Merge pull request #174879 from kengaderdus/address-GHI-80234

[identity][Azure AD][B2C] Address GitHub Issue #80234

Author: Court72

.openpublishing.redirection.active-directory.json

@@ -10509,6 +10509,11 @@
             "source_path": "articles/active-directory/privileged-identity-management/pim-resource-roles-start-access-review.md",
             "redirect_url": "/azure/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review",
             "redirect_document_id": false
-        }
+        },
+        {
+            "source_path_from_root": "/articles/active-directory-b2c/troubleshoot-custom-policies.md",
+            "redirect_url": "/azure/active-directory-b2c/troubleshoot",
+            "redirect_document_id": false
+          }
     ]
 }

articles/active-directory-b2c/TOC.yml

@@ -398,15 +398,13 @@
       displayName: rest claims exchange
     - name: Secure an API connector
       href: secure-rest-api.md
-  - name: Custom policy
+  - name: Troubleshooting
     items:
-    - name: Troubleshooting
-      items:
-      - name: Collect logs using Application Insights
-        href: troubleshoot-with-application-insights.md
-        displayName: troubleshooting, app insights
-      - name: Troubleshooting custom policies
-        href: troubleshoot-custom-policies.md
+    - name: Collect logs using Application Insights
+      href: troubleshoot-with-application-insights.md
+      displayName: troubleshooting, app insights
+    - name: Troubleshooting and error handling
+      href: troubleshoot.md
   - name: UserInfo endpoint
     href: userinfo-endpoint.md
   - name: Partner integration

articles/active-directory-b2c/add-password-reset-policy.md

@@ -335,6 +335,9 @@ Custom policies are a set of XML files that you upload to your Azure AD B2C tena
 
 ::: zone-end
 
+## Troubleshoot Azure AD B2C user flows and custom policies
+Your application needs to handle certain errors coming from Azure B2C service. Learn [how to troubleshoot Azure AD B2C's user flows and custom policies](troubleshoot.md).
+
 ## Next steps
 
 Set up a [force password reset](force-password-reset.md).

articles/active-directory-b2c/troubleshoot-with-application-insights.md

@@ -13,10 +13,21 @@ ms.date: 09/20/2021
 ms.custom: project-no-code
 ms.author: mimart
 ms.subservice: B2C
+zone_pivot_groups: b2c-policy-type
 ---
 
 # Collect Azure Active Directory B2C logs with Application Insights
 
+[!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
+
+::: zone pivot="b2c-user-flow"
+
+[!INCLUDE [active-directory-b2c-limited-to-custom-policy](../../includes/active-directory-b2c-limited-to-custom-policy.md)]
+
+::: zone-end
+
+::: zone pivot="b2c-custom-policy"
+
 This article provides steps for collecting logs from Active Directory B2C (Azure AD B2C) so that you can diagnose problems with your custom policies. Application Insights provides a way to diagnose exceptions and visualize application performance issues. Azure AD B2C includes a feature for sending data to Application Insights.
 
 The detailed activity logs described here should be enabled **ONLY** during the development of your custom policies.
@@ -189,4 +200,6 @@ To improve your production environment performance and better user experience, i
 
 ## Next steps
 
-- Learn how to [troubleshoot Azure AD B2C custom policies](troubleshoot-custom-policies.md)
+- Learn how to [troubleshoot Azure AD B2C custom policies](troubleshoot.md)
+
+::: zone-end

articles/active-directory-b2c/troubleshoot-custom-policies.md renamed to articles/active-directory-b2c/troubleshoot.md

@@ -1,5 +1,5 @@
 ---
-title: Troubleshoot custom policies in Azure Active Directory B2C
+title: Troubleshoot custom policies and user flows in Azure Active Directory B2C
 description: Learn about approaches to solving errors when working with custom policies in Azure Active Directory B2C.
 services: active-directory-b2c
 author: msmimart
@@ -8,12 +8,39 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: troubleshooting
-ms.date: 05/25/2021
+ms.date: 10/08/2021
 ms.author: mimart
 ms.subservice: B2C
+zone_pivot_groups: b2c-policy-type
 ---
 
-# Troubleshoot Azure AD B2C custom policies
+# Troubleshoot Azure AD B2C custom policies and user flows
+
+[!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
+
+Your application needs to handle certain errors coming from Azure B2C service. This article highlights some of the common errors and how to handle them.
+
+::: zone pivot="b2c-user-flow"
+
+## Password reset error
+
+This error occurs when the [self-service password reset experience](add-password-reset-policy.md#self-service-password-reset-recommended) isn't enabled in a user flow. Thus, selecting the **Forgot your password?** link doesn't trigger a password reset user flow. Instead, the error code `AADB2C90118` is returned to your application.
+
+There are 2 solutions to this problem:  
+  - Respond back with a new authentication request using Azure AD B2C password reset user flow.
+  - Use recommended [self service password resect (SSPR) experience](add-password-reset-policy.md#self-service-password-reset-recommended).  
+
+
+## User canceled the operation
+Azure AD B2C service can also return an error to your application when a user cancels an operation. The following are examples of scenarios where a user performs a cancel operation: 
+-  A user policy uses the recommended [self service password resect (SSPR) experience](add-password-reset-policy.md#self-service-password-reset-recommended) with a consumer local account. The user selects the **Forgot your password?** link , and then selects **Cancel** button before the user flow experience completes. In this case, Azure AD B2C service returns error code `AADB2C90091` to your application. 
+- A user chooses to authenticate with an external identity provider such as [LinkedIn](identity-provider-linkedin.md). The user select **Cancel** button before authenticating to the identity provider itself. In this case, Azure AD B2C service returns error code `AADB2C90273` to your application. Learn more about [error codes Azure Active Directory B2C service return](error-codes.md).
+
+To handle this error, fetch the **error description** for the user and respond back with a new authentication request with the same user flow. 
+
+::: zone-end
+
+::: zone pivot="b2c-custom-policy"
 
 If you use Azure Active Directory B2C (Azure AD B2C) [custom policies](custom-policy-overview.md), you might experience challenges with policy language XML format or runtime issues. This article describes some tools and tips that can help you discover and resolve issues. 
 
@@ -383,7 +410,7 @@ The cause for this error is similar to the one for the claim error. Check the pr
 
 ### User is currently logged as a user of 'yourtenant.onmicrosoft.com' tenant...
 
-You login with an account from a tenant that is different than the policy you try to upload. For example, you sign-in with [email protected], while your policy `TenantId` is set to `fabrikam.onmicrosoft.com`.
+You login with an account from a tenant that is different than the policy you try to upload. For example, your sign-in with [email protected], while your policy `TenantId` is set to `fabrikam.onmicrosoft.com`.
 
 ```xml
 <TrustFrameworkPolicy ...
@@ -462,6 +489,9 @@ To fix this type of error, when you upload the policy, select the **Overwrite th
 
 ![Screenshot that demonstrates how to overwrite the custom policy if it already exists.](./media/troubleshoot-custom-policies/overwrite-custom-policy-if-exists.png)
 
+::: zone-end
+
+
 
 ## Next steps
 

articles/active-directory-b2c/user-flow-custom-attributes.md

@@ -202,7 +202,7 @@ Use the following steps to remove extension/custom attribute from a user flow:
     1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the Directory name list, and then select **Switch**
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **User attributes**, and then select the attribute you want to delete.
-1. Select **Delete**
+1. Select **Delete**, and then select **Yes** to confirm.
 
 ::: zone-end