Update from SAP DITA CMS (squashed):

commit 433ad4148c5ecd2532b9f75d181ec78e9caf4136
Author: REDACTED
Date:   Tue Oct 25 09:22:55 2022 +0200

    Update from SAP DITA CMS ( 2022-10-25_09:22:55 )

    Project: loioc2f780f61c744155b0bd42b6f38fb70c (fxt1664348503768.project)

    * Project map: loioc2f780f61c744155b0bd42b6f38fb70c (itb1664324117753.ditamap)

    * Output: loio2080d0faf9d84ce6aa14caa4caa32935

    * Buildable map: loio0fcfe38e11674227bb0a8d014337319b (eke1664324117413.ditamap)

    * Language: en-US

commit 7d2a95ed0b351cebc91dea4ce9366dda0c6c8043
Author: REDACTED
Date:   Mon Oct 24 22:33:12 2022 +0200

    Update from SAP DITA CMS ( 2022-10-24_22:33:12 )

    Project: loioc2f780f61c744155b0bd42b6f38fb70c (fxt1664348503768.project)

    * Project map: loioc2f780f61c744155b0bd42b6f38fb70c (itb1664324117753.ditamap)

    * Output: loio2080d0faf9d84ce6aa14caa4caa32935

    * Buildable map: loio0fcfe38e11674227bb0a8d014337319b (eke1664324117413.ditamap)

    * Language: en-US

##################################################
[Remaining squash message was removed before commit...]

Author: ditaccms-bot

docs/10-concepts/abap-environment-11d6265.md

@@ -15,6 +15,8 @@ For information about regional availability, see [Regions and API Endpoints for
 
 [Development in the ABAP Environment](../30-development/development-in-the-abap-environment-31367ef.md "Learn more about developing applications in the ABAP environment.")
 
+[Administration and Operations in the ABAP Environment](../50-administration-and-ops/administration-and-operations-in-the-abap-environment-c4fd102.md "Learn about the different account administration and operational tasks that you can perform in the ABAP environment.")
+
 [Using Free Service Plans](https://help.sap.com/docs/BTP/65de2977205c403bbc107264b8eccf4b/524e1081d8dc4b0f9d055a6bec383ec3.html)
 
 [Discovery Center](https://discovery-center.cloud.sap/serviceCatalog/abap-environment)

docs/10-concepts/bringing-your-corporate-identity-provider-for-platform-users-feature-set-a-783ff50.md

@@ -2,7 +2,7 @@
 
 # Bringing Your Corporate Identity Provider for Platform Users \[Feature Set A\]
 
-SAP BTP supports the use of your own identity provider for platform users. The use of your own identity provider requires integration between the user bases of Cloud Foundry and Neo environments.
+SAP BTP supports the use of your own identity provider for platform users.
 
 > ### Note:  
 > The content in this section is only relevant for cloud management tools feature set A. For more information, see [Cloud Management Tools - Feature Set Overview](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/caf4e4e23aef4666ad8f125af393dfb2.html).

docs/10-concepts/bringing-your-corporate-identity-provider-for-platform-users-feature-set-b-8980b91.md

@@ -0,0 +1,55 @@
+<!-- loio8980b91c14f9474a9d7c7d831bbad8e9 -->
+
+# Bringing Your Corporate Identity Provider for Platform Users Feature Set B
+
+SAP BTP supports the use of your own identity provider for platform users.
+
+> ### Note:  
+> The content in this section is only relevant for cloud management tools feature set B. For more information, see [Cloud Management Tools - Feature Set Overview](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/caf4e4e23aef4666ad8f125af393dfb2.html).
+
+Platform users perform technical development, deployment, and administration tasks. They perform subaccount administration in the SAP BTP cockpit or access the BTP CLI. By hosting these users in your own identity provider, you gain a number of advantages over hosting them in SAP ID service.
+
+-   Integrate the management of these users with your broader identity management strategy, hosted on your own identity providers. You control your own user lifecycle and single sign-on strategies throughout the entire landscape.
+
+-   Enforce your own password and authentication policies, such as stronger passwords or multifactor authentication.
+
+
+The following figure illustrates the architecture required for platform users. This configuration is independent of the default configuration with SAP ID service. You can continue to use SAP ID service in parallel for platform users.
+
+   
+  
+<a name="loio8980b91c14f9474a9d7c7d831bbad8e9__fig_ycv_3jz_4mb"/>Architecture Required for Custom User Base of Platform Users
+
+ 
+
+ ![](images/SAP_BTP_Account_Mapping_e29be15.png) 
+
+In the preceding figure, you enable trust between the SAP BTP global account and your corporate identity provider over your tenant of SAP Cloud Identity Services - Identity Authentication. For each global baccount, you choose the Identity Authentication tenant to use as the platform identity provider. You can only have one identity authentication tenant per global account. Global accounts can share the same identity authentication tenant. When you log on to a platform resource, such as the cockpit, you indicate the identity authentication tenant you want to log on with. For example, to log on to the cockpit, use a URL parameter to identify the tenant:
+
+`https://cockpit.<region>.hana.ondemand.com/cockpit/?idp=<sample>.accounts.ondemand.com`.
+
+ SAP BTP uses the connection between subaccount and Identity Authentication application to identify your corporate identity provider to perform the authentication.Once you’ve logged on, the cockpit displays any global accounts and subaccounts your platform user is a member of.
+
+> ### Note:  
+> A user identifier alone isn’t enough information for the system to detect account membership. Typically, a user is identified by email and origin \(your alias for the identity provider\). This applies to global accounts, directories, multi-environment subaccounts, Cloud Foundry orgs and spaces. For Neo subaccounts a user is uniquely identified by the user base \(identity provider\) and a configurable user identifier. For multi-environment subaccounts, the identifier is the origin \(your Cloud Foundry-specific alias for the identity provider\) and e-mail address. For example, you can have a platform user in the default identity provider, SAP ID service, and another user in your corporate identity provider with the same e-mail address. This principle also applies to Neo user IDs. You can log on to the cockpit with both, but the cockpit displays different user information. This difference is because you’ve logged on with different identity providers.
+> 
+> You also see this difference when assigning roles. You must provide the origin or user base in addition to the e-mail address or user ID of the user. All your users must remember the origin when they use the Cloud Foundry command-line interface or service dashboards.. You can choose your own origin for multi-environment accounts, but the origin must be unique across all SAP customers. We recommend using the subdomain of your Identity Authentication tenant or your organization's name. All your users must be able to remember or type the origin when they use the Cloud Foundry command-line interface or service dashboards. A string of random characters isn't useful.
+> 
+> In Identity Authentication, there is one application that represents SAP BTP overall. So, if you have multiple global accounts with the same Identity Authentication tenant, they all share the same application in your Identity Authentication tenant. Please note one exception: Neo subaccounts are represented by separate applications either for individual subaccounts or data centers. Keep the configuration of all these applications the same as far as possible.
+
+To use a corporate identity provider for platform users of a multi-environment subaccount, you need a Neo subaccount set up for the same corporate identity provider. This requirement exists, because logon to the cockpit is dependent on a Neo subaccount. You’re extending the existing configuration of your identity authentication tenant to add the trust of your corporate identity provider to your multi-environment subaccounts.
+
+For Neo subaccounts, there’s a 1:1 relationship between its applications in your Identity Authentication tenant. Multi-environment subaccounts are handled differently. During configuration, you submit a support ticket in which you state all the regions you want to apply this corporate identity provider configuration. This trust then applies to **all** your multi-environment subaccounts in those regions. So, all your multi-environment subaccounts share the same application in your Identity Authentication tenant.
+
+Configuring platform users for multi-environment subaccounts has no impact on your existing Neo configuration. You need the Neo configuration to log on to resources like the cockpit.
+
+> ### Recommendation:  
+> While support of multiple corporate identity providers is possible, we recommend using your Identity Authentication tenant as a proxy and use conditional authentication to separate them.
+
+**Related Information**  
+
+
+[Establish Trust and Federation of Custom Identity Providers for Platform Users in Multi-Environment Subaccounts \[Feature Set A\]](../50-administration-and-ops/establish-trust-and-federation-of-custom-identity-providers-for-platform-users-in-multi-8600afb.md "By default, platform users in multi-environment subaccounts are users in SAP ID service. The use of your own identity provider requires integration between the user bases of multi-environment and Neo subaccounts.")
+
+[Log On with a Custom Identity Provider to the Cloud Foundry Environment Using the Cloud Foundry Command-Line Interface](../50-administration-and-ops/log-on-with-a-custom-identity-provider-to-the-cloud-foundry-environment-using-the-cloud-d477618.md "Learn how to use different methods to log on to Cloud Foundry using a custom identity provider (IdP).")
+

docs/10-concepts/images/SAP_BTP_Account_Mapping_e29be15.png

@@ -184,7 +184,7 @@ More Information
 *Space Developer*
 
 > ### Note:  
-> If the user doesn't already have the *Subaccount Administrator* role collection, the user receives the *Connectivity Administrator* and *Destination Administrator* role collections.
+> If the user doesn't already have the *Subaccount Administrator* role collection, the user receives the *Connectivity and Destination Administrator* role collection.
 
 
 

docs/10-concepts/impact-of-upgrading-from-feature-set-a-to-feature-set-b-on-user-and-account-management-1ac8143.md

@@ -113,7 +113,7 @@ Kyma environment
 </td>
 <td valign="top">
 
- [Serverless Functions: Node.js and Python](../30-development/creating-functions-fe4ba5b.md) 
+ [Serverless Functions: Node.js and Python](../30-development/deploy-workloads-in-the-kyma-environment-to-extend-sap-systems-fe4ba5b.md) 
 
 
 

docs/10-concepts/programming-languages-730d82d.md

@@ -1120,6 +1120,14 @@ eu-central-1
 
 api.cf.eu10.hana.ondemand.com
 
+**cf-eu10-002**
+
+api.cf.eu10-002.hana.ondemand.com
+
+**cf-eu10-003**
+
+api.cf.eu10-003.hana.ondemand.com
+
 **cf-eu10-004**
 
 api.cf.eu10-004.hana.ondemand.com
@@ -1129,8 +1137,22 @@ api.cf.eu10-004.hana.ondemand.com
 </td>
 <td valign="top">
 
+**eu10**
+
 eu10.hana.ondemand.com
 
+**cf-eu10-002**
+
+eu10-002.hana.ondemand.com
+
+**cf-eu10-003**
+
+eu10-003.hana.ondemand.com
+
+**cf-eu10-004**
+
+eu10-004.hana.ondemand.com
+
 
 
 </td>
@@ -1282,15 +1304,35 @@ us-east-1
 </td>
 <td valign="top">
 
+**cf-us10**
+
 api.cf.us10.hana.ondemand.com
 
+**cf-us10-001**
+
+api.cf.us10-001.hana.ondemand.com
+
+**cf-us10-002**
+
+api.cf.us10-002.hana.ondemand.com
+
 
 
 </td>
 <td valign="top">
 
+**cf-us10**
+
 us10.hana.ondemand.com
 
+**cf-us10-001**
+
+us10-001.hana.ondemand.com
+
+**cf-us10-002**
+
+us10-002.hana.ondemand.com
+
 
 
 </td>
@@ -1342,7 +1384,7 @@ us-central-1
 </td>
 <td valign="top">
 
-35.202.96.192, 35.193.171.152, 35.193.168.31, 35.202.69.204, 35.202.175.147, 35.193.69.164, 35.202.1.6, 23.236.63.113, 35.193.30.116, 35.202.66.196, 34.68.152.205, 35.222.158.222, 104.197.20.168, 35.232.105.70, 35.224.211.196, 35.222.192.158, 35.193.8.172
+35.202.96.192, 35.193.171.152, 35.193.168.31, 35.202.69.204, 35.202.175.147, 35.193.69.164, 35.202.1.6, 23.236.63.113, 35.193.30.116, 35.202.66.196, 34.68.152.205, 35.222.158.222, 104.197.20.168, 35.232.105.70, 35.224.211.196, 35.222.192.158, 35.193.8.172, 34.171.4.220, 34.172.37.175, 34.170.206.220, 34.172.145.231, 35.222.38.254, 35.239.28.216, 34.134.91.47, 34.123.17.36, 35.202.205.85, 34.118.207.84, 35.193.6.192, 34.122.222.203, 104.197.157.121, 34.135.159.154, 35.223.208.27, 146.148.74.171, 34.132.192.46, 34.68.109.37, 104.198.49.58, 35.225.164.132
 
 
 
@@ -1416,7 +1458,7 @@ europe-west3
 </td>
 <td valign="top">
 
-34.107.28.38, 34.141.10.217, 34.141.116.52, 34.141.1.228, 34.141.123.52, 34.141.125.107, 34.141.46.51, 34.89.130.182, 34.89.146.167, 34.89.203.91, 34.89.232.158, 34.89.243.40, 35.198.83.71, 35.234.65.38, 35.242.208.222, 35.246.155.42, 35.246.171.35
+34.107.28.38, 34.141.10.217, 34.141.116.52, 34.141.1.228, 34.141.123.52, 34.141.125.107, 34.141.46.51, 34.89.130.182, 34.89.146.167, 34.89.203.91, 34.89.232.158, 34.89.243.40, 35.198.83.71, 35.234.65.38, 35.242.208.222, 35.246.155.42, 35.246.171.35, 34.141.28.26, 34.159.160.86, 34.107.19.175, 34.159.165.29, 35.242.240.154, 34.141.73.130, 34.159.27.236, 34.89.152.211, 35.242.194.75, 35.246.235.253, 34.159.127.190, 34.141.82.126, 35.234.69.102, 34.89.231.53, 34.159.188.133, 35.246.203.194, 34.159.201.78, 34.141.112.232, 35.198.84.213, 34.89.165.33
 
 
 
@@ -1488,7 +1530,7 @@ asia-south1
 </td>
 <td valign="top">
 
-34.93.27.36, 34.93.89.145, 34.93.92.210, 34.93.137.163, 34.93.148.247, 34.93.155.252, 34.93.166.164, 34.93.180.0, 34.93.221.129, 35.200.131.125, 35.200.144.1, 35.200.175.62, 35.200.183.224, 35.200.194.175, 35.200.198.26, 35.200.209.142, 35.244.29.120
+34.93.27.36, 34.93.89.145, 34.93.92.210, 34.93.137.163, 34.93.148.247, 34.93.155.252, 34.93.166.164, 34.93.180.0, 34.93.221.129, 35.200.131.125, 35.200.144.1, 35.200.175.62, 35.200.183.224, 35.200.194.175, 35.200.198.26, 35.200.209.142, 35.244.29.120, 35.200.137.225, 34.100.186.241, 35.200.169.254, 35.200.151.131, 35.200.252.103, 35.244.15.103, 35.244.16.76, 34.93.255.115, 35.244.53.153, 35.200.168.60, 35.200.222.30, 34.100.178.164, 35.244.2.193, 34.93.11.49, 34.100.211.195, 34.100.151.15, 34.93.95.83, 34.100.215.143, 34.93.205.174, 34.93.159.24
 
 
 

docs/10-concepts/regions-and-api-endpoints-available-for-the-cloud-foundry-environment-f344a57.md

@@ -34,5 +34,5 @@ The trial account gives you the option to explore and use the basic functionalit
 
 [Trial Accounts and Free Tier](../10-concepts/trial-accounts-and-free-tier-046f127.md "Explore the different options for trying out SAP BTP.")
 
-[Assign Roles in the Kyma Environment](../50-administration-and-ops/assign-roles-in-the-kyma-environment-148ae38.md "Kyma uses roles to manage access within the cluster. Every Kyma cluster comes with predefined roles, for example, for admins and developers, which give the assigned users the permissions suitable for their purposes.")
+[Assign Roles in the Kyma Environment](../50-administration-and-ops/assign-roles-in-the-kyma-environment-148ae38.md "Kyma uses roles to manage access within the cluster, which give the assigned users the permissions suitable for their purposes.")
 

docs/20-getting-started/about-the-trial-account-c4fff0f.md

@@ -68,7 +68,7 @@ When you want to purchase a customer account, you can select from a set of prede
 
 ## Free Tier
 
-If you want to try out services for free, with the option of easily upgrading them later, you can get an enterprise account and use free tier service plans only. See [Get an Account on SAP BTP to Try Out Free Tier Service Plans](https://developers.sap.com/tutorials/btp-free-tier-account.html). When you sign up for a global account to try out free tier service plans, you need to select either an existing global account of your company, or create a new global account. If you choose an existing global account, make sure to contact the global account admin of this global account, as they'll receive the access communication emails. In this case, we recommend to have them add you as Global Account Administrator. See [Assign Users to Role Collections](../50-administration-and-ops/assign-users-to-role-collections-c576676.md) and [SAP BTP Onboarding Resource Center](https://support.sap.com/en/product/onboarding-resource-center/business-technology-platform.html).
+If you want to try out services for free, with the option of easily upgrading them later, you can get an enterprise account and use free tier service plans only. See [Get an Account on SAP BTP to Try Out Free Tier Service Plans](https://developers.sap.com/tutorials/btp-free-tier-account.html). When you sign up for a global account to try out free tier service plans, you need to select either an existing global account of your company, or create a new global account. If you choose an existing global account, make sure to contact the global account admin of this global account, as they'll receive the communication emails. In this case, we recommend to have them add you as Global Account Administrator. See [Assign Users to Role Collections](../50-administration-and-ops/assign-users-to-role-collections-c576676.md) and [SAP BTP Onboarding Resource Center](https://support.sap.com/en/product/onboarding-resource-center/business-technology-platform.html).
 
 You can upgrade and refine your resources later on. You can also contact your SAP sales representative and opt for a configuration, tailored to your needs.
 
@@ -78,11 +78,12 @@ You can upgrade and refine your resources later on. You can also contact your SA
 
 ## Onboarding
 
-After you have purchased your customer account, you will receive emails confirming the provisioning of resources from the platform services team as well as the URL and login ID to confirm access. If you chose an add-on to an existing global account, the initial access email will not be sent to you, but to the initial Global Account Administrator. In this case, only this SAP user will have the initial entitlement on SAP BTP. You can change this contact via the [SAP Support Portal](https://support.sap.com/en/index.html), by creating a ticket at component `BC-NEO-CIS-OPS`.
+After you have purchased a new customer account, you will receive an email confirming the provisioning of resources from the platform services team and a second email with the URL and login ID to obtain access. Note, only the person who receives the access email has initial access to SAP BTP.
 
-In a second e-mail, usually shortly before the contract start date, you will receive logon information for your new global account. The S-user of the global account administrator is attached to your licensed global account and your entitlements from your consumption or subscription license. So it is essential, that you initially log on with correct global account administrator.
+If you chose an add-on to an existing global account, the initial access email will not be sent to you. You will need to contact the Global Account Administrator from the initial BTP order. If you’re unsure who this person is, please contact your SAP Sales representative. If you need to add a new global admin because the person with initial access is no longer available to grant you access, then you can contact the SAP Support Portal, by creating a ticket at component BC-NEO-CIS-OPS.
 
-You may check your assigned SAP S-users \(you might have more than one\) independent from SAP BTP with [SAP ID Service](https://accounts.sap.com/). To change this S-user,
+> ### Tip:  
+> Check out the [Live Onboarding Webinars](https://support.sap.com/en/product/onboarding-resource-center/business-technology-platform.html).
 
 
 

docs/20-getting-started/getting-a-global-account-d61c281.md

@@ -254,7 +254,7 @@ After your trial Kyma environment has expired, you must disable it to remove all
 2.  In the *Kyma Environment* section of your subaccount overview, click *Disable Kyma*.
 
     > ### Note:  
-    > On deletion of the expired cluster, we attempt to delete the Service Instances that you created with the cluster. If we cannot do that, you have to [remove the Service Instances yourself](https://help.sap.com/viewer/09cc82baadc542a688176dce601398de/Cloud/en-US/99016f83ce8e4d049316b61b5cadf1fc.html "A list of all tasks and respective commands that are available in the SMCTL for SAP BTP.") :arrow_upper_right: before you disable such a *Kyma Environment*.
+    > On deletion of the expired cluster, we attempt to delete the Service Instances that you created with the cluster. If we cannot do that, you have to [remove the Service Instances yourself](https://help.sap.com/docs/SERVICEMANAGEMENT/09cc82baadc542a688176dce601398de/99016f83ce8e4d049316b61b5cadf1fc.html) before you disable such a *Kyma Environment*.
 
 
  <a name="loio2e07cf4be857422aa5ba911fc160b284"/>