MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 71 additions & 1 deletion b/‎.openpublishing.redirection.json
Lines changed: 71 additions & 1 deletion
diff --git a/‎articles/active-directory/TOC.md
Lines changed: 1 addition & 0 deletions b/‎articles/active-directory/TOC.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/active-directory/active-directory-tou.md
Lines changed: 3 additions & 1 deletion b/‎articles/active-directory/active-directory-tou.md
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/active-directory/application-config-sso-problem-configure-password-sso-gallery.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/application-config-sso-problem-configure-password-sso-gallery.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/authentication/concept-sspr-writeback.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/authentication/concept-sspr-writeback.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/b2b/google-federation.md
Lines changed: 111 additions & 0 deletions b/‎articles/active-directory/b2b/google-federation.md
Lines changed: 111 additions & 0 deletions
diff --git a/‎articles/active-directory/b2b/media/google-federation/google-api-credentials.png
33.2 KB b/‎articles/active-directory/b2b/media/google-federation/google-api-credentials.png
33.2 KB
diff --git a/‎articles/active-directory/b2b/media/google-federation/google-api.png
21.9 KB b/‎articles/active-directory/b2b/media/google-federation/google-api.png
21.9 KB
diff --git a/‎articles/active-directory/b2b/media/google-federation/google-auth-client-id-secret.png
12 KB b/‎articles/active-directory/b2b/media/google-federation/google-auth-client-id-secret.png
12 KB
diff --git a/‎articles/active-directory/b2b/media/google-federation/google-create-oauth-client-id.png
98.6 KB b/‎articles/active-directory/b2b/media/google-federation/google-create-oauth-client-id.png
98.6 KB
@@ -165,6 +165,12 @@
             "redirect_url": "/azure/iot-fundamentals/iot-introduction",
             "redirect_document_id": false
         },
+
+        {
+            "source_path": "articles/iot-hub/iot-hub-create-using-cli-nodejs.md",
+            "redirect_url": "/azure/iot-hub/iot-hub-create-using-cli",
+            "redirect_document_id": true
+        },
         {
             "source_path": "articles/cognitive-services/custom-decision-service/custom-decision-service-tutorial-analytics.md",
             "redirect_url": "/azure/cognitive-services/custom-decision-service",
@@ -2735,6 +2741,16 @@
             "redirect_url": "/azure/logic-apps/logic-apps-create-deploy-template",
             "redirect_document_id": true
         },
+        {
+            "source_path": "articles/connectors/connectors-create-api-sharepointserver.md",
+            "redirect_url": "/azure/connectors/connectors-create-api-sharepoint",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/connectors/connectors-create-api-sharepointonline.md",
+            "redirect_url": "/azure/connectors/connectors-create-api-sharepoint",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/logic-apps/custom-connector-build-web-api-app-tutorial.md",
             "redirect_url": "https://docs.microsoft.com/connectors/custom-connectors/create-web-api-connector",
@@ -12868,6 +12884,11 @@
             "redirect_url": "./end-user/microsoft-authenticator-app-how-to",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/service-fabric/service-fabric-get-started-standalone-cluster.md",
+            "redirect_url": "/azure/service-fabric/service-fabric-cluster-creation-for-windows-server",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/service-fabric/service-fabric-update-vmss-sku.md",
             "redirect_url": "/azure/service-fabric/service-fabric-cluster-upgrade",
@@ -25611,6 +25632,11 @@
             "redirect_url": "/azure/storage/queues/storage-queues-introduction",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/storage/data-lake-storage/index.md",
+            "redirect_url": "/azure/storage/data-lake-storage/introduction",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/dev-spaces/index.md",
             "redirect_url": "/azure/dev-spaces/azure-dev-spaces",
@@ -26456,6 +26482,26 @@
             "redirect_url": "/azure/azure-stack/azure-stack-powershell-download",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/azure-stack/azure-stack-extension-host-prepare.md",
+            "redirect_url": "/azure/azure-stack",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/azure-stack/user/azure-stack-metrics-azure-data.md",
+            "redirect_url": "/azure/azure-stack",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/azure-stack/user/azure-stack-metrics-monitor.md",
+            "redirect_url": "/azure/azure-stack",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/azure-stack/user/azure-stack-metrics-supported.md",
+            "redirect_url": "/azure/azure-stack",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/active-directory/application-proxy-teams.md",
             "redirect_url": "/azure/active-directory/manage-apps/application-proxy-integrate-with-teams",
@@ -27304,12 +27350,36 @@
             "source_path": "articles/cognitive-services/speech-service/speech-scenarios.md",
             "redirect_url": "/azure/cognitive-services/speech-service/overview",
             "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/aks/aks-ssh.md",
+            "redirect_url": "/azure/aks/ssh",
+            "redirect_document_id": true
         },
 		{
             "source_path": "articles/cognitive-services/luis/Home.md",
             "redirect_url": "/azure/cognitive-services/luis/what-is-luis",
             "redirect_document_id": true
+        },
+		{
+            "source_path": "articles/data-factory/data-factory-monitor-oms.md",
+            "redirect_url": "/azure/data-factory/monitor-using-azure-monitor",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/virtual-machines/linux/ansible-create-complete-vm.md",
+            "redirect_url": "/azure/virtual-machines/linux/ansible-create-vm",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/networking/networking-virtual-datacenter.md",
+            "redirect_url": "/azure/architecture/vdc/networking-virtual-datacenter",
+            "redirect_document_id": true
+        },
+        {
+            "source_path": "articles/security-center/security-center-disk-encryption.md",
+            "redirect_url": "/azure/security/azure-security-disk-encryption-overview",
+            "redirect_document_id": false
         }
-
     ]
 }
@@ -54,6 +54,7 @@
 #### [Admins adding B2B users](b2b/add-users-administrator.md)
 #### [Information workers adding B2B users](b2b/add-users-information-worker.md)
 #### [API and customization](b2b/customize-invitation-api.md)
+#### [Google federation](b2b/google-federation.md)
 #### [Code and Azure PowerShell samples](b2b/code-samples.md)
 #### [Self-service sign-up portal sample](b2b/self-service-portal.md)
 #### [Invitation email](b2b/invitation-email-elements.md)
 
@@ -12,7 +12,7 @@ ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
 ms.component: compliance
-ms.date: 07/31/2018
+ms.date: 08/22/2018
 ms.author: rolyon
 
 ---
@@ -119,6 +119,8 @@ The following screen shows how Terms of use looks on mobile devices.
 
 ![Audit Event](media/active-directory-tou/mobile-tou.png)
 
+Users are only required to accept the Terms of use once and they will not see the Terms of use again on subsequent sign ins.
+
 ### How users can review their Terms of use
 Users can review and see the Terms of use that they have accepted by using the following procedure.
 
 
@@ -64,7 +64,7 @@ There are two main causes to this issue:
 
 -   Depending on the security settings enabled in Internet Explorer, if the website is not part of a **Trusted Zone**, sometimes our script be blocked from executing for the application.
 
-  *  To resolve this, instruct the user to **Add the application’s website** to the **Trusted Sites** list within their **Internet Explorer security settings**. You can send your users to the [How to add a site to my trusted sites list](https://answers.microsoft.com/ie/forum/ie9-windows_7/how-do-i-add-a-site-to-my-trusted-sites-list/98cc77c8-b364-e011-8dfc-68b599b31bf5) article for detailed instructions.
+  *  To resolve this, instruct the user to **Add the application’s website** to the **Trusted Sites** list within their **Internet Explorer security settings**. You can send your users to the [How to add a site to my trusted sites list](https://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/how-do-i-add-a-site-to-my-trusted-sites-list/98cc77c8-b364-e011-8dfc-68b599b31bf5) article for detailed instructions.
 
 -   In rare circumstances, Internet Explorer’s security validation can sometimes cause the page to load more slowly than the execution of our script.
 
 
@@ -22,7 +22,7 @@ Password writeback is supported in environments that use:
 
 * [Active Directory Federation Services](../connect/active-directory-aadconnect-federation-management.md)
 * [Password hash synchronization](../connect/active-directory-aadconnectsync-implement-password-hash-synchronization.md)
-* [Pass-through authentication](/../connect/active-directory-aadconnect-pass-through-authentication.md)
+* [Pass-through authentication](../connect/active-directory-aadconnect-pass-through-authentication.md)
 
 Password writeback provides:
 
@@ -157,4 +157,4 @@ Passwords are *not* written back in any of the following situations:
 
 ## Next steps
 
-Enable password writeback using the Tutorial: [Enabling password writeback](tutorial-enable-writeback.md)
+Enable password writeback using the Tutorial: [Enabling password writeback](tutorial-enable-writeback.md)
@@ -0,0 +1,111 @@
+---
+
+title: Add Google as an identity provider for Azure Active Directory B2B | Microsoft Docs
+description: Federate with Google to enable guest users to sign in to your Azure AD apps with their own Gmail account
+
+services: active-directory
+ms.service: active-directory
+ms.component: B2B
+ms.topic: article
+ms.date: 08/20/2018
+
+ms.author: mimart
+author: msmimart
+manager: mtillman
+ms.reviewer: mal
+
+---
+
+# Add Google as an identity provider for B2B guest users
+
+By setting up federation with Google, you can allow invited users to sign in to your shared apps and resources with their own Google accounts, without having to create Microsoft Accounts (MSAs) or Azure AD accounts.  
+> [!NOTE]
+> Your Google guest users must sign in using a link that includes the tenant context, for example `https://myapps.microsoft.com/?tenantid=<tenant id>`. Direct links to applications and resources also work as long as they include the tenant context. Guest users are currently unable to sign in using endpoints that have no tenant context. For example, using `https://myapps.microsoft.com`, `https://portal.azure.com`, or the Teams common endpoint will result in an error.
+ 
+## What is the experience for the Google user?
+When you send an invitation to a Google Gmail user, the guest user should access your shared apps or resources using a link that includes the tenant context. Their experience varies depending on whether they're already signed in to Google:
+  - If the guest user is not signed in to Google, they're prompted to sign in to Google.
+  - If the guest user is already signed in to Google, they'll be prompted to choose the account they want to use. They must choose the account you used to invite them.
+
+If the guest user sees a "header too long" error, they can try clearing their cookies, or they can open a private or incognito window and try signing in again.
+
+![Sign in with Google](media/google-federation/google-sign-in.png)
+
+## Step 1: Configure a Google developer project
+First, create a new project in the Google Developers Console to obtain a client ID and a client secret that you can later add to Azure AD. 
+1. Go to the Google APIs at https://console.developers.google.com, and sign in with your Google account. We recommend that you use a shared team Google account.
+2. Create a new project: On the Dashboard, select **Create Project**, and then select **Create**. On the New Project page, enter a **Project Name**, and then select **Create**.
+   
+   ![New Google project](media/google-federation/google-new-project.png)
+
+3. Make sure your new project is selected in the project menu. Then open the menu in the upper left and select **APIs & Services** > **Credentials**.
+
+   ![Google API credentials](media/google-federation/google-api.png)
+ 
+4. Choose the **Oauth consent screen** tab and enter a **Product name shown to users**. (Leave the other settings.) Select **Save**.
+
+   ![Google OAuth consent screen](media/google-federation/google-oauth-consent-screen.png)
+
+5. Choose the **Credentials** tab. In the **Create credentials** menu, choose **OAuth client ID**.
+
+   ![Google API credentials](media/google-federation/google-api-credentials.png)
+
+6. Under **Application type**, choose **Web application**, and then under **Authorized redirect URIs**, enter the following URIs:
+   - `https://login.microsoftonline.com` 
+   - `https://login.microsoftonline.com/te/<directory id>/oauth2/authresp` <br>(where `<directory id>` is your directory ID)
+   
+    > [!NOTE]
+    > To find your directory ID, go to https://portal.azure.com, and under **Azure Active Directory**, choose **Properties** and copy the **Directory ID**.
+
+   ![Create OAuth client ID](media/google-federation/google-create-oauth-client-id.png)
+
+7. Select **Create**. Copy the client ID and client secret, which you'll use when you add the identity provider in the Azure AD portal.
+
+   ![OAuth client ID and client secret](media/google-federation/google-auth-client-id-secret.png)
+
+## Step 2: Configure Google federation in Azure AD 
+Now you'll set the Google client ID and client secret, either by entering it in the Azure AD portal or by using PowerShell. Be sure to test your Google federation configuration by inviting yourself using a Gmail address and trying to redeem the invitation with your invited Google account. 
+
+#### To configure Google federation in the Azure AD portal 
+1. Go to the [Azure portal](https://portal.azure.com). In the left pane, select **Azure Active Directory**. 
+2. Select **Organizational Relationships**.
+3. Select **Identity providers**, and then click the **Google** button.
+4. Enter a name. Then enter the client ID and client secret you obtained earlier. Select **Save**. 
+
+   ![Add Google identity provider](media/google-federation/google-identity-provider.png)
+
+#### To configure Google federation by using PowerShell
+1. Install the latest version of the Azure AD PowerShell for Graph module ([AzureADPreview](https://www.powershellgallery.com/packages/AzureADPreview)).
+2. Run the following command:
+   `Connect-AzureAD`.
+3. At the sign-in prompt, sign in with the managed Global Administrator account.  
+4. Run the following command: 
+   
+   `New-AzureADMSIdentityProvider -Type Google -Name Google -ClientId [Client ID] -ClientSecret [Client secret]`
+ 
+   > [!NOTE]
+   > Use the client id and client secret from the app you created in "Step 1: Configure a Google developer project." For more information, see the [New-AzureADMSIdentityProvider](https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsidentityprovider?view=azureadps-2.0-preview) article. 
+ 
+## How do I remove Google federation?
+You can delete your Google federation setup. If you do so, Google guest users who have already redeemed their invitation will not be able to sign in, but you can give them access to your resources again by deleting them from the directory and re-inviting them. 
+ 
+### To delete Google federation in the Azure AD portal: 
+1. Go to the [Azure portal](https://portal.azure.com). In the left pane, select **Azure Active Directory**. 
+2. Select **Organizational Relationships**.
+3. Select **Identity providers**, and then click the **Google** button.
+4. Select **Google**, and then select **Delete**. 
+   
+   ![Deleted the social identity provider](media/google-federation/google-social-identity-providers.png)
+
+1. Select **Yes** to confirm deletion. 
+
+### To delete Google federation by using PowerShell: 
+1. Install the latest version of the Azure AD PowerShell for Graph module ([AzureADPreview](https://www.powershellgallery.com/packages/AzureADPreview)).
+2. Run `Connect-AzureAD`.  
+4. In the login in prompt, sign in with the managed Global Administrator account.  
+5. Enter the following command:
+
+    `Remove-AzureADMSIdentityProvider -Id Google-OAUTH`
+
+   > [!NOTE]
+   > For more information, see [Remove-AzureADMSIdentityProvider](https://docs.microsoft.com/en-us/powershell/module/azuread/Remove-AzureADMSIdentityProvider?view=azureadps-2.0-preview).