fix merge

Author: Kat-Campise

.openpublishing.redirection.json

@@ -404,7 +404,7 @@
     href: error-codes.md
   - name: Extensions app
     href: extensions-app.md
-  - name: Identity Experience Framework release notes
+  - name: IEF release notes
     href: custom-policy-developer-notes.md
   - name: Microsoft Graph API operations
     href: microsoft-graph-operations.md

articles/active-directory-b2c/TOC.yml

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/16/2020
+ms.date: 04/01/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -132,7 +132,7 @@ The following claims transformation demonstrates how to check the value of a boo
     <InputParameter Id="valueToCompareTo" DataType="boolean" Value="true" />
   </InputParameters>
   <OutputClaims>
-      <OutputClaim  ClaimTypeReferenceId="accountEnabled" TransformationClaimType="compareResult"/>
+    <OutputClaim  ClaimTypeReferenceId="accountEnabled" TransformationClaimType="compareResult"/>
   </OutputClaims>
 </ClaimsTransformation>
 ```
@@ -163,6 +163,7 @@ Use this claim transformation to perform logical negation on a claim.
 <ClaimsTransformation Id="CheckWhetherEmailBePresented" TransformationMethod="NotClaims">
   <InputClaims>
     <InputClaim ClaimTypeReferenceId="userExists" TransformationClaimType="inputClaim" />
+  </InputClaims>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="userExists" TransformationClaimType="outputClaim" />
   </OutputClaims>
@@ -198,7 +199,6 @@ The following claims transformation demonstrates how to `Or` two boolean ClaimTy
     <OutputClaim ClaimTypeReferenceId="presentTOSSelfAsserted" TransformationClaimType="outputClaim" />
   </OutputClaims>
 </ClaimsTransformation>
-</ClaimsTransformation>
 ```
 
 ### Example

articles/active-directory-b2c/boolean-transformations.md

@@ -159,6 +159,7 @@ For examples of claims transformations, see the following reference pages:
 - [Date](date-transformations.md)
 - [Integer](integer-transformations.md)
 - [JSON](json-transformations.md)
+- [Phone number](phone-number-claims-transformations.md)
 - [General](general-transformations.md)
 - [Social account](social-transformations.md)
 - [String](string-transformations.md)

articles/active-directory-b2c/claimstransformations.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/12/2020
+ms.date: 03/30/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -55,85 +55,102 @@ Developers consuming the custom policy feature set should adhere to the followin
 
 Custom policy/Identity Experience Framework capabilities are under constant and rapid development. The following table is an index of features and component availability.
 
-### Identity Providers, Tokens, Protocols
+
+### Protocols and authorization flows
 
 | Feature | Development | Preview | GA | Notes |
 |-------- | :-----------: | :-------: | :--: | ----- |
-| IDP-OpenIDConnect |  |  | X | For example, Google+.  |
-| IDP-OAUTH2 |  |  | X | For example, Facebook.  |
-| IDP-OAUTH1 (twitter) |  | X |  | For example, Twitter. |
-| IDP-OAUTH1 (ex-twitter) |  |  |  | Not supported |
-| IDP-SAML |  |   | X | For example, Salesforce, ADFS. |
-| IDP-WSFED | X |  |  |  |
-| Relying Party OAUTH1 |  |  |  | Not supported. |
-| Relying Party OAUTH2 |  |  | X |  |
-| Relying Party OIDC |  |  | X |  |
-| Relying Party SAML |  |X  |  |  |
-| Relying Party WSFED | X |  |  |  |
-| REST API with basic and certificate auth |  |  | X | For example, Azure Logic Apps. |
-
-### Component Support
+| [OAuth2 authorization code](authorization-code-flow.md) |  |  | X |  |
+| OAuth2 authorization code with PKCE |  |  | X | Mobile applications only  |
+| [OAuth2 implicit flow](implicit-flow-single-page-application.md) |  |  | X |  |
+| [OAuth2 resource owner password credentials](ropc-custom.md) |  | X |  |  |
+| [OIDC Connect](openid-connect.md) |  |  | X |  |
+| [SAML2](connect-with-saml-service-providers.md)  |  |X  |  | POST and Redirect bindings. |
+| OAuth1 |  |  |  | Not supported. |
+| WSFED | X |  |  |  |
+
+### Identify providers federation 
+
+| Feature | Development | Preview | GA | Notes |
+|-------- | :-----------: | :-------: | :--: | ----- |
+| [OpenID Connect](openid-connect-technical-profile.md) |  |  | X | For example, Google+.  |
+| [OAuth2](oauth2-technical-profile.md) |  |  | X | For example, Facebook.  |
+| [OAuth1](oauth1-technical-profile.md) |  | X |  | For example, Twitter. |
+| [SAML2](saml-technical-profile.md) |  |   | X | For example, Salesforce, ADFS. |
+| WSFED| X |  |  |  |
+
+
+### REST API integration
+
+| Feature | Development | Preview | GA | Notes |
+|-------- | :-----------: | :-------: | :--: | ----- |
+| [REST API with basic auth](secure-rest-api.md#http-basic-authentication) |  |  | X |  |
+| [REST API with client certificate auth](secure-rest-api.md#https-client-certificate-authentication) |  |  | X |  |
+| [REST API with OAuth2 bearer auth](secure-rest-api.md#oauth2-bearer-authentication) |  | X |  |  |
+
+### Component support
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
-| Azure Multi Factor Authentication |  |  | X |  |
-| Azure Active Directory as local directory |  |  | X |  |
-| Azure Email subsystem for email verification |  |  | X |  |
-| Multi-language support|  |  | X |  |
-| Predicate Validations |  |  | X | For example, password complexity. |
-| Using third party email service providers |  |X  |  |  |
+| [Phone factor authentication](phone-factor-technical-profile.md) |  |  | X |  |
+| [Azure MFA authentication](multi-factor-auth-technical-profile.md) |  | X |  |  |
+| [One-time password](one-time-password-technical-profile.md) |  | X |  |  |
+| [Azure Active Directory](active-directory-technical-profile.md) as local directory |  |  | X |  |
+| Azure email subsystem for email verification |  |  | X |  |
+| [Third party email service providers](custom-email.md) |  |X  |  |  |
+| [Multi-language support](localization.md)|  |  | X |  |
+| [Predicate validations](predicates.md) |  |  | X | For example, password complexity. |
+| [Display controls](display-controls.md) |  |X  |  |  |
 
-### Content Definition
+
+### Page layout versions
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
-| Error page, api.error |  |  | X |  |
-| IDP selection page, api.idpselections |  |  | X |  |
-| IDP selection for signup, api.idpselections.signup |  |  | X |  |
-| Forgot Password, api.localaccountpasswordreset |  |  | X |  |
-| Local Account Sign-in, api.localaccountsignin |  |  | X |  |
-| Local Account Sign-up, api.localaccountsignup |  |  | X |  |
-| MFA page, api.phonefactor |  |  | X |  |
-| Self-asserted social account sign-up, api.selfasserted |  |  | X |  |
-| Self-asserted profile update, api.selfasserted.profileupdate |  |  | X |  |
-| Unified signup or sign-in page, api.signuporsignin, with parameter "disableSignup" |  |  | X |  |
-| JavaScript / Page layout |  | X |  |  |
+| [2.0.0](page-layout.md#200) |  | X |  |  |
+| [1.2.0](page-layout.md#120) |  | X |  |  |
+| [1.1.0](page-layout.md#110) |  |  | X |  |
+| [1.0.0](page-layout.md#100) |  |  | X |  |
+| [JavaScript support](javascript-samples.md) |  | X |  |  |
 
 ### App-IEF integration
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
-| Query string parameter domain_hint |  |  | X | Available as claim, can be passed to IDP. |
-| Query string parameter login_hint |  |  | X | Available as claim, can be passed to IDP. |
-| Insert JSON into UserJourney via client_assertion | X |  |  | Will be deprecated. |
-| Insert JSON into UserJourney as id_token_hint |  | X |  | Go-forward approach to pass JSON. |
-| Pass IDP TOKEN to the application |  | X |  | For example, from Facebook to app. |
+| Query string parameter `domain_hint` |  |  | X | Available as claim, can be passed to IDP. |
+| Query string parameter `login_hint` |  |  | X | Available as claim, can be passed to IDP. |
+| Insert JSON into user journey via `client_assertion` | X |  |  | Will be deprecated. |
+| Insert JSON into user journey as `id_token_hint` |  | X |  | Go-forward approach to pass JSON. |
+| [Pass identity provider token to the application](idp-pass-through-custom.md) |  | X |  | For example, from Facebook to app. |
 
 ### Session Management
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
-| SSO Session Provider |  |  | X |  |
-| External Login Session Provider |  |  | X |  |
-| SAML SSO  Session Provider |  |  | X |  |
-| Default SSO Session Provider |  |  | X |  |
+| [Default SSO session provider](custom-policy-reference-sso.md#defaultssosessionprovider) |  |  | X |  |
+| [External login session provider](custom-policy-reference-sso.md#externalloginssosessionprovider) |  |  | X |  |
+| [SAML SSO session provider](custom-policy-reference-sso.md#samlssosessionprovider) |  |  | X |  |
+
 
 ### Security
 
 | Feature | Development | Preview | GA | Notes |
 |-------- | :-----------: | :-------: | :--: | ----- |
 | Policy Keys- Generate, Manual, Upload |  |  | X |  |
 | Policy Keys- RSA/Cert, Secrets |  |  | X |  |
-| Policy upload |  |  | X |  |
+
 
 ### Developer interface
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
 | Azure Portal-IEF UX |  |  | X |  |
-| Application Insights UserJourney Logs |  | X |  | Used for troubleshooting during development.  |
-| Application Insights Event Logs (via orchestration steps) |  | X |  | Used to monitor user flows in production. |
+| Policy upload |  |  | X |  |
+| [Application Insights user journey logs](troubleshoot-with-application-insights.md) |  | X |  | Used for troubleshooting during development.  |
+| [Application Insights event logs](application-insights-technical-profile.md) |  | X |  | Used to monitor user flows in production. |
+
 
 ## Next steps
 
-Learn more about [custom policies and the differences with user flows](custom-policy-overview.md).
+- Check the [Microsoft Graph operations available for Azure AD B2C](microsoft-graph-operations.md)
+- Learn more about [custom policies and the differences with user flows](custom-policy-overview.md).

articles/active-directory-b2c/custom-policy-developer-notes.md

@@ -17,7 +17,7 @@ ms.subservice: B2C
 
 [!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
 
-Language customization in Azure Active Directory B2C (Azure AD B2C) allows you to accommodate different languages to suit your customer' needs. Microsoft provides the translations for 36 languages, but you can also provide your own translations for any language. Even if your experience is provided for only a single language, you can customize any text on the pages. 
+Language customization in Azure Active Directory B2C (Azure AD B2C) allows you to accommodate different languages to suit your customer' needs. Microsoft provides the translations for [36 languages](https://docs.microsoft.com/azure/active-directory-b2c/user-flow-language-customization#supported-languages), but you can also provide your own translations for any language. Even if your experience is provided for only a single language, you can customize any text on the pages. 
 
 This article shows you how to support multiple locales or languages in the policy for user journeys. Localization requires three steps: set-up the explicit list of supported languages, provide language-specific strings and collections, and edit the [content definition](contentdefinitions.md) for the page. 
 

articles/active-directory-b2c/custom-policy-localization.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/26/2020
+ms.date: 03/31/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -20,12 +20,11 @@ ms.subservice: B2C
 
 Azure Active Directory B2C (Azure AD B2C) provides support for enrolling and verifying phone numbers. This technical profile:
 
-- Provides a user interface to interact with the user.
-- Uses content definition to control the look and feel.
-- Supports both phone calls and text messages to validate the phone number.
+- Provides a user interface to interact with the user to verify, or enroll a phone number.
+- Supports phone calls and text messages to validate the phone number.
 - Supports multiple phone numbers. The user can select one of the phone numbers to verify.  
-- If a phone number is provided, the phone factor user interface asks the user to verify the phone number. If not provided, it asks the user to enroll a new phone number.
-- Returns a claim indicating whether the user provided a new phone number. You can use this claim to decide whether the phone number should  be persisted to the Azure AD user profile.  
+- Returns a claim indicating whether the user provided a new phone number. You can use this claim to decide whether the phone number should  be persisted to the Azure AD B2C user profile.  
+- Uses a [content definition](contentdefinitions.md) to control the look and feel.
 
 ## Protocol
 
@@ -41,19 +40,25 @@ The following example shows a phone factor technical profile for enrollment and
 </TechnicalProfile>
 ```
 
-## Input claims
+## Input claims transformations
 
-The InputClaims element must contain following claims. You can also map the name of your claim to the name defined in the phone factor technical profile. 
+The InputClaimsTransformations element may contain a collection of input claims transformations that are used to modify the input claims, or generate new ones. The following input claims transformation generates a `UserId` claim that is used later in the input claims collection.
 
-```XML
-<InputClaims>
-  <!--A unique identifier of the user. The partner claim type must be set to `UserId`. -->
-  <InputClaim ClaimTypeReferenceId="userIdForMFA" PartnerClaimType="UserId" />
-  <!--A claim that contains the phone number. If the claim is empty, Azure AD B2C asks the user to enroll a new phone number. Otherwise, it asks the user to verify the phone number. -->
-  <InputClaim ClaimTypeReferenceId="strongAuthenticationPhoneNumber" />
-</InputClaims>
+```xml
+<InputClaimsTransformations>
+  <InputClaimsTransformation ReferenceId="CreateUserIdForMFA" />
+</InputClaimsTransformations>
 ```
 
+## Input claims
+
+The InputClaims element must contain the following claims. You can also map the name of your claim to the name defined in the phone factor technical profile. 
+
+|  Data type| Required | Description |
+| --------- | -------- | ----------- | 
+| string| Yes | A unique identifier for the user. The claim name, or PartnerClaimType must be set to `UserId`. This claim should not contain personal identifiable information.|
+| string| Yes | List of claim types. Each claim contains one phone number. If any of the input claims do not contain a phone number, the user will be asked to enroll and verify a new phone number. The validated phone number is returned as an output claim. If one of the input claims contain a phone number, the user is asked to verify it. If multiple input claims contain a phone number, the user is asked to choose and verify one of the phone numbers. |
+
 The following example demonstrates using multiple phone numbers. For more information, see [sample policy](https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-add-secondarymfa).
 
 ```XML
@@ -64,22 +69,16 @@ The following example demonstrates using multiple phone numbers. For more inform
 </InputClaims>
 ```
 
-The InputClaimsTransformations element may contain a collection of InputClaimsTransformation elements that are used to modify the input claims or generate new ones before presenting them to the phone factor page.
-
 ## Output claims
 
 The OutputClaims element contains a list of claims returned by the phone factor technical profile.
 
-```xml
-<OutputClaims>
-  <!-- The verified phone number. The partner claim type must be set to `Verified.OfficePhone`. -->
-  <OutputClaim ClaimTypeReferenceId="Verified.strongAuthenticationPhoneNumber" PartnerClaimType="Verified.OfficePhone" />
-  <!-- Indicates whether the new phone number has been entered by the user. The partner claim type must be set to `newPhoneNumberEntered`. -->
-  <OutputClaim ClaimTypeReferenceId="newPhoneNumberEntered" PartnerClaimType="newPhoneNumberEntered" />
-</OutputClaims>
-```
+|  Data type| Required | Description |
+|  -------- | ----------- |----------- |
+| boolean | Yes | Indicates whether the new phone number has been entered by the user. The claim name, or PartnerClaimType must be set to `newPhoneNumberEntered`|
+| string| Yes | The verified phone number. The claim name, or PartnerClaimType must be set to `Verified.OfficePhone`.|
 
-The OutputClaimsTransformations element may contain a collection of OutputClaimsTransformation elements that are used to modify the output claims or generate new ones.
+The OutputClaimsTransformations element may contain a collection of OutputClaimsTransformation elements that are used to modify the output claims, or generate new ones.
 
 ## Cryptographic keys
 
@@ -91,7 +90,9 @@ The **CryptographicKeys** element is not used.
 | Attribute | Required | Description |
 | --------- | -------- | ----------- |
 | ContentDefinitionReferenceId | Yes | The identifier of the [content definition](contentdefinitions.md) associated with this technical profile. |
-| ManualPhoneNumberEntryAllowed| No | Specify whether or not a user is allowed to manually enter a phone number. Possible values: `true` or `false` (default).|
+| ManualPhoneNumberEntryAllowed| No | Specify whether or not a user is allowed to manually enter a phone number. Possible values: `true`, or `false` (default).|
+| setting.authenticationMode | No | The method to validate the phone number. Possible values: `sms`, `phone`, or `mixed` (default).|
+| setting.autodial| No| Specify whether the technical profile should auto dial or auto send an SMS. Possible values: `true`, or `false` (default). Auto dial requires the `setting.authenticationMode` metadata be set to `sms`, or `phone`. The input claims collection must have a single phone number. |
 
 ### UI elements
 
@@ -100,4 +101,3 @@ The phone factor authentication page user interface elements can be [localized](
 ## Next steps
 
 - Check the [social and local accounts with MFA](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/SocialAndLocalAccountsWithMfa) starter pack.
-

articles/active-directory-b2c/phone-factor-technical-profile.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/27/2020
+ms.date: 04/01/2020
 ms.author: mimart
 ms.subservice: B2C
 ---