MicrosoftDocs
diff --git a/‎articles/active-directory/develop/active-directory-jwt-claims-customization.md
Lines changed: 26 additions & 13 deletions b/‎articles/active-directory/develop/active-directory-jwt-claims-customization.md
Lines changed: 26 additions & 13 deletions
diff --git a/‎articles/active-directory/develop/media/active-directory-jwt-claims-customization/regexreplace-transform1.png
23.5 KB b/‎articles/active-directory/develop/media/active-directory-jwt-claims-customization/regexreplace-transform1.png
23.5 KB
diff --git a/‎articles/active-directory/develop/media/active-directory-jwt-claims-customization/regexreplace-transform2.png
49.3 KB b/‎articles/active-directory/develop/media/active-directory-jwt-claims-customization/regexreplace-transform2.png
49.3 KB
@@ -96,27 +96,40 @@ You can use the following functions to transform claims.
 
 If you need other transformations, submit your idea in the [feedback forum in Azure AD](https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789) under the *SaaS application* category.
 
-## How to use the RegexReplace() Transformation
+## Regex-based claims transformation
 
-:::image type="content" source="./media/active-directory-jwt-claims-customization/regexreplace-trasform.png" alt-text="Screenshot of multiple claims transformation.":::
+:::image type="content" source="./media/active-directory-jwt-claims-customization/regexreplace-transform1.png" alt-text="Screenshot of the first level of transformation.":::
 
-The following table provides information about using transformations. The actions listed in the table correspond to the labels in the previous image.
+The following table provides information about the first level of transformations. The actions listed in the table correspond to the labels in the previous image. Select **Edit** to open the claims transformation blade.
+
+| Action | Field | Description |
+| :----- | :---- | :---------- |
+| 1 | Transformation | Select the **RegexReplace()** option from the **Transformation** options to use regex-based claims transformation method for claims transformation. |
+| 2 | Parameter 1 | *Parameter 1* is the source user input attribute that is an input for the regular expression transformation. For example, user.mail that has a user email address such as `[email protected]`. |
+| 3 | Treat source as multivalued | Some input user attributes can be multi-value user attributes. If the selected user attribute supports multiple values and the user wants to use multiple values for the transformation, they need to check the **Treat source as multivalued** checkbox. If an administrator checks the checkbox, all values are used for regex match, otherwise only the first value is used.
+| 4 |  Regex pattern | The **Regex pattern** textbox accepts a regular expression that is evaluated against the value of user attribute selected as *parameter 1*. For example a regular expression to extract user alias from the user's email address would be represented as: "(?'domain'^.*?)(?i)(\@contoso\.com)$" |
+| 5 | Add additional parameter | By using **Add additional parameter**, an administrator can choose more user attributes that can be used for the transformation. The values of the attributes would then be merged with regex transformation output. Up to five additional parameters are supported.<br/>To illustrate, let's use user.country attribute as an input parameter. The value of this attribute is "US". To merge the attribute into the replacement pattern, the administrator needs to refer to it as {country} inside the replacement pattern. Once the administrator selects the user attribute for the parameter, an info balloon for the parameter explains how the parameter can be used inside the replacement pattern.
+| 6 | Replacement pattern | The **Replacement pattern** textbox accepts the replacement pattern. Replacement pattern is the text template, which contains placeholders for regex outcome group name, input parameter group name, and static text value. All group names must be wrapped inside the curly braces such as {group-name}. Let's say the administration wants to use user alias with some other domain name, for example "xyz.com" and merge country name with it. In this case, the replacement pattern would be "{country}.{domain}@xyz.com", where {country} is the value of input parameter and {domain} is the group output from the regular expression evaluation. In such a case, the expected outcome is "[email protected]".
+| 7 | Test transformation | The RegexReplace() transformation is evaluated only if the value of the selected user attribute for *Parameter 1* matches with the regular expression provided in the **Regex pattern** textbox. If they don't match, the default claim value is added to the token. To validate regular expression against the input parameter value, a test experience is available within the transform blade. This test experience operates on dummy values only. When additional input parameters are used, the name of the parameter is added to the test result instead of the actual value. You can see a sample output in point 18. To access the test section, an administrator can select the **Test transformation**. |
+
+:::image type="content" source="./media/active-directory-jwt-claims-customization/regexreplace-transform2.png" alt-text="Screenshot of second level of claims transformation.":::
+
+The following table provides information about the second level of transformations. The actions listed in the table correspond to the labels in the previous image.
 
 | Action | Field | Description |
 | :----- | :---- | :---------- |
-| 1 | Menu | Select **Edit** to open the claims transformation blade. |
-| 2 | Transformation | Select the **RegexReplace()** option from the **Transformation** options to use regex-based claims transformation method for claims transformation. |
-| 3 | Parameter 1 | *Parameter 1* is the source user input attribute that is an input for the regular expression transformation. For example, user.mail that has a user email address such as `[email protected]`. |
-| 4 | Treat source as multivalued | Some input user attributes can be multi-value user attributes. If the selected user attribute supports multiple values and the user wants to use multiple values for the transformation, they need to check the **Treat source as multivalued** checkbox. If an administrator checks the checkbox, all values are used for regex match, otherwise only the first value is used.
-| 5 |  Regex pattern | The **Regex pattern** textbox accepts a regular expression that is evaluated against the value of user attribute selected as *parameter 1*. For example a regular expression to extract user alias from the user's email address would be represented as: "(?'domain'^.*?)(?i)(\@contoso\.com)$" |
-| 6 | Add additional parameter | By using **Add additional parameter**, an administrator can choose more user attributes that can be used for the transformation. The values of the attributes would then be merged with regex transformation output. Up to five additional parameters are supported.<br/>To illustrate, let's use user.country attribute as an input parameter. The value of this attribute is "US". To merge the attribute into the replacement pattern, the administrator needs to refer to it as {country} inside the replacement pattern. Once the administrator selects the user attribute for the parameter, an info balloon for the parameter explains how the parameter can be used inside the replacement pattern.
-| 7 | Replacement pattern | The **Replacement pattern** textbox accepts the replacement pattern. Replacement pattern is the text template, which contains placeholders for regex outcome group name, input parameter group name, and static text value. All group names must be wrapped inside the curly braces such as {group-name}. Let's say the administration wants to use user alias with some other domain name, for example "xyz.com" and merge country name with it. In this case, the replacement pattern would be "{country}.{domain}@xyz.com", where {country} is the value of input parameter and {domain} is the group output from the regular expression evaluation. In such a case, the expected outcome is "[email protected]".
-| 8 | Test transformation | The RegexReplace() transformation is evaluated only if the value of the selected user attribute for *Parameter 1* matches with the regular expression provided in the **Regex pattern** textbox. If they don't match, the default claim value is added to the token. To validate regular expression against the input parameter value, a test experience is available within the transform blade. This test experience operates on dummy values only. When additional input parameters are used, the name of the parameter is added to the test result instead of the actual value. You can see a sample output in point 18. To access the test section, an administrator can select the **Test transformation**.
 | 9 | Transformation | Regex-based claims transformations aren't limited to the first transformation and can be used as the second level transformation as well. Any other transformation method can be used as the first transformation. |
 | 10 | Parameter 1 | If **RegexReplace()** is selected as a second level transformation, output of first level transformation is used as an input for the second level transformation. The second level regex expression should match the output of the first transformation else the transformation won't be applied. |
 | 11 | Regex pattern | **Regex pattern** is the regular expression for the second level transformation. |
 | 12 | Parameter input | User attribute inputs for the second level transformations. |
-| 13 | Parameter input | Administrators can delete the selected input parameter if they don’t need it anymore. |
+| 13 | Parameter input | Administrators can delete the selected input parameter if they don't need it anymore. |
+
+:::image type="content" source="./media/active-directory-jwt-claims-customization/regexreplace-trasform3.png" alt-text="Screenshot of testing the transformation.":::
+
+The following table provides information about testing the transformations. The actions listed in the table correspond to the labels in the previous image.
+
+| Action | Field | Description |
+| :----- | :---- | :---------- |
 | 14 | Test transformation | Once administrator selects **Test transformation**, the section is displayed, and **Test transformation** goes away. |
 | 15 | Test transformation | Select the close or (X) button to hide the test section and re-render the **Test transformation** button again on the blade. |
 | 16 | Test regex input | The **Test regex input** textbox accepts the dummy input, which is used as an input for regular expression test evaluation. In case regex-based claims transformation is configured as a second level transformation, the administrator needs to provided a dummy value, which would be the expected output of the first transformation. |
@@ -130,7 +143,7 @@ The following table provides information about using transformations. The action
 
 RegexReplace() transformation is also available for the group claims transformations.
 
-### RegexReplace() transformation validations
+### Transformation validations
 
 When the following conditions occur after **Add** or **Run test** is selected, a message is displayed that provides more information about the issue: