Merge pull request #79284 from MicrosoftDocs/master

6/11 AM Publish

Author: huypub

articles/active-directory-b2c/active-directory-b2c-setup-msa-app.md

@@ -1,5 +1,5 @@
 ---
-title: Set up sign-up and sign-in with a Microsoft account - Azure Active Directory B2C | Microsoft Docs
+title: Set up sign-up and sign-in with a Microsoft account - Azure Active Directory B2C
 description: Provide sign-up and sign-in to customers with Microsoft accounts in your applications using Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/21/2018
+ms.date: 06/11/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -19,22 +19,28 @@ ms.subservice: B2C
 
 To use a Microsoft account as an [identity provider](active-directory-b2c-reference-oidc.md) in Azure Active Directory (Azure AD) B2C, you need to create an application in your tenant that represents it. If you don’t already have a Microsoft account, you can get it at [https://www.live.com/](https://www.live.com/).
 
-1. Sign in to the [Microsoft Application Registration Portal](https://apps.dev.microsoft.com/?referrer=https://azure.microsoft.com/documentation/articles&deeplink=/appList) with your Microsoft account credentials.
-2. In the upper-right corner, select **Add an app**.
-3. Enter a **Name** for your application. For example, *MSAapp1*.
-4. Select **Generate New Password** and make sure that you copy the password to use when you configure the identity provider. Also copy the **Application Id**. 
-5. Select **Add platform**, and then and choose **Web**.
-4. Enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp` in **Redirect URLs**. Replace `your-tenant-name` with the name of your tenant.
-5. Select **Save**.
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+1. Select **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**.
+1. Select **New registration**
+1. Enter a **Name** for your application. For example, *MSAapp1*.
+1. Under **Supported account types**, select **Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com)**. This option targets the widest set of Microsoft identities.
+
+   For more information on the different account type selections, see [Quickstart: Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md).
+1. Under **Redirect URI (optional)**, select **Web** and enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp` in the text box. Replace `your-tenant-name` with your Azure AD B2C tenant name.
+1. Select **Register**
+1. Record the **Application (client) ID** shown on the application Overview page. You need this when you configure the identity provider in the next section.
+1. Select **Certificates & secrets**
+1. Click **New client secret**
+1. Enter a **Description** for the secret, for example *Application password 1*, and then click **Add**.
+1. Record the application password shown in the **VALUE** column. You need this when you configure the identity provider in the next section.
 
 ## Configure a Microsoft account as an identity provider
 
 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-2. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant.
-3. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
-4. Select **Identity providers**, and then select **Add**.
-5. Provide a **Name**. For example, enter *MSA*.
-6. Select **Identity provider type**, select **Microsoft Account**, and click **OK**.
-7. Select **Set up this identity provider** and enter the Application Id that you recorded earlier as the **Client ID** and enter the password that you recorded as the **Client secret** of the Microsoft account application that you created earlier.
-8. Click **OK** and then click **Create** to save your Microsoft account configuration.
-
+1. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant.
+1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
+1. Select **Identity providers**, and then select **Add**.
+1. Provide a **Name**. For example, enter *MSA*.
+1. Select **Identity provider type**, select **Microsoft Account**, and click **OK**.
+1. Select **Set up this identity provider** and enter the Application (client) ID that you recorded earlier in the **Client ID** text box, and enter the client secret that you recorded in the **Client secret** text box.
+1. Click **OK** and then click **Create** to save your Microsoft account configuration.

articles/active-directory/authentication/howto-password-ban-bad-on-premises-deploy.md

@@ -33,7 +33,7 @@ After the feature has been running in audit mode for a reasonable period, you ca
 
 ## Deployment requirements
 
-* Azure Active Directory Premium P1 or P2 license. For more detailed information about Azure Active Directory licensing, see the [Azure Active Directory pricing page](https://azure.microsoft.com/pricing/details/active-directory/).
+* Licensing requirements for Azure AD password protection can be found in the article [Eliminate bad passwords in your organization](concept-password-ban-bad.md#license-requirements).
 * All domain controllers that get the DC Agent service for Azure AD password protection installed must run Windows Server 2012 or later. This requirement does not imply that the Active Directory domain or forest must also be at Windows Server 2012 domain or forest functional level. As mentioned in [Design Principles](concept-password-ban-bad-on-premises.md#design-principles), there is no minimum DFL or FFL required for either the DC agent or proxy software to run.
 * All machines that get the DC agent service installed must have .NET 4.5 installed.
 * All machines that get the proxy service for Azure AD password protection installed must run Windows Server 2012 R2 or later.

articles/active-directory/manage-apps/media/one-click-sso-tutorial/install-myappssecure-extension.png

@@ -0,0 +1,86 @@
+---
+title: 'Configure an One Click SSO to your application from the Azure AD app gallery | Microsoft Docs'
+description: Steps to configure One Click SSO to your application from the Azure AD app gallery.
+services: active-directory
+documentationCenter: na
+author: jeevansd
+manager: mtillman
+ms.reviewer: celested
+
+ms.assetid: e0416991-4b5d-4b18-89bb-91b6070ed3ba
+ms.service: active-directory
+ms.subservice: saas-app-tutorial
+ms.workload: identity
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: tutorial
+ms.date: 06/11/2019
+ms.author: jeedes
+
+ms.collection: M365-identity-device-management
+---
+
+# One Click SSO feature for Azure AD Gallery Applications
+
+ In this tutorial, you learn how to perform One Click SSO for all the SAML applications that provide UI for SSO configuration.
+
+## Introduction to One Click SSO
+
+One Click SSO feature is introduced to configure the Single Sign On for Azure AD gallery apps that support SAML protocol. On Azure AD SSO configuration page, we have provided this option to allow our customers to configure the Azure AD metadata on the application side automatically. The objective is to help customers setting up SSO quickly with minimal manual efforts. 
+
+## Advantages of the One Click SSO
+
+- Quick SSO configuration of the gallery applications where customers need to do manual setup on application side.
+- More efficient and accurate way of configuration.
+- No partner communication or support needed for the setup as the application provides the UI for SAML configuration.
+
+## Prerequisites
+
+- Active subscription of the application with admin credentials that you want to configure with OneClick SSO.
+- **My Apps Secure Sign-in browser extension** from Microsoft installed in the browser. If you would like to know more about this extension, refer to this [link](https://docs.microsoft.com/azure/active-directory/user-help/my-apps-portal-end-user-access).
+
+## One Click SSO feature step by step details
+
+1. Add the application from the Azure AD App gallery.
+
+2. Click on Single sign-on.
+
+3. Click on Enable Single sign-on.
+
+4. Populate the mandatory configuration values in Basic SAML Configuration section.
+
+    > [!NOTE] 
+    > If application needs configuration of custom claims, please configure them before performing OneClick SSO.
+
+5. If One Click SSO feature is implemented for any gallery application, you see following screen. If the **My Apps Secure Sign-in browser extension** is not already installed, you need to click on **Install the extension** option.
+
+    ![Install My Apps Secure Sign-in browser extension](./media/one-click-sso-tutorial/install-myappssecure-extension.png)
+
+6. After adding the extension to the browser, click on **Setup Application Name** which will redirect you to the application admin portal. You need to sign-in as administrator to get into the application.
+
+    ![Setup application name](./media/one-click-sso-tutorial/setup-sso.png)
+
+7. The browser extension will now automatically configure the application for you. It first asks your confirmation if you want to proceed. Click **Yes**.
+
+    ![Saving the auto populated data](./media/one-click-sso-tutorial/save-autopopulate.png)
+
+    > [!NOTE]
+	> If any application needs extra nagivation or steps, you should see proper messages asking you to perform those steps. 
+
+8. Once the configuration is done, click **Ok** to save the changes.
+
+    ![Save the auto populated data](./media/one-click-sso-tutorial/save-data.png)
+
+9. A successful confirmation pop-up message is displayed and your SSO settings are successfully configured. You can then test the application.
+
+    ![SSO Configured](./media/one-click-sso-tutorial/sso-configured.png)
+
+10. Once the configuration is successfully complete, the application will be logged off and you are returned back to Azure portal.
+
+11. You can click on the Test button to test the Single sign-on.
+
+## Additional resources
+
+* [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/saas-apps/tutorial-list)
+* [What is My Apps Secure Sign-in browser extension](https://docs.microsoft.com/azure/active-directory/user-help/my-apps-portal-end-user-access)
+ 

articles/active-directory/manage-apps/media/one-click-sso-tutorial/save-autopopulate.png

@@ -83,6 +83,10 @@
         href: plan-sso-deployment.md
     - name: End-user portals
       href: end-user-experiences.md
+    - name: One Click SSO
+      items:
+      - name: What is One Click SSO
+        href: one-click-sso-tutorial.md
   - name: How-to guides
     items:
     - name: Add a cloud app