You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory-b2c/technical-profiles-overview.md
+7-17Lines changed: 7 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,7 @@ A technical profile enables these types of scenarios:
35
35
-[SAML2](saml-technical-profile.md) - Federation with any SAML protocol identity provider.
36
36
-[Self-Asserted](self-asserted-technical-profile.md) - Interact with the user. For example, collect the user's credential to sign in, render the sign-up page, or password reset.
37
37
-[Session management](custom-policy-reference-sso.md) - Handle different types of sessions.
38
-
-**Application insights**
38
+
-**Application Insights**
39
39
-[One time password](one-time-password-technical-profile.md) - Provides support for managing the generation and verification of a one-time password.
40
40
41
41
## Technical profile flow
@@ -44,7 +44,7 @@ All types of technical profiles share the same concept. You send input claims, r
44
44
45
45
46
46
47
-
1.**Single sign-on (SSO) session management** - [SSO session management](custom-policy-reference-sso.md) controls interaction with a user after the user has already authenticated. For example, the administrator can control whether the selection of identity providers is displayed, or whether local account details need to be entered again.
1.**InputClaimsTransformation** - Input claims of every input [claims transformation](claimstransformations.md) are picked up from the claims bag, and after execution, the output claims are put back in the claims bag. The output claims of an input claims transformation can be input claims of a subsequent input claims transformation.
49
49
1.**InputClaims** - Claims are picked up from the claims bag and are used for the technical profile. For example, a [self-asserted technical profile](self-asserted-technical-profile.md) uses the input claims to prepopulate the output claims that the user provides. A REST API technical profile uses the input claims to send input parameters to the REST API endpoint. Azure Active Directory uses input claim as a unique identifier to read, update, or delete an account.
50
50
1.**Technical profile execution** - The technical profile exchanges the claims with the configured party. For example:
@@ -57,7 +57,10 @@ All types of technical profiles share the same concept. You send input claims, r
57
57
1.**OutputClaimsTransformations** - Input claims of every output [claims transformation](claimstransformations.md) are picked up from the claims bag. The output claims of the technical profile from the previous steps can be input claims of an output claims transformation. After execution, the output claims are put back in the claims bag. The output claims of an output claims transformation can also be input claims of a subsequent output claims transformation.
58
58
1.**Single sign-on (SSO) session management** - Persists technical profile's data to the session, using [SSO session management](custom-policy-reference-sso.md).
59
59
60
-
A technical profile can inherit from another technical profile to change settings or add new functionality. The **IncludeTechnicalProfile** element is a reference to the base technical profile from which a technical profile is derived.
60
+
61
+
## Technical profile inclusion
62
+
63
+
A technical profile can include another technical profile to change settings or add new functionality. The **IncludeTechnicalProfile** element is a reference to the base technical profile from which a technical profile is derived.
61
64
62
65
For example, the **AAD-UserReadUsingAlternativeSecurityId-NoError** technical profile includes the **AAD-UserReadUsingAlternativeSecurityId**. This technical profile sets the **RaiseErrorIfClaimsPrincipalDoesNotExist** metadata item to `true`, and raises an error if a social account does not exist in the directory. **AAD-UserReadUsingAlternativeSecurityId-NoError** overrides this behavior and disables the error message if the user has not existed.
63
66
@@ -94,7 +97,7 @@ For example, the **AAD-UserReadUsingAlternativeSecurityId-NoError** technical pr
94
97
</TechnicalProfile>
95
98
```
96
99
97
-
Both **AAD-UserReadUsingAlternativeSecurityId-NoError** and **AAD-UserReadUsingAlternativeSecurityId** don't specify the required **Protocol** element because it's specified in the **AAD-Common** technical profile.
100
+
Both **AAD-UserReadUsingAlternativeSecurityId-NoError** and **AAD-UserReadUsingAlternativeSecurityId** don't specify the required **Protocol** element, because it's specified in the **AAD-Common** technical profile.
98
101
99
102
```XML
100
103
<TechnicalProfileId="AAD-Common">
@@ -103,16 +106,3 @@ Both **AAD-UserReadUsingAlternativeSecurityId-NoError** and **AAD-UserReadUsing
103
106
...
104
107
</TechnicalProfile>
105
108
```
106
-
107
-
A technical profile may include or inherit another technical profile, which may include another one. There is no limit on the number of levels. Depending on the business requirements, your user journey may call **AAD-UserReadUsingAlternativeSecurityId** that raises an error if a user social account doesn't exist, or **AAD-UserReadUsingAlternativeSecurityId-NoError** which doesn't raise an error.
0 commit comments