Corrections: SSO pages

Web/Controls/Help/Server/ControlPanel/ConfigureOneLogin/ConfigureOneLogin.ascx

@@ -5,7 +5,7 @@
     protected override void Init()
     {
         PageTitle = PageCaption = "How to configure ONLYOFFICE SP and OneLogin IdP";
-        MetaKeyWords = "Control Panel, SSO, Single sign-on, Shibboleth";
+        MetaKeyWords = "Control Panel, SSO, Single sign-on, OneLogin";
         MetaDescription = "Learn how to configure ONLYOFFICE SP and OneLogin IdP.";
     }
 </script>
@@ -44,7 +44,7 @@
         <ol>
             <li>Install ONLYOFFICE Enterprise Edition v9.1.0 for Docker or any later version with the SSO support.</li>
             <li>Add a domain name, e.g., myportal-address.com.</li>
-            <li>Create a certificate for the traffic encryption (to enable HTTPS on your portal). For example, you can use the <a target="_blank" href="https://letsencrypt.org/">letsencrypt</a> service. On your portal, go to the <b>Control Panel</b> -> <b>HTTPS</b> and apply the created certificate.</li>
+            <li>On your portal, go to the <b>Control Panel</b> -> <b>HTTPS</b>, create and apply the <a target="_blank" href="https://letsencrypt.org/">letsencrypt</a> certificate for the traffic encryption (to enable HTTPS on your portal).</li>
             <li>Go to the host computer, copy the private key and public certificate values that you used to enable HTTPS and save them using any text editor, e.g. Notepad (these values will be required later to configure SSO).</li>
         </ol>
         <div class="notehelp">It's not necessary to perform <b>Step 4</b> if you already have valid certificates or want to use self-signed certificates.</div>
@@ -52,7 +52,7 @@
         <ol>
             <li>Sign up for OneLogin, if you have not yet registered.</li>
             <li>Sign in to OneLogin as an administrator.</li>
-            <li>Go to the <b>APPS</b> -> <b>Company Apps</b> menu and click the <b>ADD APP</b> button (or use the <b>APPS</b> -> <b>Add Apps</b> menu options if you do not yet have any apps).</li>
+            <li>Go to the <b>APPS</b> -> <b>Add Apps</b> menu.</li>
             <li>In the <b>Find Application</b> search field, type in the following text: <em>SAML Test Connector (Idp</em>:
                 <div class="screen_block">
                     <img alt="How to configure ONLYOFFICE SP and OneLogin IdP" target="img1_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide94/onelogin_1.png")%>" />
@@ -91,7 +91,7 @@
                         </tr>
                         <tr>
                             <th>ACS (Consumer) URL Validator</th>
-                            <td>^https:\/\/docker4\.tk\/sso\/acs\/$</td>
+                            <td>^https:\/\/myportal-address\.com\/sso\/acs\/$</td>
                         </tr>
                         <tr>
                             <th>ACS (Consumer) URL</th>
@@ -193,25 +193,6 @@ xEe8PMKA+cfU+0SznX/ynMgrz4MqSRRtQChx
                 </div>
                 <p>Press the button with the upward arrow to load the IdP metadata. The <b>ONLYOFFICE SP Settings</b> form will be automatically filled in with your data from the OneLogin IdP.</p>
             </li>
-            <li>Since we selected the <b>SAML Test Connector (IdP) w/encrypt</b> template in OneLogin, now we need to edit the intended purpose of the certificate received by the <b>Issuer</b> link in the <b>IdP Public Certificates</b> section (if only one certificate has been uploaded and if it is used for verification only).
-                <div class="screen_block">
-                    <img alt="How to configure ONLYOFFICE SP and OneLogin IdP" target="img12_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide94/onelogin_12.png")%>" />
-                    <img alt="How to configure ONLYOFFICE SP and OneLogin IdP" id="img12_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide94/onelogin_12.png")%>" />
-                    <div target="img12_eventcom_guides" class="screenphoto magnifier"></div>
-                </div>
-                <p>Click the <b>Edit</b> link next to your certificate, drop-down the <b>Use for</b> list and change the selected value from <code>verification</code> to <code>verification and decrypt</code>.</p>
-                <div class="screen_block">
-                    <img alt="How to configure ONLYOFFICE SP and OneLogin IdP" target="img13_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide94/onelogin_13.png")%>" />
-                    <img alt="How to configure ONLYOFFICE SP and OneLogin IdP" id="img13_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide94/onelogin_13.png")%>" />
-                    <div target="img13_eventcom_guides" class="screenphoto magnifier"></div>
-                </div>
-                <p>After you edit the certificate purpose, you should get the following result:</p>
-                <div class="screen_block">
-                    <img alt="How to configure ONLYOFFICE SP and OneLogin IdP" target="img14_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide94/onelogin_14.png")%>" />
-                    <img alt="How to configure ONLYOFFICE SP and OneLogin IdP" id="img14_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide94/onelogin_14.png")%>" />
-                    <div target="img14_eventcom_guides" class="screenphoto magnifier"></div>
-                </div>
-            </li>
             <li>Now you need to add certificates to the <b>SP Certificates</b> section. You can add the certificates used earlier when enabling HTTPS or any other certificates.
                 <div class="notehelp nh_notice">the public certificate in OneLogin must be the same that you upload in the <b>SP Certificates</b> section and the private key must correspond to it.</div>
                 <p>You should get nearly the same result:</p>

Web/Controls/Help/Server/ControlPanel/ConfigureShibboleth/ConfigureShibboleth.ascx

@@ -58,12 +58,12 @@
             </li>
             <li>Enter metadata for the Identity Provider using one of the following three ways:
                 <ul>
-                    <li><b>By the link (LOAD DATA)</b> – if the Shibboleth IdP metadata is accessible from outside by the link (e.g. <span class="param-type">https://shibbolethoo.tk/idp/shibboleth</span>), insert the link to the <b>URL to IdP Metadata XML</b> field and press the button with the upwards arrow. Then all the required parameters will be displayed within the extended form.</li>
+                    <li><b>By the link (LOAD DATA)</b> – if the Shibboleth IdP metadata is accessible from outside by the link (e.g. <span class="param-type">https://{shibboleth-idp-domain}/idp/shibboleth</span>), insert the link to the <b>URL to IdP Metadata XML</b> field and press the button with the upwards arrow. Then all the required parameters will be displayed within the extended form.</li>
                     <li><b>File (SELECT FILE)</b> – by default, Shibboleth provides the IdP metadata file at the <code>SHIBBOLETH_HOME/metadata</code>. If the metadata file is available, upload it using the <b>SELECT FILE</b> button to browse for the <code>SHIBBOLETH_HOME/metadata/idp-metadata.xml</code> file stored on your local machine. Then all the required parameters will be displayed within the extended form.</li>
-                    <li><b>Parameters</b> – if the metadata file is not accessible, enter values manually and specify the required parameters: <b>IdP Entity ID</b>,  <b>IdP Single Sign-On Endpoint URL</b>, <b>IdP Single Logout Endpoint URL</b>, encryption and signing certificates etc. To obtain these values contact your Shibboleth administrator.</li>
+                    <li><b>Parameters</b> – if the metadata file is not accessible, enter values manually and specify the required parameters: <b>IdP Entity ID</b>,  <b>IdP Single Sign-On Endpoint URL</b>, <b>IdP Single Logout Endpoint URL</b>, <%--encryption and --%>signing certificates etc. To obtain these values contact your Shibboleth administrator.</li>
                 </ul>
             </li>
-            <li>If your Shibboleth IdP requires that input data is signed and/or encrypted, you need to create/add certificates for this purpose in the <b>SP Certificates</b> section. In the advanced settings, you can also set which requests must be signed, specify whether the data must be encrypted or not and select the corresponding algorithms.               
+            <li>If your Shibboleth IdP requires that input data is signed and/or encrypted, you need to create/add certificates for this purpose in the <b>SP Certificates</b> section. In the advanced settings, you can also set which requests must be signed, specify whether the data must be decrypted or not and select the corresponding signing and decryption algorithms.               
                 <div class="screen_block">
                     <img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img3_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_3.png")%>" />
                     <img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img3_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_3.png")%>" />
@@ -204,7 +204,7 @@
         <h2 id="CheckWork">Checking the work of the ONLYOFFICE SP with the Shibboleth IdP</h2>
         <h5>Logging in to ONLYOFFICE on the SP side</h5>
         <ol>
-            <li>Go to the ONLYOFFICE Authentication page (e.g., <span class="param-type">https://docker4.tk/auth.aspx</span>).</li>
+            <li>Go to the ONLYOFFICE Authentication page (e.g., <span class="param-type">https://myportal-address.com/auth.aspx</span>).</li>
             <li>Click the <b>Single sign-on</b> link below the <b>Sign In</b> button (if the link is missing, this means that SSO is not enabled).</li>
             <li>If all the SP and IdP parameters are set correctly, we will be redirected to the Shibboleth IdP login form:
                 <div class="screen_block">
@@ -213,8 +213,15 @@
                     <div target="img7_eventcom_guides" class="screenphoto magnifier"></div>
                 </div>
             </li>
-            <li>Enter the username and password of the Shibboleth IdP account.</li>
-            <li>If the credentials are correct, we will be redirected to the main page of the portal (the user will be created automatically if missing, or the data will be updated if changed in the IDP).</li>
+            <li>Enter the username and password of the Shibboleth IdP account and check the <b>Don't Remember Login</b> box.</li>
+            <li>If the credentials are correct, a new window opens. Allow the provision of information to the service by clicking the <b>Accept</b> button.
+                <div class="screen_block">
+                    <img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img11_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_7-1.png")%>" />
+                    <img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img11_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_7-1.png")%>" />
+                    <div target="img11_eventcom_guides" class="screenphoto magnifier"></div>
+                </div>
+            </li>
+            <li>If everything is correct, we will be redirected to the main page of the portal (the user will be created automatically if missing, or the data will be updated if changed in the IDP).</li>
         </ol>
         <h5>Profiles for users added with SSO authentication</h5>
         <p>The possibility to edit user profiles created using the SSO authentication is restricted. The user profile fields received from the IdP are disabled for editing (i.e. <code>First Name</code>, <code>Last Name</code>, <code>Email</code>, <code>Title</code> and <code>Location</code>). You can edit these fields from your IdP account only.</p>
@@ -236,5 +243,6 @@
             <img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img10_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_10.png")%>" />
             <div target="img10_eventcom_guides" class="screenphoto magnifier"></div>
         </div>
+        <p>To log out from the Shibboleth IdP (if you have not checked the <b>Don't Remember Login</b> box when logging in), go to the link that looks like this: <span class="param-type">https://{shibboleth-idp-domain}/idp/profile/Logout</span></p>
     </div>
 </div>

Web/Controls/Help/Server/ControlPanel/ControlPanel.ru.ascx

@@ -34,5 +34,8 @@
         <li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/ArticlesCompleteList/ControlPanel/90004_switch_to_https/90004_switch_to_https.ascx" /></li>
         <li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/ArticlesCompleteList/TipsTricks/120_ldap-settings/120_ldap-settings.ascx" /></li>
         <li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/ArticlesCompleteList/ControlPanel/90006_multitenancy/90006_multitenancy.ascx" /></li>
+        <li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/ArticlesCompleteList/ControlPanel/90014_sso_description/90014_sso_description.ascx" /></li>
+        <li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/ArticlesCompleteList/ControlPanel/90015_configure_shibboleth/90015_configure_shibboleth.ascx" /></li>
+        <li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/ArticlesCompleteList/ControlPanel/90016_configure_onelogin/90016_configure_onelogin.ascx" /></li>
     </ul>
 </div>

Web/Controls/Help/Server/ControlPanel/SSODescription/SSODescription.ascx

@@ -51,7 +51,7 @@
             <li><b>Easy administration</b>. All the necessary user information is transmitted through an authentication token. If the user information changes on the Identity Provider side, it will be automatically updated on the portal during the next SSO authentication. If a user profile does not exist on the portal, it will be created automatically when the user signs in to the portal using the SSO credentials for the first time.</li>
         </ul>
         <p>In ONLYOFFICE, SSO authentication is implemented on the base of the secure and commonly used SAML standard. <b>SAML</b> (Security Assertion Markup Language) is an XML standard that allows to transmit user authentication/authorization data between an Identity Provider and a Service Provider through security tokens which contain assertions.</p>
-        <p>This article describes the process of enabling SSO in general. If you search for specific settings/examples for certain services, please refer to our articles on how to configure ONLYOFFICE SP and <a href="<%=VirtualPathUtility.ToAbsolute("~/server/controlpanel/enterprise/configure-shibboleth.aspx")%>">Shibboleth</a> or <a href="<%=VirtualPathUtility.ToAbsolute("~/server/controlpanel/enterprise/configure-onelogin.aspx")%>">OneLogin</a> IdPs.</p>
+        <p>This article describes the process of enabling SSO in general. If you search for specific settings/examples for certain IdPs, please refer to our articles on how to configure ONLYOFFICE SP and <a href="<%=VirtualPathUtility.ToAbsolute("~/server/controlpanel/enterprise/configure-shibboleth.aspx")%>">Shibboleth</a> or <a href="<%=VirtualPathUtility.ToAbsolute("~/server/controlpanel/enterprise/configure-onelogin.aspx")%>">OneLogin</a> IdPs.</p>
         <h2 id="EnablingSSO">Enabling SSO</h2>
         <p>To enable and configure SSO authentication for your portal, you need to perform the following two main steps:</p>
         <ol>
@@ -64,8 +64,7 @@
         <ol>
             <li>On your ONLYOFFICE portal, go to the <b>Control Panel</b> and open the <b>SSO</b> page.</li>
             <li>Click the <b>Enable Single Sign-on Authentication</b> switcher.</li>
-            <li>In the <b>ONLYOFFICE SP Settings</b> section, click the Show link to display available parameters.</li>
-            <li>Fill in the required fields. The necessary information can be specified in several different ways:
+            <li>Fill in the required fields in the <b>ONLYOFFICE SP Settings</b> section. The necessary information can be specified in several different ways:
                 <ul>
                     <li><b>Enter the URL address to the metadata file</b>. If your IdP metadata is accessible from outside by the link, insert the link into the <b>URL to IdP Metadata XML</b> field and click the <b>Load data</b> button. When the data is loaded, all the required parameters will be automatically displayed in the extended form.</li>
                     <li><b>Upload the metadata file</b>. If your IdP provides a metadata file, use the <b>Select file</b> button to browse for the file stored on your local machine. When the file is uploaded, all the required parameters will be automatically displayed in the extended form.</li>
@@ -82,55 +81,44 @@
             <li><b>IdP Single Sign-On Endpoint URL</b>  (obligatory field) - the URL used for the single sign-on on the Identity Provider side. It is the endpoint address in your IdP to which SP sends authentication requests.
                 <p>Set the necessary <b>Binding</b> type selecting one of the corresponding radio buttons. Bindings specify the way in which authentication requests and responses are transmitted between the IdP and SP over the underlying transport protocol: using the HTTP <b>POST</b> or HTTP <b>Redirect</b> binding.</p>
             </li>
-            <li><b>IdP Single Logout Endpoint URL</b> - the URL used for the single logout on the Identity provider side. It is the endpoint address in your IdP to which SP sends logout requests/responses.
+            <li><b>IdP Single Logout Endpoint URL</b> - the URL used for the single logout on the Service provider side. It is the endpoint address in your IdP to which SP sends logout requests/responses.
                 <p>Set the necessary <b>Binding</b> type selecting one of the corresponding radio buttons. Bindings specify the way in which logout requests and responses are transmitted between the IdP and SP over the underlying transport protocol: using the HTTP <b>POST</b> or HTTP <b>Redirect</b> binding.</p>
             </li>
             <li><b>NameId Format</b> - the <b>NameID</b> parameter allows SP to identify a user. Select one of the available formats from the list.</li>
         </ul>
         <p>You can also add the IdP and SP certificates.</p>
         <h5>IdP Public Certificates</h5>
-        <p><b>IdP Public Certificates</b> - this section allows you to add the Identity Provider public certificates used for either verification or decryption (or both) of the requests and responses from the IdP. These certificates will be used by SP to validate the IdP responses/requests.</p>
-        <p>If you have loaded the IdP metadata, these certificates will be added to the <b>Control Panel</b> automatically. Otherwise, the certificates can be found in your IdP account. To add a certificate manually, click the <b>Add certificate</b> button. The <b>New Certificate</b> window opens. Enter the certificate in the <b>Public Certificate</b> field. In the <b>Use for</b> list, select one of the available options: <code>verification</code>, <code>decrypt</code>, <code>verification and decrypt</code>. When ready, click the <b>OK</b> button.</p>
-        <p>Specify additional parameters for certificates checking the corresponding boxes.</p>
-        <p>Set which signatures of requests/responses sent from IdP to SP should be verified:</p>
+        <p><b>IdP Public Certificates</b> - this section allows you to add the Identity Provider public certificates used by the SP to verify the requests and responses from the IdP.</p>
+        <p>If you have loaded the IdP metadata, these certificates will be added to the <b>Control Panel</b> automatically. Otherwise, the certificates can be found in your IdP account. To add a certificate manually, click the <b>Add certificate</b> button. The <b>New Certificate</b> window opens. Enter the certificate in the <b>Public Certificate</b> field and click the <b>OK</b> button.</p>
+        <p>Set additional parameters for certificates checking the corresponding boxes.</p>
+        <p>Specify which signatures of requests/responses sent from IdP to SP should be verified:</p>
         <ul>
-            <li><b>Verify Auth Responses Sign</b> - to verify signatures of the SAML authentication responses sent to SP.</li>
-            <li><b>Verify Logout Requests Sign</b> - to verify signatures of the SAML logout requests sent to SP.</li>
-            <li><b>Verify Logout Responses Sign</b> - to verify signatures of the SAML logout responses sent to SP.</li>
-        </ul>
-        <p>Specify if it is necessary to decrypt assertions:</p>
-        <ul>
-            <li><b>Decrypt Assertions</b> - check this box to decrypt encrypted assertions from the IdP SAML responses sent to SP.</li>
-        </ul>
-        <p>Select the necessary algorithms from the lists:</p>
-        <ul>
-            <li><b>Default Sign Verifying Algorithm</b>: <code>rsa-sha1</code>, <code>rsa-sha256</code> or <code>rsa-sha512</code>.</li>
-            <li><b>Default Decrypt Algorithm</b>: <code>aes128-cbc</code>, <code>aes256-cbc</code> or <code>tripledes-cbc</code>.</li>
+            <li><b>Verify Authentication Response Signature</b> - to verify signatures of the SAML authentication responses sent to SP.</li>
+            <li><b>Verify Logout Request Signature</b> - to verify signatures of the SAML logout requests sent to SP.</li>
+            <li><b>Verify Logout Response Signature</b> - to verify signatures of the SAML logout responses sent to SP.</li>
         </ul>
+        <p>Select the necessary algorithm from the <b>Default Signature Verification Algorithm</b> list: <code>rsa-sha1</code>, <code>rsa-sha256</code> or <code>rsa-sha512</code>.</p>
         <div class="notehelp">Default settings are used only in cases if the IdP metadata does not specify which algorithm should be used.</div>
         <p>You can edit or delete the added certificates using the corresponding link.</p>
         <h5>SP Certificates</h5>
         <p><b>SP Certificates</b> - this section allows you to add the Service Provider certificates used to sign and encrypt the requests and responses from the SP.</p>
         <p>If your IdP requires that input data is signed and/or encrypted, create or add corresponding certificates in this section.</p>
-        <p>Click the <b>Add certificate</b> button. The <b>New Certificate</b> window opens. You can generate a self-signed certificate or enter the certificate in the <b>Public Certificate</b> field and the corresponding private key in the <b>Private Key</b> field. In the <b>Use for</b> list, select one of the available options: <code>signing</code>, <code>encrypt</code>, <code>signing and encrypt</code>. When ready, click the <b>OK</b> button.</p>
-        <p>Specify additional parameters for certificates  checking the corresponding boxes. Set which requests/responses sent from SP to IdP should be signed:</p>
+        <p>Click the <b>Add certificate</b> button. The <b>New Certificate</b> window opens. You can generate a self-signed certificate or add an existing certificate in the <b>Public Certificate</b> field and the corresponding private key in the <b>Private Key</b> field. In the <b>Use for</b> list, select one of the available options: <code>signing</code>, <code>encrypt</code>, <code>signing and encrypt</code>. When ready, click the <b>OK</b> button.</p>
+        <p>Depending on the certificate purpose selected in the <b>Use for</b> list when uploading/generating the certificate, the certificate additional parameters are specified. The following parameters define which requests/responses sent from SP to IdP should be signed:</p>
         <ul>
-            <li><b>Sign Auth Requests</b> - to have SP sign the SAML authentication request sent to IdP.</li>
-            <li><b>Sign Logout Requests</b> - to have SP sign the SAML logout request sent to IdP.</li>
-            <li><b>Sign Logout Responses</b> - to have SP sign the SAML logout response sent to IdP.</li>
-        </ul>
-        <p>Specify if it is necessary to encrypt assertions:</p>
-        <ul>
-            <li><b>Encrypt Assertions</b> -  check this box if your IdP requires that SAML assertions or attributes in SAML responses are encrypted.</li>
+            <li><b>Sign Authentication Requests</b> - to have SP sign the SAML authentication requests sent to IdP.</li>
+            <li><b>Sign Logout Requests</b> - to have SP sign the SAML logout requests sent to IdP.</li>
+            <li><b>Sign Logout Responses</b> - to have SP sign the SAML logout responses sent to IdP.</li>
         </ul>
+        <p>If you have selected the <code>encrypt</code> or <code>signing and encrypt</code> option in the <b>Use for</b> list, the <b>Decrypt Assertions</b> parameter is also checked. The decryption is performed using the corresponding <b>Private Key</b>.</p>
         <p>Select the necessary algorithms from the lists:</p>
         <ul>
             <li><b>Signing Algorithm</b>: <code>rsa-sha1</code>, <code>rsa-sha256</code> or <code>rsa-sha512</code>.</li>
-            <li><b>Encrypt Algorithm</b>: <code>aes128-cbc</code>, <code>aes256-cbc</code> or <code>tripledes-cbc</code>.</li>
+            <li><b>Default Decryption Algorithm</b>: <code>aes128-cbc</code>, <code>aes256-cbc</code> or <code>tripledes-cbc</code>.</li>
         </ul>
         <p>You can edit or delete the added certificates using the corresponding link.</p>
         <h5>Attribute Mapping</h5>
-        <p><b>Attribute Mapping</b> - this section allows you to set the correspondence of the single sign-on attributes to the fields of the portal <b>People</b> module. When a user signs in to the SP using the SSO credentials, ONLYOFFICE SP receives the required attributes and populates the full name and email address fields in the user account with the values received from the IdP. If the user does not exist in the People module, it will be created. If the user information has been changed on the IdP side, it will be updated in SP as well.</p>
+        <p><b>Attribute Mapping</b> - this section allows you to set the correspondence of the fields in the ONLYOFFICE <b>People</b> module to the user attributes which will be returned from the IdP. When a user signs in to the ONLYOFFICE SP using the SSO credentials, ONLYOFFICE SP receives the required attributes and populates the full name and email address fields in the user account with the values received from the IdP. If the user does not exist in the People module, it will be created automatically. If the user information has been changed on the IdP side, it will be updated in SP as well.</p>
         <p>The available attributes are:</p>
         <ul>
             <li><b>First Name</b> (obligatory field) - an attribute in a user record that corresponds to the user's first name.</li>
@@ -147,17 +135,17 @@
         <p>Alternatively, you can manually copy separate parameters clicking the <b>Copy to clipboard</b> button in the corresponding fields.</p>
         <p>The following parameters are available:</p>
         <ul>
-            <li><b>SP Entity ID</b> (link to metadata XML) - the Service Provider XML URL address which can be downloaded and used by the Identity Provider to unequivocally identify the SP. By default, the file is located at the following address: <span class="param-type">http://example.com/sso/metadata</span> where example.com is your ONLYOFFICE portal domain name.</li>
-            <li><b>SP Assertion Consumer URL</b> (support POST and Redirect binding) - the Service Provider URL address where it receives and processes assertions from the Identity Provider. By default, the following address is used: <span class="param-type">http://example.com/sso/acs</span></li>
-            <li><b>SP Single Logout URL</b> (support POST and Redirect binding) - the URL used for the single logout on the Service Provider side. It is the endpoint address in your SP where it receives and processes logout requests/responses from the Identity Provider. By default, the following address is used: <span class="param-type">http://example.com/sso/slo/callback</span></li>
+            <li><b>SP Entity ID</b> (link to metadata XML) - the Service Provider XML URL address which can be downloaded and used by the Identity Provider to unequivocally identify the SP. By default, the file is located at the following address: <span class="param-type">http://example.com/sso/metadata</span> where example.com is your ONLYOFFICE portal domain name or public IP.</li>
+            <li><b>SP Assertion Consumer URL</b> (support POST and Redirect binding) - the Service Provider URL address where it receives and processes assertions from the Identity Provider. By default, the following address is used: <span class="param-type">http://example.com/sso/acs</span> where example.com is your ONLYOFFICE portal domain name or public IP.</li>
+            <li><b>SP Single Logout URL</b> (support POST and Redirect binding) - the URL used for the single logout on the Identity Provider side. It is the endpoint address in your SP where it receives and processes logout requests/responses from the Identity Provider. By default, the following address is used: <span class="param-type">http://example.com/sso/slo/callback</span> where example.com is your ONLYOFFICE portal domain name or public IP.</li>
         </ul>
         <div class="notehelp">These parameters and XML contents differ depending on you portal configuration, e.g. if you switch your portal to HTTPS or specify a domain name, the parameters will also be changed and you will need to reconfigure your IdP.</div>
         <h2 id="LogIn">Logging in to the ONLYOFFICE SP</h2>
         <p>After the SSO is enabled and configured, the logging in process is performed in the following way:</p>
         <ol>
-            <li>A user requests access to ONLYOFFICE by clicking the <b>Single Sign-on</b> link below the <b>Sign In</b> button at the  portal authorization page (SP-initiated SSO).</li>
+            <li>A user requests access to ONLYOFFICE by clicking the <b>Single Sign-on</b> link below the <b>Sign In</b> button at the ONLYOFFICE portal Authentication page (SP-initiated SSO).</li>
             <li>If all the IdP and SP settings are set correctly, ONLYOFFICE sends the authentication request to the IdP and redirects the user to the IdP page where he/she is asked for credentials.</li>
-            <li>If the user is not currently logged in to the IdP, he/she provides credentials in the IdP.</li>
+            <li>If the user is not already logged in to the IdP, he/she provides credentials in the IdP.</li>
             <li>IdP creates the authentication response that contains user data and sends it to ONLYOFFICE.</li>
             <li>ONLYOFFICE receives the authentication response from the Identity Provider and validates it.</li>
             <li>If the response is validated, ONLYOFFICE allows the user to log in (the user will be created automatically if missing, or the data will be updated if changed in the IdP).</li>
@@ -166,7 +154,7 @@
         <h2 id="LogOut">Logging out from the ONLYOFFICE SP</h2>
         <p>Logout can be made using 2 available ways:</p>
         <ol>
-            <li>From the portal using the <b>Sign Out</b> menu (in this case the request will be sent from IdP to logout). The user should also be automatically logged out from the IdP in case he/she is logged out from all other applications previously accessed via SSO authentication.</li>
+            <li>From the ONLYOFFICE portal using the <b>Sign Out</b> menu (in this case the request will be sent from IdP to logout). The user should also be automatically logged out from the IdP in case he/she is logged out from all other applications previously accessed via SSO authentication.</li>
             <li>From the IdP logout page.</li>
         </ol>
         <h2 id="EditUserProfile">Editing user profiles created using SSO</h2>