Merge branch 'MicrosoftDocs:main' into healthcareapis-fix-profiles-post-put

Author: mikaelweave

.openpublishing.redirection.json

@@ -2,7 +2,7 @@
     "redirections": [
         {
             "source_path": "articles/iot-hub/iot-hub-rm-template.md",
-            "redirect_url": "articles/iot-hub/iot-hub-rm-rest",
+            "redirect_url": "/azure/iot-hub/iot-hub-rm-template-powershell",
             "redirect_document_id": false
         },
         {

CODEOWNERS

@@ -73,7 +73,7 @@ articles/service-health @rboucher
 /articles/lighthouse/ @JnHs
 
 # Healthcare APIs
-/articles/healthcare-apis/ @ginalee-dotcom
+/articles/healthcare-apis/ @ranvijaykumar @mikaelweave
 
 # Configuration
 *.json @SyntaxC4 @snoviking

articles/active-directory-b2c/TOC.yml

@@ -528,6 +528,8 @@
       displayName: bulk import
     - name: Partner integration
       items:
+      - name: Grit IAM B2B2C
+        href: partner-grit-iam.md
       - name: N8identity
         href: partner-n8identity.md
       - name: Saviynt 

articles/active-directory-b2c/media/partner-gallery/grit-logo.png

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/21/2022
+ms.date: 09/14/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -65,6 +65,7 @@ Microsoft partners with the following ISVs for role-based access control.
 
 | ISV partner | Description and integration walkthroughs |
 |:-------------------------|:--------------|
+| ![Screenshot of a grit IAM logo.](./media/partner-gallery/grit-logo.png) | [Grit IAM B2B2C](./partner-grit-iam.md) provides authentication, authorization, profile and role management, and delegated B2B SaaS application administration. It also enables role-based access control (RBAC) for end-users of Azure AD B2C.|
 | ![Screenshot of a n8identity logo](./media/partner-gallery/n8identity-logo.png) | [N8Identity](./partner-n8identity.md) is an Identity-as-a-Service governance platform that provides solution to address customer accounts migration and Customer Service Requests (CSR) administration running on Microsoft Azure. |
 | ![Screenshot of a Saviynt logo](./media/partner-gallery/saviynt-logo.png) | [Saviynt](./partner-Saviynt.md) cloud-native platform promotes better security, compliance, and governance through intelligent analytics and cross application integration for streamlining IT modernization. |
 | ![Screenshot of a WhoIAM Rampart logo](./media/partner-gallery/whoiam-logo.png) | [WhoIAM Rampart](./partner-whoiam-rampart.md) provides a fully integrated helpdesk and invitation-gated user registration experience. It allows support specialists to efficiently perform tasks like resetting passwords and multi-factor authentication without using Azure. It also enables apps and role-based access control (RBAC) for end-users of Azure AD B2C. |

articles/active-directory-b2c/media/partner-grit-iam/grit-b2b2c-architecture.png

@@ -0,0 +1,116 @@
+---
+title: Configure the Grit IAM B2B2C solution with Azure Active Directory B2C
+titleSuffix: Azure AD B2C
+description: Learn how to integrate Azure AD B2C authentication with the Grit IAM B2B2C solution
+services: active-directory-b2c
+author: gargi-sinha
+manager: martinco
+ms.service: active-directory
+ms.workload: identity
+ms.topic: how-to
+ms.date: 9/15/2022
+ms.author: gasinh
+ms.reviewer: kengaderdus
+ms.subservice: B2C
+---
+
+# Tutorial: Configure the Grit IAM B2B2C solution with Azure Active Directory B2C
+
+In this tutorial, you learn how to integrate Azure Active Directory B2C (Azure AD B2C) authentication with a [Grit IAM B2B2C](https://www.gritiam.com/b2b2c) solution. You can use the solution to provide secure, reliable, self-serviceable, and user-friendly identity and access management to your customers. Shared profile data such as first name, last name, home address, and email used in web and mobile applications are stored in a centralized manner with consideration to compliance and regulatory needs.
+
+
+Use Grit's B2BB2C solution for:
+
+- Authentication, authorization, profile and role management, and delegated B2B SaaS application administration.
+- Role-based access control for Azure AD B2C applications.
+
+## Prerequisites
+
+To get started, ensure the following prerequisites are met:
+
+- A Grit IAM account. You can go to [Grit IAM B2B2C solution](https://www.gritiam.com/b2b2c) to get a demo.
+- An Azure AD subscription. If you don't have one, you can create a [free Azure account](https://azure.microsoft.com/free/).
+- An Azure AD B2C tenant linked to the Azure subscription. You can learn more at [Tutorial: Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md). 
+- Configure your application in the Azure portal. 
+
+## Scenario description
+
+Contoso does business with end customers and large enterprises, like Fabrikam_big1 and Fabrikam_big2. There're small enterprise customers like Fabrikam_small1 and Fabrikam_small2 and direct business is done with end customers like Smith1 and Smith2.
+
+*Contoso* has web and mobile applications and develops new applications. The applications rely on user shared profile data such as, first name, last name, address, and email. They want to centralize the profile data, so applications aren't collecting and storing the data. They want to store the profile information in accordance with certain compliance and regulations.
+
+![Screenshot that shows the architecture diagram of how the components are connected to each other.](./media/partner-grit-iam/grit-b2b2c-architecture.png)
+
+This integration is composed of the following components:
+
+- **Azure AD B2C Identity Experience Framework (IEF)**: An engine that executes user journeys, which can include validating credentials, performing MFA, checking user access. It's aided by the Azure AD database and the API layer, which's configured using XML.
+
+- **Grit API layer**: This layer exposes user profile data and metadata about organizations and applications. The data is stored in Azure AD and Cosmos DB.
+
+- **Grit Onboarding portal**: Used by admins to onboard applications and organizations.
+
+- **Grit Admin portal**: Used by the *Contoso* admin and by admins of *fabrikam_big1*, and *fabirkam_small1*. Delegated admins can manage users and their access. Super admins of the organizations manage all users.
+
+
+- **Grit Visual IEF editor**: A low code/no code editor that customizes the user journey and is provided by Grit. It produces the XML used by IEF. *Contoso* developers use it to customize user journeys.
+
+
+- **Applications**: Developed by *Contoso* or third parties. Applications use Open ID or SAML to connect to the customer identity and access management (CIAM) system. The tokens they receive contain user-profile information, but can make API calls, with the token as the auth mechanism, to do user-profile data create, read, update and delete (CRUD) operations.
+
+
+> [!NOTE]
+> Components developed by Grit, except the visual IEF editor, will be deployed in the Contoso Azure environment.
+
+## Configure Grit B2B2C with Azure AD B2C
+
+Use the guidance provided in the following sections to get started with configuration.
+
+### Step 1 - Setup infrastructure 
+
+To get started with setup:
+
+- Contact [Grit support](mailto:[email protected]) to obtain access.
+- For evaluation, the Grit support team will deploy the infrastructure in the Grit Azure subscription and they'll give you admin rights.
+- After you purchase the solution, Grit engineers will install the production version in your Azure subscription.
+- The infrastructure integrates with your virtual network (VNet) setup, supports APIM (third-party API management) and the firewall.
+- Grit implementation engineers can provide custom recommendations based on your infrastructure.
+
+### Step 2 - Create admins in the Admin Portal
+
+Use the Grit Admin portal to assign administrators access to the portal where they can perform the following tasks -
+
+- Add other admins such as super, organization, application admin in the hierarchy depending on their permission level.
+
+- View/accept/reject all the user's requests for the application registration.
+
+- Search users.
+
+To learn how to assign admin roles, check the [tutorial.](https://app.archbee.com/doc/j1VX2J3B3xJ-zMqnmlDA5/9IW3PgI2yn1cCpPGm1vVN) 
+
+### Step 3 - Onboard organizations
+
+Use the Onboarding portal for one or more of your customers and their identity provider (IdP) that supports OpenID Connect (OIDC) and SAML. Onboard customers without an IdP, for local account authentication. For B2C applications, enable social authentications.
+
+In the Grit Onboarding portal, create a super admin for the tenant. The Onboarding portal defines the claims per application and per organization. Thereafter, the portal creates an endpoint URL for the sign-in and sign-up user flow.
+
+To learn how to onboard an organization, check this [tutorial](https://app.archbee.com/doc/G_YZFq_VwvgMlmX-_efmX/8m90WVb2M6Yi0gCe7yor2).
+
+### Step 4 - Integrate applications using OIDC or SAML
+
+After you onboard the customer, the Grit Onboarding portal provides URLs to onboard the applications.
+
+Learn [how your customers can sign up, sign in, and manage their profiles](add-sign-up-and-sign-in-policy.md?pivots=b2c-custom-policy). 
+
+## Test the scenarios
+
+Check the authentication [scenarios](#scenario-description) in your applications. Use the Grit Admin portal to change roles and user properties. Provide delegated access to Admin portal by inviting users.
+
+## Next steps
+
+- [Azure AD B2C custom policy overview](custom-policy-overview.md)
+
+- [Tutorial: Create user flows and custom policies in Azure Active Directory B2C](custom-policy-get-started.md?tabs=applications)
+
+- [SAAS Platform - Organization Application Onboarding Portal](https://app.archbee.com/doc/G_YZFq_VwvgMlmX-_efmX/8m90WVb2M6Yi0gCe7yor2)
+
+- [SAAS Platform - Admin Portal](https://app.archbee.com/doc/j1VX2J3B3xJ-zMqnmlDA5/9IW3PgI2yn1cCpPGm1vVN)

articles/active-directory-b2c/partner-gallery.md

@@ -24,7 +24,7 @@ Azure Active Directory (Azure AD) has access and session cookies for accessing o
 | Cookie setting | Default | Description | Recommendations |
 | -------------- | ------- | ----------- | --------------- |
 | Use HTTP-Only Cookie | **No** | **Yes** allows Application Proxy to include the HTTPOnly flag in HTTP response headers. This flag provides additional security benefits, for example, it prevents client-side scripting (CSS) from copying or modifying the cookies.<br></br><br></br>Before we supported the HTTP-Only setting, Application Proxy encrypted and transmitted cookies over a secured TLS channel to protect against modification. | Use **Yes** because of the additional security benefits.<br></br><br></br>Use **No** for clients or user agents that do require access to the session cookie. For example, use **No** for an RDP or MTSC client that connects to  a Remote Desktop Gateway server through Application Proxy.|
-| Use Secure Cookie | **No** | **Yes** allows Application Proxy to include the Secure flag in HTTP response headers. Secure Cookies enhances security by transmitting cookies over a TLS secured channel such as HTTPS. This prevents cookies from being observed by unauthorized parties due to the transmission of the cookie in clear text. | Use **Yes** because of the additional security benefits.|
+| Use Secure Cookie | **Yes** | **Yes** allows Application Proxy to include the Secure flag in HTTP response headers. Secure Cookies enhances security by transmitting cookies over a TLS secured channel such as HTTPS. This prevents cookies from being observed by unauthorized parties due to the transmission of the cookie in clear text. | Use **Yes** because of the additional security benefits.|
 | Use Persistent Cookie | **No** | **Yes** allows Application Proxy to set its access cookies to not expire when the web browser is closed. The persistence lasts until the access token expires, or until the user manually deletes the persistent cookies. | Use **No** because of the security risk associated with keeping users authenticated.<br></br><br></br>We suggest only using **Yes** for older applications that can't share cookies between processes. It's better to update your application to handle sharing cookies between processes instead of using persistent cookies. For example, you might need persistent cookies to allow a user to open Office documents in explorer view from a SharePoint site. Without persistent cookies, this operation might fail if the access cookies aren't shared between the browser, the explorer process, and the Office process. |
 
 ## SameSite Cookies

articles/active-directory-b2c/partner-grit-iam.md

@@ -2,13 +2,13 @@
 title: View a list and description of all system reports available in Permissions Management reports
 description: View a list and description of all system reports available in Permissions Management.
 services: active-directory
-author: kenwith
-manager: rkarlin
+author: jenniferf-skc
+manager: amycolannino
 ms.service: ciem
 ms.workload: identity
 ms.topic: overview
 ms.date: 02/23/2022
-ms.author: kenwith
+ms.author: jfields
 ---
 
 # View a list and description of system reports

articles/active-directory/app-proxy/application-proxy-configure-cookie-settings.md

@@ -2,13 +2,13 @@
 title: Frequently asked questions (FAQs) about Permissions Management
 description: Frequently asked questions (FAQs) about Permissions Management.
 services: active-directory
-author: kenwith
-manager: rkarlin
+author: jenniferf-skc
+manager: amycolannino
 ms.service: ciem
 ms.workload: identity
 ms.topic: faq
 ms.date: 04/20/2022
-ms.author: kenwith
+ms.author: jfields
 ---
 
 # Frequently asked questions (FAQs)