Skip to content

Commit 6374325

Browse files
authored
Merge pull request #223326 from csmulligan/csmulligan-exid-sssu-approvals
[EXID] Content freshness update for self-service-sign-up-add-approvals (ADO-59225)
2 parents 6b7f7a8 + 9fb319a commit 6374325

8 files changed

+34
-28
lines changed
Loading
Loading
Loading
Loading
-1.8 KB
Loading
-6.93 KB
Loading

articles/active-directory/external-identities/self-service-sign-up-add-approvals.md

Lines changed: 21 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,16 @@ description: Add API connectors for custom approval workflows in External Identi
44
services: active-directory
55
ms.service: active-directory
66
ms.subservice: B2B
7-
ms.topic: article
8-
ms.date: 07/13/2021
7+
ms.topic: how-to
8+
ms.date: 01/09/2023
99

1010
ms.author: mimart
1111
author: msmimart
1212
manager: celestedg
1313
ms.custom: "it-pro"
14-
ms.collection: M365-identity-device-management
14+
ms.collection: engagement-fy23, M365-identity-device-management
15+
16+
# Customer intent: As a tenant administrator, I want to add API connectors for custom approval workflows in self-service sign-up.
1517
---
1618

1719
# Add a custom approval workflow to self-service sign-up
@@ -36,25 +38,22 @@ You need to register your approval system as an application in your Azure AD ten
3638
2. Under **Azure services**, select **Azure Active Directory**.
3739
3. In the left menu, select **App registrations**, and then select **New registration**.
3840
4. Enter a **Name** for the application, for example, _Sign-up Approvals_.
39-
40-
<!-- ![Register an application for the approval system](./self-service-sign-up-add-approvals/approvals/register-an-approvals-application.png) -->
41-
4241
5. Select **Register**. You can leave other fields at their defaults.
4342

44-
![Screenshot that highlights the Register button.](media/self-service-sign-up-add-approvals/register-approvals-app.png)
43+
:::image type="content" source="media/self-service-sign-up-add-approvals/register-approvals-app.png" alt-text="Screenshot that highlights the Register button.":::
4544

4645
6. Under **Manage** in the left menu, select **API permissions**, and then select **Add a permission**.
4746
7. On the **Request API permissions** page, select **Microsoft Graph**, and then select **Application permissions**.
4847
8. Under **Select permissions**, expand **User**, and then select the **User.ReadWrite.All** check box. This permission allows the approval system to create the user upon approval. Then select **Add permissions**.
4948

50-
![Register an application page](media/self-service-sign-up-add-approvals/request-api-permissions.png)
49+
:::image type="content" source="media/self-service-sign-up-add-approvals/request-api-permissions.png" alt-text="Screenshot of requesting API permissions.":::
5150

5251
9. On the **API permissions** page, select **Grant admin consent for (your tenant name)**, and then select **Yes**.
5352
10. Under **Manage** in the left menu, select **Certificates & secrets**, and then select **New client secret**.
5453
11. Enter a **Description** for the secret, for example _Approvals client secret_, and select the duration for when the client secret **Expires**. Then select **Add**.
55-
12. Copy the value of the client secret.
54+
12. Copy the value of the client secret. Client secret values can be viewed only immediately after creation. Make sure to save the secret when created, before leaving the page.
5655

57-
![Copy the client secret for use in the approval system](media/self-service-sign-up-add-approvals/client-secret-value-copy.png)
56+
:::image type="content" source="media/self-service-sign-up-add-approvals/client-secret-value-copy.png" alt-text="Screenshot of copying the client secret. ":::
5857

5958
13. Configure your approval system to use the **Application ID** as the client ID and the **client secret** you generated to authenticate with Azure AD.
6059

@@ -64,11 +63,11 @@ Next you'll [create the API connectors](self-service-sign-up-add-api-connector.m
6463

6564
- **Check approval status**. Send a call to the approval system immediately after a user signs-in with an identity provider to check if the user has an existing approval request or has already been denied. If your approval system only does automatic approval decisions, this API connector may not be needed. Example of a "Check approval status" API connector.
6665

67-
![Check approval status API connector configuration](./media/self-service-sign-up-add-approvals/check-approval-status-api-connector-config-alt.png)
66+
:::image type="content" source="media/self-service-sign-up-add-approvals/check-approval-status-api-connector-config-alt.png" alt-text="Screenshot of check approval status API connector configuration.":::
6867

6968
- **Request approval** - Send a call to the approval system after a user completes the attribute collection page, but before the user account is created, to request approval. The approval request can be automatically granted or manually reviewed. Example of a "Request approval" API connector.
7069

71-
![Request approval API connector configuration](./media/self-service-sign-up-add-approvals/create-approval-request-api-connector-config-alt.png)
70+
:::image type="content" source="media/self-service-sign-up-add-approvals/create-approval-request-api-connector-config-alt.png" alt-text="Screenshot of request approval API connector configuration.":::
7271

7372
To create these connectors, follow the steps in [create an API connector](self-service-sign-up-add-api-connector.md#create-an-api-connector).
7473

@@ -85,13 +84,14 @@ Now you'll add the API connectors to a self-service sign-up user flow with these
8584
- **After federating with an identity provider during sign-up**: Select your approval status API connector, for example _Check approval status_.
8685
- **Before creating the user**: Select your approval request API connector, for example _Request approval_.
8786

88-
![Add APIs to the user flow](./media/self-service-sign-up-add-approvals/api-connectors-user-flow-api.png)
87+
:::image type="content" source="media/self-service-sign-up-add-approvals/api-connectors-user-flow-api.png" alt-text="Screenshot of API connector in a user flow.":::
88+
8989

9090
6. Select **Save**.
9191

9292
## Control the sign-up flow with API responses
9393

94-
Your approval system can use its responses when called to control the sign up flow.
94+
Your approval system can use its responses when called to control the sign-up flow.
9595

9696
### Request and responses for the "Check approval status" API connector
9797

@@ -117,13 +117,13 @@ Content-type: application/json
117117
}
118118
```
119119

120-
The exact claims sent to the API depends on which information is provided by the identity provider. 'email' is always sent.
120+
The exact claims sent to the API depend on which information is provided by the identity provider. 'email' is always sent.
121121

122122
#### Continuation response for "Check approval status"
123123

124124
The **Check approval status** API endpoint should return a continuation response if:
125125

126-
- The user has not previously requested an approval.
126+
- The user hasn't previously requested an approval.
127127

128128
Example of the continuation response:
129129

@@ -200,7 +200,7 @@ Content-type: application/json
200200
}
201201
```
202202

203-
The exact claims sent to the API depends on which information is collected from the user or is provided by the identity provider.
203+
The exact claims sent to the API depend on which information is collected from the user or is provided by the identity provider.
204204

205205
#### Continuation response for "Request approval"
206206

@@ -385,5 +385,7 @@ Content-type: application/json
385385

386386
## Next steps
387387

388-
- Get started with our [Azure Function quickstart samples](code-samples-self-service-sign-up.md#api-connector-azure-function-quickstarts).
389-
- Checkout the [self-service sign-up for guest users with manual approval sample](code-samples-self-service-sign-up.md#custom-approval-workflows).
388+
- [Add a self-service sign-up user flow](self-service-sign-up-user-flow.md)
389+
- [Add an API connector](self-service-sign-up-add-api-connector.md)
390+
- [Secure your API connector](self-service-sign-up-secure-api-connector.md)
391+
- [self-service sign-up for guest users with manual approval sample](code-samples-self-service-sign-up.md#custom-approval-workflows).

articles/active-directory/external-identities/self-service-sign-up-user-flow.md

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5,18 +5,21 @@ services: active-directory
55
ms.service: active-directory
66
ms.subservice: B2B
77
ms.topic: how-to
8-
ms.date: 10/12/2022
8+
ms.date: 01/06/2023
99

1010
ms.author: mimart
1111
author: msmimart
1212
manager: CelesteDG
1313
ms.custom: "it-pro"
14-
ms.collection: M365-identity-device-management
14+
ms.collection: engagement-fy23, M365-identity-device-management
15+
16+
# Customer intent: As a tenant administrator, I want to set up user flows that allow a user to sign up for an app and create a new guest account.
17+
1518
---
1619

1720
# Add a self-service sign-up user flow to an app
1821

19-
For applications you build, you can create user flows that allow a user to sign up for an app and create a new guest account. A self-service sign-up user flow defines the series of steps the user will follow during sign-up, the identity providers you'll allow them to use, and the user attributes you want to collect. You can associate one or more applications with a single user flow.
22+
For applications you build, you can create user flows that allow a user to sign up for an app and create a new guest account. A self-service sign-up user flow defines the series of steps the user will follow during sign-up, the [identity providers](identity-providers.md) you'll allow them to use, and the user attributes you want to collect. You can associate one or more applications with a single user flow.
2023

2124
> [!NOTE]
2225
> You can associate user flows with apps built by your organization. User flows can't be used for Microsoft apps, like SharePoint or Teams.
@@ -25,12 +28,12 @@ For applications you build, you can create user flows that allow a user to sign
2528

2629
### Add identity providers (optional)
2730

28-
Azure AD is the default identity provider for self-service sign-up. This means that users are able to sign up by default with an Azure AD account. In your self-service sign-up user flows, you can also include social identity providers like Google and Facebook, Microsoft Account, and Email One-time Passcode. For more information, see these articles:
31+
Azure AD is the default identity provider for self-service sign-up. This means that users are able to sign up by default with an Azure AD account. In your self-service sign-up user flows, you can also include social identity providers like Google and Facebook, Microsoft Account, and the email one-time passcode feature. For more information, see these articles:
2932

30-
- [Microsoft Account identity provider](microsoft-account.md)
31-
- [Email one-time passcode authentication](one-time-passcode.md)
32-
- [Add Facebook to your list of social identity providers](facebook-federation.md)
3333
- [Add Google to your list of social identity providers](google-federation.md)
34+
- [Add Facebook to your list of social identity providers](facebook-federation.md)
35+
- [Add Microsoft account as an identity provider](microsoft-account.md)
36+
- [Email one-time passcode authentication](one-time-passcode.md)
3437

3538
### Define custom attributes (optional)
3639

@@ -45,8 +48,9 @@ Before you can add a self-service sign-up user flow to your applications, you ne
4548
4649
1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
4750
2. Under **Azure services**, select **Azure Active Directory**.
48-
3. Select **User settings**, and then under **External users**, select **Manage external collaboration settings**.
49-
4. Set the **Enable guest self-service sign up via user flows** toggle to **Yes**.
51+
1. Under **Manage** in the left menu, select **Users**.
52+
1. Select **User settings**, and then under **External users**, select **Manage external collaboration settings**.
53+
1. Set the **Enable guest self-service sign up via user flows** toggle to **Yes**.
5054

5155
![Enable guest self-service sign-up](media/self-service-sign-up-user-flow/enable-self-service-sign-up.png)
5256
5. Select **Save**.

0 commit comments

Comments
 (0)