IAM UMN 0815 Version

Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com> Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com> Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
2023-08-21 13:27:54 +00:00 · 2023-08-21 13:27:54 +00:00 · 25e8bdf969
commit 25e8bdf969
parent 9d7af5e822
30 changed files with 350 additions and 313 deletions
--- a/docs/iam/umn/ALL_META.TXT.json
+++ b/docs/iam/umn/ALL_META.TXT.json
@ -80,7 +80,7 @@
 		"githuburl":""
 	},
 	{
-		"uri":"iam_01_0029.html",
+		"uri":"iam_07_0002.html",
 		"product_code":"iam",
 		"code":"9",
 		"des":"For security purposes, create a security administrator and manage users in your account as the security administrator.Programmatic access: Users can access cloud services",
@ -380,7 +380,7 @@
 		"githuburl":""
 	},
 	{
-		"uri":"iam_07_0002.html",
+		"uri":"iam_01_0029.html",
 		"product_code":"iam",
 		"code":"39",
 		"des":"Only an administrator can configure critical operation protection, and IAM users can only view the configurations. If an IAM user needs to modify the configurations, the ",
@ -525,7 +525,7 @@
 		"code":"53",
 		"des":"The cloud platform provides identity federation based on Security Assertion Markup Language (SAML) or OpenID Connect. This function allows users in your enterprise manage",
 		"doc_type":"usermanual",
-		"kw":"identity federation,Identity federation,Introduction,Identity Providers,User Guide",
+		"kw":"identity federation,Introduction,Identity Providers,User Guide",
 		"title":"Introduction",
 		"githuburl":""
 	},
@ -603,7 +603,7 @@
 		"uri":"iam_08_0005.html",
 		"product_code":"iam",
 		"code":"61",
-		"des":"Configure a federated login entry in the enterprise IdP to enable enterprise users use the login link to access the cloud platform.An IdP entity has been created on the c",
+		"des":"Configure a federated login entry in the enterprise IdP so that enterprise users can use the login link to access the cloud platform.An IdP entity has been created on the",
 		"doc_type":"usermanual",
 		"kw":"(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP,Virtual User SSO via SAML",
 		"title":"(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP",
@ -673,7 +673,7 @@
 		"uri":"iam_08_0259.html",
 		"product_code":"iam",
 		"code":"68",
-		"des":"Configure a federated login entry in the enterprise IdP to enable enterprise users use the login link to access the cloud platform.An IdP entity has been created on the c",
+		"des":"Configure a federated login entry in the enterprise IdP so that enterprise users can use the login link to access the cloud platform.An IdP entity has been created on the",
 		"doc_type":"usermanual",
 		"kw":"(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP,IAM User SSO via SAML,Use",
 		"title":"(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP",
@ -723,7 +723,7 @@
 		"uri":"iam_08_0007.html",
 		"product_code":"iam",
 		"code":"73",
-		"des":"Configure a federated login entry in the enterprise IdP to enable enterprise users use the login link to access the cloud platform.An IdP entity has been created on the c",
+		"des":"Configure a federated login entry in the enterprise IdP so that enterprise users can use the login link to access the cloud platform.An IdP entity has been created on the",
 		"doc_type":"usermanual",
 		"kw":"(Optional) Step 3: Configure Login Link in the Enterprise Management System,Virtual User SSO via Ope",
 		"title":"(Optional) Step 3: Configure Login Link in the Enterprise Management System",
--- a/docs/iam/umn/CLASS.TXT.json
+++ b/docs/iam/umn/CLASS.TXT.json
@ -75,7 +75,7 @@
 		"desc":"For security purposes, create a security administrator and manage users in your account as the security administrator.Programmatic access: Users can access cloud services",
 		"product_code":"iam",
 		"title":"Creating a Security Administrator",
-		"uri":"iam_01_0029.html",
+		"uri":"iam_07_0002.html",
 		"doc_type":"usermanual",
 		"p_code":"7",
 		"code":"9"
@ -345,7 +345,7 @@
 		"desc":"Only an administrator can configure critical operation protection, and IAM users can only view the configurations. If an IAM user needs to modify the configurations, the ",
 		"product_code":"iam",
 		"title":"Critical Operation Protection",
-		"uri":"iam_07_0002.html",
+		"uri":"iam_01_0029.html",
 		"doc_type":"usermanual",
 		"p_code":"36",
 		"code":"39"
@ -540,7 +540,7 @@
 		"code":"60"
 	},
 	{
-		"desc":"Configure a federated login entry in the enterprise IdP to enable enterprise users use the login link to access the cloud platform.An IdP entity has been created on the c",
+		"desc":"Configure a federated login entry in the enterprise IdP so that enterprise users can use the login link to access the cloud platform.An IdP entity has been created on the",
 		"product_code":"iam",
 		"title":"(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP",
 		"uri":"iam_08_0005.html",
@ -603,7 +603,7 @@
 		"code":"67"
 	},
 	{
-		"desc":"Configure a federated login entry in the enterprise IdP to enable enterprise users use the login link to access the cloud platform.An IdP entity has been created on the c",
+		"desc":"Configure a federated login entry in the enterprise IdP so that enterprise users can use the login link to access the cloud platform.An IdP entity has been created on the",
 		"product_code":"iam",
 		"title":"(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP",
 		"uri":"iam_08_0259.html",
@ -648,7 +648,7 @@
 		"code":"72"
 	},
 	{
-		"desc":"Configure a federated login entry in the enterprise IdP to enable enterprise users use the login link to access the cloud platform.An IdP entity has been created on the c",
+		"desc":"Configure a federated login entry in the enterprise IdP so that enterprise users can use the login link to access the cloud platform.An IdP entity has been created on the",
 		"product_code":"iam",
 		"title":"(Optional) Step 3: Configure Login Link in the Enterprise Management System",
 		"uri":"iam_08_0007.html",
--- a/docs/iam/umn/en-us_image_0000001606753690.png
+++ b/docs/iam/umn/en-us_image_0000001606753690.png
--- a/docs/iam/umn/en-us_image_0000001607216988.png
+++ b/docs/iam/umn/en-us_image_0000001607216988.png
--- a/docs/iam/umn/en-us_topic_0046611300.html
+++ b/docs/iam/umn/en-us_topic_0046611300.html
@ -11,7 +11,7 @@
 <tbody><tr id="en-us_topic_0046611300__row1320818170129"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p1020831711215">2023-07-20</p>
 </td>
 <td class="cellrowborder" valign="top" width="70.05%" headers="mcps1.3.1.2.3.1.2 "><p id="en-us_topic_0046611300__p1520910178126">This release incorporates the following changes:</p>
-<ul id="en-us_topic_0046611300__ul13457171951416"><li id="en-us_topic_0046611300__li164571319131417">Modified content in <a href="iam_01_0029.html">Creating a Security Administrator</a>.</li><li id="en-us_topic_0046611300__li1945771931412">Modified content in <a href="iam_01_0030.html">Creating a User Group and Assigning Permissions</a>.</li><li id="en-us_topic_0046611300__li14579196144">Modified the structure and content in section <a href="en-us_topic_0059870089.html">Identity Providers</a>.</li></ul>
+<ul id="en-us_topic_0046611300__ul13457171951416"><li id="en-us_topic_0046611300__li164571319131417">Modified content in <a href="iam_07_0002.html">Creating a Security Administrator</a>.</li><li id="en-us_topic_0046611300__li1945771931412">Modified content in <a href="iam_01_0030.html">Creating a User Group and Assigning Permissions</a>.</li><li id="en-us_topic_0046611300__li14579196144">Modified the structure and content in section <a href="en-us_topic_0059870089.html">Identity Providers</a>.</li></ul>
 </td>
 </tr>
 <tr id="en-us_topic_0046611300__row171481632175513"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p1414815328559">2023-07-10</p>
@ -29,7 +29,7 @@
 <tr id="en-us_topic_0046611300__row183901816371"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p3390416473">2023-04-04</p>
 </td>
 <td class="cellrowborder" valign="top" width="70.05%" headers="mcps1.3.1.2.3.1.2 "><p id="en-us_topic_0046611300__p183906164718">This release incorporates the following changes:</p>
-<ul id="en-us_topic_0046611300__ul6601710111015"><li id="en-us_topic_0046611300__li460210121016">Added section <a href="iam_06_0001.html">Delegating Resource Access to Another Account</a>.</li><li id="en-us_topic_0046611300__li46081011011">Added section <a href="iam_01_0730.html">Deleting or Modifying Agencies</a>.</li><li id="en-us_topic_0046611300__li196031051019">Added section <a href="iam_07_0002.html#iam_07_0002__en-us_topic_0177717039_table1143213281227">Table 1</a>.</li><li id="en-us_topic_0046611300__li360181011104">Modified content in sections <a href="en-us_topic_0046613147.html">Creating an Agency (by a Delegating Party)</a>, <a href="iam_01_0063.html">(Optional) Assigning Permissions to an IAM User (by a Delegated Party)</a>, <a href="en-us_topic_0046613148.html">Switching Roles (by a Delegated Party)</a>, and <a href="iam_06_0004.html">Cloud Service Delegation</a>.</li><li id="en-us_topic_0046611300__li05543455410">Modified content in section <a href="iam_01_0012.html#iam_01_0012__table10454121518219">Table 1</a>.</li></ul>
+<ul id="en-us_topic_0046611300__ul6601710111015"><li id="en-us_topic_0046611300__li460210121016">Added section <a href="iam_06_0001.html">Delegating Resource Access to Another Account</a>.</li><li id="en-us_topic_0046611300__li46081011011">Added section <a href="iam_01_0730.html">Deleting or Modifying Agencies</a>.</li><li id="en-us_topic_0046611300__li196031051019">Added section <a href="iam_01_0029.html#iam_01_0029__en-us_topic_0177717039_table1143213281227">Table 1</a>.</li><li id="en-us_topic_0046611300__li360181011104">Modified content in sections <a href="en-us_topic_0046613147.html">Creating an Agency (by a Delegating Party)</a>, <a href="iam_01_0063.html">(Optional) Assigning Permissions to an IAM User (by a Delegated Party)</a>, <a href="en-us_topic_0046613148.html">Switching Roles (by a Delegated Party)</a>, and <a href="iam_06_0004.html">Cloud Service Delegation</a>.</li><li id="en-us_topic_0046611300__li05543455410">Modified content in section <a href="iam_01_0012.html#iam_01_0012__table10454121518219">Table 1</a>.</li></ul>
 </td>
 </tr>
 <tr id="en-us_topic_0046611300__row11781887229"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p4781683228">2023-02-21</p>
@ -147,7 +147,7 @@
 <tr id="en-us_topic_0046611300__row64225960145555"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p33138388145747">2018-06-29</p>
 </td>
 <td class="cellrowborder" valign="top" width="70.05%" headers="mcps1.3.1.2.3.1.2 "><p id="en-us_topic_0046611300__p42437492145747">This release incorporates the following changes:</p>
-<p id="en-us_topic_0046611300__p2294377616430">Added description about the <strong id="en-us_topic_0046611300__b972225093164417_1">Require Password Reset</strong> option in sections <a href="iam_01_0029.html">Creating a Security Administrator</a>, <a href="iam_01_0031.html">Creating a User and Adding the User to a User Group</a>, <a href="en-us_topic_0046611303.html">Creating a User</a>, and <a href="en-us_topic_0046661675.html">Viewing and Modifying User Information</a>.</p>
+<p id="en-us_topic_0046611300__p2294377616430">Added description about the <strong id="en-us_topic_0046611300__b972225093164417_1">Require Password Reset</strong> option in sections <a href="iam_07_0002.html">Creating a Security Administrator</a>, <a href="iam_01_0031.html">Creating a User and Adding the User to a User Group</a>, <a href="en-us_topic_0046611303.html">Creating a User</a>, and <a href="en-us_topic_0046661675.html">Viewing and Modifying User Information</a>.</p>
 </td>
 </tr>
 <tr id="en-us_topic_0046611300__row18717376145555"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p61288891145747">2018-05-10</p>
--- a/docs/iam/umn/en-us_topic_0046611308.html
+++ b/docs/iam/umn/en-us_topic_0046611308.html
@ -11,7 +11,7 @@
 </li>
 <li class="ulchildlink"><strong><a href="iam_01_0703.html">Basic Information</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="iam_07_0002.html">Critical Operation Protection</a></strong><br>
+<li class="ulchildlink"><strong><a href="iam_01_0029.html">Critical Operation Protection</a></strong><br>
 </li>
 <li class="ulchildlink"><strong><a href="iam_01_0704.html">Login Authentication Policy</a></strong><br>
 </li>
--- a/docs/iam/umn/en-us_topic_0046613147.html
+++ b/docs/iam/umn/en-us_topic_0046613147.html
@ -5,7 +5,7 @@
 <div class="section" id="en-us_topic_0046613147__en-us_topic_0170090713_section8461153510110"><h4 class="sectiontitle">Prerequisites</h4><p id="en-us_topic_0046613147__en-us_topic_0170090713_p15905144410368">Before creating an agency, complete the following operations:</p>
 <ul id="en-us_topic_0046613147__en-us_topic_0170090713_ul6238854161714"><li id="en-us_topic_0046613147__en-us_topic_0170090713_li32381254121719">Understand the <a href="en-us_topic_0046611276.html">basic concepts</a> of permissions.</li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li17692133582712">Determine the <a href="https://docs.otc.t-systems.com/additional/permissions.html" target="_blank" rel="noopener noreferrer">permissions</a> to be assigned to the agency, and check whether the permissions have dependencies. For more details, see <a href="iam_01_0657.html#iam_01_0657">Assigning Dependency Roles</a>.</li></ul>
 </div>
-<div class="section" id="en-us_topic_0046613147__en-us_topic_0170090713_section2672115"><h4 class="sectiontitle">Procedure</h4><ol id="en-us_topic_0046613147__en-us_topic_0170090713_ol49998812"><li id="en-us_topic_0046613147__en-us_topic_0170090713_li11128296159"><span>Log in to the .</span></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li1546779817427"><span>On the IAM console, choose <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b183711578367">Agencies</strong> from the navigation pane, and click <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b14428573365">Create Agency</strong> in the upper right corner.</span><p><div class="fignone" id="en-us_topic_0046613147__en-us_topic_0170090713_fig0737181164117"><span class="figcap"><b>Figure 1 </b>Creating an agency</span><br><span><img id="en-us_topic_0046613147__en-us_topic_0170090713_image573711110414" src="en-us_image_0000001511524692.png" height="118.7025" width="523.6875" title="Click to enlarge" class="imgResize"></span></div>
+<div class="section" id="en-us_topic_0046613147__en-us_topic_0170090713_section2672115"><h4 class="sectiontitle">Procedure</h4><ol id="en-us_topic_0046613147__en-us_topic_0170090713_ol49998812"><li id="en-us_topic_0046613147__en-us_topic_0170090713_li11128296159"><span>Log in to the IAM console.</span></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li1546779817427"><span>On the IAM console, choose <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b183711578367">Agencies</strong> from the navigation pane, and click <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b14428573365">Create Agency</strong> in the upper right corner.</span><p><div class="fignone" id="en-us_topic_0046613147__en-us_topic_0170090713_fig0737181164117"><span class="figcap"><b>Figure 1 </b>Creating an agency</span><br><span><img id="en-us_topic_0046613147__en-us_topic_0170090713_image573711110414" src="en-us_image_0000001511524692.png" height="118.7025" width="523.6875" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li63471691104814"><span>Enter an agency name.</span><p><div class="fignone" id="en-us_topic_0046613147__en-us_topic_0170090713_fig1866281034218"><span class="figcap"><b>Figure 2 </b>Setting the agency name</span><br><span><img id="en-us_topic_0046613147__en-us_topic_0170090713_image1366211054214" src="en-us_image_0000001562564797.png" height="310.09987400000006" width="465.83250000000004" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li4558455145011"><span>Specify the agency type as <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b141201757224">Account</strong>, and enter the name of a delegated account.</span><p><div class="note" id="en-us_topic_0046613147__en-us_topic_0170090713_note660374821820"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="en-us_topic_0046613147__en-us_topic_0170090713_ul1360364851812"><li id="en-us_topic_0046613147__en-us_topic_0170090713_li860334841812"><strong id="en-us_topic_0046613147__en-us_topic_0170090713_b15765200738">Account</strong>: Share resources with another account or delegate an individual or team to manage your resources. The delegated account can only be an account, rather than an IAM user or a federated user.</li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li196031248121815"><strong id="en-us_topic_0046613147__en-us_topic_0170090713_b124915392320">Cloud service</strong>: Delegate a specific service to access other services. For more information, see <a href="iam_06_0004.html#iam_06_0004">Cloud Service Delegation</a>.</li></ul>
 </div></div>
--- a/docs/iam/umn/en-us_topic_0079620341.html
+++ b/docs/iam/umn/en-us_topic_0079620341.html
@ -2,28 +2,65 @@

 <h1 class="topictitle1">Introduction</h1>
 <div id="body1507796925646"><p id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_p3444342426">The cloud platform provides <span class="keyword" id="en-us_topic_0079620341__en-us_topic_0177310145_keyword10765163916218">identity federation</span> based on Security Assertion Markup Language (SAML) or OpenID Connect. This function allows users in your enterprise management system to access  through single sign-on (SSO).</p>
-<div class="section" id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_section1938813653310"><h4 class="sectiontitle">Basic Concepts</h4><ul id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_ul283220303412"><li id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_li8168121762714">Identity Provider (IdP)<p id="en-us_topic_0079620341__en-us_topic_0177310145_p710515354268"><a name="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_li8168121762714"></a><a name="en-us_topic_0177310145_en-us_topic_0175818742_li8168121762714"></a>An IdP collects and stores user identity information, such as usernames and passwords, and authenticates users during login. For identity federation between an enterprise and the cloud platform, the identity authentication system of the enterprise is an identity provider and is also called "enterprise IdP". Popular third-party IdPs include Microsoft Active Directory Federation Services (AD FS) and Shibboleth.</p>
-</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_li19147162515575">Service Provider (SP)<p id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_p1736974115573"><a name="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_li19147162515575"></a><a name="en-us_topic_0177310145_en-us_topic_0175818742_li19147162515575"></a>A service provider establishes a trust relationship between an IdP and itself, and uses the user information provided by the IdP to provide services. For identity federation between an enterprise and the cloud platform, the cloud platform is a service provider.</p>
-</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li128351037113417"><span class="keyword" id="en-us_topic_0079620341__en-us_topic_0177310145_keyword93183611417">Identity federation</span><p id="en-us_topic_0079620341__en-us_topic_0177310145_p57091114352">Identity federation is a process in which a trust relationship is established between an IdP and SP to implement SSO.</p>
-</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li1346913105117">Single sign-on (SSO)<p id="en-us_topic_0079620341__en-us_topic_0177310145_p971618515520"><a name="en-us_topic_0079620341__en-us_topic_0177310145_li1346913105117"></a><a name="en-us_topic_0177310145_li1346913105117"></a>SSO is an access type that allows users to access a trusted SP after logging in to the enterprise IdP. For example, after a trust relationship is established between an enterprise management system and the cloud platform, users in the enterprise management system can use their existing accounts and passwords to access the cloud platform through the login link in the enterprise management system. The cloud platform supports two SSO types: virtual user and IAM user.</p>
-</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_li1524610331545">SAML 2.0<p id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_p162461332049"><a name="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_li1524610331545"></a><a name="en-us_topic_0177310145_en-us_topic_0175818742_li1524610331545"></a>SAML 2.0 is an XML-based protocol that uses securityTokens containing assertions to pass information about an end user between an IdP and an SP. It is an open standard ratified by the Organization for the Advancement of Structured Information Standards (OASIS) and is being used by many IdPs. For more information about this standard, see <a href="https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html" target="_blank" rel="noopener noreferrer">SAML 2.0 Technical Overview</a>. The cloud platform implements identity federation in compliance with SAML 2.0. To successfully federate existing users to the cloud platform, ensure that your enterprise IdP is compatible with this protocol.</p>
-</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li81563619523">OpenID Connect<p id="en-us_topic_0079620341__en-us_topic_0177310145_p151826182523"><a name="en-us_topic_0079620341__en-us_topic_0177310145_li81563619523"></a><a name="en-us_topic_0177310145_li81563619523"></a>OpenID Connect is a simple identity layer on top of the Open Authorization 2.0 (OAuth 2.0) protocol. IAM implements identity federation in compliance with OpenID Connect 1.0. To successfully federate existing users to the cloud platform, ensure that your enterprise IdP is compatible with this protocol.</p>
-</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li18558173117714">OAuth 2.0<p id="en-us_topic_0079620341__en-us_topic_0177310145_p11661151515512"><a name="en-us_topic_0079620341__en-us_topic_0177310145_li18558173117714"></a><a name="en-us_topic_0177310145_li18558173117714"></a>OAuth 2.0 is an open authorization protocol. The authorization framework of this protocol allows third-party applications to obtain access permissions.</p>
-</li></ul>
+<div class="section" id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_section1938813653310"><h4 class="sectiontitle">Basic Concepts</h4>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0079620341__en-us_topic_0177310145_table192841634019" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Basic concepts</caption><thead align="left"><tr id="en-us_topic_0079620341__en-us_topic_0177310145_row828141684014"><th align="left" class="cellrowborder" valign="top" width="27.99%" id="mcps1.3.2.2.2.3.1.1"><p id="en-us_topic_0079620341__en-us_topic_0177310145_p32819161407">Concept</p>
+</th>
+<th align="left" class="cellrowborder" valign="top" width="72.00999999999999%" id="mcps1.3.2.2.2.3.1.2"><p id="en-us_topic_0079620341__en-us_topic_0177310145_p628191644017">Description</p>
+</th>
+</tr>
+</thead>
+<tbody><tr id="en-us_topic_0079620341__en-us_topic_0177310145_row028916144016"><td class="cellrowborder" valign="top" width="27.99%" headers="mcps1.3.2.2.2.3.1.1 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p1328816134013">Identity provider (IdP)</p>
+</td>
+<td class="cellrowborder" valign="top" width="72.00999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p32811618402">An IdP collects and stores user identity information, such as usernames and passwords, and authenticates users during login. For identity federation between an enterprise and the cloud platform, the identity authentication system of the enterprise is an identity provider and is also called "enterprise IdP". Popular third-party IdPs include Microsoft Active Directory Federation Services (AD FS) and Shibboleth.</p>
+</td>
+</tr>
+<tr id="en-us_topic_0079620341__en-us_topic_0177310145_row528816174019"><td class="cellrowborder" valign="top" width="27.99%" headers="mcps1.3.2.2.2.3.1.1 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p129161694017">Service Provider (SP)</p>
+</td>
+<td class="cellrowborder" valign="top" width="72.00999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p929171616408">A service provider establishes a trust relationship with an IdP and provides services based on the user information provided by the IdP. For identity federation between an enterprise and the cloud platform, the cloud platform is a service provider.</p>
+</td>
+</tr>
+<tr id="en-us_topic_0079620341__en-us_topic_0177310145_row42917161404"><td class="cellrowborder" valign="top" width="27.99%" headers="mcps1.3.2.2.2.3.1.1 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p14291716124015">Identity federation</p>
+</td>
+<td class="cellrowborder" valign="top" width="72.00999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p0291316174018">Identity federation is the process of establishing a trust relationship between an IdP and SP to implement SSO.</p>
+</td>
+</tr>
+<tr id="en-us_topic_0079620341__en-us_topic_0177310145_row1429516124010"><td class="cellrowborder" valign="top" width="27.99%" headers="mcps1.3.2.2.2.3.1.1 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p102981610406">Single sign-on (SSO)</p>
+</td>
+<td class="cellrowborder" valign="top" width="72.00999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p12291416184013">SSO allows users to access a trusted SP after logging in to the enterprise IdP. For example, after a trust relationship is established between an enterprise management system and the cloud platform, users in the enterprise management system can use their existing accounts and passwords to access the cloud platform through the login link in the enterprise management system. The cloud platform supports two SSO types: virtual user SSO and IAM user SSO.</p>
+</td>
+</tr>
+<tr id="en-us_topic_0079620341__en-us_topic_0177310145_row1729141614018"><td class="cellrowborder" valign="top" width="27.99%" headers="mcps1.3.2.2.2.3.1.1 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p92961664010">SAML 2.0</p>
+</td>
+<td class="cellrowborder" valign="top" width="72.00999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p152931604019">SAML 2.0 is an XML-based protocol that uses securityTokens containing assertions to pass information about an end user between an IdP and an SP. It is an open standard ratified by the Organization for the Advancement of Structured Information Standards (OASIS) and is being used by many IdPs. For more information about this standard, see <a href="https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html" target="_blank" rel="noopener noreferrer">SAML 2.0 Technical Overview</a>. The cloud platform implements identity federation in compliance with SAML 2.0. To successfully federate users to the cloud platform, ensure that your enterprise IdP is compatible with this protocol.</p>
+</td>
+</tr>
+<tr id="en-us_topic_0079620341__en-us_topic_0177310145_row172971664015"><td class="cellrowborder" valign="top" width="27.99%" headers="mcps1.3.2.2.2.3.1.1 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p17291816184012">OpenID Connect</p>
+</td>
+<td class="cellrowborder" valign="top" width="72.00999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p104901136154810">OpenID Connect is a simple identity layer on top of the Open Authorization 2.0 (OAuth 2.0) protocol. IAM implements identity federation in compliance with OpenID Connect 1.0. To successfully federate users to the cloud platform, ensure that your enterprise IdP is compatible with this protocol.</p>
+</td>
+</tr>
+<tr id="en-us_topic_0079620341__en-us_topic_0177310145_row3871254134818"><td class="cellrowborder" valign="top" width="27.99%" headers="mcps1.3.2.2.2.3.1.1 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p0871135413485">OAuth 2.0</p>
+</td>
+<td class="cellrowborder" valign="top" width="72.00999999999999%" headers="mcps1.3.2.2.2.3.1.2 "><p id="en-us_topic_0079620341__en-us_topic_0177310145_p6871155444820">OAuth 2.0 is an open authorization protocol. The authorization framework of this protocol allows third-party applications to obtain access permissions.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
 </div>
 <div class="section" id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_section969112502211"><h4 class="sectiontitle">Advantages of Identity Federation</h4><ul id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_ul4409204783417"><li id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_li184885263377">Easy identity management<p id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_p682793183817"><a name="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_li184885263377"></a><a name="en-us_topic_0177310145_en-us_topic_0175818742_li184885263377"></a>As an administrator, you only need to create accounts for your employees in your enterprise management system. The employees can use their own accounts to access both the enterprise management system and the cloud platform.</p>
 </li><li id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_li77551533163917">Simplified operations<p id="en-us_topic_0079620341__en-us_topic_0177310145_p1739271581517"><a name="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818742_li77551533163917"></a><a name="en-us_topic_0177310145_en-us_topic_0175818742_li77551533163917"></a>Employees can log in to the cloud platform from the enterprise management system.</p>
 <div class="fignone" id="en-us_topic_0079620341__en-us_topic_0177310145_fig209622546363"><span class="figcap"><b>Figure 1 </b>Advantages of identity federation</span><br><span><img id="en-us_topic_0079620341__en-us_topic_0177310145_image5962154133618" src="en-us_image_0000001117174928.png" height="297.92" width="465.5" title="Click to enlarge" class="imgResize"></span></div>
 </li></ul>
 </div>
-<div class="section" id="en-us_topic_0079620341__en-us_topic_0177310145_section19798142411114"><h4 class="sectiontitle">SSO Type</h4><p id="en-us_topic_0079620341__en-us_topic_0177310145_p58871485365">IAM supports two SSO types: virtual user and IAM user. For details about how to choose an SSO type, see <a href="iam_08_0251.html#iam_08_0251">Application Scenarios of Virtual User SSO and IAM User SSO</a>.</p>
-<ul id="en-us_topic_0079620341__en-us_topic_0177310145_ul1890132473710"><li id="en-us_topic_0079620341__en-us_topic_0177310145_li129011324183712">Virtual user<p id="en-us_topic_0079620341__en-us_topic_0177310145_p33791045381"><a name="en-us_topic_0079620341__en-us_topic_0177310145_li129011324183712"></a><a name="en-us_topic_0177310145_li129011324183712"></a>After a federated user logs in to the cloud platform, the system automatically creates a virtual user and grants access permissions to the virtual user based on the configured identity conversion rules.</p>
-</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li2902924123718">IAM user<p id="en-us_topic_0079620341__en-us_topic_0177310145_p65191038163711"><a name="en-us_topic_0079620341__en-us_topic_0177310145_li2902924123718"></a><a name="en-us_topic_0177310145_li2902924123718"></a>After a federated user logs in to the cloud platform, the system automatically maps the <a href="en-us_topic_0046661675.html#en-us_topic_0046661675__li13713193419317">external identity ID</a> to an IAM user so that the federated user has the permissions of the mapped IAM user.</p>
+<div class="section" id="en-us_topic_0079620341__en-us_topic_0177310145_section19798142411114"><h4 class="sectiontitle">SSO Type</h4><p id="en-us_topic_0079620341__en-us_topic_0177310145_p58871485365">IAM supports two SSO types: virtual user SSO and IAM user SSO. For details about how to choose an SSO type, see <a href="iam_08_0251.html#iam_08_0251">Application Scenarios of Virtual User SSO and IAM User SSO</a>.</p>
+<ul id="en-us_topic_0079620341__en-us_topic_0177310145_ul1890132473710"><li id="en-us_topic_0079620341__en-us_topic_0177310145_li129011324183712">Virtual user SSO<p id="en-us_topic_0079620341__en-us_topic_0177310145_p33791045381"><a name="en-us_topic_0079620341__en-us_topic_0177310145_li129011324183712"></a><a name="en-us_topic_0177310145_li129011324183712"></a>After a federated user logs in to the cloud platform, the system automatically creates a virtual user and grants access permissions to the virtual user based on the configured identity conversion rules.</p>
+</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li2902924123718">IAM user SSO<p id="en-us_topic_0079620341__en-us_topic_0177310145_p65191038163711"><a name="en-us_topic_0079620341__en-us_topic_0177310145_li2902924123718"></a><a name="en-us_topic_0177310145_li2902924123718"></a>After a federated user logs in to the cloud platform, the system automatically maps the <a href="en-us_topic_0046661675.html#en-us_topic_0046661675__li13713193419317">external identity ID</a> to an IAM user so that the federated user has the permissions of the mapped IAM user.</p>
 </li></ul>
 <p id="en-us_topic_0079620341__en-us_topic_0177310145_p14716843191810">Currently, IAM supports two federated login methods: browser-based SSO (web SSO) and SSO via API calling.</p>
 <ul id="en-us_topic_0079620341__en-us_topic_0177310145_ul14945234163616"><li id="en-us_topic_0079620341__en-us_topic_0177310145_li894553493615">Web SSO: Browsers are used as the communication media. This authentication type enables common users to access the cloud platform using browsers. </li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li1494510344366">SSO via API calling: Enterprise employees call APIs using development tools (such as OpenStack Client and ShibbolethECP Client) to access the cloud platform.</li></ul>

-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0079620341__en-us_topic_0177310145_table6372234181513" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Federated logins</caption><thead align="left"><tr id="en-us_topic_0079620341__en-us_topic_0177310145_row193731434121515"><th align="left" class="cellrowborder" valign="top" width="9.54095409540954%" id="mcps1.3.4.6.2.8.1.1"><p id="en-us_topic_0079620341__en-us_topic_0177310145_p13731734201512">SSO Type</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0079620341__en-us_topic_0177310145_table6372234181513" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Federated logins</caption><thead align="left"><tr id="en-us_topic_0079620341__en-us_topic_0177310145_row193731434121515"><th align="left" class="cellrowborder" valign="top" width="9.54095409540954%" id="mcps1.3.4.6.2.8.1.1"><p id="en-us_topic_0079620341__en-us_topic_0177310145_p13731734201512">SSO Type</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="17.031703170317034%" id="mcps1.3.4.6.2.8.1.2"><p id="en-us_topic_0079620341__en-us_topic_0177310145_p63731134131516">Supported Protocols</p>
 </th>
@ -73,7 +110,7 @@
 </table>
 </div>
 </div>
-<div class="section" id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818705_section421816517461"><h4 class="sectiontitle">Precautions</h4><ul id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818705_ul18726545014"><li id="en-us_topic_0079620341__en-us_topic_0177310145_li169421533124715">Ensure that your enterprise IdP server and the cloud platform use Greenwich Mean Time (GMT) time in the same time zone.</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li8960128142617">The identity information (such as email address or mobile number) of federated users is stored in the enterprise IdP. Federated users are mapped to the cloud platform as virtual identities, so their access to the cloud platform has the following restrictions:<ul id="en-us_topic_0079620341__en-us_topic_0177310145_ul1330394714915"><li id="en-us_topic_0079620341__en-us_topic_0177310145_li83033473920">Federated users do not need to perform a 2-step verification when performing critical operations even though <a href="iam_07_0002.html#iam_07_0002">critical operation protection</a> (login protection or operation protection) is enabled.</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li17303104718918">Federated users cannot create access keys with unlimited validity, but they can obtain temporary access credentials (access keys and securityTokens) using user or agency tokens.<p id="en-us_topic_0079620341__en-us_topic_0177310145_p8697185421212"><a name="en-us_topic_0079620341__en-us_topic_0177310145_li17303104718918"></a><a name="en-us_topic_0177310145_li17303104718918"></a>If a federated user needs an access key with unlimited validity, the user can contact the account administrator or an IAM user to create one. An access key contains the permissions granted to a user, so it is recommended that the federated user request an IAM user in the same group to create an access key.</p>
+<div class="section" id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818705_section421816517461"><h4 class="sectiontitle">Precautions</h4><ul id="en-us_topic_0079620341__en-us_topic_0177310145_en-us_topic_0175818705_ul18726545014"><li id="en-us_topic_0079620341__en-us_topic_0177310145_li169421533124715">Ensure that your enterprise IdP server and the cloud platform use Greenwich Mean Time (GMT) time in the same time zone.</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li8960128142617">The identity information (such as email address or mobile number) of federated users is stored in the enterprise IdP. Federated users are mapped to the cloud platform as virtual identities, so their access to the cloud platform has the following restrictions:<ul id="en-us_topic_0079620341__en-us_topic_0177310145_ul1330394714915"><li id="en-us_topic_0079620341__en-us_topic_0177310145_li83033473920">Federated users do not need to perform a 2-step verification when performing critical operations even though <a href="iam_01_0029.html#iam_01_0029">critical operation protection</a> (login protection or operation protection) is enabled.</li><li id="en-us_topic_0079620341__en-us_topic_0177310145_li17303104718918">Federated users cannot create access keys with unlimited validity, but they can obtain temporary access credentials (access keys and securityTokens) using user or agency tokens.<p id="en-us_topic_0079620341__en-us_topic_0177310145_p8697185421212"><a name="en-us_topic_0079620341__en-us_topic_0177310145_li17303104718918"></a><a name="en-us_topic_0177310145_li17303104718918"></a>If a federated user needs an access key with unlimited validity, they can contact the account administrator or an IAM user to create one. An access key contains the permissions granted to a user, so it is recommended that the federated user request an IAM user in the same group to create an access key.</p>
 </li></ul>
 </li></ul>
 </div>
--- a/docs/iam/umn/iam_01_0027.html
+++ b/docs/iam/umn/iam_01_0027.html
@ -6,7 +6,7 @@
 <ul class="ullinks">
 <li class="ulchildlink"><strong><a href="iam_01_0034.html">Getting Started with IAM</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="iam_01_0029.html">Creating a Security Administrator</a></strong><br>
+<li class="ulchildlink"><strong><a href="iam_07_0002.html">Creating a Security Administrator</a></strong><br>
 </li>
 <li class="ulchildlink"><strong><a href="iam_01_0030.html">Creating a User Group and Assigning Permissions</a></strong><br>
 </li>
--- a/docs/iam/umn/iam_01_0029.html
+++ b/docs/iam/umn/iam_01_0029.html
--- a/docs/iam/umn/iam_01_0430.html
+++ b/docs/iam/umn/iam_01_0430.html
@ -6,9 +6,9 @@
 <h1 class="topictitle1">Deleting a User Group</h1>
 <div id="body0000001474724360"><div class="section" id="iam_01_0430__en-us_topic_0000001280434532_section73474101524"><h4 class="sectiontitle">Procedure</h4><p id="iam_01_0430__en-us_topic_0000001280434532_p17218137521">To delete a user group, do the following:</p>
 </div>
-<ol id="iam_01_0430__en-us_topic_0000001280434532_ol1771074165311"><li id="iam_01_0430__en-us_topic_0000001280434532_li771064165312"><span>Log in to the . In the navigation pane, choose <strong id="iam_01_0430__en-us_topic_0000001280434532_b1024341736113218">User Groups</strong>.</span></li><li id="iam_01_0430__en-us_topic_0000001280434532_li123855243548"><span>In the user group list, click <strong id="iam_01_0430__en-us_topic_0000001280434532_b98701484424843">Delete</strong> in the row that contains the user group to be deleted.</span></li><li id="iam_01_0430__en-us_topic_0000001280434532_li12439230310"><span>In the displayed dialog box, click <strong id="iam_01_0430__en-us_topic_0000001280434532_b176037717438">Yes</strong>.</span></li></ol>
+<ol id="iam_01_0430__en-us_topic_0000001280434532_ol1771074165311"><li id="iam_01_0430__en-us_topic_0000001280434532_li771064165312"><span>Log in to the IAM console. In the navigation pane, choose <strong id="iam_01_0430__en-us_topic_0000001280434532_b49416816266">User Groups</strong>.</span></li><li id="iam_01_0430__en-us_topic_0000001280434532_li123855243548"><span>In the user group list, click <strong id="iam_01_0430__en-us_topic_0000001280434532_b98701484424843">Delete</strong> in the row that contains the user group to be deleted.</span></li><li id="iam_01_0430__en-us_topic_0000001280434532_li12439230310"><span>In the displayed dialog box, click <strong id="iam_01_0430__en-us_topic_0000001280434532_b176037717438">Yes</strong>.</span></li></ol>
 <div class="section" id="iam_01_0430__en-us_topic_0000001280434532_section2924729124712"><h4 class="sectiontitle">Batch Deleting User Groups</h4><p id="iam_01_0430__en-us_topic_0000001280434532_p1971532144717">To delete multiple user groups at a time, do the following:</p>
-<ol id="iam_01_0430__en-us_topic_0000001280434532_ol15628332641"><li id="iam_01_0430__en-us_topic_0000001280434532_li26285329413"><span>Log in to the . In the navigation pane, choose <strong id="iam_01_0430__en-us_topic_0000001280434532_b1315717581233">User Groups</strong>.</span></li><li id="iam_01_0430__en-us_topic_0000001280434532_li102171242143"><span>In the user group list, select the user groups to be deleted and click <strong id="iam_01_0430__en-us_topic_0000001280434532_b13135859195316">Delete</strong> above the list.</span></li><li id="iam_01_0430__en-us_topic_0000001280434532_li074717495264"><span>In the displayed dialog box, click <strong id="iam_01_0430__en-us_topic_0000001280434532_b183184214543">Yes</strong>.</span></li></ol>
+<ol id="iam_01_0430__en-us_topic_0000001280434532_ol15628332641"><li id="iam_01_0430__en-us_topic_0000001280434532_li26285329413"><span>Log in to the IAM console. In the navigation pane, choose <strong id="iam_01_0430__en-us_topic_0000001280434532_b181723589283">User Groups</strong>.</span></li><li id="iam_01_0430__en-us_topic_0000001280434532_li102171242143"><span>In the user group list, select the user groups to be deleted and click <strong id="iam_01_0430__en-us_topic_0000001280434532_b13135859195316">Delete</strong> above the list.</span></li><li id="iam_01_0430__en-us_topic_0000001280434532_li074717495264"><span>In the displayed dialog box, click <strong id="iam_01_0430__en-us_topic_0000001280434532_b183184214543">Yes</strong>.</span></li></ol>
 </div>
 </div>
 <div>
--- a/docs/iam/umn/iam_06_0004.html
+++ b/docs/iam/umn/iam_06_0004.html
@ -10,7 +10,7 @@
 </li><li id="iam_06_0004__en-us_topic_0175653574_li158086177523">Automatically creating a cloud service agency to use certain resources<p id="iam_06_0004__en-us_topic_0175653574_p12955434175212"><a name="iam_06_0004__en-us_topic_0175653574_li158086177523"></a><a name="en-us_topic_0175653574_li158086177523"></a>The following takes Scalable File Service (SFS) as an example to describe the procedure for automatically creating a cloud service agency:</p>
 <ol type="a" id="iam_06_0004__en-us_topic_0175653574_ol5494624194317"><li id="iam_06_0004__en-us_topic_0175653574_li124941244437">Go to the SFS console.</li><li id="iam_06_0004__en-us_topic_0175653574_li974319910443">On the <strong id="iam_06_0004__en-us_topic_0175653574_b1659811274313">Create File System</strong> page, enable static data encryption.</li><li id="iam_06_0004__en-us_topic_0175653574_li17760343134418">A dialog box is displayed requesting you to confirm the creation of an SFS agency. After you click <strong id="iam_06_0004__en-us_topic_0175653574_b66161733194510">OK</strong>, the system automatically creates an SFS agency with <strong id="iam_06_0004__en-us_topic_0175653574_b38971050102011">KMS CMKFullAccess</strong> permissions for the current project. With the agency, SFS can obtain KMS keys for encrypting or decrypting file systems.</li><li id="iam_06_0004__en-us_topic_0175653574_li97291277468">You can view the agency in the agency list on the IAM console.</li></ol>
 </li></ol>
-<div class="section" id="iam_06_0004__en-us_topic_0175653574_section930952513442"><a name="iam_06_0004__en-us_topic_0175653574_section930952513442"></a><a name="en-us_topic_0175653574_section930952513442"></a><h4 class="sectiontitle">Creating a Cloud Service Agency on the IAM Console</h4><ol id="iam_06_0004__en-us_topic_0175653574_ol49998812"><li id="iam_06_0004__en-us_topic_0175653574_li1780793672315"><span>Log in to the .</span></li><li id="iam_06_0004__en-us_topic_0175653574_li1546779817427"><span>On the IAM console, choose <strong id="iam_06_0004__en-us_topic_0175653574_b1336032311378">Agencies</strong> from the navigation pane, and click <strong id="iam_06_0004__en-us_topic_0175653574_b336472313374">Create Agency</strong>.</span></li><li id="iam_06_0004__en-us_topic_0175653574_li63471691104814"><span>Enter an agency name.</span><p><div class="fignone" id="iam_06_0004__en-us_topic_0175653574_fig103412552617"><span class="figcap"><b>Figure 1 </b>Cloud service agency name</span><br><span><img id="iam_06_0004__en-us_topic_0175653574_image8343551869" src="en-us_image_0000001562896221.png" height="314.795971" width="454.86" title="Click to enlarge" class="imgResize"></span></div>
+<div class="section" id="iam_06_0004__en-us_topic_0175653574_section930952513442"><a name="iam_06_0004__en-us_topic_0175653574_section930952513442"></a><a name="en-us_topic_0175653574_section930952513442"></a><h4 class="sectiontitle">Creating a Cloud Service Agency on the IAM Console</h4><ol id="iam_06_0004__en-us_topic_0175653574_ol49998812"><li id="iam_06_0004__en-us_topic_0175653574_li1780793672315"><span>Log in to the IAM console.</span></li><li id="iam_06_0004__en-us_topic_0175653574_li1546779817427"><span>On the IAM console, choose <strong id="iam_06_0004__en-us_topic_0175653574_b1336032311378">Agencies</strong> from the navigation pane, and click <strong id="iam_06_0004__en-us_topic_0175653574_b336472313374">Create Agency</strong>.</span></li><li id="iam_06_0004__en-us_topic_0175653574_li63471691104814"><span>Enter an agency name.</span><p><div class="fignone" id="iam_06_0004__en-us_topic_0175653574_fig103412552617"><span class="figcap"><b>Figure 1 </b>Cloud service agency name</span><br><span><img id="iam_06_0004__en-us_topic_0175653574_image8343551869" src="en-us_image_0000001562896221.png" height="314.795971" width="454.86" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="iam_06_0004__en-us_topic_0175653574_li4558455145011"><span>Select the <strong id="iam_06_0004__en-us_topic_0175653574_b16137420231">Cloud service</strong> agency type, and then select a service.</span></li><li id="iam_06_0004__en-us_topic_0175653574_li21344527114840"><span>Select a validity period.</span></li><li id="iam_06_0004__en-us_topic_0175653574_li15518122905520"><span>(Optional) Enter a description for the agency to facilitate identification.</span></li><li id="iam_06_0004__en-us_topic_0175653574_li1694181217579"><span>Click <strong id="iam_06_0004__en-us_topic_0175653574_b22361648427">Next</strong>.</span></li><li id="iam_06_0004__en-us_topic_0175653574_li65324613265"><span>Select the permissions to be assigned to the agency, click <strong id="iam_06_0004__en-us_topic_0175653574_b35071599314">Next</strong>, and specify the authorization scope.</span></li><li id="iam_06_0004__en-us_topic_0175653574_li19340339165858"><span>Click <strong id="iam_06_0004__en-us_topic_0175653574_b648018182812">OK</strong>.</span></li></ol>
 </div>
 </div>
--- a/docs/iam/umn/iam_07_0001.html
+++ b/docs/iam/umn/iam_07_0001.html
@ -4,7 +4,7 @@
  
  
 <h1 class="topictitle1">Security Settings Overview</h1>
-<div id="body0000001473812946"><p id="iam_07_0001__en-us_topic_0179264308_p1542553217328">You can configure the account settings, critical operation protection, login authentication policy, password policy, and access control list (ACL) on the <strong id="iam_07_0001__en-us_topic_0179264308_b718918141720">Security Settings</strong> page. For details, see <a href="iam_01_0703.html#iam_01_0703">Basic Information</a>, <a href="iam_07_0002.html#iam_07_0002">Critical Operation Protection</a>, <a href="iam_01_0704.html#iam_01_0704">Login Authentication Policy</a>, <a href="iam_01_0607.html#iam_01_0607">Password Policy</a>, and <a href="iam_07_0003.html#iam_07_0003">ACL</a>. This chapter describes how to access the <strong id="iam_07_0001__en-us_topic_0179264308_b013616592065">Security Settings</strong> page and who is the intended audience.</p>
+<div id="body0000001473812946"><p id="iam_07_0001__en-us_topic_0179264308_p1542553217328">You can configure the account settings, critical operation protection, login authentication policy, password policy, and access control list (ACL) on the <strong id="iam_07_0001__en-us_topic_0179264308_b718918141720">Security Settings</strong> page. For details, see <a href="iam_01_0703.html#iam_01_0703">Basic Information</a>, <a href="iam_01_0029.html#iam_01_0029">Critical Operation Protection</a>, <a href="iam_01_0704.html#iam_01_0704">Login Authentication Policy</a>, <a href="iam_01_0607.html#iam_01_0607">Password Policy</a>, and <a href="iam_07_0003.html#iam_07_0003">ACL</a>. This chapter describes how to access the <strong id="iam_07_0001__en-us_topic_0179264308_b013616592065">Security Settings</strong> page and who is the intended audience.</p>
 <div class="section" id="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_section18538110152210"><h4 class="sectiontitle">Intended Audience</h4><p id="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_p1269135614617"><a href="#iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_table9148216234">Table 1</a> lists the intended audience of different functions provided on the <strong id="iam_07_0001__en-us_topic_0179264308_b12648135995112">Security Settings</strong> page and their access permissions for the functions.</p>

 <div class="tablenoborder"><a name="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_table9148216234"></a><a name="en-us_topic_0179264308_en-us_topic_0179263545_table9148216234"></a><table cellpadding="4" cellspacing="0" summary="" id="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_table9148216234" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Intended audience</caption><thead align="left"><tr id="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_row181582192316"><th align="left" class="cellrowborder" valign="top" width="15.73%" id="mcps1.3.2.3.2.3.1.1"><p id="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_p11511219234">Function</p>
@ -18,7 +18,7 @@
 <td class="cellrowborder" valign="top" width="84.27%" headers="mcps1.3.2.3.2.3.1.2 "><p id="iam_07_0001__en-us_topic_0179264308_p0889132210462">IAM users: Full access</p>
 </td>
 </tr>
-<tr id="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_row915192172319"><td class="cellrowborder" valign="top" width="15.73%" headers="mcps1.3.2.3.2.3.1.1 "><p id="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_p4154219235"><a href="iam_07_0002.html#iam_07_0002">Critical Operations</a></p>
+<tr id="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_row915192172319"><td class="cellrowborder" valign="top" width="15.73%" headers="mcps1.3.2.3.2.3.1.1 "><p id="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_p4154219235"><a href="iam_01_0029.html#iam_01_0029">Critical Operations</a></p>
 </td>
 <td class="cellrowborder" valign="top" width="84.27%" headers="mcps1.3.2.3.2.3.1.2 "><ul id="iam_07_0001__en-us_topic_0179264308_en-us_topic_0179263545_p171582114233"><li id="iam_07_0001__en-us_topic_0179264308_li63781988398"><a href="iam_01_0023.html#iam_01_0023__section1475194083513">Administrator</a>: Full access</li><li id="iam_07_0001__en-us_topic_0179264308_li23782803914">IAM users: No access</li></ul>
 </td>
--- a/docs/iam/umn/iam_07_0002.html
+++ b/docs/iam/umn/iam_07_0002.html
--- a/docs/iam/umn/iam_08_0003.html
+++ b/docs/iam/umn/iam_08_0003.html
@ -5,7 +5,7 @@
 <div class="section" id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_section56174541186"><h4 class="sectiontitle">Prerequisites</h4><p id="iam_08_0003__en-us_topic_0272447057_p851129135213">You have read the documentation of the enterprise IdP or have understood how to use the enterprise IdP. Configurations of different enterprise IdPs differ greatly, so they are not described in this document. For details about how to obtain the enterprise IdP's metadata file and how to upload the metadata file of the cloud platform to the enterprise IdP, see the IdP help documentation.</p>
 </div>
 <div class="section" id="iam_08_0003__en-us_topic_0272447057_section122531649172219"><h4 class="sectiontitle">Establishing a Trust Relationship Between the Enterprise IdP and the Cloud Platform</h4><p id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_p99941747792">The metadata file of the cloud platform needs to be configured in the enterprise IdP to establish a trust relationship between the two systems.</p>
-<ol id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_ol15379454241"><li id="iam_08_0003__en-us_topic_0272447057_li11727843241"><span>Download the metadata file of the cloud platform.</span><p><ul id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0191538776_ul20692706154120"><li id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0191538776_li1647323595216">Web SSO: Visit <a href="https://auth.otc.t-systems.com/authui/saml/metadata.xml" target="_blank" rel="noopener noreferrer">https://auth.otc.t-systems.com/authui/saml/metadata.xml</a>. Right-click on the page, choose <strong id="iam_08_0003__en-us_topic_0272447057_b113934414384">Save As</strong>, and set a file name, for example, <strong id="iam_08_0003__en-us_topic_0272447057_b740184410389">websso-metadata.xml</strong>.</li><li id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0191538776_li3568819154120">SSO via API calling: Visit <a href="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata" target="_blank" rel="noopener noreferrer">https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata</a> or <a href="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata" target="_blank" rel="noopener noreferrer">https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata</a>, right-click on the page, choose <strong id="iam_08_0003__en-us_topic_0272447057_b211013461383">Save As</strong>, and set a file name, for example, <strong id="iam_08_0003__en-us_topic_0272447057_b12111114614387">api-metadata-region.xml</strong>.<p id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0191538776_p14175642154111">The cloud platform provides different API gateways for users in different regions to call APIs. To allow users to access resources in multiple regions, download metadata files of all these regions.</p>
+<ol id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_ol15379454241"><li id="iam_08_0003__en-us_topic_0272447057_li11727843241"><span>Download the metadata file of the cloud platform.</span><p><ul id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0191538776_ul20692706154120"><li id="iam_08_0003__en-us_topic_0272447057_li169321683509">Web SSO: Visit <a href="https://auth.otc.t-systems.com/authui/saml/metadata.xml" target="_blank" rel="noopener noreferrer">https://auth.otc.t-systems.com/authui/saml/metadata.xml</a>, right-click on the page, choose <strong id="iam_08_0003__en-us_topic_0272447057_b193531132125716">Save As</strong>, and set a file name, for example, <strong id="iam_08_0003__en-us_topic_0272447057_b1535323217574">websso-metadata.xml</strong>.</li><li id="iam_08_0003__en-us_topic_0272447057_li17391152055010">SSO via API calling: Visit <a href="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata" target="_blank" rel="noopener noreferrer">https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata</a> or <a href="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata" target="_blank" rel="noopener noreferrer">https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata</a>, right-click on the page, choose <strong id="iam_08_0003__en-us_topic_0272447057_b1611102565911">Save As</strong>, and set a file name, for example, <strong id="iam_08_0003__en-us_topic_0272447057_b51111925185913">api-metadata-region.xml</strong>.<p id="iam_08_0003__en-us_topic_0272447057_p339117208507">The cloud platform provides different API gateways for users in different regions to call APIs. To allow users to access resources in multiple regions, download metadata files of all these regions.</p>
 </li></ul>
 </p></li><li id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_li19378125420417"><span>Upload the metadata file to the enterprise IdP server. For details, see the help documentation of the enterprise IdP.</span></li><li id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_li17371448151420"><span>Obtain the metadata file of the enterprise IdP. For details, see the help documentation of the enterprise IdP.</span></li></ol>
 </div>
@ -45,8 +45,8 @@
 </div>
 </p></li><li id="iam_08_0003__en-us_topic_0272447057_li1680343023216"><span>Click <strong id="iam_08_0003__en-us_topic_0272447057_b679415618112">OK</strong>.</span></li></ol>
 </div>
-<div class="section" id="iam_08_0003__en-us_topic_0272447057_section1245888153813"><h4 class="sectiontitle">Configuring the Metadata File of the Enterprise IdP on the Cloud Platform</h4><p id="iam_08_0003__en-us_topic_0272447057_p1466745753818">Configure the metadata file of the enterprise IdP in the cloud platform. You can upload or manually edit metadata configurations in IAM. For a metadata file larger than 500 KB, manually configure the metadata. If the metadata has been changed, upload the latest metadata file or edit the existing metadata to ensure that the federated users can log in to the cloud platform successfully.</p>
-<div class="note" id="iam_08_0003__en-us_topic_0272447057_note144179481770"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0003__en-us_topic_0272447057_p134181348175">For details about how to obtain the metadata file, see the help documentation of the enterprise IdP.</p>
+<div class="section" id="iam_08_0003__en-us_topic_0272447057_section1245888153813"><h4 class="sectiontitle">Configuring the Metadata File of the Enterprise IdP on the Cloud Platform</h4><p id="iam_08_0003__en-us_topic_0272447057_p1466745753818">To configure the metadata file of the enterprise IdP in the cloud platform, you can upload the metadata file or manually edit metadata on the IAM console. For a metadata file larger than 500 KB, manually configure the metadata. If the metadata has been changed, upload the latest metadata file or edit the existing metadata to ensure that the federated users can log in to the cloud platform successfully.</p>
+<div class="note" id="iam_08_0003__en-us_topic_0272447057_note144179481770"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0003__en-us_topic_0272447057_p134181348175">For details about how to obtain the metadata file of an enterprise IdP, see the help documentation of the enterprise IdP.</p>
 </div></div>
 <div class="p" id="iam_08_0003__en-us_topic_0272447057_p15369104515710"><ul id="iam_08_0003__en-us_topic_0272447057_ul115435233813"><li id="iam_08_0003__en-us_topic_0272447057_li1054318218388"><strong id="iam_08_0003__en-us_topic_0272447057_b37581727201019">Upload a metadata file.</strong><ol id="iam_08_0003__en-us_topic_0272447057_ol1954315220382"><li id="iam_08_0003__en-us_topic_0272447057_li1888833818014">Click <strong id="iam_08_0003__en-us_topic_0272447057_b257918350107">Modify</strong> in the row containing the IdP.<div class="fignone" id="iam_08_0003__en-us_topic_0272447057_fig1958316510810"><span class="figcap"><b>Figure 3 </b>Modifying an IdP</span><br><span><img id="iam_08_0003__en-us_topic_0272447057_image19583115783" src="en-us_image_0000001656458721.png" height="128.44807500000002" width="465.83250000000004" title="Click to enlarge" class="imgResize"></span></div>
 </li><li id="iam_08_0003__en-us_topic_0272447057_li25415213812">Click <strong id="iam_08_0003__en-us_topic_0272447057_b1387718458108">Select File</strong> and select the metadata file of the enterprise IdP.<div class="fignone" id="iam_08_0003__en-us_topic_0272447057_fig9902501887"><span class="figcap"><b>Figure 4 </b>Uploading a metadata file</span><br><span><img id="iam_08_0003__en-us_topic_0272447057_image199019501286" src="en-us_image_0000001606779168.png" height="66.83250000000001" width="523.6875" title="Click to enlarge" class="imgResize"></span></div>
@ -128,7 +128,7 @@
 </div></div>
 </li><li id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_li1227968616821">Modifying an IdP: In the IdP list, click <strong id="iam_08_0003__en-us_topic_0272447057_b63521155131414">Modify</strong> in the row containing the IdP, and then change its status or modify the description, metadata, or identity conversion rules.</li><li id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_li5904713316821">Deleting an IdP: In the IdP list, click <strong id="iam_08_0003__en-us_topic_0272447057_b19497449171710">Delete</strong> in the row containing the IdP, and click <strong id="iam_08_0003__en-us_topic_0272447057_b849817493172">Yes</strong> in the displayed dialog box.</li></ul>
 </div>
-<div class="section" id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_section39638585"><h4 class="sectiontitle">Follow-Up Procedure</h4><ul id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_ul11792191715210"><li id="iam_08_0003__en-us_topic_0272447057_li1256523019563">Configure the enterprise IdP: Configure enterprise IdP parameters to determine what information can be sent to the cloud platform</li><li id="iam_08_0003__en-us_topic_0272447057_li25282052115619">Configuring identity conversion rules: In the <strong id="iam_08_0003__en-us_topic_0272447057_b2811125619190">Identity Conversion Rules</strong> area, configure identity conversion rules to establish a mapping between enterprise users and IAM user groups. In this way, enterprise users can obtain the corresponding permissions in the cloud platform. For details, see <a href="iam_08_0004.html#iam_08_0004">Step 3: Configure Identity Conversion Rules</a>.</li><li id="iam_08_0003__en-us_topic_0272447057_li53241455165615">Verify the federated login: Check whether the enterprise user can log in to the cloud platform through SSO. For details, see <a href="iam_08_0025.html#iam_08_0025">Step 4: Verify the Federated Login</a>.</li></ul>
+<div class="section" id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_section39638585"><h4 class="sectiontitle">Follow-Up Procedure</h4><ul id="iam_08_0003__en-us_topic_0272447057_en-us_topic_0175818704_ul11792191715210"><li id="iam_08_0003__en-us_topic_0272447057_li1256523019563">Configure the enterprise IdP: Configure enterprise IdP parameters to determine what information can be sent to the cloud platform.</li><li id="iam_08_0003__en-us_topic_0272447057_li25282052115619">Configure identity conversion rules: In the <strong id="iam_08_0003__en-us_topic_0272447057_b2811125619190">Identity Conversion Rules</strong> area, configure identity conversion rules to establish a mapping between enterprise users and IAM user groups. In this way, enterprise users can obtain the corresponding permissions in the cloud platform. For details, see <a href="iam_08_0004.html#iam_08_0004">Step 3: Configure Identity Conversion Rules</a>.</li><li id="iam_08_0003__en-us_topic_0272447057_li53241455165615">Verify the federated login: Check whether the enterprise user can log in to the cloud platform through SSO. For details, see <a href="iam_08_0025.html#iam_08_0025">Step 4: Verify the Federated Login</a>.</li></ul>
 </div>
 </div>
 <div>
--- a/docs/iam/umn/iam_08_0004.html
+++ b/docs/iam/umn/iam_08_0004.html
@ -1,14 +1,14 @@
 <a name="iam_08_0004"></a><a name="iam_08_0004"></a>

 <h1 class="topictitle1">Step 3: Configure Identity Conversion Rules</h1>
-<div id="body1598524160363"><p id="iam_08_0004__en-us_topic_0272447058_p1581711464615">After an enterprise IdP user logs in to the cloud platform, the cloud platform authenticates the identity and assigns permissions to the user based on the identity conversion rules. You can customize identity conversion rules based on your service requirements. If you do not configure identity conversion rules, the username of the federated user in the cloud platform is <strong id="iam_08_0004__en-us_topic_0272447058_b12497113518215">FederationUser</strong> by default, and the federated user can only access the cloud platform by default.</p>
+<div id="body1598524160363"><p id="iam_08_0004__en-us_topic_0272447058_p1581711464615">After an enterprise IdP user logs in to the cloud platform, the cloud platform authenticates the identity and assigns permissions to the user based on the identity conversion rules. You can customize identity conversion rules based on your service requirements. If you do not configure identity conversion rules, the username of the federated user on the cloud platform is <strong id="iam_08_0004__en-us_topic_0272447058_b12497113518215">FederationUser</strong> by default, and the federated user can only access the cloud platform by default.</p>
 <p id="iam_08_0004__en-us_topic_0272447058_p18153451373">You can configure the following parameters for federated users:</p>
 <ul id="iam_08_0004__en-us_topic_0272447058_ul186419101875"><li id="iam_08_0004__en-us_topic_0272447058_li1964101013719">Username: Usernames of federated users in the cloud platform.</li><li id="iam_08_0004__en-us_topic_0272447058_li96418101372">User permissions: Permissions assigned to federated users in the cloud platform. You need to map the federated users to IAM user groups. In this way, the federated users can obtain the permissions of the user groups to use cloud resources. Ensure that user groups have been created. For details about how to create a user group, see <a href="en-us_topic_0046611269.html">Creating a User Group and Assigning Permissions</a>.</li></ul>
 <div class="note" id="iam_08_0004__en-us_topic_0272447058_note1948818531918"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="iam_08_0004__en-us_topic_0272447058_ul13451511218"><li id="iam_08_0004__en-us_topic_0272447058_li1945151328">Modifications to identity conversion rules will take effect the next time federated users log in.</li><li id="iam_08_0004__en-us_topic_0272447058_li194511711521">To modify the permissions of a user, modify the permissions of the user group to which the user belongs. Then restart the enterprise IdP for the modifications to take effect.</li></ul>
 </div></div>
 <div class="section" id="iam_08_0004__en-us_topic_0272447058_section52965331"><h4 class="sectiontitle">Prerequisites</h4><ul id="iam_08_0004__en-us_topic_0272447058_ul71351054188"><li id="iam_08_0004__en-us_topic_0272447058_li71351054585">The enterprise administrator has created an account in the cloud platform, and has created user groups and assigned permissions to the group in IAM. For details, see <a href="en-us_topic_0046611269.html">Creating a User Group and Assigning Permissions</a>.</li><li id="iam_08_0004__en-us_topic_0272447058_li11356541486">An IdP has been created in the cloud platform. For details, see <a href="iam_08_0003.html#iam_08_0003">Step 1: Create an IdP Entity</a>.</li></ul>
 </div>
-<div class="section" id="iam_08_0004__en-us_topic_0272447058_en-us_topic_0175818756_section49143529"><h4 class="sectiontitle">Procedure</h4><p id="iam_08_0004__en-us_topic_0272447058_en-us_topic_0175818756_p176995795319">If you configure identity conversion rules by clicking <strong id="iam_08_0004__en-us_topic_0272447058_b59921448112113">Create Rule</strong>, IAM will convert your specified parameters to the JSON format. Alternatively, you can click <strong id="iam_08_0004__en-us_topic_0272447058_b16993134802114">Edit Rule</strong> to directly configure rules in the JSON format. For details, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</p>
+<div class="section" id="iam_08_0004__en-us_topic_0272447058_en-us_topic_0175818756_section49143529"><h4 class="sectiontitle">Procedure</h4><p id="iam_08_0004__en-us_topic_0272447058_en-us_topic_0175818756_p176995795319">If you configure identity conversion rules by clicking <strong id="iam_08_0004__en-us_topic_0272447058_b59921448112113">Create Rule</strong>, IAM will convert your specified parameters to the JSON format. Alternatively, you can click <strong id="iam_08_0004__en-us_topic_0272447058_b16993134802114">Edit Rule</strong> to directly configure rules in JSON format. For details, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</p>
 <ul id="iam_08_0004__en-us_topic_0272447058_ul13542143916305"><li id="iam_08_0004__en-us_topic_0272447058_li0542239143020"><strong id="iam_08_0004__en-us_topic_0272447058_b19399501920">Creating Rules</strong><ol id="iam_08_0004__en-us_topic_0272447058_ol14917184617414"><li id="iam_08_0004__en-us_topic_0272447058_li10914546144114">Log in to the IAM console as the administrator. In the navigation pane, choose <strong id="iam_08_0004__en-us_topic_0272447058_b65190298177">Identity Providers</strong>.</li><li id="iam_08_0004__en-us_topic_0272447058_li8914046174111">In the IdP list, click <strong id="iam_08_0004__en-us_topic_0272447058_b24132712277">Modify</strong> in the row containing the IdP.</li><li id="iam_08_0004__en-us_topic_0272447058_li9917104619415">In the <strong id="iam_08_0004__en-us_topic_0272447058_b8550101092318">Identity Conversion Rules</strong> area, click <strong id="iam_08_0004__en-us_topic_0272447058_b13550181062310">Create Rule</strong>. Then, configure the rules in the <strong id="iam_08_0004__en-us_topic_0272447058_b17550151019231">Create Rule</strong> dialog box.<div class="p" id="iam_08_0004__en-us_topic_0272447058_p1757145612143">
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_08_0004__en-us_topic_0272447058_table14452194925816" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="iam_08_0004__en-us_topic_0272447058_row1545012496582"><th align="left" class="cellrowborder" valign="top" width="14.34%" id="mcps1.3.6.3.1.2.3.4.1.2.4.1.1"><p id="iam_08_0004__en-us_topic_0272447058_p12450249115814">Parameter</p>
 </th>
@ -22,7 +22,7 @@
 </td>
 <td class="cellrowborder" valign="top" width="21.97%" headers="mcps1.3.6.3.1.2.3.4.1.2.4.1.2 "><p id="iam_08_0004__en-us_topic_0272447058_p134501649125817">Username of federated users in the cloud platform.</p>
 </td>
-<td class="cellrowborder" valign="top" width="63.690000000000005%" headers="mcps1.3.6.3.1.2.3.4.1.2.4.1.3 "><p id="iam_08_0004__en-us_topic_0272447058_p1245054915584">To distinguish federated users from users in the cloud platform, it is recommended that you set the username to <strong id="iam_08_0004__en-us_topic_0272447058_b189359132013">FederationUser-IdP</strong><strong id="iam_08_0004__en-us_topic_0272447058_b88931092203"><em id="iam_08_0004__en-us_topic_0272447058_i134501449195818">_</em></strong><strong id="iam_08_0004__en-us_topic_0272447058_b38936919207"><em id="iam_08_0004__en-us_topic_0272447058_i2037451416201">XXX</em></strong>. <em id="iam_08_0004__en-us_topic_0272447058_i515313220243">IdP</em> indicates an IdP name, for example, AD FS and Shibboleth. <em id="iam_08_0004__en-us_topic_0272447058_i115892292416">XXX</em> indicates a custom name.</p>
+<td class="cellrowborder" valign="top" width="63.690000000000005%" headers="mcps1.3.6.3.1.2.3.4.1.2.4.1.3 "><p id="iam_08_0004__en-us_topic_0272447058_p1245054915584">To distinguish federated users from users in the cloud platform, it is recommended that you set the username to <strong id="iam_08_0004__en-us_topic_0272447058_b189359132013">FederationUser-</strong><em id="iam_08_0004__en-us_topic_0272447058_i5731202611253">IdP</em><strong id="iam_08_0004__en-us_topic_0272447058_b88931092203">_</strong><em id="iam_08_0004__en-us_topic_0272447058_i2037451416201">XXX</em>. <em id="iam_08_0004__en-us_topic_0272447058_i515313220243">IdP</em> indicates an IdP name, for example, AD FS or Shibboleth. <em id="iam_08_0004__en-us_topic_0272447058_i115892292416">XXX</em> indicates a custom name.</p>
 <div class="notice" id="iam_08_0004__en-us_topic_0272447058_note0451549125818"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><ul id="iam_08_0004__en-us_topic_0272447058_ul6575826819"><li id="iam_08_0004__en-us_topic_0272447058_li3575326716">The username of each federated user must be unique in the same IdP. Federated users with the same usernames in the same IdP will be mapped to the same IAM user in the cloud platform.</li><li id="iam_08_0004__en-us_topic_0272447058_li257592617112">The username can only contain letters, digits, spaces, hyphens (-), underscores (_), and periods (.). It cannot start with a digit and cannot contain the following special characters: ", \", \\, \n, \r</li></ul>
 </div></div>
 </td>
@ -52,11 +52,11 @@
 <ul id="iam_08_0004__en-us_topic_0272447058_ul19454549185815"><li id="iam_08_0004__en-us_topic_0272447058_li12452164914583">Username: <strong id="iam_08_0004__en-us_topic_0272447058_b19389161810361">FederationUser-IdP_admin</strong></li><li id="iam_08_0004__en-us_topic_0272447058_li1745217491580">User group: <strong id="iam_08_0004__en-us_topic_0272447058_b195941732192619">admin</strong></li><li id="iam_08_0004__en-us_topic_0272447058_li15343144632814">Rule condition: <strong id="iam_08_0004__en-us_topic_0272447058_b20887163320269">_NAMEID_</strong> (attribute), <strong id="iam_08_0004__en-us_topic_0272447058_b108871331267">any_one_of</strong> (condition), and <strong id="iam_08_0004__en-us_topic_0272447058_b17888123318268">000000001</strong> (value).<p id="iam_08_0004__en-us_topic_0272447058_p1775134882815">Only the user with ID 000000001 is mapped to IAM user <strong id="iam_08_0004__en-us_topic_0272447058_b460782242818">FederationUser-IdP_admin</strong> and inherits permissions from the <strong id="iam_08_0004__en-us_topic_0272447058_b16071122102811">admin</strong> user group.</p>
 </li></ul>
 </li><li id="iam_08_0004__en-us_topic_0272447058_li10917134614120">In the <strong id="iam_08_0004__en-us_topic_0272447058_b09511940122610">Create Rule</strong> dialog box, click <strong id="iam_08_0004__en-us_topic_0272447058_b395624072610">OK</strong>.</li><li id="iam_08_0004__en-us_topic_0272447058_li1391784674114">On the <strong id="iam_08_0004__en-us_topic_0272447058_b091914435263">Modify Identity Provider</strong> page, click <strong id="iam_08_0004__en-us_topic_0272447058_b1192424312269">OK</strong>.</li></ol>
-</li><li id="iam_08_0004__en-us_topic_0272447058_li35426395309"><strong id="iam_08_0004__en-us_topic_0272447058_b6716112981020">Editing Rules</strong><ol id="iam_08_0004__en-us_topic_0272447058_ol89973613317"><li id="iam_08_0004__en-us_topic_0272447058_li10640142116317">Log in to the IAM console as the administrator. In the navigation pane, choose <strong id="iam_08_0004__en-us_topic_0272447058_b5486165319252">Identity Providers</strong>.</li><li id="iam_08_0004__en-us_topic_0272447058_li1264512512112">In the IdP list, click <strong id="iam_08_0004__en-us_topic_0272447058_b7866135152617">Modify</strong> in the row containing the IdP.</li><li id="iam_08_0004__en-us_topic_0272447058_li864032110318">In the <strong id="iam_08_0004__en-us_topic_0272447058_b186571622162720">Identity Conversion Rules</strong> area, click <strong id="iam_08_0004__en-us_topic_0272447058_b1466315221272">Edit Rule</strong>. Then configure the rules in the <strong id="iam_08_0004__en-us_topic_0272447058_b966313223273">Edit Rule</strong> dialog box.</li><li id="iam_08_0004__en-us_topic_0272447058_li51481932183314">Edit the identity conversion rules in JSON format. For details, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</li><li id="iam_08_0004__en-us_topic_0272447058_li2042015128518">Click <strong id="iam_08_0004__en-us_topic_0272447058_b3472632172718">Validate</strong> to verify the syntax of the rules.</li><li id="iam_08_0004__en-us_topic_0272447058_li106392307521">If the rule is correct, click <strong id="iam_08_0004__en-us_topic_0272447058_b39441332275">OK</strong> in the <strong id="iam_08_0004__en-us_topic_0272447058_b9945203352714">Edit Rule</strong> dialog box, and click <strong id="iam_08_0004__en-us_topic_0272447058_b1394563322710">OK</strong> on the <strong id="iam_08_0004__en-us_topic_0272447058_b594653372715">Modify Identity Provider</strong> page.<p id="iam_08_0004__en-us_topic_0272447058_p1479113445212">If a message indicating that the JSON file is incomplete is displayed, modify the statements or click <strong id="iam_08_0004__en-us_topic_0272447058_b13464183982711">Cancel</strong> to cancel the modifications.</p>
+</li><li id="iam_08_0004__en-us_topic_0272447058_li35426395309"><strong id="iam_08_0004__en-us_topic_0272447058_b6716112981020">Editing Rules</strong><ol id="iam_08_0004__en-us_topic_0272447058_ol89973613317"><li id="iam_08_0004__en-us_topic_0272447058_li10640142116317">Log in to the IAM console as the administrator. In the navigation pane, choose <strong id="iam_08_0004__en-us_topic_0272447058_b5486165319252">Identity Providers</strong>.</li><li id="iam_08_0004__en-us_topic_0272447058_li1264512512112">In the IdP list, click <strong id="iam_08_0004__en-us_topic_0272447058_b7866135152617">Modify</strong> in the row containing the IdP.</li><li id="iam_08_0004__en-us_topic_0272447058_li864032110318">In the <strong id="iam_08_0004__en-us_topic_0272447058_b186571622162720">Identity Conversion Rules</strong> area, click <strong id="iam_08_0004__en-us_topic_0272447058_b1466315221272">Edit Rule</strong>.</li><li id="iam_08_0004__en-us_topic_0272447058_li51481932183314">Edit the identity conversion rules in JSON format. For details, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</li><li id="iam_08_0004__en-us_topic_0272447058_li2042015128518">Click <strong id="iam_08_0004__en-us_topic_0272447058_b3472632172718">Validate</strong> to verify the syntax of the rules.</li><li id="iam_08_0004__en-us_topic_0272447058_li106392307521">If the rule is correct, click <strong id="iam_08_0004__en-us_topic_0272447058_b39441332275">OK</strong> in the <strong id="iam_08_0004__en-us_topic_0272447058_b9945203352714">Edit Rule</strong> dialog box, and click <strong id="iam_08_0004__en-us_topic_0272447058_b1394563322710">OK</strong> on the <strong id="iam_08_0004__en-us_topic_0272447058_b594653372715">Modify Identity Provider</strong> page.<p id="iam_08_0004__en-us_topic_0272447058_p1479113445212">If a message indicating that the JSON file is incomplete is displayed, modify the statements or click <strong id="iam_08_0004__en-us_topic_0272447058_b13464183982711">Cancel</strong> to cancel the modifications.</p>
 </li></ol>
 </li></ul>
 </div>
-<div class="section" id="iam_08_0004__en-us_topic_0272447058_en-us_topic_0175818756_section4140824420758"><h4 class="sectiontitle">Related Operations</h4><p id="iam_08_0004__en-us_topic_0272447058_p142911642194918">Viewing identity conversion rules: Click <strong id="iam_08_0004__en-us_topic_0272447058_b962816122282">View Rule</strong> on the <strong id="iam_08_0004__en-us_topic_0272447058_b1863313121287">Modify Identity Provider</strong> page. The identity conversion rules are displayed in the JSON format. For details about the JSON format, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</p>
+<div class="section" id="iam_08_0004__en-us_topic_0272447058_en-us_topic_0175818756_section4140824420758"><h4 class="sectiontitle">Related Operations</h4><p id="iam_08_0004__en-us_topic_0272447058_p142911642194918">Viewing identity conversion rules: Click <strong id="iam_08_0004__en-us_topic_0272447058_b962816122282">View Rule</strong> on the <strong id="iam_08_0004__en-us_topic_0272447058_b1863313121287">Modify Identity Provider</strong> page. The identity conversion rules are displayed in JSON format. For details about the JSON format, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</p>
 </div>
 </div>
 <div>
--- a/docs/iam/umn/iam_08_0005.html
+++ b/docs/iam/umn/iam_08_0005.html
@ -1,13 +1,13 @@
 <a name="iam_08_0005"></a><a name="iam_08_0005"></a>

 <h1 class="topictitle1">(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP</h1>
-<div id="body1598524160363"><p id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_p1645381214272">Configure a federated login entry in the enterprise IdP to enable enterprise users use the login link to access the cloud platform.</p>
+<div id="body1598524160363"><p id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_p1645381214272">Configure a federated login entry in the enterprise IdP so that enterprise users can use the login link to access the cloud platform.</p>
 <div class="section" id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_section101261732122720"><h4 class="sectiontitle">Prerequisites</h4><ul id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_ul861722713292"><li id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_li161712712295">An IdP entity has been created on the cloud platform. For details about how to create an IdP entity, see <a href="iam_08_0003.html#iam_08_0003">Step 1: Create an IdP Entity</a>.</li><li id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_li18261122972912">The login entry for logging in to the cloud platform has been configured in the enterprise management system.</li></ul>
 </div>
 <div class="section" id="iam_08_0005__en-us_topic_0272447059_section5458311242"><h4 class="sectiontitle">Procedure</h4><ol id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_ol14850112215417"><li id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_li2195162413293"><span>Log in to the IAM console. In the navigation pane, choose <strong id="iam_08_0005__en-us_topic_0272447059_b968414175411">Identity Providers</strong>.</span></li><li id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_li46555223151553"><span>Click <strong id="iam_08_0005__en-us_topic_0272447059_b1067784145414">View</strong> in the row containing the IdP.</span><p><div class="fignone" id="iam_08_0005__en-us_topic_0272447059_fig92711056131216"><span class="figcap"><b>Figure 1 </b>Viewing IdP details</span><br><span><img id="iam_08_0005__en-us_topic_0272447059_image32716560125" src="en-us_image_0000001607219512.png" height="124.97079" width="463.83750000000003" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_li1967991814556"><span>Copy the login link by clicking <span><img id="iam_08_0005__en-us_topic_0272447059_image1230813175415" src="en-us_image_0000001646367745.png"></span> in the <strong id="iam_08_0005__en-us_topic_0272447059_b123131311547">Login link</strong> row.</span><p><div class="fignone" id="iam_08_0005__en-us_topic_0272447059_fig042712713127"><span class="figcap"><b>Figure 2 </b>Copying the login link</span><br><span><img id="iam_08_0005__en-us_topic_0272447059_image542807171218" src="en-us_image_0000001607259280.png" height="226.40563400000002" width="474.81" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_li15844132155518"><span>Add the following statement to the page file of the enterprise management system:</span><p><pre class="screen" id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_screen64715579">&lt;a href="&lt;<em id="iam_08_0005__en-us_topic_0272447059_i61012056155412">Login link</em>&gt;"&gt; Cloud platform login entry &lt;/a&gt;</pre>
-</p></li><li id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_li1494375833114"><span>Log in to the enterprise management system as an enterprise user, and click the configured login link to access the cloud platform.</span></li></ol>
+</p></li><li id="iam_08_0005__en-us_topic_0272447059_en-us_topic_0176296742_li1494375833114"><span>Log in to the enterprise management system using your enterprise account, and click the configured login link to access the cloud platform.</span></li></ol>
 </div>
 </div>
 <div>
--- a/docs/iam/umn/iam_08_0007.html
+++ b/docs/iam/umn/iam_08_0007.html
@ -1,13 +1,13 @@
 <a name="iam_08_0007"></a><a name="iam_08_0007"></a>

 <h1 class="topictitle1">(Optional) Step 3: Configure Login Link in the Enterprise Management System</h1>
-<div id="body1598524160363"><p id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_p1645381214272">Configure a federated login entry in the enterprise IdP to enable enterprise users use the login link to access the cloud platform.</p>
+<div id="body1598524160363"><p id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_p1645381214272">Configure a federated login entry in the enterprise IdP so that enterprise users can use the login link to access the cloud platform.</p>
 <div class="section" id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_section101261732122720"><h4 class="sectiontitle">Prerequisites</h4><ul id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_ul861722713292"><li id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_li161712712295">An IdP entity has been created on the cloud platform. For details about how to create an IdP entity, see <a href="iam_08_0003.html#iam_08_0003">Step 1: Create an IdP Entity</a>.</li><li id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_li18261122972912">The login entry for logging in to the cloud platform has been configured in the enterprise management system.</li></ul>
 </div>
 <div class="section" id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_section5458311242"><h4 class="sectiontitle">Procedure</h4><ol id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_ol14850112215417"><li id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_li2195162413293"><span>Log in to the IAM console. In the navigation pane, choose <strong id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_b968414175411">Identity Providers</strong>.</span></li><li id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_li46555223151553"><span>Click <strong id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_b1067784145414">View</strong> in the row containing the IdP.</span><p><div class="fignone" id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_fig92711056131216"><span class="figcap"><b>Figure 1 </b>Viewing IdP details</span><br><span><img id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_image32716560125" src="en-us_image_0000001607219512.png" height="124.97079" width="463.83750000000003" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_li1967991814556"><span>Copy the login link by clicking <span><img id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_image1230813175415" src="en-us_image_0000001646367745.png"></span> in the <strong id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_b123131311547">Login link</strong> row.</span><p><div class="fignone" id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_fig042712713127"><span class="figcap"><b>Figure 2 </b>Copying the login link</span><br><span><img id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_image542807171218" src="en-us_image_0000001607259280.png" height="226.40563400000002" width="474.81" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_li15844132155518"><span>Add the following statement to the page file of the enterprise management system:</span><p><pre class="screen" id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_screen64715579">&lt;a href="&lt;<em id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_i61012056155412">Login link</em>&gt;"&gt; Cloud platform login entry &lt;/a&gt;</pre>
-</p></li><li id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_li1494375833114"><span>Log in to the enterprise management system as an enterprise user, and click the configured login link to access the cloud platform.</span></li></ol>
+</p></li><li id="iam_08_0007__en-us_topic_0272487696_en-us_topic_0272447059_en-us_topic_0176296742_li1494375833114"><span>Log in to the enterprise management system using your enterprise account, and click the configured login link to access the cloud platform.</span></li></ol>
 </div>
 </div>
 <div>
--- a/docs/iam/umn/iam_08_0008.html
+++ b/docs/iam/umn/iam_08_0008.html
@ -2,12 +2,12 @@

 <h1 class="topictitle1">Step 2: Configure Identity Conversion Rules</h1>
 <div id="body1598524160363"><p id="iam_08_0008__en-us_topic_0272668140_p41845487216">Federated users are named <strong id="iam_08_0008__en-us_topic_0272668140_b43751964517">FederationUser</strong> by default in the cloud platform. These users can only log in to the cloud platform and they do not have any other permissions. You can configure identity conversion rules on the IAM console to achieve the following:</p>
-<ul id="iam_08_0008__en-us_topic_0272668140_ul418464817219"><li id="iam_08_0008__en-us_topic_0272668140_li11184114802114">Display enterprise management system users with different names in the cloud platform.</li><li id="iam_08_0008__en-us_topic_0272668140_li98061347112212">Assign permissions to enterprise users to use the cloud platform resources by mapping these users to IAM user groups. Ensure that you have created the required user groups. For details, see <a href="en-us_topic_0046611269.html">Creating a User Group and Assigning Permissions</a>.</li></ul>
+<ul id="iam_08_0008__en-us_topic_0272668140_ul418464817219"><li id="iam_08_0008__en-us_topic_0272668140_li11184114802114">Display enterprise users with different names in the cloud platform.</li><li id="iam_08_0008__en-us_topic_0272668140_li98061347112212">Assign permissions to enterprise users to use the cloud platform resources by mapping these users to IAM user groups. Ensure that you have created the required user groups. For details, see <a href="en-us_topic_0046611269.html">Creating a User Group and Assigning Permissions</a>.</li></ul>
 <div class="note" id="iam_08_0008__en-us_topic_0272668140_note1948818531918"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="iam_08_0008__en-us_topic_0272668140_ul13451511218"><li id="iam_08_0008__en-us_topic_0272668140_li1945151328">Modifications to identity conversion rules will take effect only after the federated users log in again.</li><li id="iam_08_0008__en-us_topic_0272668140_li194511711521">To modify the permissions of a user, modify the permissions of the user group to which the user belongs. Then restart the enterprise IdP for the modifications to take effect.</li></ul>
 </div></div>
-<div class="section" id="iam_08_0008__en-us_topic_0272668140_section52965331"><h4 class="sectiontitle">Prerequisites</h4><p id="iam_08_0008__en-us_topic_0272668140_p788583051816">An IdP has been created, and the login link of the IdP is accessible. (For details about how to create and verify an IdP, see <a href="iam_08_0009.html#iam_08_0009">Step 1: Create an IdP Entity</a>.)</p>
+<div class="section" id="iam_08_0008__en-us_topic_0272668140_section52965331"><h4 class="sectiontitle">Prerequisites</h4><p id="iam_08_0008__en-us_topic_0272668140_p788583051816">An IdP entity has been created, and the login link of the IdP is accessible. (For details about how to create and verify an IdP entity, see <a href="iam_08_0009.html#iam_08_0009">Step 1: Create an IdP Entity</a>.)</p>
 </div>
-<div class="section" id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_section49143529"><h4 class="sectiontitle">Procedure</h4><p id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_p176995795319">If you configure identity conversion rules by clicking <strong id="iam_08_0008__en-us_topic_0272668140_b772817219113">Create Rule</strong>, IAM converts the rule parameters to the JSON format. Alternatively, you can click <strong id="iam_08_0008__en-us_topic_0272668140_b1873492111114">Edit Rule</strong> to configure rules in the JSON format. For details, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</p>
+<div class="section" id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_section49143529"><h4 class="sectiontitle">Procedure</h4><p id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_p176995795319">If you configure identity conversion rules by clicking <strong id="iam_08_0008__en-us_topic_0272668140_b772817219113">Create Rule</strong>, IAM converts the rule parameters to the JSON format. Alternatively, you can click <strong id="iam_08_0008__en-us_topic_0272668140_b1873492111114">Edit Rule</strong> to configure rules in JSON format. For details, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</p>
 <ul id="iam_08_0008__en-us_topic_0272668140_ul13542143916305"><li id="iam_08_0008__en-us_topic_0272668140_li0542239143020"><strong id="iam_08_0008__en-us_topic_0272668140_b19495192191220">Creating Rules</strong><ol id="iam_08_0008__en-us_topic_0272668140_ol14917184617414"><li id="iam_08_0008__en-us_topic_0272668140_li10914546144114">Log in to the IAM console as the administrator. In the navigation pane, choose <strong id="iam_08_0008__en-us_topic_0272668140_b1192531511515">Identity Providers</strong>.</li><li id="iam_08_0008__en-us_topic_0272668140_li8914046174111">In the IdP list, click <strong id="iam_08_0008__en-us_topic_0272668140_b083214199510">Modify</strong> in the row containing the IdP.</li><li id="iam_08_0008__en-us_topic_0272668140_li9917104619415">In the <strong id="iam_08_0008__en-us_topic_0272668140_b675592216515">Identity Conversion Rules</strong> area, click <strong id="iam_08_0008__en-us_topic_0272668140_b675520220513">Create Rule</strong>. Then, configure the rules in the <strong id="iam_08_0008__en-us_topic_0272668140_b1756182225120">Create Rule</strong> dialog box.<div class="fignone" id="iam_08_0008__en-us_topic_0272668140_fig119361628122210"><span class="figcap"><b>Figure 1 </b>Setting parameters</span><br><span><img id="iam_08_0008__en-us_topic_0272668140_image29361728102218" src="en-us_image_0289500726.png" height="243.83328900000004" width="465.5" title="Click to enlarge" class="imgResize"></span></div>
 <div class="p" id="iam_08_0008__en-us_topic_0272668140_p693203613205">
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_08_0008__en-us_topic_0272668140_table89316364208" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="iam_08_0008__en-us_topic_0272668140_row2093153612208"><th align="left" class="cellrowborder" valign="top" width="14.34%" id="mcps1.3.5.3.1.2.3.5.1.2.4.1.1"><p id="iam_08_0008__en-us_topic_0272668140_p6931236182020">Parameter</p>
@ -22,7 +22,7 @@
 </td>
 <td class="cellrowborder" valign="top" width="21.97%" headers="mcps1.3.5.3.1.2.3.5.1.2.4.1.2 "><p id="iam_08_0008__en-us_topic_0272668140_p179333616201">Username of federated users in the cloud platform.</p>
 </td>
-<td class="cellrowborder" valign="top" width="63.690000000000005%" headers="mcps1.3.5.3.1.2.3.5.1.2.4.1.3 "><p id="iam_08_0008__en-us_topic_0272668140_p79310365201">To distinguish federated users from users in the cloud platform, it is recommended that you set the username to <strong id="iam_08_0008__en-us_topic_0272668140_b1636563755117">FederationUser-IdP</strong><strong id="iam_08_0008__en-us_topic_0272668140_b536719373514"><em id="iam_08_0008__en-us_topic_0272668140_i6366173715116">_</em></strong><strong id="iam_08_0008__en-us_topic_0272668140_b63681037135117"><em id="iam_08_0008__en-us_topic_0272668140_i2367337145116">XXX</em></strong>. <em id="iam_08_0008__en-us_topic_0272668140_i13427104114516">IdP</em> indicates an IdP name, for example, AD FS and Shibboleth. <em id="iam_08_0008__en-us_topic_0272668140_i8428104145113">XXX</em> indicates a custom name.</p>
+<td class="cellrowborder" valign="top" width="63.690000000000005%" headers="mcps1.3.5.3.1.2.3.5.1.2.4.1.3 "><p id="iam_08_0008__en-us_topic_0272668140_p79310365201">To distinguish federated users from users in the cloud platform, it is recommended that you set the username to <strong id="iam_08_0008__en-us_topic_0272668140_b523071513397">FederationUser-</strong><em id="iam_08_0008__en-us_topic_0272668140_i16232171517391">IdP</em><strong id="iam_08_0008__en-us_topic_0272668140_b18233131593920">_</strong><em id="iam_08_0008__en-us_topic_0272668140_i723411157399">XXX</em>. <em id="iam_08_0008__en-us_topic_0272668140_i13427104114516">IdP</em> indicates an IdP name, for example, AD FS or Shibboleth. <em id="iam_08_0008__en-us_topic_0272668140_i8428104145113">XXX</em> indicates a custom name.</p>
 <div class="notice" id="iam_08_0008__en-us_topic_0272668140_note09317367206"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><ul id="iam_08_0008__en-us_topic_0272668140_ul898419111598"><li id="iam_08_0008__en-us_topic_0272668140_li97371147195916">The username of each federated user must be unique in the same IdP. Federated users with the same usernames in the same IdP will be mapped to the same IAM user in the cloud platform.</li><li id="iam_08_0008__en-us_topic_0272668140_li257592617112">The username can only contain letters, digits, spaces, hyphens (-), underscores (_), and periods (.). It cannot start with a digit and cannot contain the following special characters: ", \", \\, \n, \r</li></ul>
 </div></div>
 </td>
@ -51,16 +51,16 @@
 <ul id="iam_08_0008__en-us_topic_0272668140_ul15501254101813"><li id="iam_08_0008__en-us_topic_0272668140_li12452164914583">Username: <strong id="iam_08_0008__en-us_topic_0272668140_b6658124411279">FederationUser-IdP_admin</strong></li><li id="iam_08_0008__en-us_topic_0272668140_li1745217491580">User group: <strong id="iam_08_0008__en-us_topic_0272668140_b138274233612">admin</strong></li><li id="iam_08_0008__en-us_topic_0272668140_li1550135415185">Rule condition: <strong id="iam_08_0008__en-us_topic_0272668140_b145711451132715">_NAMEID_</strong> (attribute), <strong id="iam_08_0008__en-us_topic_0272668140_b85771851142713">any_one_of</strong> (condition), and <strong id="iam_08_0008__en-us_topic_0272668140_b19577135110274">000000001</strong> (value).<p id="iam_08_0008__en-us_topic_0272668140_p85015431810">Only the user with ID 000000001 is mapped to IAM user <strong id="iam_08_0008__en-us_topic_0272668140_b1811613310543">FederationUser-IdP_admin</strong> and inherits permissions from the <strong id="iam_08_0008__en-us_topic_0272668140_b4117123145411">admin</strong> user group.</p>
 </li></ul>
 </li><li id="iam_08_0008__en-us_topic_0272668140_li10917134614120">In the <strong id="iam_08_0008__en-us_topic_0272668140_b145956236216">Create Rule</strong> dialog box, click <strong id="iam_08_0008__en-us_topic_0272668140_b45951023152112">OK</strong>.</li><li id="iam_08_0008__en-us_topic_0272668140_li1391784674114">On the <strong id="iam_08_0008__en-us_topic_0272668140_b10756152414214">Modify Identity Provider</strong> page, click <strong id="iam_08_0008__en-us_topic_0272668140_b475692416214">OK</strong>.</li></ol>
-</li><li id="iam_08_0008__en-us_topic_0272668140_li35426395309"><strong id="iam_08_0008__en-us_topic_0272668140_b112281550191217">Editing Rules</strong><ol id="iam_08_0008__en-us_topic_0272668140_ol89973613317"><li id="iam_08_0008__en-us_topic_0272668140_li10640142116317">Log in to the IAM console as the administrator. In the navigation pane, choose <strong id="iam_08_0008__en-us_topic_0272668140_b15978311135419">Identity Providers</strong>.</li><li id="iam_08_0008__en-us_topic_0272668140_li04881140121913">In the IdP list, click <strong id="iam_08_0008__en-us_topic_0272668140_b468211512546">Modify</strong> in the row containing the IdP.</li><li id="iam_08_0008__en-us_topic_0272668140_li864032110318">In the <strong id="iam_08_0008__en-us_topic_0272668140_b4312919185415">Identity Conversion Rules</strong> area, click <strong id="iam_08_0008__en-us_topic_0272668140_b731317190543">Edit Rule</strong>. Then configure the rules in the <strong id="iam_08_0008__en-us_topic_0272668140_b17313141913549">Edit Rule</strong> dialog box.</li><li id="iam_08_0008__en-us_topic_0272668140_li51481932183314">Edit the identity conversion rules in JSON format. For details, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</li><li id="iam_08_0008__en-us_topic_0272668140_li2042015128518">Click <strong id="iam_08_0008__en-us_topic_0272668140_b13148133352116">Validate</strong> to verify the syntax of the rules.</li><li id="iam_08_0008__en-us_topic_0272668140_li106392307521">If the rule is correct, click <strong id="iam_08_0008__en-us_topic_0272668140_b18786124215393">OK</strong> in the <strong id="iam_08_0008__en-us_topic_0272668140_b17931942123912">Edit Rule</strong> dialog box, and click <strong id="iam_08_0008__en-us_topic_0272668140_b6793124243910">OK</strong> on the <strong id="iam_08_0008__en-us_topic_0272668140_b77951042103912">Modify Identity Provider</strong> page.<p id="iam_08_0008__en-us_topic_0272668140_p1479113445212">If a message indicating that the JSON file is incomplete is displayed, modify the statements or click <strong id="iam_08_0008__en-us_topic_0272668140_b171911335112116">Cancel</strong> to cancel the modifications.</p>
+</li><li id="iam_08_0008__en-us_topic_0272668140_li35426395309"><strong id="iam_08_0008__en-us_topic_0272668140_b112281550191217">Editing Rules</strong><ol id="iam_08_0008__en-us_topic_0272668140_ol89973613317"><li id="iam_08_0008__en-us_topic_0272668140_li10640142116317">Log in to the IAM console as the administrator. In the navigation pane, choose <strong id="iam_08_0008__en-us_topic_0272668140_b15978311135419">Identity Providers</strong>.</li><li id="iam_08_0008__en-us_topic_0272668140_li04881140121913">In the IdP list, click <strong id="iam_08_0008__en-us_topic_0272668140_b468211512546">Modify</strong> in the row containing the IdP.</li><li id="iam_08_0008__en-us_topic_0272668140_li864032110318">In the <strong id="iam_08_0008__en-us_topic_0272668140_b4312919185415">Identity Conversion Rules</strong> area, click <strong id="iam_08_0008__en-us_topic_0272668140_b731317190543">Edit Rule</strong>.</li><li id="iam_08_0008__en-us_topic_0272668140_li51481932183314">Edit the identity conversion rules in JSON format. For details, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</li><li id="iam_08_0008__en-us_topic_0272668140_li2042015128518">Click <strong id="iam_08_0008__en-us_topic_0272668140_b13148133352116">Validate</strong> to verify the syntax of the rules.</li><li id="iam_08_0008__en-us_topic_0272668140_li106392307521">If the rule is correct, click <strong id="iam_08_0008__en-us_topic_0272668140_b18786124215393">OK</strong> in the <strong id="iam_08_0008__en-us_topic_0272668140_b17931942123912">Edit Rule</strong> dialog box, and click <strong id="iam_08_0008__en-us_topic_0272668140_b6793124243910">OK</strong> on the <strong id="iam_08_0008__en-us_topic_0272668140_b77951042103912">Modify Identity Provider</strong> page.<p id="iam_08_0008__en-us_topic_0272668140_p1479113445212">If a message indicating that the JSON file is incomplete is displayed, modify the statements or click <strong id="iam_08_0008__en-us_topic_0272668140_b171911335112116">Cancel</strong> to cancel the modifications.</p>
 </li></ol>
 </li></ul>
 </div>
 <div class="section" id="iam_08_0008__en-us_topic_0272668140_section10240138122317"><h4 class="sectiontitle">Verifying Federated User Permissions</h4><p id="iam_08_0008__en-us_topic_0272668140_p453563911617">After configuring identity conversion rules, verify the permissions of federated users.</p>
-<ol id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_ol344684114811"><li id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_li986975013551"><span>Log in as a federated user.</span><p><p id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_p21375325518">On the <strong id="iam_08_0008__en-us_topic_0272668140_b6878195285412">Identity Providers</strong> page of the console, click <strong id="iam_08_0008__en-us_topic_0272668140_b58792052175410">View</strong> in the row containing the IdP. Click <span><img id="iam_08_0008__en-us_topic_0272668140_image687975215548" src="en-us_image_0000001646661553.png"></span> to copy the login link displayed in the <strong id="iam_08_0008__en-us_topic_0272668140_b19879165216543">Basic Information</strong> area, open the link using a browser, and then enter the username and password used in the enterprise management system.</p>
-</p></li><li id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_li126633555313"><span>Check that the federated user has the permissions assigned to their user group.</span><p><p id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_p0839596311">For example, an identity conversion rule has defined full permissions for all cloud services for federated user <strong id="iam_08_0008__en-us_topic_0272668140_b1435785559">ID1</strong> in the <strong id="iam_08_0008__en-us_topic_0272668140_b643510814557">admin</strong> user group. On the management console, select a cloud service, and check if you can access the service.</p>
+<ol id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_ol344684114811"><li id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_li986975013551"><span>Log in as a federated user.</span><p><p id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_p21375325518">On the <strong id="iam_08_0008__en-us_topic_0272668140_b6878195285412">Identity Providers</strong> page of the IAM console, click <strong id="iam_08_0008__en-us_topic_0272668140_b58792052175410">View</strong> in the row containing the IdP. Click <span><img id="iam_08_0008__en-us_topic_0272668140_image687975215548" src="en-us_image_0000001646661553.png"></span> to copy the login link displayed in the <strong id="iam_08_0008__en-us_topic_0272668140_b19879165216543">Basic Information</strong> area, open the link using a browser, and then enter the username and password used in the enterprise management system.</p>
+</p></li><li id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_li126633555313"><span>Check that the federated user has the permissions assigned to their user group.</span><p><p id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_p0839596311">For example, configure an identity conversion rule to map federated user <strong id="iam_08_0008__en-us_topic_0272668140_b177171643163918">ID1</strong> to the <strong id="iam_08_0008__en-us_topic_0272668140_b571934311398">admin</strong> user group so that <strong id="iam_08_0008__en-us_topic_0272668140_b1072014314398">ID1</strong> will have full permissions for all cloud services. On the management console, select a cloud service, and check if you can access the service.</p>
 </p></li></ol>
 </div>
-<div class="section" id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_section4140824420758"><h4 class="sectiontitle">Related Operations</h4><p id="iam_08_0008__en-us_topic_0272668140_p142911642194918">Viewing identity conversion rules: Click <strong id="iam_08_0008__en-us_topic_0272668140_b1381544516210">View Rule</strong> on the <strong id="iam_08_0008__en-us_topic_0272668140_b1282016458217">Modify Identity Provider</strong> page. The identity conversion rules are displayed in the JSON format. For details about the JSON format, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</p>
+<div class="section" id="iam_08_0008__en-us_topic_0272668140_en-us_topic_0175818756_section4140824420758"><h4 class="sectiontitle">Related Operations</h4><p id="iam_08_0008__en-us_topic_0272668140_p142911642194918">Viewing identity conversion rules: Click <strong id="iam_08_0008__en-us_topic_0272668140_b1381544516210">View Rule</strong> on the <strong id="iam_08_0008__en-us_topic_0272668140_b1282016458217">Modify Identity Provider</strong> page. The identity conversion rules are displayed in JSON format. For details about the JSON format, see <a href="en-us_topic_0079620340.html">Syntax of Identity Conversion Rules</a>.</p>
 </div>
 </div>
 <div>
--- a/docs/iam/umn/iam_08_0009.html
+++ b/docs/iam/umn/iam_08_0009.html
@ -2,19 +2,19 @@

 <h1 class="topictitle1">Step 1: Create an IdP Entity</h1>
 <div id="body1598524160363"><p id="iam_08_0009__en-us_topic_0272448422_p1981195018257">To establish a trust relationship between an enterprise IdP and the cloud platform, set the user redirect URLs and create OAuth 2.0 credentials in the enterprise IdP. On the IAM console, create an IdP entity and configure authorization information.</p>
-<div class="section" id="iam_08_0009__en-us_topic_0272448422_section4804173815234"><h4 class="sectiontitle">Prerequisites</h4><ul id="iam_08_0009__en-us_topic_0272448422_ul1121752275615"><li id="iam_08_0009__en-us_topic_0272448422_li8181341128">The enterprise administrator has created an account in the cloud platform, and has created user groups and assigned them permissions in IAM. For details, see <a href="en-us_topic_0046611269.html">Creating a User Group and Assigning Permissions</a>. The user groups created in IAM will be mapped to federated users so that the federated users can obtain the permissions of the user groups to use cloud resources.</li><li id="iam_08_0009__en-us_topic_0272448422_li198153013819">The enterprise administrator has read the help documentation of the enterprise IdP or has understood how to use the enterprise IdP. Configurations of different enterprise IdPs differ greatly, so they are not described in this document. For details about how to obtain the enterprise IdP's OAuth 2.0 credentials, see the IdP help documentation.</li></ul>
+<div class="section" id="iam_08_0009__en-us_topic_0272448422_section4804173815234"><h4 class="sectiontitle">Prerequisites</h4><ul id="iam_08_0009__en-us_topic_0272448422_ul1121752275615"><li id="iam_08_0009__en-us_topic_0272448422_li8181341128">The enterprise administrator has created an account in the cloud platform, and has created user groups and assigned them permissions in IAM. For details, see <a href="en-us_topic_0046611269.html">Creating a User Group and Assigning Permissions</a>. The user groups created in IAM will be mapped to federated users so that the federated users can obtain the permissions of the user groups to use cloud resources.</li><li id="iam_08_0009__en-us_topic_0272448422_li198153013819">The enterprise administrator has read the help documentation of the enterprise IdP or has understood how to use the enterprise IdP. Configurations of different enterprise IdPs differ greatly, so they are not described in this document. For details about how to obtain an enterprise IdP's OAuth 2.0 credentials, see the IdP help documentation.</li></ul>
 </div>
 <div class="section" id="iam_08_0009__en-us_topic_0272448422_section81252015115012"><a name="iam_08_0009__en-us_topic_0272448422_section81252015115012"></a><a name="en-us_topic_0272448422_section81252015115012"></a><h4 class="sectiontitle">Creating OAuth 2.0 Credentials in the Enterprise IdP</h4><ol id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_ol15379454241"><li id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_li19378125420417"><span>Set redirect URLs <strong id="iam_08_0009__en-us_topic_0272448422_b8137597507">https://<span id="iam_08_0009__en-us_topic_0272448422_text10120124135111"></span>/authui/oidc/redirect</strong> and <strong id="iam_08_0009__en-us_topic_0272448422_b11142099504">https://<span id="iam_08_0009__en-us_topic_0272448422_text184105445110"></span>/authui/oidc/post</strong> in the enterprise IdP so that users can be redirected to the OpenID Connect IdP in the cloud platform.</span></li><li id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_li17371448151420"><span>Obtain OAuth 2.0 credentials of the enterprise IdP.</span></li></ol>
 </div>
 <div class="section" id="iam_08_0009__en-us_topic_0272448422_section1725417499229"><h4 class="sectiontitle">Creating an IdP Entity on the Cloud Platform</h4><p id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_p14271944725">Create an IdP entity and configure authorization information in IAM to establish a trust relationship between the enterprise IdP and IAM</p>
 <ol id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_ol21644229"><li id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_li7670737"><span>Log in to the IAM console, choose <strong id="iam_08_0009__en-us_topic_0272448422_b19787619364">Identity Providers</strong> from the navigation pane, and click <strong id="iam_08_0009__en-us_topic_0272448422_b119794619363">Create Identity Provider</strong> in the upper right corner.</span><p><div class="fignone" id="iam_08_0009__en-us_topic_0272448422_fig7233641112318"><span class="figcap"><b>Figure 1 </b>Creating an IdP entity</span><br><span><img id="iam_08_0009__en-us_topic_0272448422_image9234144112319" src="en-us_image_0000001656303721.png" height="139.471381" width="460.845" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_li202871146194"><span>Enter an IdP name, select <strong id="iam_08_0009__en-us_topic_0272448422_b9726640112815">OpenID Connect</strong> and <strong id="iam_08_0009__en-us_topic_0272448422_b19635592917">Enabled</strong>, and click <strong id="iam_08_0009__en-us_topic_0272448422_b84626312299">OK</strong>.</span><p><div class="fignone" id="iam_08_0009__en-us_topic_0272448422_fig546833182412"><span class="figcap"><b>Figure 2 </b>Setting IdP parameters</span><br><span><img id="iam_08_0009__en-us_topic_0272448422_image1247113318240" src="en-us_image_0000001606944408.png" width="337.15500000000003" height="308.86789500000003" title="Click to enlarge" class="imgResize"></span></div>
-<div class="note" id="iam_08_0009__en-us_topic_0272448422_note19380426847"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0009__en-us_topic_0272448422_p14380526247">The IdP name must be unique under your account.</p>
+<div class="note" id="iam_08_0009__en-us_topic_0272448422_note19380426847"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0009__en-us_topic_0272448422_p14380526247">The IdP name must be unique under your account. You are advised to use the domain name.</p>
 </div></div>
 </p></li></ol>
 </div>
 <div class="section" id="iam_08_0009__en-us_topic_0272448422_section1245888153813"><h4 class="sectiontitle">Configuring Authorization Information in the Cloud Platform</h4><ol id="iam_08_0009__en-us_topic_0272448422_ol848017521287"><li id="iam_08_0009__en-us_topic_0272448422_li1888833818014"><span>Click <strong id="iam_08_0009__en-us_topic_0272448422_b85280239567">Modify</strong> in the <strong id="iam_08_0009__en-us_topic_0272448422_b10630925155612">Operation</strong> column of the row containing the IdP you want to modify.</span><p><div class="fignone" id="iam_08_0009__en-us_topic_0272448422_fig1803185422516"><span class="figcap"><b>Figure 3 </b>Modifying an IdP</span><br><span><img id="iam_08_0009__en-us_topic_0272448422_image4803145472512" src="en-us_image_0000001656344889.png" height="125.98119100000001" width="464.83500000000004" title="Click to enlarge" class="imgResize"></span></div>
-</p></li><li id="iam_08_0009__en-us_topic_0272448422_li12397151313323"><span>Select an access type.</span><p><div class="fignone" id="iam_08_0009__en-us_topic_0272448422_fig21371746192613"><span class="figcap"><b>Figure 4 </b>Access type description</span><br><span><img id="iam_08_0009__en-us_topic_0272448422_image7137194692613" src="en-us_image_0000001606945160.png" height="98.75250000000001" width="523.6875" title="Click to enlarge" class="imgResize"></span></div>
+</p></li><li id="iam_08_0009__en-us_topic_0272448422_li12397151313323"><span>Select an access type.</span><p><div class="fignone" id="iam_08_0009__en-us_topic_0272448422_fig21371746192613"><span class="figcap"><b>Figure 4 </b>Access type</span><br><span><img id="iam_08_0009__en-us_topic_0272448422_image7137194692613" src="en-us_image_0000001606945160.png" height="98.75250000000001" width="523.6875" title="Click to enlarge" class="imgResize"></span></div>

 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_08_0009__en-us_topic_0272448422_table11994612399" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Access type description</caption><thead align="left"><tr id="iam_08_0009__en-us_topic_0272448422_row899311215915"><th align="left" class="cellrowborder" valign="top" width="30.04%" id="mcps1.3.5.2.2.2.2.2.3.1.1"><p id="iam_08_0009__en-us_topic_0272448422_p2993412799">Access Type</p>
 </th>
@ -46,7 +46,7 @@
 <tbody><tr id="iam_08_0009__en-us_topic_0272448422_row1163553193412"><td class="cellrowborder" valign="top" width="25.1%" headers="mcps1.3.5.2.3.2.1.1.2.3.1.1 "><p id="iam_08_0009__en-us_topic_0272448422_p20634103123416">Identity Provider URL</p>
 </td>
 <td class="cellrowborder" valign="top" width="74.9%" headers="mcps1.3.5.2.3.2.1.1.2.3.1.2 "><p id="iam_08_0009__en-us_topic_0272448422_p775311435398">URL of the OpenID Connect IdP.</p>
-<p id="iam_08_0009__en-us_topic_0272448422_p583295615537">Specify this parameter as the value of <strong id="iam_08_0009__en-us_topic_0272448422_b15533135116115">issuer</strong> in the <strong id="iam_08_0009__en-us_topic_0272448422_b164202361728">Openid-configuration</strong>.</p>
+<p id="iam_08_0009__en-us_topic_0272448422_p583295615537">Set it to the value of <strong id="iam_08_0009__en-us_topic_0272448422_b15533135116115">issuer</strong> in the <strong id="iam_08_0009__en-us_topic_0272448422_b164202361728">Openid-configuration</strong>.</p>
 <div class="note" id="iam_08_0009__en-us_topic_0272448422_note26485591531"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="iam_08_0009__en-us_topic_0272448422_p1540635145919"><strong id="iam_08_0009__en-us_topic_0272448422_b18622381312">Openid-configuration</strong> indicates a URL defined in OpenID Connect, containing configurations of an enterprise IdP. The URL format is <strong id="iam_08_0009__en-us_topic_0272448422_b1075110598441">https://</strong><em id="iam_08_0009__en-us_topic_0272448422_i178701628455">{base URL}</em><strong id="iam_08_0009__en-us_topic_0272448422_b7288145719449">/.well-known/openid-configuration</strong>, where <em id="iam_08_0009__en-us_topic_0272448422_i889718305563">base URL</em> is defined by the enterprise IdP. For example, the <strong id="iam_08_0009__en-us_topic_0272448422_b6629150359">Openid-configuration</strong> of Google is <strong id="iam_08_0009__en-us_topic_0272448422_b84531927620">https://accounts.google.com/.well-known/openid-configuration</strong>.</p>
 </div></div>
 </td>
@ -58,7 +58,7 @@
 </tr>
 <tr id="iam_08_0009__en-us_topic_0272448422_row463512343415"><td class="cellrowborder" valign="top" width="25.1%" headers="mcps1.3.5.2.3.2.1.1.2.3.1.1 "><p id="iam_08_0009__en-us_topic_0272448422_p5635730345">Authorization Endpoint</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.9%" headers="mcps1.3.5.2.3.2.1.1.2.3.1.2 "><p id="iam_08_0009__en-us_topic_0272448422_p102941849174115">Authorization endpoint of the OpenID Connect IdP. Specify this parameter as the value of <strong id="iam_08_0009__en-us_topic_0272448422_b087320610189">authorization_endpoint</strong> in <strong id="iam_08_0009__en-us_topic_0272448422_b14878196121810">Openid-configuration</strong>.</p>
+<td class="cellrowborder" valign="top" width="74.9%" headers="mcps1.3.5.2.3.2.1.1.2.3.1.2 "><p id="iam_08_0009__en-us_topic_0272448422_p102941849174115">Authorization endpoint of the OpenID Connect IdP. Set it to the value of <strong id="iam_08_0009__en-us_topic_0272448422_b087320610189">authorization_endpoint</strong> in <strong id="iam_08_0009__en-us_topic_0272448422_b14878196121810">Openid-configuration</strong>.</p>
 <p id="iam_08_0009__en-us_topic_0272448422_p1044445564410">This parameter is required only if you set <strong id="iam_08_0009__en-us_topic_0272448422_b5888101417425">Access Type</strong> to <strong id="iam_08_0009__en-us_topic_0272448422_b11343152874219">Programmatic access and management console access</strong>.</p>
 </td>
 </tr>
@ -96,7 +96,7 @@
 <div class="section" id="iam_08_0009__en-us_topic_0272448422_section18826752132718"><h4 class="sectiontitle">Verifying the Federated Login</h4><ol id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_ol39932055154412"><li id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_li3667194318261"><span>Click the login link displayed on the IdP details page and check if the login page of the enterprise IdP server is displayed.</span><p><ol type="a" id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_ol1571111571714"><li id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_li1671175717713">On the <strong id="iam_08_0009__en-us_topic_0272448422_b1557192615293">Identity Providers</strong> page, click <strong id="iam_08_0009__en-us_topic_0272448422_b15722193312295">Modify</strong> in the <strong id="iam_08_0009__en-us_topic_0272448422_b1592218352298">Operation</strong> column of the identity provider.</li><li id="iam_08_0009__en-us_topic_0272448422_li841813545417">Copy the login link displayed on the <strong id="iam_08_0009__en-us_topic_0272448422_b05407014504">Modify Identity Provider</strong> page and visit the link using a browser.<div class="fignone" id="iam_08_0009__en-us_topic_0272448422_fig14799955162715"><span class="figcap"><b>Figure 5 </b>Copying the login link</span><br><span><img id="iam_08_0009__en-us_topic_0272448422_image10800155152719" src="en-us_image_0000001656585157.png" height="274.235759" width="460.845" title="Click to enlarge" class="imgResize"></span></div>
 </li><li id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_li13241914283">If the enterprise IdP login page is not displayed, check the configurations of the IdP and the enterprise IdP server.</li></ol>
 </p></li><li id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_li10993125510445"><span>Enter the username and password of a user that was created in the enterprise management system.</span><p><ul id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_ul5993205514416"><li id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_li12993145515449">If the login is successful, add the login link to the enterprise management system.</li><li id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_li599315564412">If the login fails, check the username and password.</li></ul>
-<div class="note" id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_note1176022717104"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_p0761527151014">Federated users only have read permissions for the cloud platform by default. To assign permissions to federated users, configure identity conversion rules for the IdP. For details, see <a href="iam_08_0008.html#iam_08_0008">Step 2: Configure Identity Conversion Rules</a>.</p>
+<div class="note" id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_note1176022717104"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0009__en-us_topic_0272448422_en-us_topic_0175818704_p0761527151014">Federated users can only access the cloud platform by default. To assign permissions to federated users, configure identity conversion rules for the IdP. For details, see <a href="iam_08_0008.html#iam_08_0008">Step 2: Configure Identity Conversion Rules</a>.</p>
 </div></div>
 </p></li></ol>
 </div>
--- a/docs/iam/umn/iam_08_0010.html
+++ b/docs/iam/umn/iam_08_0010.html
@ -6,12 +6,12 @@
 <h1 class="topictitle1">Overview of Virtual User SSO via OpenID Connect</h1>
 <div id="body0000001606409596"><p id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_p184931879469">This section describes how to configure identity federation and how identity federation works.</p>
 <div class="section" id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_section265513151533"><h4 class="sectiontitle">Configuring Identity Federation</h4><p id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_p54841424581">The following describes how to configure your enterprise IdP and the cloud platform to trust each other.</p>
-<ol id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_ol10515154254010"><li id="iam_08_0010__en-us_topic_0272442730_li2295530111220"><a href="iam_08_0009.html#iam_08_0009">Create an IdP entity and establish a trust relationship</a>: Create OAuth 2.0 credentials in the enterprise IdP. In the cloud platform, create an IdP entity and establish a trust relationship between the two systems.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li551564215408"><a href="iam_08_0008.html#iam_08_0008">Configure identity conversion rules</a>: Configure identity conversion rules in the cloud platform to the users, user groups, and permissions in the enterprise IdP to the cloud platform.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li1051634215408"><a href="iam_08_0007.html#iam_08_0007">Configure a login link</a>: Configure a login link to allow enterprise users to be redirected to the cloud platform from your enterprise management system.</li></ol>
+<ol id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_ol10515154254010"><li id="iam_08_0010__en-us_topic_0272442730_li2295530111220"><a href="iam_08_0009.html#iam_08_0009">Create an IdP entity and establish a trust relationship</a>: Create OAuth 2.0 credentials in the enterprise IdP. In the cloud platform, create an IdP entity and establish a trust relationship between the two systems.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li551564215408"><a href="iam_08_0008.html#iam_08_0008">Configure identity conversion rules</a>: Configure identity conversion rules in the cloud platform to map the users, user groups, and permissions in the enterprise IdP to the cloud platform.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li1051634215408"><a href="iam_08_0007.html#iam_08_0007">Configure a federated login entry</a>: Configure the login link in the enterprise IdP to allow enterprise users to be redirected to the cloud platform from your enterprise management system.</li></ol>
 </div>
 <div class="section" id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_section7468191134310"><h4 class="sectiontitle">How Identity Federation Works</h4><p id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_p1535006694447"><a href="#iam_08_0010__en-us_topic_0272442730_fig185551935854">Figure 1</a> shows the identity federation process between an enterprise management system and the cloud platform.</p>
 <div class="fignone" id="iam_08_0010__en-us_topic_0272442730_fig185551935854"><a name="iam_08_0010__en-us_topic_0272442730_fig185551935854"></a><a name="en-us_topic_0272442730_fig185551935854"></a><span class="figcap"><b>Figure 1 </b>How identity federation works</span><br><span><img id="iam_08_0010__en-us_topic_0272442730_image55556357517" src="en-us_image_0000001656576929.png" height="278.5552" width="497.42" title="Click to enlarge" class="imgResize"></span></div>
 <p id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_p4241452064">The process of identity federation is as follows:</p>
-<ol id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_ol12413521862"><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li6241652062">A user opens the login link obtained from the IAM console in the browser. The browser sends an SSO request to the cloud platform.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li192445216615">The cloud platform authenticates the user against the configuration of the enterprise IdP and constructs an OpenID Connect request to the browser.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li82485211618">The browser forwards the OpenID Connect request to the enterprise IdP.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li224165212613">The user enters their username and password on the login page displayed in the enterprise IdP. After the enterprise IdP authenticates the user's identity, it constructs an ID token containing the user information, and sends the ID token to the browser as an OpenID Connect authorization response.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li17241252863">The browser responds and forwards the OpenID Connect response to the cloud platform.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li024752864">The cloud platform parses the ID token in the OpenID Connect response, identifies the IAM user group mapping to the user based on the identity conversion rules, and issues a token to the user.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li17248521767">The user logs in to the cloud platform through SSO.</li></ol>
+<ol id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_ol12413521862"><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li6241652062">A user opens the login link obtained from the IAM console in the browser. The browser sends an SSO request to the cloud platform.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li192445216615">The cloud platform authenticates the user against the configuration of the enterprise IdP and constructs an OpenID Connect request to the browser.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li82485211618">The browser forwards the OpenID Connect request to the enterprise IdP.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li224165212613">The user enters their username and password on the login page displayed in the enterprise IdP. After the enterprise IdP authenticates the user's identity, it constructs an ID token containing the user information, and sends the ID token to the browser as an OpenID Connect authorization response.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li17241252863">The browser responds and forwards the OpenID Connect response to the cloud platform.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li024752864">The cloud platform parses the ID token in the OpenID Connect response, identifies the IAM user group mapping to the user based on the identity conversion rules, and issues a token to the user.</li><li id="iam_08_0010__en-us_topic_0272442730_en-us_topic_0175818705_li17248521767">The SSO login is successful.</li></ol>
 </div>
 </div>
 <div>
--- a/docs/iam/umn/iam_08_0021.html
+++ b/docs/iam/umn/iam_08_0021.html
@ -11,7 +11,7 @@
 <div class="fignone" id="iam_08_0021__en-us_topic_0177310146_fig749002619349"><span class="figcap"><b>Figure 1 </b>Configuration of virtual user SSO via SAML</span><br><span><img id="iam_08_0021__en-us_topic_0177310146_image11490182673420" src="en-us_image_0000001655985477.png" height="346.69309499999997" width="432.915" title="Click to enlarge" class="imgResize"></span></div>
 <ol id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_ol10515154254010"><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li56079251376"><a href="iam_08_0003.html#iam_08_0003">Create an IdP entity and establish a trust relationship</a>: Create an IdP entity for your enterprise on the cloud platform. Then, upload the cloud platform metadata file to the enterprise IdP, and upload the metadata file of the enterprise IdP to the cloud platform.<div class="fignone" id="iam_08_0021__en-us_topic_0177310146_fig2013615363397"><span class="figcap"><b>Figure 2 </b>Exchanging metadata files</span><br><span><img id="iam_08_0021__en-us_topic_0177310146_image213643614398" src="en-us_image_0000001607193154.png" height="95.69416500000001" width="497.42" title="Click to enlarge" class="imgResize"></span></div>
 </li><li id="iam_08_0021__en-us_topic_0177310146_li18175627307"><a href="iam_08_0252.html#iam_08_0252">Configure the enterprise IdP</a>: Configure enterprise IdP parameters to determine what information can be sent to the cloud platform.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li551564215408"><a href="iam_08_0004.html#iam_08_0004">Configure identity conversion rules</a>: Configure identity conversion rules to determine the IdP user identities and permissions on the cloud platform.<div class="fignone" id="iam_08_0021__en-us_topic_0177310146_fig13338133811437"><span class="figcap"><b>Figure 3 </b>Mapping external identities to virtual users</span><br><span><img id="iam_08_0021__en-us_topic_0177310146_image163385388436" src="en-us_image_0000001606753690.png" height="406.98" width="465.5" title="Click to enlarge" class="imgResize"></span></div>
-</li><li id="iam_08_0021__en-us_topic_0177310146_li10874195814303"><a href="iam_08_0025.html#iam_08_0025">Verify the federated login</a>: Check whether the enterprise user can log in to the cloud platform through SSO.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li1051634215408"><a href="iam_08_0005.html#iam_08_0005">(Optional) Configure a login link</a>: Configure a login link (see <a href="#iam_08_0021__en-us_topic_0177310146_fig183392056164512">Figure 4</a>) to allow enterprise users to be redirected to the cloud platform from your enterprise management system.<div class="fignone" id="iam_08_0021__en-us_topic_0177310146_fig183392056164512"><a name="iam_08_0021__en-us_topic_0177310146_fig183392056164512"></a><a name="en-us_topic_0177310146_fig183392056164512"></a><span class="figcap"><b>Figure 4 </b>SSO login model</span><br><span><img id="iam_08_0021__en-us_topic_0177310146_image11339256184519" src="en-us_image_0000001655953453.png" height="173.786711" width="465.5" title="Click to enlarge" class="imgResize"></span></div>
+</li><li id="iam_08_0021__en-us_topic_0177310146_li10874195814303"><a href="iam_08_0025.html#iam_08_0025">Verify the federated login</a>: Check whether the enterprise user can log in to the cloud platform through SSO.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li1051634215408"><a href="iam_08_0005.html#iam_08_0005">(Optional) Configure a federated login entry</a>: Configure the login link (see <a href="#iam_08_0021__en-us_topic_0177310146_fig183392056164512">Figure 4</a>) in the enterprise IdP to allow enterprise users to be redirected to the cloud platform from your enterprise management system.<div class="fignone" id="iam_08_0021__en-us_topic_0177310146_fig183392056164512"><a name="iam_08_0021__en-us_topic_0177310146_fig183392056164512"></a><a name="en-us_topic_0177310146_fig183392056164512"></a><span class="figcap"><b>Figure 4 </b>SSO login model</span><br><span><img id="iam_08_0021__en-us_topic_0177310146_image11339256184519" src="en-us_image_0000001655953453.png" height="173.786711" width="465.5" title="Click to enlarge" class="imgResize"></span></div>
 </li></ol>
 </div>
 <div class="section" id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_section7468191134310"><h4 class="sectiontitle">How Identity Federation Works</h4><p id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_p1535006694447"><a href="#iam_08_0021__en-us_topic_0177310146_fig286918566460">Figure 5</a> shows the identity federation process between an enterprise management system and the cloud platform.</p>
@ -19,7 +19,7 @@
 <div class="note" id="iam_08_0021__en-us_topic_0177310146_note18223194432810"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0021__en-us_topic_0177310146_p1722414417281">To view interactive requests and assertions with a better experience, you are advised to use Google Chrome and install SAML Message Decoder.</p>
 </div></div>
 <p id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_p4241452064">As shown in <a href="#iam_08_0021__en-us_topic_0177310146_fig286918566460">Figure 5</a>, the process of identity federation is as follows:</p>
-<ol id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_ol12413521862"><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li6241652062">A user opens the login link generated after the IdP creation in the browser. The browser sends an SSO request to the cloud platform.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li192445216615">The cloud platform authenticates the user against the metadata file of the enterprise IdP and constructs a SAML request to the browser.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li82485211618">The browser forwards the SAML request to the enterprise IdP.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li224165212613">The user enters their username and password on the login page. After the enterprise IdP authenticates the user's identity, it constructs a SAML assertion containing the user details and sends the assertion to the browser as a SAML response.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li17241252863">The browser responds and forwards the SAML response to the cloud platform.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li024752864">The cloud platform parses the assertion in the SAML response, identifies the IAM user group mapping to the user based on the identity conversion rules, and issues a token to the user.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li17248521767">The user logs in to the cloud platform through SSO.<div class="note" id="iam_08_0021__en-us_topic_0177310146_note42497541153940"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0021__en-us_topic_0177310146_p46933554153940">The assertion must carry a signature; otherwise, the login will fail.</p>
+<ol id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_ol12413521862"><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li6241652062">A user opens the login link generated after the IdP creation in the browser. The browser sends an SSO request to the cloud platform.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li192445216615">The cloud platform authenticates the user against the metadata file of the enterprise IdP and constructs a SAML request to the browser.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li82485211618">The browser forwards the SAML request to the enterprise IdP.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li224165212613">The user enters their username and password on the login page. After the enterprise IdP authenticates the user's identity, it constructs a SAML assertion containing the user details and sends the assertion to the browser as a SAML response.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li17241252863">The browser responds and forwards the SAML response to the cloud platform.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li024752864">The cloud platform parses the assertion in the SAML response, identifies the IAM user group mapping to the user based on the identity conversion rules, and issues a token to the user.</li><li id="iam_08_0021__en-us_topic_0177310146_en-us_topic_0175818705_li17248521767">The SSO login is successful.<div class="note" id="iam_08_0021__en-us_topic_0177310146_note42497541153940"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0021__en-us_topic_0177310146_p46933554153940">The assertion must carry a signature; otherwise, the login will fail.</p>
 </div></div>
 </li></ol>
 </div>
--- a/docs/iam/umn/iam_08_0025.html
+++ b/docs/iam/umn/iam_08_0025.html
@ -7,14 +7,14 @@
 <div id="body0000001606409592"><div class="section" id="iam_08_0025__en-us_topic_0000001341816564_section143010173447"><h4 class="sectiontitle">Verifying the Federated Login</h4><p id="iam_08_0025__en-us_topic_0000001341816564_p950772734410">Federated users can initiate a login from the IdP or SP.</p>
 <ul id="iam_08_0025__en-us_topic_0000001341816564_ul191511348134613"><li id="iam_08_0025__en-us_topic_0000001341816564_li1115124816463">Initiating a login from an IdP, for example, Microsoft Active Directory Federation Services (AD FS) or Shibboleth.</li><li id="iam_08_0025__en-us_topic_0000001341816564_li41511488463">Initiating a login from the SP. You can obtain the login link from the IdP details page on the IAM console.</li></ul>
 <p id="iam_08_0025__en-us_topic_0000001341816564_p211611213719">The IdP-initiated login method depends on the IdP. For details, see the IdP help documentation. This section describes how to initiate a login from the SP.</p>
-<ol id="iam_08_0025__en-us_topic_0000001341816564_en-us_topic_0175818756_ol344684114811"><li id="iam_08_0025__en-us_topic_0000001341816564_en-us_topic_0175818756_li986975013551"><span>Log in as a federated user.</span><p><p id="iam_08_0025__en-us_topic_0000001341816564_en-us_topic_0175818756_p21375325518">On the <strong id="iam_08_0025__en-us_topic_0000001341816564_b1585114139437">Identity Providers</strong> page of the console, click <strong id="iam_08_0025__en-us_topic_0000001341816564_b1385201384319">View</strong> in the row containing the IdP. Click <span><img id="iam_08_0025__en-us_topic_0000001341816564_image1397715241545" src="en-us_image_0000001646287137.png"></span> to copy the login link displayed in the <strong id="iam_08_0025__en-us_topic_0000001341816564_b11852171374311">Basic Information</strong> area, open the link using a browser, and then enter the username and password used in the enterprise management system.</p>
+<ol id="iam_08_0025__en-us_topic_0000001341816564_en-us_topic_0175818756_ol344684114811"><li id="iam_08_0025__en-us_topic_0000001341816564_en-us_topic_0175818756_li986975013551"><span>Log in as a federated user.</span><p><p id="iam_08_0025__en-us_topic_0000001341816564_en-us_topic_0175818756_p21375325518">On the <strong id="iam_08_0025__en-us_topic_0000001341816564_b1585114139437">Identity Providers</strong> page of the IAM console, click <strong id="iam_08_0025__en-us_topic_0000001341816564_b1385201384319">View</strong> in the row containing the IdP. Click <span><img id="iam_08_0025__en-us_topic_0000001341816564_image1397715241545" src="en-us_image_0000001646287137.png"></span> to copy the login link displayed in the <strong id="iam_08_0025__en-us_topic_0000001341816564_b11852171374311">Basic Information</strong> area, open the link using a browser, and then enter the username and password used in the enterprise management system.</p>
 <p id="iam_08_0025__en-us_topic_0000001341816564_p16773195212449"></p>
 <div class="fignone" id="iam_08_0025__en-us_topic_0000001341816564_fig83872031101110"><span class="figcap"><b>Figure 1 </b>Login link</span><br><span><img id="iam_08_0025__en-us_topic_0000001341816564_image638863141114" src="en-us_image_0000001656459361.png" height="249.375" width="523.6875" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="iam_08_0025__en-us_topic_0000001341816564_en-us_topic_0175818756_li126633555313"><span>Check that the federated user has the permissions assigned to their user group.</span></li></ol>
 </div>
 <div class="section" id="iam_08_0025__en-us_topic_0000001341816564_section44718251444"><h4 class="sectiontitle">Redirecting to a Specified Region or Service</h4><p id="iam_08_0025__en-us_topic_0000001341816564_p156004526483">You can specify the target page which the federated user will be redirected to after login.</p>
 <ul id="iam_08_0025__en-us_topic_0000001341816564_ul7248170174219"><li id="iam_08_0025__en-us_topic_0000001341816564_li1224814018427">Configuring the login link on the SP<p id="iam_08_0025__en-us_topic_0000001341816564_p20113627425"><a name="iam_08_0025__en-us_topic_0000001341816564_li1224814018427"></a><a name="en-us_topic_0000001341816564_li1224814018427"></a>Combine the login link obtained from the console with the specified URL using the format <strong id="iam_08_0025__en-us_topic_0000001341816564_b3637510174513">Login link&amp;service=Specified URL</strong>. </p>
-</li><li id="iam_08_0025__en-us_topic_0000001341816564_li1924814017422">Configuring the login link on the IdP<p id="iam_08_0025__en-us_topic_0000001341816564_p989304184217"><a name="iam_08_0025__en-us_topic_0000001341816564_li1924814017422"></a><a name="en-us_topic_0000001341816564_li1924814017422"></a>Configure the IAM_SAML_Attributes_redirect_url assertion (the URL to be redirected to) in the SAML assertion of the enterprise IdP.</p>
+</li><li id="iam_08_0025__en-us_topic_0000001341816564_li1924814017422">Configuring the login link on the IdP<p id="iam_08_0025__en-us_topic_0000001341816564_p989304184217"><a name="iam_08_0025__en-us_topic_0000001341816564_li1924814017422"></a><a name="en-us_topic_0000001341816564_li1924814017422"></a>Configure <strong id="iam_08_0025__en-us_topic_0000001341816564_b1616918115327">IAM_SAML_Attributes_redirect_url</strong> (the URL to be redirected to) in the SAML assertion of the enterprise IdP.</p>
 </li></ul>
 </div>
 </div>
--- a/docs/iam/umn/iam_08_0251.html
+++ b/docs/iam/umn/iam_08_0251.html
@ -7,12 +7,12 @@
 <div id="body0000001655289845"><p id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_p1599210272818">IAM supports two SSO types: virtual user SSO and IAM user SSO. This section describes the two SSO types and their differences, helping you to choose an appropriate type for your business.</p>
 <div class="section" id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_section46321629152813"><h4 class="sectiontitle">Virtual User SSO</h4><p id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_p12915113462810">After a federated user logs in to the cloud platform, the system automatically creates a virtual user and assigns permissions to the user based on identity conversion rules. Virtual user SSO is recommended if:</p>
 </div>
-<ul id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_ul2948454191319"><li id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_li7948165412137">To reduce management costs, you do not want to create and manage IAM users on the cloud platform.</li><li id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_li794885414133">You want to separate permissions on the cloud platform based on the user groups or attributes in your local enterprise IdP. Permission changes in the local enterprise IdP can be synchronized to the cloud platform by adjusting the user groups or attributes locally.</li><li id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_li69481654151319">Your enterprise has branches and each branch has multiple enterprise IdPs. These IdPs need to access the same cloud account. You need to configure multiple IdPs in the cloud platform for identity federation.</li></ul>
+<ul id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_ul2948454191319"><li id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_li7948165412137">To reduce management costs, you do not want to create and manage IAM users on the cloud platform.</li><li id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_li794885414133">You want to assign permissions for cloud resources based on the user groups or attributes in your local enterprise IdP. Permission changes in the local enterprise IdP can be synchronized to the cloud platform by adjusting the user groups or attributes locally.</li><li id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_li69481654151319">Your enterprise has branches and may require multiple enterprise IdPs. These IdPs need to access the same cloud account. You need to configure multiple IdPs in the cloud platform for identity federation.</li></ul>
 <div class="section" id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_section20484333132820"><h4 class="sectiontitle">IAM User SSO</h4><p id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_p866943619289">After a federated user logs in to the cloud platform, the system automatically maps the external identity ID to an IAM user so that the federated user has the permissions of the mapped IAM user. IAM user SSO is recommended if:</p>
 </div>
-<ul id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_ul1561713415148"><li id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_li1161815481410">Your cloud products do not support virtual user SSO.</li><li id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_li861810481419">You do not need virtual user SSO and want to simplify the IdP configuration.</li></ul>
-<div class="section" id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_section14352239133210"><h4 class="sectiontitle">Differences Between Virtual User SSO and IAM User SSO</h4><p id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_p1735418575561">They differences between virtual user SSO and IAM user SSO are described as follows:</p>
-<p id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_p62381449185814">1. Identity conversion mode: Virtual user SSO uses <a href="en-us_topic_0079620340.html">identity conversion rules</a> to convert the identities of IdP users and IAM users. IAM user SSO uses the external identity ID for identity conversion. The <strong id="iam_08_0251__en-us_topic_0000001596495670_b36314016268">IAM_SAML_Attributes_xUserId</strong> value of the IdP user is the same as the <a href="en-us_topic_0046661675.html#en-us_topic_0046661675__li13713193419317">external identity ID</a> of the IAM user. The IdP user is mapped to the corresponding IAM user. When you use IAM user SSO, make sure that you have set <strong id="iam_08_0251__en-us_topic_0000001596495670_b108699579326">IAM_SAML_Attributes_xUserId</strong> in the IdP and <strong id="iam_08_0251__en-us_topic_0000001596495670_b317912733513">External Identity ID</strong> in the SP to the same value.</p>
+<ul id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_ul1561713415148"><li id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_li1161815481410">The cloud products you use do not support virtual user SSO.</li><li id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_li861810481419">You do not need virtual user SSO and want to simplify the IdP configuration.</li></ul>
+<div class="section" id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_section14352239133210"><h4 class="sectiontitle">Differences Between Virtual User SSO and IAM User SSO</h4><p id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_p1735418575561">The differences between virtual user SSO and IAM user SSO are described as follows:</p>
+<p id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_p62381449185814">1. Identity conversion: Virtual user SSO uses <a href="en-us_topic_0079620340.html">identity conversion rules</a> while IAM user SSO uses external identity IDs for identity conversion. An IdP user will be mapped to an IAM user if the <strong id="iam_08_0251__en-us_topic_0000001596495670_b36314016268">IAM_SAML_Attributes_xUserId</strong> value of the IdP user is the same as the <a href="en-us_topic_0046661675.html#en-us_topic_0046661675__li13713193419317">external identity ID</a> of the IAM user. When you use IAM user SSO, make sure that you have set <strong id="iam_08_0251__en-us_topic_0000001596495670_b108699579326">IAM_SAML_Attributes_xUserId</strong> in the IdP and <strong id="iam_08_0251__en-us_topic_0000001596495670_b317912733513">External Identity ID</strong> in the SP to the same value.</p>
 <p id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_p122669181306">2. User identity in IAM: In virtual user SSO, the IdP user does not have a corresponding IAM user in the IAM user list. After the IdP user logs in, the system automatically creates a virtual user for it. In IAM user SSO, the IdP user has a IAM user mapped by external identity ID on the IAM console.</p>
 <p id="iam_08_0251__en-us_topic_0000001596495670_en-us_topic_0000001366328288_p07651651141917">3. Permissions assignment in IAM: In virtual user SSO, the permissions of the IdP user are defined by the identity conversion rule. In IAM user SSO, the IdP user inherits the permissions of the user group which the mapped IAM user belongs to.</p>
 </div>
--- a/docs/iam/umn/iam_08_0252.html
+++ b/docs/iam/umn/iam_08_0252.html
@ -5,8 +5,8 @@
  
 <h1 class="topictitle1">Step 2: Configure the Enterprise IdP</h1>
 <div id="body0000001606569592"><p id="iam_08_0252__en-us_topic_0000001596673494_p18188191113236">You can configure parameters in the enterprise IdP to determine what information will be sent to the cloud platform. The cloud platform authenticates the federated identity and assigns permissions based on the received information and identity conversion rules.</p>
-<div class="section" id="iam_08_0252__en-us_topic_0000001596673494_section195921435154912"><h4 class="sectiontitle">Common parameters in enterprise IdP</h4>
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_08_0252__en-us_topic_0000001596673494_table1283845814915" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Common parameters in enterprise IdP</caption><thead align="left"><tr id="iam_08_0252__en-us_topic_0000001596673494_row15839658104912"><th align="left" class="cellrowborder" valign="top" width="17.37%" id="mcps1.3.2.2.2.4.1.1"><p id="iam_08_0252__en-us_topic_0000001596673494_p6839165864916">Parameter</p>
+<div class="section" id="iam_08_0252__en-us_topic_0000001596673494_section195921435154912"><h4 class="sectiontitle">Common Parameters in an Enterprise IdP</h4>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_08_0252__en-us_topic_0000001596673494_table1283845814915" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Common parameters in an enterprise IdP</caption><thead align="left"><tr id="iam_08_0252__en-us_topic_0000001596673494_row15839658104912"><th align="left" class="cellrowborder" valign="top" width="17.37%" id="mcps1.3.2.2.2.4.1.1"><p id="iam_08_0252__en-us_topic_0000001596673494_p6839165864916">Parameter</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="34.839999999999996%" id="mcps1.3.2.2.2.4.1.2"><p id="iam_08_0252__en-us_topic_0000001596673494_p10839135874916">Description</p>
 </th>
@ -23,7 +23,7 @@
 </tr>
 <tr id="iam_08_0252__en-us_topic_0000001596673494_row1483985824913"><td class="cellrowborder" valign="top" width="17.37%" headers="mcps1.3.2.2.2.4.1.1 "><p id="iam_08_0252__en-us_topic_0000001596673494_p135931089916">IAM_SAML_Attributes_xUserId</p>
 </td>
-<td class="cellrowborder" valign="top" width="34.839999999999996%" headers="mcps1.3.2.2.2.4.1.2 "><p id="iam_08_0252__en-us_topic_0000001596673494_p05931584911">ID of an enterprise IdP user (federated user).</p>
+<td class="cellrowborder" valign="top" width="34.839999999999996%" headers="mcps1.3.2.2.2.4.1.2 "><p id="iam_08_0252__en-us_topic_0000001596673494_p05931584911">ID of an enterprise IdP user (federated user)</p>
 </td>
 <td class="cellrowborder" valign="top" width="47.79%" headers="mcps1.3.2.2.2.4.1.3 "><p id="iam_08_0252__en-us_topic_0000001596673494_p1465181194520">This parameter is mandatory when the SSO type is IAM user.</p>
 <p id="iam_08_0252__en-us_topic_0000001596673494_p1559311810913">Each federated user is mapped to an IAM user. The <strong id="iam_08_0252__en-us_topic_0000001596673494_b112255463712">IAM_SAML_Attributes_xUserId</strong> of the federated user is the same as the external identity ID of the corresponding IAM user.</p>
--- a/docs/iam/umn/iam_08_0254.html
+++ b/docs/iam/umn/iam_08_0254.html
@ -12,14 +12,14 @@
 <div class="fignone" id="iam_08_0254__en-us_topic_0000001596515266_fig19114227456"><span class="figcap"><b>Figure 1 </b>Configuration of IAM user SSO via SAML</span><br><span><img id="iam_08_0254__en-us_topic_0000001596515266_image6911172219455" src="en-us_image_0000001656073017.png" height="418.95000000000005" width="523.6875" title="Click to enlarge" class="imgResize"></span></div>
 <ol id="iam_08_0254__en-us_topic_0000001596515266_ol153618184118"><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_en-us_topic_0175818705_li56079251376"><a href="iam_08_0255.html#iam_08_0255">Create an IdP entity and establish a trust relationship</a>: Create an IdP entity for your enterprise on the cloud platform. Then, upload the cloud platform metadata file to the enterprise IdP, and upload the metadata file of the enterprise IdP to the cloud platform.<div class="fignone" id="iam_08_0254__en-us_topic_0000001596515266_fig2013615363397"><span class="figcap"><b>Figure 2 </b>Exchanging metadata files</span><br><span><img id="iam_08_0254__en-us_topic_0000001596515266_image213643614398" src="en-us_image_0000001656337241.png" height="95.69416500000001" width="497.42" title="Click to enlarge" class="imgResize"></span></div>
 </li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_li1721291115188"><a href="iam_08_0256.html#iam_08_0256">Configure the enterprise IdP</a>: Configure enterprise IdP parameters to determine what information can be sent to the cloud platform.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_en-us_topic_0175818705_li551564215408"><a href="iam_08_0257.html#iam_08_0257">Configure an external identity ID on IAM</a>: Establish a mapping between an IAM user and an enterprise user. When your enterprise IdP establishes SSO access to the cloud platform, the enterprise user can log in to the cloud platform as the IAM user with the specified external identity ID. For example, if an enterprise user <strong id="iam_08_0254__en-us_topic_0000001596515266_b88213504584">IdP_Test_User</strong> is mapped to the IAM user <strong id="iam_08_0254__en-us_topic_0000001596515266_b9801727593">Alice</strong>, the enterprise user <strong id="iam_08_0254__en-us_topic_0000001596515266_b15324014155914">IdP_Test_User</strong> will log in to the cloud platform as the IAM user <strong id="iam_08_0254__en-us_topic_0000001596515266_b38401135125918">Alice</strong>.<div class="fignone" id="iam_08_0254__en-us_topic_0000001596515266_fig13338133811437"><span class="figcap"><b>Figure 3 </b>Mapping external identities to IAM users</span><br><span><img id="iam_08_0254__en-us_topic_0000001596515266_image163385388436" src="en-us_image_0000001607216988.png" height="406.98" width="465.5" title="Click to enlarge" class="imgResize"></span></div>
-</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_li777015161321"><a href="iam_08_0258.html#iam_08_0258">Verify the federated login</a>: Check whether the enterprise user can log in to the cloud platform through SSO.</li><li id="iam_08_0254__en-us_topic_0000001596515266_li14361164113"><a href="iam_08_0259.html#iam_08_0259">(Optional) Configure a login link</a>: Configure a login link (see <a href="#iam_08_0254__en-us_topic_0000001596515266_fig183392056164512">Figure 4</a>) to allow enterprise users to be redirected to the cloud platform from your enterprise management system.<div class="fignone" id="iam_08_0254__en-us_topic_0000001596515266_fig183392056164512"><a name="iam_08_0254__en-us_topic_0000001596515266_fig183392056164512"></a><a name="en-us_topic_0000001596515266_fig183392056164512"></a><span class="figcap"><b>Figure 4 </b>SSO login model</span><br><span><img id="iam_08_0254__en-us_topic_0000001596515266_image11339256184519" src="en-us_image_0000001607256960.png" height="173.786711" width="465.5" title="Click to enlarge" class="imgResize"></span></div>
+</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_li777015161321"><a href="iam_08_0258.html#iam_08_0258">Verify the federated login</a>: Check whether the enterprise user can log in to the cloud platform through SSO.</li><li id="iam_08_0254__en-us_topic_0000001596515266_li14361164113"><a href="iam_08_0259.html#iam_08_0259">(Optional) Configure a federated login entry</a>: Configure the login link (see <a href="#iam_08_0254__en-us_topic_0000001596515266_fig183392056164512">Figure 4</a>) in the enterprise IdP to allow enterprise users to be redirected to the cloud platform from your enterprise management system.<div class="fignone" id="iam_08_0254__en-us_topic_0000001596515266_fig183392056164512"><a name="iam_08_0254__en-us_topic_0000001596515266_fig183392056164512"></a><a name="en-us_topic_0000001596515266_fig183392056164512"></a><span class="figcap"><b>Figure 4 </b>SSO login model</span><br><span><img id="iam_08_0254__en-us_topic_0000001596515266_image11339256184519" src="en-us_image_0000001607256960.png" height="173.786711" width="465.5" title="Click to enlarge" class="imgResize"></span></div>
 </li></ol>
 </div>
 <div class="section" id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_en-us_topic_0175818705_section7468191134310"><h4 class="sectiontitle">How Identity Federation Works</h4><p id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_en-us_topic_0175818705_p1535006694447"><a href="#iam_08_0254__en-us_topic_0000001596515266_fig286918566460">Figure 5</a> shows the identity federation process between an enterprise management system and the cloud platform.</p>
 <div class="fignone" id="iam_08_0254__en-us_topic_0000001596515266_fig286918566460"><a name="iam_08_0254__en-us_topic_0000001596515266_fig286918566460"></a><a name="en-us_topic_0000001596515266_fig286918566460"></a><span class="figcap"><b>Figure 5 </b>How identity federation works</span><br><span><img id="iam_08_0254__en-us_topic_0000001596515266_image13869185674616" src="en-us_image_0000001606937268.png" width="465.5" height="234.138121" title="Click to enlarge" class="imgResize"></span></div>
 <div class="note" id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_note18223194432810"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_p1722414417281">To view interactive requests and assertions with a better experience, you are advised to use Google Chrome and install SAML Message Decoder.</p>
 </div></div>
-<div class="p" id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_en-us_topic_0175818705_p4241452064">As shown in <a href="#iam_08_0254__en-us_topic_0000001596515266_fig286918566460">Figure 5</a>, the process of identity federation is as follows:<ol id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_ol12413521862"><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li6241652062">A user opens the login link generated after the IdP creation in the browser. The browser sends an SSO request to the cloud platform.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li192445216615">The cloud platform authenticates the user against the metadata file of the enterprise IdP and constructs a SAML request to the browser.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li82485211618">The browser forwards the SAML request to the enterprise IdP.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li224165212613">The user enters their username and password on the login page. After the enterprise IdP authenticates the user's identity, it constructs a SAML assertion containing the user details and sends the assertion to the browser as a SAML response.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li17241252863">The browser responds and forwards the SAML response to the cloud platform.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li024752864">The cloud platform parses the assertion in the SAML response, identifies the IAM user group mapping to the user based on the identity conversion rules, and issues a token to the user.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li17248521767">The user logs in to the cloud platform through SSO.</li></ol>
+<div class="p" id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_en-us_topic_0175818705_p4241452064">As shown in <a href="#iam_08_0254__en-us_topic_0000001596515266_fig286918566460">Figure 5</a>, the process of identity federation is as follows:<ol id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_ol12413521862"><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li6241652062">A user opens the login link generated after the IdP creation in the browser. The browser sends an SSO request to the cloud platform.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li192445216615">The cloud platform authenticates the user against the metadata file of the enterprise IdP and constructs a SAML request to the browser.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li82485211618">The browser forwards the SAML request to the enterprise IdP.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li224165212613">The user enters their username and password on the login page. After the enterprise IdP authenticates the user's identity, it constructs a SAML assertion containing the user details and sends the assertion to the browser as a SAML response.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li17241252863">The browser responds and forwards the SAML response to the cloud platform.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li024752864">The cloud platform parses the assertion in the SAML response, identifies the IAM user group mapping to the user based on the identity conversion rules, and issues a token to the user.</li><li id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0175818705_li17248521767">The SSO login is successful.</li></ol>
 <div class="note" id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_note42497541153940"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0254__en-us_topic_0000001596515266_en-us_topic_0000001426325501_p46933554153940">The assertion must carry a signature; otherwise, the login will fail.</p>
 </div></div>
 </div>
--- a/docs/iam/umn/iam_08_0255.html
+++ b/docs/iam/umn/iam_08_0255.html
@ -6,7 +6,7 @@
 <h1 class="topictitle1">Step 1: Create an IdP Entity</h1>
 <div id="body0000001606249864"><p id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_en-us_topic_0175818704_p69242055193319">To establish a trust relationship between an enterprise IdP and the cloud platform, upload the metadata file of the cloud platform to the enterprise IdP, and then create an IdP entity and upload the metadata file of the enterprise IdP on the IAM console.</p>
 <div class="section" id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_section1925983310117"><h4 class="sectiontitle">Establishing a Trust Relationship Between the Enterprise IdP and the Cloud Platform</h4><p id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_en-us_topic_0175818704_p99941747792">Configure the metadata file of the cloud platform on the enterprise IdP to establish a trust. </p>
-<ol id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_en-us_topic_0175818704_ol15379454241"><li id="iam_08_0255__en-us_topic_0000001596833222_li11727843241"><span>Download the metadata file of the cloud platform.</span><p><ul id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0191538776_ul20692706154120"><li id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0191538776_li1647323595216">Web SSO: Visit <a href="https://auth.otc.t-systems.com/authui/saml/metadata.xml" target="_blank" rel="noopener noreferrer">https://auth.otc.t-systems.com/authui/saml/metadata.xml</a>. Right-click on the page, choose <strong id="iam_08_0255__en-us_topic_0000001596833222_b1150317412173">Save As</strong>, and set a file name, for example, <strong id="iam_08_0255__en-us_topic_0000001596833222_b10503104201715">websso-metadata.xml</strong>.</li><li id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0191538776_li3568819154120">SSO via API calling: Visit <a href="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata" target="_blank" rel="noopener noreferrer">https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata</a> or <a href="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata" target="_blank" rel="noopener noreferrer">https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata</a>, right-click on the page, choose <strong id="iam_08_0255__en-us_topic_0000001596833222_b194041717171718">Save As</strong>, and set a file name, for example, <strong id="iam_08_0255__en-us_topic_0000001596833222_b18404121751712">api-metadata-region.xml</strong>.<p id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0191538776_p14175642154111">The cloud platform provides different API gateways for users in different regions to call APIs. To allow users to access resources in multiple regions, download metadata files of all these regions.</p>
+<ol id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_en-us_topic_0175818704_ol15379454241"><li id="iam_08_0255__en-us_topic_0000001596833222_li11727843241"><span>Download the metadata file of the cloud platform.</span><p><ul id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0191538776_ul20692706154120"><li id="iam_08_0255__en-us_topic_0000001596833222_li169321683509">Web SSO: Visit <a href="https://auth.otc.t-systems.com/authui/saml/metadata.xml" target="_blank" rel="noopener noreferrer">https://auth.otc.t-systems.com/authui/saml/metadata.xml</a>, right-click on the page, choose <strong id="iam_08_0255__en-us_topic_0000001596833222_b51568201419">Save As</strong>, and set a file name, for example, <strong id="iam_08_0255__en-us_topic_0000001596833222_b1015682012118">websso-metadata.xml</strong>.</li><li id="iam_08_0255__en-us_topic_0000001596833222_li17391152055010">SSO via API calling: Visit <a href="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata" target="_blank" rel="noopener noreferrer">https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata</a> or <a href="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata" target="_blank" rel="noopener noreferrer">https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/metadata</a>, right-click on the page, choose <strong id="iam_08_0255__en-us_topic_0000001596833222_b1426152212114">Save As</strong>, and set a file name, for example, <strong id="iam_08_0255__en-us_topic_0000001596833222_b19261202214111">api-metadata-region.xml</strong>.<p id="iam_08_0255__en-us_topic_0000001596833222_p339117208507">The cloud platform provides different API gateways for users in different regions to call APIs. To allow users to access resources in multiple regions, download metadata files of all these regions.</p>
 </li></ul>
 </p></li><li id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_en-us_topic_0175818704_li19378125420417"><span>Upload the metadata file to the enterprise IdP server. For details, see the help documentation of the enterprise IdP.</span></li><li id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_en-us_topic_0175818704_li17371448151420"><span>Obtain the metadata file of the enterprise IdP. For details, see the help documentation of the enterprise IdP.</span></li></ol>
 </div>
@ -33,7 +33,7 @@
 <tr id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_row0360417131519"><td class="cellrowborder" valign="top" width="16.79%" headers="mcps1.3.3.3.2.2.2.2.3.1.1 "><p id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_p63602173158">SSO Type</p>
 </td>
 <td class="cellrowborder" valign="top" width="83.21%" headers="mcps1.3.3.3.2.2.2.2.3.1.2 "><p id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_p636091719158">IdP type. An account can have only one type of IdP. The following describes the IAM user type.</p>
-<p id="iam_08_0255__en-us_topic_0000001596833222_p6943181674610">IAM user SSO: After a federated user logs in to the cloud platform, the system automatically maps the <a href="en-us_topic_0046661675.html#en-us_topic_0046661675__li13713193419317">external identity ID</a> to an IAM user so that the federated user has the permissions of the mapped IAM user. An account can have only one IdP of the IAM user type. If you select the IAM user type, ensure that you have created an IAM user and set the external identity ID. For details, see <a href="en-us_topic_0046611303.html">Creating an IAM User</a>.</p>
+<p id="iam_08_0255__en-us_topic_0000001596833222_p6943181674610">IAM user SSO: After a federated user logs in to the cloud platform, the system automatically maps the <a href="en-us_topic_0046661675.html#en-us_topic_0046661675__li13713193419317">external identity ID</a> to an IAM user so that the federated user has the permissions of the mapped IAM user. An account can have only one IdP of the IAM user type. If you select the IAM user SSO, ensure that you have created an IAM user and set the external identity ID. For details, see <a href="en-us_topic_0046611303.html">Creating a User</a>.</p>
 </td>
 </tr>
 <tr id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_row2360141714155"><td class="cellrowborder" valign="top" width="16.79%" headers="mcps1.3.3.3.2.2.2.2.3.1.1 "><p id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_p73602177155">Status</p>
@ -46,8 +46,8 @@
 </div>
 </p></li><li id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_li1680343023216"><span>Click <strong id="iam_08_0255__en-us_topic_0000001596833222_b33997520442314">OK</strong>.</span></li></ol>
 </div>
-<div class="section" id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_section1245888153813"><h4 class="sectiontitle">Configuring the Metadata File of the Enterprise IdP on the Cloud Platform</h4><p id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_p1466745753818">You can upload or manually edit metadata on the IAM console. For a metadata file larger than 500 KB, manually configure the metadata. If the metadata has been changed, upload the latest metadata file or edit the existing metadata to ensure that the federated users can log in to the cloud platform successfully.</p>
-<div class="note" id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_note144179481770"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_p134181348175">For details about how to obtain the metadata file of the enterprise IdP, see the help documentation of the enterprise IdP.</p>
+<div class="section" id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_section1245888153813"><h4 class="sectiontitle">Configuring the Metadata File of the Enterprise IdP on the Cloud Platform</h4><p id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_p1466745753818">You can upload the metadata file or manually edit metadata on the IAM console. For a metadata file larger than 500 KB, manually configure the metadata. If the metadata has been changed, upload the latest metadata file or edit the existing metadata to ensure that the federated users can log in to the cloud platform successfully.</p>
+<div class="note" id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_note144179481770"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_p134181348175">For details about how to obtain the metadata file of an enterprise IdP, see the help documentation of the enterprise IdP.</p>
 </div></div>
 <div class="p" id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_p15369104515710"><ul id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_ul115435233813"><li id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_li1054318218388"><strong id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_b95401226383">Upload a metadata file.</strong><ol id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_ol1954315220382"><li id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_li1888833818014">Click <strong id="iam_08_0255__en-us_topic_0000001596833222_b58929569442314">Modify</strong> in the row containing the IdP.<div class="fignone" id="iam_08_0255__en-us_topic_0000001596833222_fig5567155319169"><span class="figcap"><b>Figure 3 </b>Modifying an IdP</span><br><span><img id="iam_08_0255__en-us_topic_0000001596833222_image856785381610" src="en-us_image_0000001606781176.png" height="129.510346" width="463.83750000000003" title="Click to enlarge" class="imgResize"></span></div>
 </li><li id="iam_08_0255__en-us_topic_0000001596833222_en-us_topic_0000001375874998_li25415213812">Click <strong id="iam_08_0255__en-us_topic_0000001596833222_b91698411142314">Select File</strong> and select the metadata file of the enterprise IdP.<div class="fignone" id="iam_08_0255__en-us_topic_0000001596833222_fig134491417151711"><span class="figcap"><b>Figure 4 </b>Uploading a metadata file</span><br><span><img id="iam_08_0255__en-us_topic_0000001596833222_image20450181781710" src="en-us_image_0000001656580725.png" height="58.616026000000005" width="457.8525" title="Click to enlarge" class="imgResize"></span></div>
--- a/docs/iam/umn/iam_08_0256.html
+++ b/docs/iam/umn/iam_08_0256.html
@ -7,8 +7,8 @@
 <div id="body0000001655449785"><p id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_p18188191113236">You can configure parameters in the enterprise IdP to determine what information will be sent to the cloud platform. The cloud platform authenticates the federated identity and assigns permissions based on the received information.</p>
 <div class="note" id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_note436445245910"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_p4364175235913">If the SSO type is IAM user, the enterprise IdP must have the <strong id="iam_08_0256__en-us_topic_0000001646353397_b232218143113">IAM_SAML_Attributes_xUserId</strong> assertion configured.</p>
 </div></div>
-<div class="section" id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_section195921435154912"><h4 class="sectiontitle">Common Parameters in Enterprise IdP</h4>
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_table1283845814915" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Common parameters in enterprise IdP</caption><thead align="left"><tr id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_row15839658104912"><th align="left" class="cellrowborder" valign="top" width="17.37%" id="mcps1.3.3.2.2.4.1.1"><p id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_p6839165864916">Parameter</p>
+<div class="section" id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_section195921435154912"><h4 class="sectiontitle">Common Parameters in an Enterprise IdP</h4>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_table1283845814915" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Common parameters in an enterprise IdP</caption><thead align="left"><tr id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_row15839658104912"><th align="left" class="cellrowborder" valign="top" width="17.37%" id="mcps1.3.3.2.2.4.1.1"><p id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_p6839165864916">Parameter</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="34.839999999999996%" id="mcps1.3.3.2.2.4.1.2"><p id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_p10839135874916">Description</p>
 </th>
@ -18,7 +18,7 @@
 </thead>
 <tbody><tr id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_row7326151520553"><td class="cellrowborder" valign="top" width="17.37%" headers="mcps1.3.3.2.2.4.1.1 "><p id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_p135931089916">IAM_SAML_Attributes_xUserId</p>
 </td>
-<td class="cellrowborder" valign="top" width="34.839999999999996%" headers="mcps1.3.3.2.2.4.1.2 "><p id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_p05931584911">ID of an enterprise IdP user (federated user).</p>
+<td class="cellrowborder" valign="top" width="34.839999999999996%" headers="mcps1.3.3.2.2.4.1.2 "><p id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_p05931584911">ID of an enterprise IdP user (federated user)</p>
 </td>
 <td class="cellrowborder" valign="top" width="47.79%" headers="mcps1.3.3.2.2.4.1.3 "><p id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_p1465181194520">This parameter is mandatory when the SSO type is IAM user.</p>
 <p id="iam_08_0256__en-us_topic_0000001646353397_en-us_topic_0000001378199566_p1559311810913">Each federated user is mapped to an IAM user. The <strong id="iam_08_0256__en-us_topic_0000001646353397_b20109155155316">IAM_SAML_Attributes_xUserId</strong> of the federated user is the same as the external identity ID of the corresponding IAM user.</p>
--- a/docs/iam/umn/iam_08_0258.html
+++ b/docs/iam/umn/iam_08_0258.html
@ -7,14 +7,14 @@
 <div id="body0000001655609549"><div class="section" id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_section129881927122613"><h4 class="sectiontitle">Verifying the Federated Login</h4><p id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_p950772734410">Federated users can initiate a login from the IdP or SP.</p>
 <ul id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_ul191511348134613"><li id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_li1115124816463">Initiating a login from an IdP, for example, Microsoft Active Directory Federation Services (AD FS) or Shibboleth.</li><li id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_li41511488463">Initiating a login from the SP (<span id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_text915415911210">the cloud platform</span>). You can obtain the login link from the IdP details page on the IAM console.</li></ul>
 <p id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_p211611213719">The IdP-initiated login method depends on the IdP. For details, see the IdP help documentation. This section describes how to initiate a login from the SP.</p>
-<ol id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_en-us_topic_0175818756_ol344684114811"><li id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_en-us_topic_0175818756_li986975013551"><span>Log in as a federated user.</span><p><p id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_en-us_topic_0175818756_p21375325518">On the <strong id="iam_08_0258__en-us_topic_0000001646033977_b2058933644236">Identity Providers</strong> page of the console, click <strong id="iam_08_0258__en-us_topic_0000001646033977_b3860433884236">View</strong> in the row containing the IdP. Click <span><img id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_image91456015514" src="en-us_image_0000001646293253.png"></span> to copy the login link displayed in the <strong id="iam_08_0258__en-us_topic_0000001646033977_b157866963911">Basic Information</strong> area, open the link using a browser, and then enter the username and password used in the enterprise management system.</p>
+<ol id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_en-us_topic_0175818756_ol344684114811"><li id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_en-us_topic_0175818756_li986975013551"><span>Log in as a federated user.</span><p><p id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_en-us_topic_0175818756_p21375325518">On the <strong id="iam_08_0258__en-us_topic_0000001646033977_b2058933644236">Identity Providers</strong> page of the IAM console, click <strong id="iam_08_0258__en-us_topic_0000001646033977_b3860433884236">View</strong> in the row containing the IdP. Click <span><img id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_image91456015514" src="en-us_image_0000001646293253.png"></span> to copy the login link displayed in the <strong id="iam_08_0258__en-us_topic_0000001646033977_b157866963911">Basic Information</strong> area, open the link using a browser, and then enter the username and password used in the enterprise management system.</p>
 <p id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_p16773195212449"></p>
 <div class="fignone" id="iam_08_0258__en-us_topic_0000001646033977_fig334124915213"><span class="figcap"><b>Figure 1 </b>Login link</span><br><span><img id="iam_08_0258__en-us_topic_0000001646033977_image1834154902117" src="en-us_image_0000001656582221.png" height="188.5275" width="523.6875" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_en-us_topic_0175818756_li126633555313"><span>Check whether the federated user is logging in as an IAM user.</span></li></ol>
 </div>
 <div class="section" id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_section44718251444"><h4 class="sectiontitle">Redirecting to a Specified Region or Service</h4><p id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_p156004526483">You can specify the target page which the federated user will be redirected to after login.</p>
 <ul id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_ul7248170174219"><li id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_li1224814018427">Configuring the login link on the SP<p id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_p20113627425"><a name="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_li1224814018427"></a><a name="en-us_topic_0000001646033977_en-us_topic_0000001378678690_li1224814018427"></a>Combine the login link obtained from the console with the specified URL using the format <strong id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_b16339131474015">Login link&amp;service=Specified URL</strong>. </p>
-</li><li id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_li1924814017422">Configuring the login link on the IdP<p id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_p989304184217"><a name="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_li1924814017422"></a><a name="en-us_topic_0000001646033977_en-us_topic_0000001378678690_li1924814017422"></a>Configure the IAM_SAML_Attributes_redirect_url assertion (the URL to be redirected to) in the SAML assertion of the enterprise IdP.</p>
+</li><li id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_li1924814017422">Configuring the login link on the IdP<p id="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_p989304184217"><a name="iam_08_0258__en-us_topic_0000001646033977_en-us_topic_0000001378678690_li1924814017422"></a><a name="en-us_topic_0000001646033977_en-us_topic_0000001378678690_li1924814017422"></a>Configure <strong id="iam_08_0258__en-us_topic_0000001646033977_b157621545134015">IAM_SAML_Attributes_redirect_url</strong> (the URL to be redirected to) in the SAML assertion of the enterprise IdP.</p>
 </li></ul>
 </div>
 </div>
--- a/docs/iam/umn/iam_08_0259.html
+++ b/docs/iam/umn/iam_08_0259.html
@ -4,13 +4,13 @@
  
  
 <h1 class="topictitle1">(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP</h1>
-<div id="body0000001606569596"><p id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_p1645381214272">Configure a federated login entry in the enterprise IdP to enable enterprise users use the login link to access the cloud platform.</p>
+<div id="body0000001606569596"><p id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_p1645381214272">Configure a federated login entry in the enterprise IdP so that enterprise users can use the login link to access the cloud platform.</p>
 <div class="section" id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_section101261732122720"><h4 class="sectiontitle">Prerequisites</h4><ul id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_ul861722713292"><li id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_li161712712295">An IdP entity has been created on the cloud platform, and the login link for the IdP is available. For details, see <a href="iam_08_0255.html#iam_08_0255">Step 1: Create an IdP Entity</a>.</li><li id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_li18261122972912">The login entry for logging in to the cloud platform has been configured in the enterprise management system.</li></ul>
 </div>
 <div class="section" id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_section122251194213"><h4 class="sectiontitle">Procedure</h4><ol id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_ol14850112215417"><li id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_li2195162413293"><span>Log in to the IAM console. In the navigation pane, choose <strong id="iam_08_0259__en-us_topic_0000001646170669_b1545920199494">Identity Providers</strong>.</span></li><li id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_li46555223151553"><span>Click <strong id="iam_08_0259__en-us_topic_0000001646170669_b7524212542258">View</strong> in the row containing the IdP.</span><p><div class="fignone" id="iam_08_0259__en-us_topic_0000001646170669_fig45131610152318"><span class="figcap"><b>Figure 1 </b>Viewing IdP details</span><br><span><img id="iam_08_0259__en-us_topic_0000001646170669_image1451391017239" src="en-us_image_0000001656303477.png" height="131.47555400000002" width="465.83250000000004" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_li1967991814556"><span>Copy the login link by clicking <span><img id="iam_08_0259__en-us_topic_0000001646170669_image91456015514" src="en-us_image_0000001646542753.png"></span> in the <strong id="iam_08_0259__en-us_topic_0000001646170669_b8414932195516">Login link</strong> row.</span><p><div class="fignone" id="iam_08_0259__en-us_topic_0000001646170669_fig69418234228"><span class="figcap"><b>Figure 2 </b>Copying the login link</span><br><span><img id="iam_08_0259__en-us_topic_0000001646170669_image694523202212" src="en-us_image_0000001606783928.png" height="188.5275" width="523.6875" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_li15844132155518"><span>Add the following statement to the page file of the enterprise management system:</span><p><pre class="screen" id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_screen64715579">&lt;a href="&lt;<em id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_i111454131956">Login link</em>&gt;"&gt; Cloud platform login entry &lt;/a&gt;</pre>
-</p></li><li id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_li1494375833114"><span>Log in to the enterprise management system as an enterprise user, and click the configured login link to access the cloud platform.</span></li></ol>
+</p></li><li id="iam_08_0259__en-us_topic_0000001646170669_en-us_topic_0000001428678529_en-us_topic_0176296742_li1494375833114"><span>Log in to the enterprise management system using your enterprise account, and click the configured login link to access the cloud platform.</span></li></ol>
 </div>
 </div>
 <div>