Fix broken links (#56400)

Author: sabrowning1

content/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md

@@ -19,7 +19,7 @@ shortTitle: Configure firewall rules
 ---
 ## About {% data variables.location.product_location %}'s firewall
 
-{% data variables.product.prodname_ghe_server %} uses Ubuntu's Uncomplicated Firewall (UFW) on the virtual appliance. For more information see [UFW](https://help.ubuntu.com/community/UFW) in the Ubuntu documentation. {% data variables.product.prodname_ghe_server %} automatically updates the firewall allowlist of allowed services with each release.
+{% data variables.product.prodname_ghe_server %} uses Ubuntu's Uncomplicated Firewall (UFW) on the virtual appliance. For more information see [Firewall](https://documentation.ubuntu.com/server/how-to/security/firewalls/#ufw-uncomplicated-firewall) in the Ubuntu documentation. {% data variables.product.prodname_ghe_server %} automatically updates the firewall allowlist of allowed services with each release.
 
 After you install {% data variables.product.prodname_ghe_server %}, all required network ports are automatically opened to accept connections. Every non-required port is automatically configured as `deny`, and the default outgoing policy is configured as `allow`. Stateful tracking is enabled for any new connections; these are typically network packets with the `SYN` bit set. For more information, see [AUTOTITLE](/admin/configuration/configuring-network-settings/network-ports).
 

content/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md

@@ -44,13 +44,13 @@ You can use a Linux container management tool to build a pre-receive hook enviro
    ```shell
    $ docker build -f Dockerfile.debian -t pre-receive.debian .
    > [+] Building 0.6s (6/6) FINISHED                                                                   docker:desktop-linux
-   > => [internal] load build definition from Dockerfile.debian                                                              
-   > => [1/2] FROM docker.io/library/debian:latest@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6  
-   > => [2/2] RUN apt-get update && apt-get install -y git bash curl                                            
-   > => exporting to image                                                                                             
-   > => => exporting layers                                                                                            
-   > => => writing image sha256:b57af4e24082f3a30a34c0fe652a336444a3608f76833f5c5fdaf4d81d20c3cc                       
-   > => => naming to docker.io/library/pre-receive.debian 
+   > => [internal] load build definition from Dockerfile.debian
+   > => [1/2] FROM docker.io/library/debian:latest@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6
+   > => [2/2] RUN apt-get update && apt-get install -y git bash curl
+   > => exporting to image
+   > => => exporting layers
+   > => => writing image sha256:b57af4e24082f3a30a34c0fe652a336444a3608f76833f5c5fdaf4d81d20c3cc
+   > => => naming to docker.io/library/pre-receive.debian
    ```
 
 1. Create a container:
@@ -82,7 +82,7 @@ You can use a Linux container management tool to build a pre-receive hook enviro
    > * `/bin/sh` must exist and be executable, as the entry point into the chroot environment.
    > * Unlike traditional chroots, the `dev` directory is not required by the chroot environment for pre-receive hooks.
 
-For more information about creating a chroot environment see [Chroot](https://wiki.debian.org/chroot) from the _Debian Wiki_ or [BasicChroot](https://help.ubuntu.com/community/BasicChroot) from the _Ubuntu Community Help Wiki_.
+For more information about creating a chroot environment, see [Chroot](https://wiki.debian.org/chroot) from the Debian Wiki.
 
 ## Uploading a pre-receive hook environment on {% data variables.product.prodname_ghe_server %}
 

content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate.md

@@ -54,7 +54,7 @@ In addition:
 * You may need to configure the firewall in PingFederate to allow outbound connections to {% ifversion ghes %}the `https://HOSTNAME/api/v3/scim/v2` endpoint on your {% data variables.product.prodname_ghe_server %} instance.{% else %}the SCIM endpoints on {% data variables.product.github %}:
   * For **{% data variables.product.prodname_dotcom_the_website %}**: `https://api.github.com/scim/v2/enterprises/ENTERPRISE`
   * For **{% data variables.enterprise.data_residency_site %}**: `https://api.SUBDOMAIN.ghe.com/scim/v2/enterprises/SUBDOMAIN`{% endif %}
-* PingFederate's "provisioner mode" must be set to a value that allows SCIM provisioning. See the "Before you begin" section in PingIdentity's [Configuring outbound provisioning settings](https://docs.pingidentity.com/pingfederate/11.2/administrators_reference_guide/help_protocolsettingstasklet_saasglobalprovisioningsettingsstate.html) guide.
+* PingFederate's "provisioner mode" must be set to a value that allows SCIM provisioning. See the "Before you begin" section in PingIdentity's [Configuring outbound provisioning settings](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_protocolsettingstasklet_saasglobalprovisioningsettingsstate.html) guide.
 * During this procedure, you will need to upload an X509 certificate to PingFederate. You may want to create and store the certificate before proceeding. You will also need the challenge password for the certificate. See the [Example of creating an X509 certificate](#example-of-creating-an-x509-certificate) section later in this article.
 {%- ifversion ghec %}
 * During this procedure, you will need to upload a SAML metadata file to PingFederate. If you're setting up an enterprise that uses **{% data variables.enterprise.data_residency_short %} on {% data variables.enterprise.data_residency_site %}**, it is easiest to create this file before you start. See [Creating a SAML metadata file for {% data variables.enterprise.data_residency_site %}](#creating-a-saml-metadata-file-for-ghecom).

content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-your-enterprise-to-a-new-identity-provider-or-tenant.md

@@ -72,7 +72,7 @@ If you don't already have single sign-on recovery codes for your enterprise, dow
 1. On your current IdP, deactivate provisioning in the application for {% data variables.product.prodname_emus %}.
     * If you use Entra ID, navigate to the "Provisioning" tab of the application, and then click **Stop provisioning**.
     * If you use Okta, navigate to the "Provisioning" tab of the application, click the **Integration** tab, and then click **Edit**. Deselect **Enable API integration**.
-    * If you use PingFederate, navigate to the channel settings in the application. From the **Activation & Summary** tab, click **Active** or **Inactive** to toggle the provisioning status, and then click **Save**. For more information about managing provisioning, see [Reviewing channel settings](https://docs.pingidentity.com/pingfederate/11.2/administrators_reference_guide/help_saaschanneltasklet_saasactivationstate.html) and [Managing channels](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_saasmanagementtasklet_saasmanagementstate.html) in the PingFederate documentation.
+    * If you use PingFederate, navigate to the channel settings in the application. From the **Activation & Summary** tab, click **Active** or **Inactive** to toggle the provisioning status, and then click **Save**. For more information about managing provisioning, see [Reviewing channel settings](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_saaschanneltasklet_saasactivationstate.html) and [Managing channels](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_saasmanagementtasklet_saasmanagementstate.html) in the PingFederate documentation.
     * If you use another identity management system, consult the system's documentation, support team, or other resources.
 
 ### 4. Disable authentication for your enterprise

src/links/lib/excluded-links.yml

@@ -100,3 +100,4 @@
 - startsWith: https://github.com/githubcustomers/enterprise-preview-program
 - is: https://aka.ms/copiloteclipse
 - is: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1375604
+- is: https://developers.redhat.com/articles/2025/02/17/how-securely-deploy-github-arc-openshift#arc_architecture