Merge branch 'main' into cm-linkfix-20230207-0

Author: cmcclister

.openpublishing.publish.config.json

@@ -994,6 +994,7 @@
   "articles/object-anchors/.openpublishing.redirection.object-anchors.json",
   "articles/postgresql/.openpublishing.redirection.postgresql.json",
   "articles/purview/.openpublishing.redirection.purview.json",
+  "articles/sap/.openpublishing.redirection.sap.json",
   "articles/service-bus-messaging/.openpublishing.redirection.service-bus-messaging.json",
   "articles/spatial-anchors/.openpublishing.redirection.spatial-anchors.json",
   "articles/spring-apps/.openpublishing.redirection.spring-apps.json",

.openpublishing.redirection.active-directory.json

@@ -4391,6 +4391,11 @@
       "redirect_url": "/azure/active-directory/reports-monitoring/reports-faq",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/recommendations-integrate-third-party-apps.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/overview-recommendations",
+      "redirect_document_id": false
+     },
     {
       "source_path_from_root": "/articles/active-directory/reports-monitoring/workbook-legacy authentication.md",
       "redirect_url": "/azure/active-directory/reports-monitoring/workbook-legacy-authentication",
@@ -4411,6 +4416,11 @@
       "redirect_url": "/azure/active-directory/reports-monitoring/howto-configure-prerequisites-for-reporting-api",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/recommendation-integrate-third-party-apps.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/overview-recommendations",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/reports-monitoring/concept-reporting-api.md",
       "redirect_url": "/azure/active-directory/reports-monitoring/howto-configure-prerequisites-for-reporting-api",

articles/active-directory-b2c/add-identity-provider.md

@@ -6,7 +6,7 @@ author: garrodonnell
 manager: CelesteDG
 
 ms.author: godonnell
-ms.date: 01/19/2022
+ms.date: 02/08/2023
 ms.custom: mvc
 ms.topic: how-to
 ms.service: active-directory
@@ -19,7 +19,7 @@ You can configure Azure AD B2C to allow users to sign in to your application wit
 
 With external identity provider federation, you can offer your consumers the ability to sign in with their existing social or enterprise accounts, without having to create a new account just for your application.
 
-On the sign-up or sign-in page, Azure AD B2C presents a list of external identity providers the user can choose for sign-in. Once they select one of the external identity providers, they're taken (redirected) to the selected provider's website to complete the sign-in process. After the user successfully signs in, they're returned to Azure AD B2C for authentication of the account in your application.
+On the sign-up or sign-in page, Azure AD B2C presents a list of external identity providers the user can choose for sign-in. Once a user selects an external identity provider, they're redirected to the selected provider's website to complete their sign-in. After they successfully sign in, they're returned to Azure AD B2C for authentication with your application.
 
 ![Diagram showing mobile sign-in example with a social account (Facebook).](media/add-identity-provider/external-idp.png)
 

articles/active-directory-b2c/identity-provider-azure-ad-single-tenant.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/11/2022
+ms.date: 02/07/2023
 ms.author: godonnell
 ms.subservice: B2C
 ms.custom: fasttrack-edit, project-no-code
@@ -67,26 +67,6 @@ To enable sign-in for users with an Azure AD account from a specific Azure AD or
 1. Select **Certificates & secrets**, and then select **New client secret**.
 1. Enter a **Description** for the secret, select an expiration, and then select **Add**. Record the **Value** of the secret for use in a later step.
 
-### Configuring optional claims
-
-If you want to get the `family_name` and `given_name` claims from Azure AD, you can configure optional claims for your application in the Azure portal UI or application manifest. For more information, see [How to provide optional claims to your Azure AD app](../active-directory/develop/active-directory-optional-claims.md).
-
-1. Sign in to the [Azure portal](https://portal.azure.com) using your organizational Azure AD tenant. Or if you're already signed in, make sure you're using the directory that contains your organizational Azure AD tenant (for example, Contoso):
-    1. Select the **Directories + subscriptions** icon in the portal toolbar.
-    2. On the **Portal settings | Directories + subscriptions** page, find your Azure AD directory in the **Directory name** list, and then select **Switch**. 
-1. In the Azure portal, search for and select **Azure Active Directory**.
-1. In the left menu, under **Manage**, select **App registrations**.
-1. Select the application you want to configure optional claims for in the list, such as `Azure AD B2C App`. 
-1. From the **Manage** section, select **Token configuration**.
-1. Select **Add optional claim**.
-1. For the **Token type**, select **ID**.
-1. Select the optional claims to add, `family_name` and `given_name`.
-1. Select **Add**. If **Turn on the Microsoft Graph profile permission (required for claims to appear in token)** appears, enable it, and then select **Add** again.
-
-## [Optional] Verify your app authenticity
-
-[Publisher verification](../active-directory/develop/publisher-verification-overview.md) helps your users understand the authenticity of the app you [registered](#register-an-azure-ad-app). A verified app means that the publisher of the app has [verified](/partner-center/verification-responses) their identity using their Microsoft Partner Network (MPN). Learn how to [mark your app as publisher verified](../active-directory/develop/mark-app-as-publisher-verified.md). 
-
 ::: zone pivot="b2c-user-flow"
 
 ## Configure Azure AD as an identity provider
@@ -254,6 +234,26 @@ If the sign-in process is successful, your browser is redirected to `https://jwt
 
 ::: zone-end
 
+### [Optional] Configuring optional claims
+
+If you want to get the `family_name` and `given_name` claims from Azure AD, you can configure optional claims for your application in the Azure portal UI or application manifest. For more information, see [How to provide optional claims to your Azure AD app](../active-directory/develop/active-directory-optional-claims.md).
+
+1. Sign in to the [Azure portal](https://portal.azure.com) using your organizational Azure AD tenant. Or if you're already signed in, make sure you're using the directory that contains your organizational Azure AD tenant (for example, Contoso):
+    1. Select the **Directories + subscriptions** icon in the portal toolbar.
+    2. On the **Portal settings | Directories + subscriptions** page, find your Azure AD directory in the **Directory name** list, and then select **Switch**. 
+1. In the Azure portal, search for and select **Azure Active Directory**.
+1. In the left menu, under **Manage**, select **App registrations**.
+1. Select the application you want to configure optional claims for in the list, such as `Azure AD B2C App`. 
+1. From the **Manage** section, select **Token configuration**.
+1. Select **Add optional claim**.
+1. For the **Token type**, select **ID**.
+1. Select the optional claims to add, `family_name` and `given_name`.
+1. Select **Add**. If **Turn on the Microsoft Graph profile permission (required for claims to appear in token)** appears, enable it, and then select **Add** again.
+
+## [Optional] Verify your app authenticity
+
+[Publisher verification](../active-directory/develop/publisher-verification-overview.md) helps your users understand the authenticity of the app you [registered](#register-an-azure-ad-app). A verified app means that the publisher of the app has [verified](/partner-center/verification-responses) their identity using their Microsoft Partner Network (MPN). Learn how to [mark your app as publisher verified](../active-directory/develop/mark-app-as-publisher-verified.md). 
+
 ## Next steps
 
 Learn how to [pass the Azure AD token to your application](idp-pass-through-user-flow.md).

articles/active-directory-b2c/identity-provider-generic-saml.md

@@ -139,10 +139,10 @@ The **OutputClaims** element contains a list of claims returned by the SAML iden
 
 In the example above, *Contoso-SAML2* includes the claims returned by a SAML identity provider:
 
-* The **issuerUserId** claim is mapped to the **assertionSubjectName** claim.
+* The **assertionSubjectName** claim is mapped to the **issuerUserId** claim.
 * The **first_name** claim is mapped to the **givenName** claim.
 * The **last_name** claim is mapped to the **surname** claim.
-* The **displayName** claim is mapped to the `http://schemas.microsoft.com/identity/claims/displayname` claim.
+* The `http://schemas.microsoft.com/identity/claims/displayname` claim is mapped to the **displayName** claim.
 * The **email** claim without name mapping.
 
 The technical profile also returns claims that aren't returned by the identity provider:
@@ -237,4 +237,4 @@ If the sign-in process is successful, your browser is redirected to `https://jwt
 
 - [Configure SAML identity provider options with Azure Active Directory B2C](identity-provider-generic-saml-options.md)
 
-::: zone-end
+::: zone-end

articles/active-directory-b2c/page-layout.md

@@ -59,6 +59,35 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 ## Self-asserted page (selfasserted)
 
+**2.1.20**
+- Fixed an XSS issue on input from textbox
+
+**2.1.19**
+- Fixed accessibility bugs
+- Handle Undefined Error message for existing user sign up
+- Move Password Mismatch Error to Inline instead of Page Level
+- Accessibility changes related to High Contrast button display and anchor focus improvements
+
+**2.1.18**
+- Add asterisk for required fields
+- TOTP Store Icons position fixes for Classic Template
+- Activate input items only when verification code is verified
+- Add Alt Text for Background Image
+- Added customization for server errors by TOTP verification
+
+**2.1.17**
+- Add descriptive error message and fixed forgotPassword link
+- Make checkbox as group
+- Enforce Validation Error Update on control change and enable continue on email verified
+- Added additional field to error code to validation failure response
+	
+**2.1.16**
+- Fixed "Claims for verification control have not been verified" bug while verifying code.
+- Hide error message on validation succeeds and send code to verify
+
+**2.1.15**
+- Fixed QR code generation bug due to QR text length
+
 **2.1.14**
 - Fixed WCAG 2.1 accessibility bug for the TOTP multifactor authentication screens.
 
@@ -158,6 +187,12 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 > [!TIP]
 > If you localize your page to support multiple locales, or languages in a user flow. The [localization IDs](localization-string-ids.md) article provides the list of localization IDs that you can use for the page version you select.
 
+**2.1.9**
+- Fix accessibility bugs
+- Accessibility changes related to High Contrast button display and anchor focus improvements
+	
+**2.1.8**
+- Add descriptive error message and fixed forgotPassword link!
 
 **2.1.7**
 

articles/active-directory-b2c/sign-in-options.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 01/18/2022
+ms.date: 02/08/2023
 ms.author: godonnell
 ms.subservice: B2C
 

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

@@ -162,4 +162,6 @@
       href: faqs.md
     - name: Glossary
       href: multi-cloud-glossary.md
+    - name: Microsoft Entra Permissions Management partners
+      href: partner-list.md