MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 0 additions & 5 deletions b/‎.openpublishing.redirection.json
Lines changed: 0 additions & 5 deletions
diff --git a/‎articles/active-directory-b2c/identity-provider-linkedin.md
Lines changed: 40 additions & 79 deletions b/‎articles/active-directory-b2c/identity-provider-linkedin.md
Lines changed: 40 additions & 79 deletions
diff --git a/‎articles/active-directory-b2c/partner-saviynt.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/partner-saviynt.md
Lines changed: 2 additions & 2 deletions
@@ -4000,11 +4000,6 @@
             "redirect_url":"/azure/reliability/reliability-containers",
             "redirect_document_id":false 
         },
-		{
-			"source_path_from_root":"/articles/service-connector/quickstart-cli-aks-connection.md",
-			"redirect_url":"/azure/service-connector/quickstart-portal-aks-connection",
-			"redirect_document_id":false
-		},
         {
             "source_path_from_root":"/articles/aks/generation-2-vm-windows.md",
             "redirect_url":"/azure/aks/generation-2-vm",
 
@@ -31,15 +31,15 @@ zone_pivot_groups: b2c-policy-type
 
 ## Create a LinkedIn application
 
-To enable sign-in for users with a LinkedIn account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in [LinkedIn Developers website](https://developer.linkedin.com/). For more information, see [Authorization Code Flow](/linkedin/shared/authentication/authorization-code-flow). If you don't already have a LinkedIn account, you can sign up at [https://www.linkedin.com/](https://www.linkedin.com/).
+To enable sign-in for users with a LinkedIn account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in [LinkedIn Developers website](https://developer.linkedin.com/). If you don't already have a LinkedIn account, you can sign up at [https://www.linkedin.com/](https://www.linkedin.com/).
 
 1. Sign in to the [LinkedIn Developers website](https://developer.linkedin.com/) with your LinkedIn account credentials.
 1. Select **My Apps**, and then click **Create app**.
 1. Enter **App name**, **LinkedIn Page**, **Privacy policy URL**, and **App logo**.
 1. Agree to the LinkedIn **API Terms of Use** and click **Create app**.
 1. Select the **Auth** tab. Under **Authentication Keys**, copy the values for **Client ID** and **Client Secret**. You'll need both of them to configure LinkedIn as an identity provider in your tenant. **Client Secret** is an important security credential.
 1. Select the edit pencil next to **Authorized redirect URLs for your app**, and then select **Add redirect URL**. Enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant, and `your-domain-name` with your custom domain. You need to use all lowercase letters when entering your tenant name even if the tenant is defined with uppercase letters in Azure AD B2C. Select **Update**.
-1. By default, your LinkedIn app isn't approved for scopes related to sign in. To request a review, select the **Products** tab, and then select **Sign In with LinkedIn**. When the review is complete, the required scopes will be added to your application.
+1. By default, your LinkedIn app isn't approved for scopes related to sign in. To request a review, select the **Products** tab, and then select **Sign In with LinkedIn using OpenID Connect**. When the review is complete, the required scopes will be added to your application.
    > [!NOTE]
    > You can view the scopes that are currently allowed for your app on the **Auth** tab in the **OAuth 2.0 scopes** section.
 
@@ -49,11 +49,20 @@ To enable sign-in for users with a LinkedIn account in Azure Active Directory B2
 
 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
+1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
-1. Select **Identity providers**, then select **LinkedIn**.
-1. Enter a **Name**. For example, *LinkedIn*.
+1. Select **Identity providers**, then select **New OpenID Connect provider**.
+1. Enter a **Name**. For example, *LinkedIn-OIDC*.
+1. For the **Metadata URL**, enter **https://www.linkedin.com/oauth/.well-known/openid-configuration**.
 1. For the **Client ID**, enter the Client ID of the LinkedIn application that you created earlier.
 1. For the **Client secret**, enter the Client Secret that you recorded.
+1. For the **Scope**, enter **openid profile email**.
+1. For the **Response type**, enter **code**.
+1. For the **User ID**, enter **email**.
+1. For the **Display name**, enter **name**.
+1. For the **Given name**, enter **given_name**.
+1. For the **Surname**, enter **family_name**.
+1. For the **Email**, enter **email**.
 1. Select **Save**.
 
 ## Add LinkedIn identity provider to a user flow 
@@ -62,12 +71,12 @@ At this point, the LinkedIn identity provider has been set up, but it's not yet
 
 1. In your Azure AD B2C tenant, select **User flows**.
 1. Click the user flow that you want to add the LinkedIn identity provider.
-1. Under the **Social identity providers**, select **LinkedIn**.
+1. Under the **Custom identity providers**, select **LinkedIn-OIDC**.
 1. Select **Save**.
 1. To test your policy, select **Run user flow**.
 1. For **Application**, select the web application named *testapp1* that you previously registered. The **Reply URL** should show `https://jwt.ms`.
 1. Select the **Run user flow** button.
-1. From the sign-up or sign-in page, select **LinkedIn** to sign in with LinkedIn account.
+1. From the sign-up or sign-in page, select **LinkedIn-OIDC** to sign in with LinkedIn account.
 
 If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C.
 
@@ -81,6 +90,7 @@ You need to store the client secret that you previously recorded in your Azure A
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
+1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
 1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
 1. On the Overview page, select **Identity Experience Framework**.
 1. Select **Policy keys** and then select **Add**.
@@ -92,7 +102,7 @@ You need to store the client secret that you previously recorded in your Azure A
 
 ## Configure LinkedIn as an identity provider
 
-To enable users to sign in using an LinkedIn account, you need to define the account as a claims provider that Azure AD B2C can communicate with through an endpoint. The endpoint provides a set of claims that are used by Azure AD B2C to verify that a specific user has authenticated.
+To enable users to sign in using a LinkedIn account, you need to define the account as a claims provider that Azure AD B2C can communicate with through an endpoint. The endpoint provides a set of claims that are used by Azure AD B2C to verify that a specific user has authenticated.
 
 Define a LinkedIn account as a claims provider by adding it to the **ClaimsProviders** element in the extension file of your policy.
 
@@ -103,94 +113,45 @@ Define a LinkedIn account as a claims provider by adding it to the **ClaimsProvi
     ```xml
     <ClaimsProvider>
       <Domain>linkedin.com</Domain>
-      <DisplayName>LinkedIn</DisplayName>
+      <DisplayName>LinkedIn-OIDC</DisplayName>
       <TechnicalProfiles>
-        <TechnicalProfile Id="LinkedIn-OAuth2">
+          <TechnicalProfile Id="LinkedIn-OIDC">
           <DisplayName>LinkedIn</DisplayName>
-          <Protocol Name="OAuth2" />
+          <Protocol Name="OpenIdConnect" />
           <Metadata>
-            <Item Key="ProviderName">linkedin</Item>
-            <Item Key="authorization_endpoint">https://www.linkedin.com/oauth/v2/authorization</Item>
-            <Item Key="AccessTokenEndpoint">https://www.linkedin.com/oauth/v2/accessToken</Item>
-            <Item Key="ClaimsEndpoint">https://api.linkedin.com/v2/me</Item>
-            <Item Key="scope">r_emailaddress r_liteprofile</Item>
-            <Item Key="HttpBinding">POST</Item>
-            <Item Key="external_user_identity_claim_id">id</Item>
-            <Item Key="BearerTokenTransmissionMethod">AuthorizationHeader</Item>
-            <Item Key="ResolveJsonPathsInJsonTokens">true</Item>
-            <Item Key="UsePolicyInRedirectUri">false</Item>
-            <Item Key="client_id">Your LinkedIn application client ID</Item>
+              <Item Key="METADATA">https://www.linkedin.com/oauth/.well-known/openid-configuration</Item>
+              <Item Key="scope">openid profile email</Item>
+              <Item Key="HttpBinding">POST</Item>
+              <Item Key="response_types">code</Item>
+              <Item Key="UsePolicyInRedirectUri">false</Item>
+              <Item Key="client_id">Your LinkedIn application client ID</Item>
           </Metadata>
           <CryptographicKeys>
-            <Key Id="client_secret" StorageReferenceId="B2C_1A_LinkedInSecret" />
+              <Key Id="client_secret" StorageReferenceId="B2C_1A_LinkedInSecret" />
           </CryptographicKeys>
           <InputClaims />
           <OutputClaims>
-            <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="id" />
-            <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="firstName.localized" />
-            <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="lastName.localized" />
-            <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="linkedin.com" AlwaysUseDefaultValue="true" />
-            <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />
+              <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="email" />
+              <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
+              <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name" />
+              <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="linkedin.com" AlwaysUseDefaultValue="true" />
+              <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />
           </OutputClaims>
           <OutputClaimsTransformations>
-            <OutputClaimsTransformation ReferenceId="ExtractGivenNameFromLinkedInResponse" />
-            <OutputClaimsTransformation ReferenceId="ExtractSurNameFromLinkedInResponse" />
-            <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
-            <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
-            <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
-            <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
+              <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
+              <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
+              <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
+              <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
           </OutputClaimsTransformations>
           <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
-        </TechnicalProfile>
+          </TechnicalProfile>
       </TechnicalProfiles>
     </ClaimsProvider>
     ```
 
 1. Replace the value of **client_id** with the client ID of the LinkedIn application that you previously recorded.
 1. Save the file.
 
-### Add the claims transformations
-
-The LinkedIn technical profile requires the **ExtractGivenNameFromLinkedInResponse** and **ExtractSurNameFromLinkedInResponse** claims transformations to be added to the list of ClaimsTransformations. If you don't have a **ClaimsTransformations** element defined in your file, add the parent XML elements as shown below. The claims transformations also need a new claim type defined named **nullStringClaim**.
-
-Add the **BuildingBlocks** element near the top of the *TrustFrameworkExtensions.xml* file. See *TrustFrameworkBase.xml* for an example.
-
-```xml
-<BuildingBlocks>
-  <ClaimsSchema>
-    <!-- Claim type needed for LinkedIn claims transformations -->
-    <ClaimType Id="nullStringClaim">
-      <DisplayName>nullClaim</DisplayName>
-      <DataType>string</DataType>
-      <AdminHelpText>A policy claim to store output values from ClaimsTransformations that aren't useful. This claim should not be used in TechnicalProfiles.</AdminHelpText>
-      <UserHelpText>A policy claim to store output values from ClaimsTransformations that aren't useful. This claim should not be used in TechnicalProfiles.</UserHelpText>
-    </ClaimType>
-  </ClaimsSchema>
-
-  <ClaimsTransformations>
-    <!-- Claim transformations needed for LinkedIn technical profile -->
-    <ClaimsTransformation Id="ExtractGivenNameFromLinkedInResponse" TransformationMethod="GetSingleItemFromJson">
-      <InputClaims>
-        <InputClaim ClaimTypeReferenceId="givenName" TransformationClaimType="inputJson" />
-      </InputClaims>
-      <OutputClaims>
-        <OutputClaim ClaimTypeReferenceId="nullStringClaim" TransformationClaimType="key" />
-        <OutputClaim ClaimTypeReferenceId="givenName" TransformationClaimType="value" />
-      </OutputClaims>
-    </ClaimsTransformation>
-    <ClaimsTransformation Id="ExtractSurNameFromLinkedInResponse" TransformationMethod="GetSingleItemFromJson">
-      <InputClaims>
-        <InputClaim ClaimTypeReferenceId="surname" TransformationClaimType="inputJson" />
-      </InputClaims>
-      <OutputClaims>
-        <OutputClaim ClaimTypeReferenceId="nullStringClaim" TransformationClaimType="key" />
-        <OutputClaim ClaimTypeReferenceId="surname" TransformationClaimType="value" />
-      </OutputClaims>
-    </ClaimsTransformation>
-  </ClaimsTransformations>
-</BuildingBlocks>
-```
-
 [!INCLUDE [active-directory-b2c-add-identity-provider-to-user-journey](../../includes/active-directory-b2c-add-identity-provider-to-user-journey.md)]
 
 
@@ -206,7 +167,7 @@ Add the **BuildingBlocks** element near the top of the *TrustFrameworkExtensions
 <OrchestrationStep Order="2" Type="ClaimsExchange">
   ...
   <ClaimsExchanges>
-    <ClaimsExchange Id="LinkedInExchange" TechnicalProfileReferenceId="LinkedIn-OAuth2" />
+    <ClaimsExchange Id="LinkedInExchange" TechnicalProfileReferenceId="LinkedIn-OIDC" />
   </ClaimsExchanges>
 </OrchestrationStep>
 ```
@@ -218,7 +179,7 @@ Add the **BuildingBlocks** element near the top of the *TrustFrameworkExtensions
 1. Select your relying party policy, for example `B2C_1A_signup_signin`.
 1. For **Application**, select a web application that you [previously registered](tutorial-register-applications.md). The **Reply URL** should show `https://jwt.ms`.
 1. Select the **Run now** button.
-1. From the sign-up or sign-in page, select **LinkedIn** to sign in with LinkedIn account.
+1. From the sign-up or sign-in page, select **LinkedIn-OIDC** to sign in with LinkedIn account.
 
 If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C.
 
@@ -375,7 +336,7 @@ As part of the LinkedIn migration from v1.0 to v2.0, an additional call to anoth
     </OrchestrationStep>
     ```
 
-Obtaining the email address from LinkedIn during sign-up is optional. If you choose not to obtain the email from LinkedIn but require one during sign up, the user is required to manually enter the email address and validate it.
+Obtaining the email address from LinkedIn during sign-up is optional. If you choose not to obtain the email from LinkedIn but require one during sign-up, the user is required to manually enter the email address and validate it.
 
 For a full sample of a policy that uses the LinkedIn identity provider, see the [Custom Policy Starter Pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/linkedin-identity-provider).
 
 
@@ -18,7 +18,7 @@ ms.subservice: B2C
 
 Learn to integrate Azure Active Directory B2C (Azure AD B2C) with the Saviynt Security Manager platform, which has visibility, security, and governance. Saviynt incorporates application risk and governance, infrastructure management, privileged account management, and customer risk analysis.
 
-Learn more: [Saviynt for Azure AD B2C](https://saviynt.com/integrations/old-version-azure-ad/for-b2c/)
+Learn more: [Saviynt for Azure AD B2C](https://saviynt.com/fr/integrations/entra-id/for-b2c)
 
 Use the following instructions to set up access control delegated administration for Azure AD B2C users. Saviynt determines if a user is authorized to manage Azure AD B2C users with:
 
@@ -46,7 +46,7 @@ The Saviynt integration includes the following components:
 * **Azure AD B2C** – identity as a service for custom control of customer sign-up, sign-in, and profile management
   * See, [Azure AD B2C, Get started](https://azure.microsoft.com/services/active-directory/external-identities/b2c/) 
 * **Saviynt for Azure AD B2C** – identity governance for delegated administration of user life-cycle management and access governance
-  * See, [Saviynt for Azure AD B2C](https://saviynt.com/integrations/old-version-azure-ad/for-b2c/)
+  * See, [Saviynt for Azure AD B2C](https://saviynt.com/fr/integrations/entra-id/for-b2c)
 * **Microsoft Graph API** – interface for Saviynt to manage Azure AD B2C users and their access
   * See, [Use the Microsoft Graph API](/graph/use-the-api)