Merge pull request #291797 from garrodonnell/sfi-updates

[SFI][B2C] Updates for Global Admin and ROPC / Implicit Grant Workstreams

Author: v-ccolin

articles/active-directory-b2c/faq.yml

@@ -32,7 +32,7 @@ sections:
       - question: |
           Why can't I access the Azure AD B2C extension in the Azure portal?
         answer: |
-          There are two common reasons for why the Microsoft Entra extension isn't working for you. Azure AD B2C requires your user role in the directory to be a global administrator. Contact your administrator if you think you should have access. If you have global administrator privileges, make sure that you are in an Azure AD B2C directory and not a Microsoft Entra directory. You can see instructions for [creating an Azure AD B2C tenant](tutorial-create-tenant.md).
+          There are two common reasons for why the Microsoft Entra extension isn't working for you. Azure AD B2C requires your user role in the directory to be a Global administrator. Contact your administrator if you think you should have access. If you have Global administrator privileges, make sure that you are in an Azure AD B2C directory and not a Microsoft Entra directory. You can see instructions for [creating an Azure AD B2C tenant](tutorial-create-tenant.md).
           
       - question: |
           Can I use Azure AD B2C features in my existing, employee-based Microsoft Entra tenant?
@@ -92,7 +92,7 @@ sections:
       - question: |
           Why am I unable to create an Azure AD B2C tenant?
         answer: |
-          You might not have permission to create an Azure AD B2C tenant. Only users with **Global administrator** or **Tenant Creator** roles can create the tenant. You need to contact your **Global administrator**. 
+          You might not have permission to create an Azure AD B2C tenant. Only users with at least **Tenant Creator** roles can create the tenant. 
 
       - question: |
           How do I customize verification emails (the content and the "From:" field) sent by Azure AD B2C?

articles/active-directory-b2c/identity-provider-adfs.md

@@ -73,7 +73,7 @@ In this step, configure the claims AD FS application returns to Azure AD B2C.
 
 ## Configure AD FS as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
 1. Select **Identity providers**, and then select **New OpenID Connect provider**.

articles/active-directory-b2c/identity-provider-amazon.md

@@ -49,7 +49,7 @@ To enable sign-in for users with an Amazon account in Azure Active Directory B2C
 
 ## Configure Amazon as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **Amazon**.

articles/active-directory-b2c/identity-provider-apple-id.md

@@ -72,7 +72,7 @@ To enable sign-in for users with an Apple ID in Azure Active Directory B2C (Azur
 
 ## Configure Apple as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as a global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **Apple**.

articles/active-directory-b2c/identity-provider-facebook.md

@@ -60,8 +60,8 @@ If you don't already have a Facebook account, sign up at [https://www.facebook.c
 
 ## Configure Facebook as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
+1. 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **Facebook**.
 1. Enter a **Name**. For example, *Facebook*.

articles/active-directory-b2c/identity-provider-generic-openid-connect.md

@@ -37,7 +37,7 @@ This article explains how you can add custom OpenID Connect identity providers i
 
 ::: zone pivot="b2c-user-flow"
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **Identity providers**, and then select **New OpenID Connect provider**.

articles/active-directory-b2c/identity-provider-github.md

@@ -54,7 +54,7 @@ To enable sign-in with a GitHub account in Azure Active Directory B2C (Azure AD
 
 ## Configure GitHub as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **GitHub (Preview)**.

articles/active-directory-b2c/identity-provider-google.md

@@ -63,7 +63,7 @@ To enable sign-in for users with a Google account in Azure Active Directory B2C
 
 ## Configure Google as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **Google**.

articles/active-directory-b2c/identity-provider-linkedin.md

@@ -47,7 +47,7 @@ To enable sign-in for users with a LinkedIn account in Azure Active Directory B2
 
 ## Configure LinkedIn as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.

articles/active-directory-b2c/identity-provider-microsoft-account.md

@@ -53,7 +53,7 @@ To enable sign-in for users with a Microsoft account in Azure Active Directory B
 
 ## Configure Microsoft as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **Microsoft Account**.