MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 5 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/TOC.yml
Lines changed: 4 additions & 2 deletions b/‎articles/active-directory-b2c/TOC.yml
Lines changed: 4 additions & 2 deletions
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory.md
Lines changed: 84 additions & 0 deletions b/‎articles/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory.md
Lines changed: 84 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-setup-oidc-idp.md
Lines changed: 11 additions & 7 deletions b/‎articles/active-directory-b2c/active-directory-b2c-setup-oidc-idp.md
Lines changed: 11 additions & 7 deletions
diff --git a/‎articles/active-directory-b2c/index.yml
Lines changed: 0 additions & 24 deletions b/‎articles/active-directory-b2c/index.yml
Lines changed: 0 additions & 24 deletions
diff --git a/‎articles/active-directory/active-directory-application-proxy-native-client.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/active-directory-application-proxy-native-client.md
Lines changed: 1 addition & 1 deletion
@@ -8294,6 +8294,11 @@
             "redirect_url": "/azure/cognitive-services/Custom-Vision-Service/home",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/cognitive-services/Content-Moderator/index.md",
+            "redirect_url": "/azure/cognitive-services/content-moderator/overview",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/cognitive-services/Content-Moderator/review-api-authentication.md",
             "redirect_url": "/azure/cognitive-services/content-moderator/review-api",
 
@@ -94,8 +94,6 @@
     items:
       - name: Configure identity providers
         items:
-        - name: Custom OpenID Connect
-          href: active-directory-b2c-setup-oidc-idp.md
         - name: Microsoft Account
           href: active-directory-b2c-setup-msa-app.md
         - name: Facebook
@@ -114,6 +112,10 @@
           href: active-directory-b2c-setup-qq-app.md
         - name: WeChat
           href: active-directory-b2c-setup-wechat-app.md
+        - name: Azure AD (Single Tenant)
+          href: active-directory-b2c-setup-oidc-azure-active-directory.md
+        - name: Custom OpenID Connect
+          href: active-directory-b2c-setup-oidc-idp.md
       - name: Set up self-serve-password reset
         href: active-directory-b2c-reference-sspr.md
       - name: Customizing the UI
 
@@ -0,0 +1,84 @@
+---
+title: 'Azure Active Directory B2C: Add an Azure AD provider using built-in policies | Microsoft Docs'
+description: Learn how to add an Open ID Connect identity provider (Azure AD)
+services: active-directory-b2c
+documentationcenter: ''
+author: parakhj
+manager: krassk
+editor: parakhj
+
+ms.assetid: 7dac9545-d5f1-4136-a04d-1c5740aea499
+ms.service: active-directory-b2c
+ms.workload: identity
+ms.tgt_pltfrm: na
+ms.topic: article
+ms.devlang: na
+ms.date: 04/27/2018
+ms.author: parja
+
+---
+# Azure Active Directory B2C: Sign in using Azure AD accounts through a built-in policy
+
+>[!NOTE]
+> This feature is in public preview. Do not use the feature in production environments.
+
+This article shows you how to enable sign-in for users from a specific Azure Active Directory (Azure AD) organization built-in policies.
+
+## Create an Azure AD app
+
+To enable sign-in for users from a specific Azure AD organization, you need to register an application within the organizational Azure AD tenant.
+
+>[!NOTE]
+> We use "contoso.com" for the organizational Azure AD tenant and "fabrikamb2c.onmicrosoft.com" as the Azure AD B2C tenant in the following instructions.
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. On the top bar, select your account. From the **Directory** list, choose the organizational Azure AD tenant where you will register your application (contoso.com).
+1. Select **All services** in the left pane, and search for "App registrations."
+1. Select **New application registration**.
+1. Enter a name for your application (for example, `Azure AD B2C App`).
+1. Select **Web app / API** for the application type.
+1. For **Sign-on URL**, enter the following URL, where `yourtenant` is replaced by the name of your Azure AD B2C tenant (`fabrikamb2c.onmicrosoft.com`):
+
+    >[!NOTE]
+    >The value for "yourtenant" must be all lowercase in the **Sign-on URL**.
+
+    ```Console
+    https://login.microsoftonline.com/te/yourtenant.onmicrosoft.com/oauth2/authresp
+    ```
+
+1. Save the application ID, which you will use in the next section as the client ID.
+1. Under the **Settings** blade, select **Keys**.
+1. Enter a **Key description** under the **Passwords** section and set the **Duration** to "Never expires". 
+1. Click **Save**, and note down the resulting key **Value**, which you will use in the next section as the client secret.
+
+## Configure Azure AD as an identity provider in your tenant
+
+1. On the top bar, select your account. From the **Directory** list, choose the Azure AD B2C tenant (fabrikamb2c.onmicrosoft.com).
+1. [Navigate to the Azure AD B2C settings menu](active-directory-b2c-app-registration.md#navigate-to-b2c-settings) in the Azure portal.
+1. In the Azure AD B2C settings menu, click on **Identity providers**.
+1. Click **+Add** at the top of the blade.
+1. Provide a friendly **Name** for the identity provider configuration. For example, enter "Contoso Azure AD".
+1. Click **Identity provider type**, select **Open ID Connect**, and click **OK**.
+1. Click **Set up this identity provider**
+1. For **Metadata url**, enter the following URL, where `yourtenant` is replaced by the name of your Azure AD tenant (e.g. `contoso.com`):
+
+    ```Console
+    https://login.microsoftonline.com/yourtenant/.well-known/openid-configuration
+    ```
+1. For the **Client ID** and **Client secret**, enter the Application ID and Key from the previous section.
+1. Keep the default value for **Scope**, which should be set to `openid`.
+1. Keep the default value for **Response type**, which should be set to `code`.
+1. Keep the default value for **Response mode**, which should be set to `form_post`.
+1. Optionally, enter a value for **Domain** (e.g. `ContosoAD`). This is the value to use when referring to this identity provider using *domain_hint* in the request. 
+1. Click **OK**.
+1. Click on **Map this identity provider's claims**.
+1. For **User ID**, enter `oid`.
+1. For **Display Name**, enter `name`.
+1. For **Given name**, enter `given_name`.
+1. For **Surname**, enter `family_name`.
+1. For **Email**, enter `unique_name`
+1. Click **OK**, and then **Create** to save your configuration.
+
+## Next steps
+
+Add the newly created Azure AD identity provider to a built-in policy and provide feedback to [[email protected]](mailto:[email protected]).
@@ -7,16 +7,20 @@ author: davidmu1
 manager: mtillman
 editor: parakhj
 
+ms.assetid: 357d193a-e33b-469c-8a93-0a8f45a60a9f
 ms.service: active-directory-b2c
 ms.workload: identity
 ms.topic: article
-ms.date: 04/23/2018
+ms.date: 04/27/2018
 ms.author: davidmu
 
 ---
 # Azure Active Directory B2C: Add a custom OpenID Connect identity provider in built-in policies
 
-[OpenID Connect](http://openid.net/specs/openid-connect-core-1_0.html) is an authentication protocol, built on top of OAuth 2.0, that can be used to securely sign users in. Most identity providers that use this protocol, such as Azure AD, are supported in Azure AD B2C. This article explains how you can add custom OpenID Connect identity providers into your built-in policies.
+>[!NOTE]
+> This feature is in public preview. Do not use the feature in production environments.
+
+[OpenID Connect](http://openid.net/specs/openid-connect-core-1_0.html) is an authentication protocol, built on top of OAuth 2.0, that can be used to securely sign users in. Most identity providers that use this protocol, such as [Azure AD](active-directory-b2c-setup-oidc-azure-active-directory.md), are supported in Azure AD B2C. This article explains how you can add custom OpenID Connect identity providers into your built-in policies.
 
 ## Configuring a custom OpenID Connect identity provider
 
@@ -35,7 +39,7 @@ As per specification, every OpenID Connect identity providers describes a metada
 
 For the OpenID Connect identity provider you are looking to add, enter its metadata URL.
 
-#### Client ID and Secret
+#### Client ID and secret
 
 To allow users to sign in, the identity provider will require developers to register an application in their service. This application will have an ID (referred to as the **client ID**) and a **client secret**. Copy these values from the identity provider and enter them into the corresponding fields.
 
@@ -48,7 +52,7 @@ Scopes define the information and permissions you are looking to gather from you
 
 Other scopes can be appended (separated by space). Refer to the custom identity provider's documentation to see what other scopes may be available.
 
-#### Response Type
+#### Response type
 
 The response type describes what kind of information will be sent back in the initial call to the `authorization_endpoint` of the custom identity provider. 
 
@@ -57,15 +61,15 @@ The response type describes what kind of information will be sent back in the in
 * `id_token`: An ID token will be returned back to Azure AD B2C from the custom identity provider.
 
 
-#### Response Mode
+#### Response mode
 
 The response mode defines the method that should be used to send the data back from the custom identity provider to Azure AD B2C.
 
 * `form_post`: This response mode is recommended for best security. The response is transmitted via the HTTP `POST` method, with the code or token being encoded in the body using the `application/x-www-form-urlencoded` format.
 * `query`: The code or token will be returned as a query parameter.
 
 
-#### Domain Hint
+#### Domain hint
 
 The domain hint can be used to skip directly to the sign in page of the specified identity provider, instead of having the user make a selection among the list of available identity providers. To allow this kind of behavior, enter a value for the domain hint.
 
@@ -84,6 +88,6 @@ For each of the mappings below, refer to the documentation of the custom identit
 * `Surname`: Enter the claim that provides the last name of the user.
 * `Email`: Enter the claim that provides the email address of the user.
 
-## Next Steps
+## Next steps
 
 Add the custom OpenID Connect identity provider to your [built-in policy](active-directory-b2c-reference-policies.md).
@@ -56,30 +56,6 @@ sections:
         html: <p>1. <a href="/azure/active-directory-b2c/tutorial-register-applications">Register application</a></p><p>2. <a href="/azure/active-directory-b2c/active-directory-b2c-tutorials-desktop-app">Authenticate users</a></p><p>3. <a href="/azure/active-directory-b2c/active-directory-b2c-tutorials-desktop-app-webapi">Grant API access</a></p>
       - title: Single-page
         html: <p>1. <a href="/azure/active-directory-b2c/tutorial-register-applications">Register application</a></p><p>2. <a href="/azure/active-directory-b2c/active-directory-b2c-tutorials-spa">Authenticate users</a></p><p>3. <a href="/azure/active-directory-b2c/active-directory-b2c-tutorials-spa-webapi">Grant API access</a></p>
-- title: Free Pluralsight Video Training
-  items:
-  - type: list
-    style: cards
-    className: cardsF
-    items:
-    - title: Manage identity, application, and network services
-      href: https://www.pluralsight.com/courses/microsoft-azure-identity-application-network-services
-      html: <p>In module 6, see the creation of a tenant, registering of an app, and creation of policies.</p>
-      image: 
-        src: https://docs.microsoft.com/media/logos/logo_pluralsight.svg
-        href: https://www.pluralsight.com/courses/microsoft-azure-identity-application-network-services 
-    - title: Secure a serverless application
-      href: https://www.pluralsight.com/courses/azure-serverless-applications  
-      html: <p>In module 6, hear why you should use Azure AD B2C to secure a serverless app.</p>
-      image: 
-        src: https://docs.microsoft.com/media/logos/logo_pluralsight.svg
-        href: https://www.pluralsight.com/courses/azure-serverless-applications
-    - title: ASP.NET Core 2 and Azure AD B2C
-      href: https://www.pluralsight.com/courses/aspnet-core-identity-management-playbook
-      html: <p>In module 8, see how to add sign-up, sign-in, and profile editing to an ASP.NET Core 2 app.</p>
-      image: 
-        src: https://docs.microsoft.com/media/logos/logo_pluralsight.svg
-        href: https://www.pluralsight.com/courses/aspnet-core-identity-management-playbook 
 - title: Samples
   items:
   - type: paragraph
 
@@ -71,7 +71,7 @@ Edit the native application code in the authentication context of the Active Dir
 ```
 // Acquire Access Token from AAD for Proxy Application
 AuthenticationContext authContext = new AuthenticationContext("https://login.microsoftonline.com/<Tenant ID>");
-AuthenticationResult result = authContext.AcquireToken("< External Url of Proxy App >",
+AuthenticationResult result = await authContext.AcquireTokenAsync("< External Url of Proxy App >",
         "<App ID of the Native app>",
         new Uri("<Redirect Uri of the Native App>"),
         PromptBehavior.Never);