Merge pull request #250235 from kengaderdus/disable-signup-in-user-flow

[CIAM] Disable sign-up in a user flow.

Author: v-dirichards

articles/active-directory/external-identities/customers/how-to-define-custom-attributes.md

@@ -49,7 +49,7 @@ If your application relies on certain built-in or custom user attributes, you ca
 
 1. Select **Create**. The custom attribute is now available in the list of user attributes and can be [added to your user flows](#include-custom-attributes-in-a-sign-up-flow).
 
-### About referencing custom attributes
+### Referencing custom attributes
 
 The custom attributes you create are added to the *b2c-extensions-app* registered in your customer tenant. If you want to call a custom attribute from an application or manage it via Microsoft Graph, use the naming convention `extension_<b2c-extensions-app-id>_<custom-attribute-name>` where:
 

articles/active-directory/external-identities/customers/how-to-user-flow-sign-up-sign-in-customers.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: ciam
 ms.topic: how-to
-ms.date: 07/12/2023
+ms.date: 09/04/2023
 ms.author: mimart
 ms.custom: it-pro
 
@@ -89,6 +89,35 @@ You can choose the order in which the attributes are displayed on the sign-up pa
 
 1. Select **Save**.
 
+##  Disable sign-up in a sign-up and sign-in user flow
+
+If you want your customer users to only sign in and not sign up, you can disable sign-up experience in your user flow by using [Microsoft Graph API](microsoft-graph-operations.md). You need to know the ID of the user flow that you want whose sign-up you want to disable. You can't read the user flow ID from the Microsoft Entra Admin center, but you can retrieve it via Microsoft Graph API if you know the app associated with it.
+
+1. Read the application ID associated with the user flow:
+    1. Browse to **Identity > External Identities > User flows**.
+    1. From the list, select your user flow.
+    1. In the left menu, under **Use**, select **Applications**.
+    1. From the list, under **Application (client) ID** column, copy the Application (client) ID.
+    
+1. Identify the ID of the user flow whose sign-up you want to disable. To do so, [List the user flow associated with the specific application](/graph/api/identitycontainer-list-authenticationeventsflows?#example-4-list-user-flow-associated-with-specific-application-id). This's a Microsoft Graph API, which requires you to know the application ID you obtained from the previous step. 
+
+1. [Update your user flow](/graph/api/authenticationeventsflow-update) to disable sign-up. 
+
+    **Example**:
+    
+    ```http
+    PATCH https://graph.microsoft.com/beta/identity/authenticationEventsFlows/{user-flow-id}    
+    {    
+        "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",    
+        "onInteractiveAuthFlowStart": {    
+            "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",    
+            "isSignUpAllowed": "false"    
+      }    
+    }
+    ```
+
+    Replace `{user-flow-id}` with the user flow ID that you obtained in the previous step. Notice the `isSignUpAllowed` parameter is set to *false*. To re-enable sign-up, make a call to the Microsoft Graph API endpoint, but set the `isSignUpAllowed` parameter to *true*.   
+
 ## Next steps
 
 - [Add your application to the user flow](how-to-user-flow-add-application.md)

articles/active-directory/external-identities/customers/microsoft-graph-operations.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: ciam
 ms.topic: how-to
-ms.date: 07/12/2023
+ms.date: 09/04/2023
 ms.custom: developer
 
 #Customer intent: As a dev, devops, I want to learn how to use the Microsoft Graph to manage operations in my Azure AD customer tenant.
@@ -105,6 +105,7 @@ Configure pre-built policies for sign-up, sign-in, combined sign-up and sign-in,
 - [Create a user flow](/graph/api/identitycontainer-post-authenticationeventsflows)
 - [Get a user flow](/graph/api/authenticationeventsflow-get)
 - [Delete a user flow](/graph/api/authenticationeventsflow-delete)
+- [Update a user flow](/graph/api/authenticationeventsflow-update)
 
 ## Identity providers (Preview)
 

articles/active-directory/external-identities/customers/toc.yml

@@ -260,6 +260,7 @@ items:
         href: how-to-register-ciam-app.md
       - name: Add a sign-up and sign-in flow
         href: how-to-user-flow-sign-up-sign-in-customers.md
+        displayName: disable sign-up, disable sign up 
       - name: Add an application to the user flow
         href: how-to-user-flow-add-application.md
       - name: Enable password reset