Misc (#763)

* bwdc tip for setting env variable

* hosting whitelist urls faq

* better screenshot for onelogin entity id

* clarify how to get entity id - okta

* aws entity id

* aws screenshot

* g workspace - entity id clarifications

* portable app FAQ item

_articles/directory-connector/directory-sync-shared.md

@@ -52,7 +52,7 @@ Cannot autolaunch D-Bus without X11 $DISPLAY
 ```
 ### Secret Storage in Headless Environments
 
-If a secure storage environment is not available, you can configure the Directory Connector CLI to use plaintext storage of secrets. To do so, set the following environment variable to override secure storage:
+If a secure storage environment is not available, you can configure the Directory Connector CLI to use plaintext storage of secrets. To do so, set the following environment variable to override secure storage, for example by running `sudo -H gedit /etc/environment`:
 ```
 BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS=true
 ```

_articles/faqs/hosting-faqs.md

@@ -25,6 +25,17 @@ You can read more about Docker and container technologies at [Docker's Website](
 
 **A:** High availability can be achieved by either configuring multiple instances of the containers into a Docker Swarm or Kubernetes environment, and/or by pointing the database connection string that the containers reference to any MSSQL database or cluster. Then you would probably want to load balance the NGINX containers or however you choose to handle the front-end.
 
+### Q: Do I need to whitelist any URLs?
+
+**A:** In order to allow the server to **push notifications to Bitwarden clients**, you'll need to allow the following URLs through your firewall:
+
+- `api.bitwarden.com`
+- `push.bitwarden.com`
+
+{% callout success %}
+You don't **have** to use push notifications if whitelisting these URLs won't work for your environment.
+{% endcallout %}
+
 ### Q: How do I backup and restore my self-hosted instance?
 
 **A:** Bitwarden takes automated nightly backups of the `bitwarden-mssql` database container in order to protect your stored credentials. For help with manual backups, or help restoring a backup, see [Backup your Hosted Data]({{site.baseurl}}/article/backup-on-premise/).

_articles/faqs/security-faqs.md

@@ -133,3 +133,7 @@ Note that when your browser updates to this version, you may be asked to accept
 ### Q: Can I restrict access to Bitwarden to certain devices?
 
 **A:** Using self-hosting, you can use custom firewall and NGINX configurations as well as VPN/VLAN access control to determine the device types and/or network layer access for your Bitwarden instance. You may also use other tools such as device-level certificates to control specific device access to the Bitwarden instance as well.
+
+### Q: Does Bitwarden have a portable application?
+
+**A:** Yes! The Bitwarden Desktop Application is available for Windows as a portable `.exe` that can be downloaded [here](https://bitwarden.com/download){:target="\_blank"}. The portable app is well suited to **always-offline** environments or scenarios where automatic updating of the app is not desired. The portable app **will not update itself**.

_articles/login-with-sso/saml-aws.md

@@ -44,7 +44,9 @@ Give the application a unique, Bitwarden-specific **Display name**.
 
 ### AWS SSO Metadata
 
-You'll need the information in this section for a later configuration step. Copy the **AWS SSO sign-in URL** and **AWS SSO issuer URL**, and download the **AWS SSO certificate**.
+You'll need the information in this section for a later configuration step. Copy the **AWS SSO sign-in URL** and **AWS SSO issuer URL**, and download the **AWS SSO certificate**:
+
+{% image sso/cheatsheets/saml-aws/aws-values.png AWS SSO Metadata %}
 
 ### Application Properties
 

_articles/login-with-sso/saml-google.md

@@ -29,13 +29,9 @@ You don't need to edit anything on this screen yet, but keep it open for easy re
 
 ## Create a SAML app
 
-In the Google Workspace Admin console, select **Apps** → **SAML apps** from the navigation:
+In the Google Workspace Admin console, select **Apps** → **Web and mobile apps** from the navigation. On the Web and mobile apps screen, select **Add App** → **Add custom SAML app**:
 
-{% image sso/cheatsheets/saml-google/g-addapp.png SAML Apps %}
-
-Select **Add App** → **Add custom SAML app**:
-
-{% image sso/cheatsheets/saml-google/g-addapp2.png Custom SAML App %}
+{% image sso/cheatsheets/saml-google/g-addapp.png Create a SAML App %}
 
 ### App details
 
@@ -43,7 +39,9 @@ On the App details screen, give the application a unique Bitwarden-specific name
 
 ### Google Identity Provider details
 
-On the Google Identity Provider details screen, copy your **SSO URL**, **Entity ID**, and **Certificate** for [use during a later step](#identity-provider-configuration).
+On the Google Identity Provider details screen, copy your **SSO URL**, **Entity ID**, and **Certificate** for [use during a later step](#identity-provider-configuration):
+
+{% image sso/cheatsheets/saml-google/g-details.png IdP Details %}
 
 Select **Continue** when you're finished.
 
@@ -110,7 +108,7 @@ Identity Provider Configuration will often require you to refer back to the Work
 
 |Field|Description|
 |-----|-----------|
-|Entity ID|Set this field to Workspace's **Entity ID**, retrieved from the [Google Identity Provider details section](#identity-provider-details) or using the **Download Metadata** button.|
+|Entity ID|Set this field to Workspace's **Entity ID**, retrieved from the [Google Identity Provider details section](#google-identity-provider-details) or using the **Download Metadata** button.|
 |Binding Type|Set to **HTTP POST** or **Redirect**.|
 |Single Sign On Service URL|Set this field to Workspace's **SSO URL**, retrieved from the [Google Identity Provider details section](#identity-provider-details) or using the **Download Metadata** button.|
 |Single Log Out URL|Login with SSO currently **does not** support SLO. This option is planned for future development, however you may pre-configure it if you wish.|

_articles/login-with-sso/saml-okta.md

@@ -86,7 +86,9 @@ Once your application is created, select the **Sign On** tab for the app and sel
 
 {% image sso/cheatsheets/saml-okta/okta-ssosettings.png Get IdP Values %}
 
-Either leave this page up [for future use](#identity-provider-configuration), or copy the **Identity Provider Single Sign-On URL** and **Identity Provider Issuer** and download the **X.509 Certificate**.
+Either leave this page up [for future use](#identity-provider-configuration), or copy the **Identity Provider Single Sign-On URL** and **Identity Provider Issuer** and download the **X.509 Certificate**:
+
+{% image sso/cheatsheets/saml-okta/okta-values.png IdP Values %}
 
 ### Assignments
 
@@ -126,7 +128,7 @@ Identity Provider Configuration will often require you to refer back to the Okta
 
 |Field|Description|
 |-----|-----------|
-|Entity ID|Enter your **Identity Provider Issuer**, retrieved from the Okta [Sign On Settings](#get-idp-values) screen.|
+|Entity ID|Enter your **Identity Provider Issuer**, retrieved from the Okta [Sign On Settings](#get-idp-values) screen by selecting the **View Setup Instructions** button.|
 |Binding Type|Set to **Redirect**. Okta currently does not support HTTP POST.|
 |Single Sign On Service URL|Enter your **Identity Provider Single Sign-On URL**, retrieved from the Okta [Sign On Settings](#get-idp-values) screen.|
 |Single Log Out Service URL|Login with SSO currently **does not** support SLO. This option is planned for future development, however you may pre-configure it if you wish.|