === '::') {
host = 'localhost';
diff --git a/code/easyfranchise/source/ui/public/index.html b/code/easyfranchise/source/ui/public/index.html
index cb1d076..4cae005 100644
--- a/code/easyfranchise/source/ui/public/index.html
+++ b/code/easyfranchise/source/ui/public/index.html
@@ -4,7 +4,7 @@
-
+
<%= htmlWebpackPlugin.options.title %>
diff --git a/documentation/configure-ias/get-ias/README.md b/documentation/configure-ias/get-ias/README.md
index abbbccf..c5869ad 100644
--- a/documentation/configure-ias/get-ias/README.md
+++ b/documentation/configure-ias/get-ias/README.md
@@ -10,39 +10,39 @@ As an SAP partner or customer using SAP BTP, you always have an Identity Authori
1. Choose **Entitlements** > **Configure Entitlements**.
- 
+ 
1. Then choose **Add Service Plans**.
- 
+ 
-1. Find and select **Cloud Identity Services** in the pop-up dialog. Select the **default plan** checkbox and add it as service plan.
+1. Find and select **Cloud Identity Services** in the pop-up dialog. Select the **standard plan** checkbox and add it as service plan.
- 
+ 
1. Save the changes on the **Entitlements** page.
- 
+ 
1. Choose **Services** > **Service Marketplace** and select the **Cloud Identity Services** tile.
- 
+ 
1. Under **Application Plans** you should see the **default** plan.
- 
+ 
1. Choose the **Actions (...)** button for the default plan and then choose **Create**.
- 
+ 
1. Verify that **default** is selected as plan and choose **Create** to start creating the instance.
- 
+ 
1. In the upcoming dialog select **View Subscription**.
- 
+ 
1. Verify under **Instances and Subscriptions** that the status of **Cloud Identity Services** has been updated to **Subscribed**.
diff --git a/documentation/configure-ias/get-ias/images/2023-add-default-plan.png b/documentation/configure-ias/get-ias/images/2023-add-default-plan.png
new file mode 100644
index 0000000..e70006c
Binary files /dev/null and b/documentation/configure-ias/get-ias/images/2023-add-default-plan.png differ
diff --git a/documentation/configure-ias/get-ias/images/2023-add-service-plans.png b/documentation/configure-ias/get-ias/images/2023-add-service-plans.png
new file mode 100644
index 0000000..c1afa98
Binary files /dev/null and b/documentation/configure-ias/get-ias/images/2023-add-service-plans.png differ
diff --git a/documentation/configure-ias/get-ias/images/2023-configure-entitlements.png b/documentation/configure-ias/get-ias/images/2023-configure-entitlements.png
new file mode 100644
index 0000000..35659ad
Binary files /dev/null and b/documentation/configure-ias/get-ias/images/2023-configure-entitlements.png differ
diff --git a/documentation/configure-ias/get-ias/images/2023-create-instance-02.png b/documentation/configure-ias/get-ias/images/2023-create-instance-02.png
new file mode 100644
index 0000000..eba03ad
Binary files /dev/null and b/documentation/configure-ias/get-ias/images/2023-create-instance-02.png differ
diff --git a/documentation/configure-ias/get-ias/images/2023-create-instance-03.png b/documentation/configure-ias/get-ias/images/2023-create-instance-03.png
new file mode 100644
index 0000000..6740556
Binary files /dev/null and b/documentation/configure-ias/get-ias/images/2023-create-instance-03.png differ
diff --git a/documentation/configure-ias/get-ias/images/2023-create-instance.png b/documentation/configure-ias/get-ias/images/2023-create-instance.png
new file mode 100644
index 0000000..576d4bd
Binary files /dev/null and b/documentation/configure-ias/get-ias/images/2023-create-instance.png differ
diff --git a/documentation/configure-ias/get-ias/images/2023-default-plan.png b/documentation/configure-ias/get-ias/images/2023-default-plan.png
new file mode 100644
index 0000000..e5e6d81
Binary files /dev/null and b/documentation/configure-ias/get-ias/images/2023-default-plan.png differ
diff --git a/documentation/configure-ias/get-ias/images/2023-save-entitlement.png b/documentation/configure-ias/get-ias/images/2023-save-entitlement.png
new file mode 100644
index 0000000..0833652
Binary files /dev/null and b/documentation/configure-ias/get-ias/images/2023-save-entitlement.png differ
diff --git a/documentation/configure-ias/get-ias/images/2023-select-ias.png b/documentation/configure-ias/get-ias/images/2023-select-ias.png
new file mode 100644
index 0000000..e0c790c
Binary files /dev/null and b/documentation/configure-ias/get-ias/images/2023-select-ias.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/README.md b/documentation/configure-ias/set-trust-between-ias-and-btp/README.md
index f042482..4ec8ae9 100644
--- a/documentation/configure-ias/set-trust-between-ias-and-btp/README.md
+++ b/documentation/configure-ias/set-trust-between-ias-and-btp/README.md
@@ -2,66 +2,69 @@
For more details, please refer to [Manually Establish Trust and Federation Between UAA and Identity Authentication](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/7c6aa87459764b179aeccadccd4f91f3.html#loio7c6aa87459764b179aeccadccd4f91f3) in the SAP official documentation.
## Import Identity Authentication Service Metadata in SAP BTP Subaccount
-1. Open your Identity Authentication tenant and navigate to **Applications & Ressources** > **Tenant Settings**. Then select **SAML 2.0 Configuration**.
-
+1. Open your Identity Authentication tenant and navigate to **Applications & Ressources** > **Tenant Settings**.
+
+
+1. Then select **SAML 2.0 Configuration**.
+
1. Press **Download Metadata File**.
-
+
-1. Open the customer SAP BTP Subaccount (e.g. city-scooter) and navigate to **Security** > **Trust Configuration** and click the button **New Trust Configuration**.
-
+1. Open the customer SAP BTP Subaccount (e.g. city-scooter) and navigate to **Security** > **Trust Configuration** and click the button **New SAML Trust Configuration**.
+
1. Then upload the metadata file previously downloaded.
-
+
1. Fill out fields **Name**, **Description** and **Link Text for User Logon**. Then **Parse** the details and **Save** the details.
-
+
1. By saving the new trust configuration, a new category named **Custom** should be added. Verify that the new configuration for the Identity Authentication service tenant is now visible in this category and that it's active.
-
+
## Import SAP BTP Subaccount Metadata in Identity Authentication Service
1. In your SAP BTP subaccount, download the SAML metadata data of your subaccount by clicking **SAML Metadata** under **Security** > **Trust Configuration**.
-
+
+
+1. Open your Identity Authentication tenant and navigate to **Applications & Ressources** > **Applications**.
+
-1. Open your Identity Authentication tenant and navigate to **Applications & Ressources** > **Applications** and press the button **Create**.
-
+1. Press the button **Create**.
+
1. Then fill the fields **Application Display Name** and **Application Type**. Click save.
-
+
1. In the newly created application, click **SAML 2.0 Configuration**.
-
+
1. Then upload metadata file downloaded in SAP BTP subaccount previously.
-
+
1. Navigate to **Default Name ID Format**.
-
+
1. Select **E-Mail** as unique attribute and click **Save**.
-
+
-1. Navigate to **Assertion Attributes**.
-
+1. Navigate to **Attributes**.
+
1. Add the new attribute **Groups** from the dropdown-list. Note that the attribute **Groups** is case sensitive but automatically filled as **groups** (first letter is in lower case). Please change it to **Groups** then click **Save** button.
-
+
1. Navigate to **Subject Name Identifier**.
-
+
1. Select **Login Name** in the dropdown box and click **Save**. This means that the the Identity Authentication sends the **Login Name** as `name ID` in the SAML 2.0 assertions, by which the applicaiton can identity the user. Depending on your Identity Authentication Service configuration, you might need a different mapping. For more details please refer to [Configure the Subject Name Identifier Sent to the Application](https://help.sap.com/docs/IDENTITY_AUTHENTICATION/6d6d63354d1242d185ab4830fc04feb1/1d020e3a3ba34c43a71fde70bfa6419a.html)
-
+
> **NOTE:** You can select from the below attributes list the subject name identifier in Identity Authentication tenant. For [Principal Propagation](../../propagate-identity/README.md) to work, the choice of the attribute depends on the user settings of the S/4 HANA Cloud system.
-> 
>
> To check the value of each attribute in your Identity Authentication tenant, please navigate to **User & Authorization** > **User Management** > and select single user to view the details.
>
-> 
-
> In our example the **Login Name** of the S/4 HANA system is used as unique identifier. Therefore, the choice of attribute in Identity Authentication tenant has to match the one in S/4 HANA system. The configuration in your landscape may differ.
>
> 
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-add-attribute-group.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-add-attribute-group.png
new file mode 100644
index 0000000..3b53f8c
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-add-attribute-group.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-add-ias-app-details.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-add-ias-app-details.png
new file mode 100644
index 0000000..342eac0
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-add-ias-app-details.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-add-metadata-details.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-add-metadata-details.png
new file mode 100644
index 0000000..243af87
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-add-metadata-details.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-check-new-active-trust-config.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-check-new-active-trust-config.png
new file mode 100644
index 0000000..5ff89f2
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-check-new-active-trust-config.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-configure-default-name-id-format.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-configure-default-name-id-format.png
new file mode 100644
index 0000000..ca09aea
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-configure-default-name-id-format.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-create-ias-app-01.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-create-ias-app-01.png
new file mode 100644
index 0000000..9d77d1c
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-create-ias-app-01.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-create-ias-app-02.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-create-ias-app-02.png
new file mode 100644
index 0000000..a416e08
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-create-ias-app-02.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-download-btp-metadata.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-download-btp-metadata.png
new file mode 100644
index 0000000..ac4fdd6
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-download-btp-metadata.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-download-metadata.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-download-metadata.png
new file mode 100644
index 0000000..dd21827
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-download-metadata.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-go-to-saml2.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-go-to-saml2.png
new file mode 100644
index 0000000..a25e0e2
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-go-to-saml2.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-ias-app-saml.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-ias-app-saml.png
new file mode 100644
index 0000000..f249d76
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-ias-app-saml.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-import-btp-metadata.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-import-btp-metadata.png
new file mode 100644
index 0000000..076a387
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-import-btp-metadata.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-new-trust-config.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-new-trust-config.png
new file mode 100644
index 0000000..fe520e2
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-new-trust-config.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-assertion-attributes.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-assertion-attributes.png
new file mode 100644
index 0000000..5a2b9ef
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-assertion-attributes.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-email-format.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-email-format.png
new file mode 100644
index 0000000..9c6664f
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-email-format.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-login-name.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-login-name.png
new file mode 100644
index 0000000..73cd41e
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-login-name.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-subject-name-identifier.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-subject-name-identifier.png
new file mode 100644
index 0000000..2779d96
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-select-subject-name-identifier.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-tenant-settings.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-tenant-settings.png
new file mode 100644
index 0000000..588991e
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-tenant-settings.png differ
diff --git a/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-upload-metadata.png b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-upload-metadata.png
new file mode 100644
index 0000000..3959b26
Binary files /dev/null and b/documentation/configure-ias/set-trust-between-ias-and-btp/images/2023-upload-metadata.png differ
diff --git a/documentation/discover/easy-franchise/README.md b/documentation/discover/easy-franchise/README.md
index ec3e998..a44cb8a 100644
--- a/documentation/discover/easy-franchise/README.md
+++ b/documentation/discover/easy-franchise/README.md
@@ -14,7 +14,7 @@ Here is a high-level overview of the multitenant approach:
The SAP partner develops a Kyma-based multitenant application on SAP BTP.
-All multitenant microservices of the application will run in the SAP BTP, Kyma runtime. In addition to that, the SAP partner uses an SAP HANA database to persist the data of the application. As SAP HANA is not yet available in Kyma today, the database will be running in the SAP BTP, Cloud Foundry environment.
+All multitenant microservices of the application will run in the SAP BTP, Kyma runtime. In addition to that, the SAP partner uses an SAP HANA database to persist the data of the application.
To manage customer-specific configuration, the partner creates a dedicated subaccount for each customer. Later on, the system admin of the customer gets access to the subaccount and can maintain the access details to the SAP S/4HANA Cloud tenant and manages the users of the application.
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/README.md b/documentation/federate-idp/establish-trust-between-aad-and-ias/README.md
index 3b47cad..28a4522 100644
--- a/documentation/federate-idp/establish-trust-between-aad-and-ias/README.md
+++ b/documentation/federate-idp/establish-trust-between-aad-and-ias/README.md
@@ -6,12 +6,16 @@ In this chapter we show case the steps to configure the enterprise application i
## Download SAML 2.0 Metadata from Identity Authentication Service
-1. Open the **Identity Authentication Service** and expand **Applications & Resources** to select the **Tenant Settings**. On the right side select **SAML 2.0 Configuration**.
+1. Open the **Identity Authentication Service** and choose **Tenant Settings** under **Applications & Resources**.
- 
+ 
+
+1. Then choose **SAML 2.0 Configuration** under **Single Sign-On**.
+
+ 
1. Download the metadata file.
- 
+ 
## Upload SAML 2.0 Metadata to Microsoft AAD Enterprise Application
@@ -32,39 +36,33 @@ In this chapter we show case the steps to configure the enterprise application i
## Enable your Corporate Identity Provider in the Identity Authentication Service
-1. Open the Identity Authentication service, expand the **Identity Providers** menu and click **Corporate Identity Providers** . Then click **create**.
+1. Open the Identity Authentication service, expand the **Identity Providers** menu and click **Corporate Identity Providers** .
- 
-2. In the dialog provide a meaningful name e.g. **City Scooter Microsoft Azure Active Directory** and click **Save**.
+ 
+1. Click **create** provide a meaningful name e.g. **City Scooter Microsoft Azure Active Directory** in the dialog. Then click **Save**.
- 
+ 
## Upload federation Metadata file in the Corporate Identity Provider Configuration of the Identity Authentication Service
1. Select the new created corporate identity provider and click on **SAML 2.0 Configuration**.
- 
-1. Upload the federation metadata file.
+ 
+1. Upload the federation metadata file and click **Save**.
- 
-1. Check the imported data and click **Save**.
-
- 
+ 
## Update the Provider Type to Microsoft ADFS / Azure AD (SAML 2.0) in the Cooperate Identity Provider Configuration of Identity Authentication Service
-1. Select the **Identity Provider Type**.
-
- 
-2. Select the identity provider type **Microsoft ADFS / Azure AD (SAML 2.0)** and click **Save**.
+1. Select the **Identity Provider Type** and choose the identity provider type **Microsoft ADFS / Azure AD (SAML 2.0)** and click **Save**.
- 
+ 
## Configure Default Identity Provider in the Application of Identity Authentication Service
1. In the Identity Authentication service select your application. Open **Conditional Authentication**.
- 
+ 
1. Select the correct **Microsoft Azure Active Directory** as default identity provider for your application and click **Save**.
- 
+ 
## Update Attributes & Claims Settings in the Enterprise Application of Microsoft Azure
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-MAAD-save-provider-type.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-MAAD-save-provider-type.png
new file mode 100644
index 0000000..b0d7fd2
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-MAAD-save-provider-type.png differ
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-MAAD-select-provider-type.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-MAAD-select-provider-type.png
new file mode 100644
index 0000000..b0d7fd2
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-MAAD-select-provider-type.png differ
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-MAAD-select-saml20.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-MAAD-select-saml20.png
new file mode 100644
index 0000000..d4ebad7
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-MAAD-select-saml20.png differ
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-create-CIP.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-create-CIP.png
new file mode 100644
index 0000000..de36a08
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-create-CIP.png differ
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-open-conditional-authentication.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-open-conditional-authentication.png
new file mode 100644
index 0000000..304ea9d
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-open-conditional-authentication.png differ
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-save-CIP.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-save-CIP.png
new file mode 100644
index 0000000..e8cac45
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-save-CIP.png differ
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-save-MAAD-metadata.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-save-MAAD-metadata.png
new file mode 100644
index 0000000..202c50a
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-save-MAAD-metadata.png differ
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-update-conditional-authentication.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-update-conditional-authentication.png
new file mode 100644
index 0000000..1639c6d
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-IAS-update-conditional-authentication.png differ
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-ias-download-metadata.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-ias-download-metadata.png
new file mode 100644
index 0000000..96b6d25
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-ias-download-metadata.png differ
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-ias-open-samlconfig-01.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-ias-open-samlconfig-01.png
new file mode 100644
index 0000000..2273547
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-ias-open-samlconfig-01.png differ
diff --git a/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-ias-open-samlconfig-02.png b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-ias-open-samlconfig-02.png
new file mode 100644
index 0000000..6f650eb
Binary files /dev/null and b/documentation/federate-idp/establish-trust-between-aad-and-ias/images/2023-ias-open-samlconfig-02.png differ
diff --git a/documentation/federate-idp/manage-end-users/README.md b/documentation/federate-idp/manage-end-users/README.md
index 76097ee..6322429 100644
--- a/documentation/federate-idp/manage-end-users/README.md
+++ b/documentation/federate-idp/manage-end-users/README.md
@@ -34,13 +34,13 @@ In Microsoft Azure Active Directory we will first create a new group and assign
## Disable User Store in Identity Authentication Tenant
-1. Open the Identity Authentication service and navigate to **Identity Provider** > **Corporate Identity Providers**. Then select the corporate identity.
+1. Open the Identity Authentication service and navigate to **Identity Provider** > **Corporate Identity Providers**. Then select the corporate identity and choose **Identity Federation** under **Single Sign-On**.
- 
+ 
1. Make sure the **Use Identity Authentication user store** is **off**.
- 
+ 
## Define the Easy Franchise User Group in SAP BTP
@@ -48,7 +48,7 @@ In Microsoft Azure Active Directory we will first create a new group and assign
1. Open **Security > Role Collections** on the left side menu and choose the **Easyfranchise Backend** role collection and click on the **Edit** button.
1. In the **User Groups** section on the left side, add a new line with your Identity Provider and the group **object id** from the Microsoft Azure group. The already existing **easyfranchise-users** group, which was needed when you did not use Microsoft Azure, can be deleted or remain.
- 
+ 
## Run the Easy Franchise Application
@@ -66,8 +66,6 @@ Now that everything is configured, we can launch the application. Make sure tha
1. Once successfully logged in, please take a look at the user in your subaccount in SAP BTP. A shadow user should have been created latest after the first login.
- 
-
## Disable the Default Identity Provider
By starting the application, you always have to to select first the right identity provider now. As we we don't need the default identiy provider anymore, we will swich it off.
@@ -76,8 +74,8 @@ By starting the application, you always have to to select first the right identi
1. Press **Edit** in the **default identity provider** row.
- 
+ 
2. Disable this identity provider by removing the check on **Available for User Logon** and **Save**.
- 
+ 
3. Clear your browser cache and run the application again. The step to select the right identity provider should no longer be requested.
diff --git a/documentation/federate-idp/manage-end-users/images/2023-BTP-define-role-collection.png b/documentation/federate-idp/manage-end-users/images/2023-BTP-define-role-collection.png
new file mode 100644
index 0000000..ad77db6
Binary files /dev/null and b/documentation/federate-idp/manage-end-users/images/2023-BTP-define-role-collection.png differ
diff --git a/documentation/federate-idp/manage-end-users/images/2023-BTP-edit-idp.png b/documentation/federate-idp/manage-end-users/images/2023-BTP-edit-idp.png
new file mode 100644
index 0000000..38d9d78
Binary files /dev/null and b/documentation/federate-idp/manage-end-users/images/2023-BTP-edit-idp.png differ
diff --git a/documentation/federate-idp/manage-end-users/images/2023-MA-navigate-to-corporateidentity.png b/documentation/federate-idp/manage-end-users/images/2023-MA-navigate-to-corporateidentity.png
new file mode 100644
index 0000000..3fdf82e
Binary files /dev/null and b/documentation/federate-idp/manage-end-users/images/2023-MA-navigate-to-corporateidentity.png differ
diff --git a/documentation/federate-idp/manage-end-users/images/2023-MA-user-identity-authentication-user-store.png b/documentation/federate-idp/manage-end-users/images/2023-MA-user-identity-authentication-user-store.png
new file mode 100644
index 0000000..0e41890
Binary files /dev/null and b/documentation/federate-idp/manage-end-users/images/2023-MA-user-identity-authentication-user-store.png differ
diff --git a/documentation/federate-idp/manage-end-users/images/2023-disable-userlogin.png b/documentation/federate-idp/manage-end-users/images/2023-disable-userlogin.png
new file mode 100644
index 0000000..4f6fdbc
Binary files /dev/null and b/documentation/federate-idp/manage-end-users/images/2023-disable-userlogin.png differ
diff --git a/documentation/propagate-identity/configure-destination/README.md b/documentation/propagate-identity/configure-destination/README.md
index 7acb5b4..102971e 100644
--- a/documentation/propagate-identity/configure-destination/README.md
+++ b/documentation/propagate-identity/configure-destination/README.md
@@ -28,7 +28,7 @@ Once OAuth communication settings are configured in S/4HANA Cloud system, we nee
| nameIdFormat | On the right click **New Property**, and set the value to **urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified**|
| Use default JDK truststore | selected it|
- 
+ 
> **NOTE:** Token Service URL. Open your communication arrangement, click **OAuth2.0 Details** and check your **Token Service URL**.
diff --git a/documentation/propagate-identity/configure-destination/images/2023-destination-settings.png b/documentation/propagate-identity/configure-destination/images/2023-destination-settings.png
new file mode 100644
index 0000000..de71937
Binary files /dev/null and b/documentation/propagate-identity/configure-destination/images/2023-destination-settings.png differ
diff --git a/documentation/propagate-identity/configure-destination/images/get-token-service-url.jpg b/documentation/propagate-identity/configure-destination/images/get-token-service-url.jpg
index c89c7ee..870bf64 100644
Binary files a/documentation/propagate-identity/configure-destination/images/get-token-service-url.jpg and b/documentation/propagate-identity/configure-destination/images/get-token-service-url.jpg differ
diff --git a/documentation/propagate-identity/configure-oauth-communication/README.md b/documentation/propagate-identity/configure-oauth-communication/README.md
index c731eee..34db90e 100644
--- a/documentation/propagate-identity/configure-oauth-communication/README.md
+++ b/documentation/propagate-identity/configure-oauth-communication/README.md
@@ -2,15 +2,11 @@
1. Open the customer subaccount in SAP BTP cockpit and log on with Administrator permission. To verify that you have the **Subaccount Administrator** role, choose **Security** > **Users** and check the role for your user.
- 
+ 
-1. Choose **Connectivity** > **Destinations**.
+1. Under **Connectivity** > **Destinations**, choose **Download Trust** and save the identifying X.509 certificate that identifies this subaccount in your local file system.
- 
-
-1. Choose **Download Trust** and save the identifying X.509 certificate that identifies this subaccount in your local file system.
-
- 
+ 
The downloaded X.509 certificate will be added in the next step to the target system to which you want to propagate the user.
diff --git a/documentation/propagate-identity/configure-oauth-communication/images/2023-admin-role.png b/documentation/propagate-identity/configure-oauth-communication/images/2023-admin-role.png
new file mode 100644
index 0000000..a363230
Binary files /dev/null and b/documentation/propagate-identity/configure-oauth-communication/images/2023-admin-role.png differ
diff --git a/documentation/propagate-identity/configure-oauth-communication/images/2023-download-trust.png b/documentation/propagate-identity/configure-oauth-communication/images/2023-download-trust.png
new file mode 100644
index 0000000..9c02f10
Binary files /dev/null and b/documentation/propagate-identity/configure-oauth-communication/images/2023-download-trust.png differ
diff --git a/documentation/propagate-identity/manage-end-users/README.md b/documentation/propagate-identity/manage-end-users/README.md
index 7deebc3..26da452 100644
--- a/documentation/propagate-identity/manage-end-users/README.md
+++ b/documentation/propagate-identity/manage-end-users/README.md
@@ -10,7 +10,7 @@ In this case, the SAP BTP Cockpit offers 2 ways to configure the role assignment
* Adding a user to a role collection
### Role Assignment by using Principal Propagation
-The tenant admin (eg. City Scooter Admin) can manage users within his own **Identity Authentication Service**. So he can define by itself, which users will gains access to the Easy Franchise Application and which not. The idea here is that the SAP Partner defines a group name in the SAP BTP Cockpit and provides automatically Easy Franchise Application access for all members, that have been added to this group.
+The tenant admin (eg. City Scooter admin) can manage users within his own **Identity Authentication Service**. So he can define by itself, which users will gains access to the Easy Franchise application and which not. The idea here is that the SAP partner defines a group name in the SAP BTP Cockpit and provides automatically Easy Franchise application access for all members, that have been added to this group.
## Define an Easy Franchise User Group in SAP BTP
This configuration step is done by the partner in the customer subaccount.
@@ -18,23 +18,23 @@ This configuration step is done by the partner in the customer subaccount.
1. Open the SAP BTP Cockpit and log on to the customer SAP BTP subaccount (eg. City Scooter).
1. Open **Security > Role Collections** on the left side menu and choose one of the **Easyfranchise Backend** role collection and click on the **Edit** button.
- 
+ 
1. Scroll down to **User Groups** and select your Identity Provider. Then provide a name for the group, e.g. **easyfranchise-users**. Save this changes.
- 
+ 
## Configure the Easy Franchise User Group in the Identity Authentication Service
If the partner doesn't have access to the customer identity provider, he should share the group name to the customer admin so that he can configure the **Identity Authentication Service** as needed. In our case, we assume that the partner has access to it.
-1. Log in to **Identity Authentication Service** and open **User & Authorization > user Groups** on the left side menu. Then press the **Create** button to create a new user group.
+1. Log in to **Identity Authentication Service** and open **User & Authorization > user Groups**.
- 
-2. Add the group name, which was created as role collection in the SAP BTP cockpit previously (e.g. **easyfranchise-users**). Provide a meaningful Display name and description. Click **Create** to finalize the group creation.
+ 
+2. Then press the **Create** button to create a new user group and add the group name, which was created as role collection in the SAP BTP cockpit previously (e.g. **easyfranchise-users**). Provide a meaningful Display name and description.
- 
+ 
3. Now add Easy Franchise service end users to this group. Add yourself, so you can test the configuration.
- 
+ 
## Run the Easyfranchise Application
@@ -42,7 +42,7 @@ Now as we have setup the trust, configured the destination accordingly and confi
1. Open the application Easy Franchise by clicking on the subscription URL. This can be found in the SAP BTP subaccount under **Instances and Subscriptions**.
- 
+ 
2. In the browser select new identity provider and log in.
diff --git a/documentation/propagate-identity/manage-end-users/images/2023-edit-role-collection-01.png b/documentation/propagate-identity/manage-end-users/images/2023-edit-role-collection-01.png
new file mode 100644
index 0000000..739dee7
Binary files /dev/null and b/documentation/propagate-identity/manage-end-users/images/2023-edit-role-collection-01.png differ
diff --git a/documentation/propagate-identity/manage-end-users/images/2023-edit-role-collection-02.png b/documentation/propagate-identity/manage-end-users/images/2023-edit-role-collection-02.png
new file mode 100644
index 0000000..a676359
Binary files /dev/null and b/documentation/propagate-identity/manage-end-users/images/2023-edit-role-collection-02.png differ
diff --git a/documentation/propagate-identity/manage-end-users/images/2023-get-subsciber-url.png b/documentation/propagate-identity/manage-end-users/images/2023-get-subsciber-url.png
new file mode 100644
index 0000000..f5efd6d
Binary files /dev/null and b/documentation/propagate-identity/manage-end-users/images/2023-get-subsciber-url.png differ
diff --git a/documentation/propagate-identity/manage-end-users/images/2023-ias-add-users-to-group.png b/documentation/propagate-identity/manage-end-users/images/2023-ias-add-users-to-group.png
new file mode 100644
index 0000000..a2f3468
Binary files /dev/null and b/documentation/propagate-identity/manage-end-users/images/2023-ias-add-users-to-group.png differ
diff --git a/documentation/propagate-identity/manage-end-users/images/2023-ias-create-group-dialog.png b/documentation/propagate-identity/manage-end-users/images/2023-ias-create-group-dialog.png
new file mode 100644
index 0000000..b988214
Binary files /dev/null and b/documentation/propagate-identity/manage-end-users/images/2023-ias-create-group-dialog.png differ
diff --git a/documentation/propagate-identity/manage-end-users/images/2023-ias-create-group.png b/documentation/propagate-identity/manage-end-users/images/2023-ias-create-group.png
new file mode 100644
index 0000000..047369a
Binary files /dev/null and b/documentation/propagate-identity/manage-end-users/images/2023-ias-create-group.png differ