Merge pull request #89639 from mmacy/b2c-issue-39209

v-albemi · web-flow · commit 8f0612c4c078 · 2019-09-24T16:26:53.000-07:00
[b2c] refresh custom policy tut (fixes 39209)
diff --git a/articles/active-directory-b2c/active-directory-b2c-get-started-custom.md b/articles/active-directory-b2c/active-directory-b2c-get-started-custom.md
@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/16/2019
+ms.date: 09/26/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -21,44 +21,45 @@ ms.subservice: B2C
 
 ## Prerequisites
 
-- If you don't have one already, you need to [create an Azure AD B2C tenant](tutorial-create-tenant.md) that is linked to your Azure subscription.
+- If you don't have one already, [create an Azure AD B2C tenant](tutorial-create-tenant.md) that is linked to your Azure subscription.
 - [Register your application](tutorial-register-applications.md) in the tenant that you created so that it can communicate with Azure AD B2C.
+- Complete the steps in [Set up sign-up and sign-in with a Facebook account](active-directory-b2c-setup-fb-app.md) to configure a Facebook application.
 
 ## Add signing and encryption keys
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-2. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directory + subscription** filter in the top menu and choose the directory that contains your tenant.
-3. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
-4. On the Overview page, select **Identity Experience Framework**.
+1. Sign in to the [Azure portal](https://portal.azure.com)
+1. Use the **Directory + subscription** filter in the top menu to select the directory that contains your Azure AD B2C tenant.
+1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**.
+1. On the Overview page, select **Identity Experience Framework**.
 
 ### Create the signing key
 
 1. Select **Policy Keys** and then select **Add**.
-2. For **Options**, choose `Generate`.
-3. In **Name**, enter `TokenSigningKeyContainer`. The prefix `B2C_1A_` might be added automatically.
-4. For **Key type**, select **RSA**.
-5. For **Key usage**, select **Signature**.
-6. Click **Create**.
+1. For **Options**, choose `Generate`.
+1. In **Name**, enter `TokenSigningKeyContainer`. The prefix `B2C_1A_` might be added automatically.
+1. For **Key type**, select **RSA**.
+1. For **Key usage**, select **Signature**.
+1. Select **Create**.
 
 ### Create the encryption key
 
 1. Select **Policy Keys** and then select **Add**.
-2. For **Options**, choose `Generate`.
-3. In **Name**, enter `TokenEncryptionKeyContainer`. The prefix `B2C_1A`_ might be added automatically.
-4. For **Key type**, select **RSA**.
-5. For **Key usage**, select **Encryption**.
-6. Click **Create**.
+1. For **Options**, choose `Generate`.
+1. In **Name**, enter `TokenEncryptionKeyContainer`. The prefix `B2C_1A`_ might be added automatically.
+1. For **Key type**, select **RSA**.
+1. For **Key usage**, select **Encryption**.
+1. Select **Create**.
 
 ### Create the Facebook key
 
-If you already have a [Facebook application secret](active-directory-b2c-setup-fb-app.md), add it as a policy key to your tenant. Otherwise, you must create the key with a placeholder value so that your policies pass validation.
+Add your Facebook application's [App Secret](active-directory-b2c-setup-fb-app.md) as a policy key. You can use the App Secret of the application you created as part of this article's prerequisites.
 
 1. Select **Policy Keys** and then select **Add**.
-2. For **Options**, choose `Manual`.
-3. For **Name**, enter `FacebookSecret`. The prefix `B2C_1A_` might be added automatically.
-4. In **Secret**, enter your Facebook secret from developers.facebook.com or `0` as a placeholder. This value is the secret, not the application ID.
-5. For **Key usage**, select **Signature**.
-6. Click **Create**.
+1. For **Options**, choose `Manual`.
+1. For **Name**, enter `FacebookSecret`. The prefix `B2C_1A_` might be added automatically.
+1. In **Secret**, enter your Facebook application's *App Secret* from developers.facebook.com. This value is the secret, not the application ID.
+1. For **Key usage**, select **Signature**.
+1. Select **Create**.
 
 ## Register Identity Experience Framework applications
 
@@ -74,19 +75,19 @@ Azure AD B2C requires you to register two applications that are used to sign up
 1. For **Name**, enter `IdentityExperienceFramework`.
 1. For **Application type**, choose **Web app/API**.
 1. For **Sign-on URL**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant domain name. All URLs should now be using [b2clogin.com](b2clogin.md).
-1. Click **Create**. After it's created, copy the application ID and save it to use later.
+1. Select **Create**. After it's created, copy the application ID and save it to use later.
 
 ### Register the ProxyIdentityExperienceFramework application
 
 1. In **App registrations (Legacy)**, select **New application registration**.
-2. For **Name**, enter `ProxyIdentityExperienceFramework`.
-3. For **Application type**, choose **Native**.
-4. For **Redirect URI**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant.
-5. Click **Create**. After it's created, copy the application ID and save it to use later.
-6. On the Settings page, select **Required permissions**, and then select **Add**.
-7. Choose **Select an API**, search for and select **IdentityExperienceFramework**, and then click **Select**.
-9. Select the check box next to **Access IdentityExperienceFramework**, click **Select**, and then click **Done**.
-10. Select **Grant Permissions**, and then confirm by selecting **Yes**.
+1. For **Name**, enter `ProxyIdentityExperienceFramework`.
+1. For **Application type**, choose **Native**.
+1. For **Redirect URI**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant.
+1. Select **Create**. After it's created, copy the application ID and save it to use later.
+1. Select **Settings**, then select **Required permissions**, and then select **Add**.
+1. Choose **Select an API**, search for and select **IdentityExperienceFramework**, and then click **Select**.
+1. Select the check box next to **Access IdentityExperienceFramework**, click **Select**, and then click **Done**.
+1. Select **Grant permissions**, and then confirm by selecting **Yes**.
 
 ## Custom policy starter pack
 
@@ -156,7 +157,6 @@ As you upload the files, Azure adds the prefix `B2C_1A_` to each.
 
 ## Add Facebook as an identity provider
 
-1. Complete the steps in [Set up sign-up and sign-in with a Facebook account](active-directory-b2c-setup-fb-app.md) to configure a Facebook application.
 1. In the `SocialAndLocalAccounts/`**`TrustFrameworkExtensions.xml`** file, replace the value of `client_id` with the Facebook application ID:
 
    ```xml
@@ -168,7 +168,7 @@ As you upload the files, Azure adds the prefix `B2C_1A_` to each.
 
 1. Upload the *TrustFrameworkExtensions.xml* file to your tenant.
 1. Under **Custom policies**, select **B2C_1A_signup_signin**.
-1. Select **Run now** and select Facebook to sign in with Facebook and test the custom policy. Or, invoke the policy directly from your registered application.
+1. Select **Run now** and select Facebook to sign in with Facebook and test the custom policy.
 
 ## Next steps
 
diff --git a/articles/active-directory-b2c/active-directory-b2c-setup-fb-app.md b/articles/active-directory-b2c/active-directory-b2c-setup-fb-app.md
@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 08/08/2019
+ms.date: 09/26/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -21,20 +21,20 @@ To use a Facebook account as an [identity provider](active-directory-b2c-referen
 
 1. Sign in to [Facebook for developers](https://developers.facebook.com/) with your Facebook account credentials.
 1. If you have not already done so, you need to register as a Facebook developer. To do this, select **Get Started** on the upper-right corner of the page, accept Facebook's policies, and complete the registration steps.
-1. Select **My Apps** and then **Add New App**.
+1. Select **My Apps** and then **Create App**.
 1. Enter a **Display Name** and a valid **Contact Email**.
-1. Click **Create App ID**. This may require you to accept Facebook platform policies and complete an online security check.
+1. Select **Create App ID**. This may require you to accept Facebook platform policies and complete an online security check.
 1. Select **Settings** > **Basic**.
 1. Choose a **Category**, for example `Business and Pages`. This value is required by Facebook, but not used for Azure AD B2C.
 1. At the bottom of the page, select **Add Platform**, and then select **Website**.
 1. In **Site URL**, enter `https://your-tenant-name.b2clogin.com/` replacing `your-tenant-name` with the name of your tenant. Enter a URL for the **Privacy Policy URL**, for example `http://www.contoso.com`. The policy URL is a page you maintain to provide privacy information for your application.
 1. Select **Save Changes**.
 1. At the top of the page, copy the value of **App ID**.
-1. Click **Show** and copy the value of **App Secret**. You use both of them to configure Facebook as an identity provider in your tenant. **App Secret** is an important security credential.
+1. Select **Show** and copy the value of **App Secret**. You use both of them to configure Facebook as an identity provider in your tenant. **App Secret** is an important security credential.
 1. Select the plus sign next to **PRODUCTS**, and then select **Set up** under **Facebook Login**.
 1. Under **Facebook Login**, select **Settings**.
-1. In **Valid OAuth redirect URIs**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant. Click **Save Changes** at the bottom of the page.
-1. To make your Facebook application available to Azure AD B2C, click the Status selector at the top right of the page and turn it **On** to make the Application public, and then click **Confirm**.  At this point the Status should change from **Development** to **Live**.
+1. In **Valid OAuth redirect URIs**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant. Select **Save Changes** at the bottom of the page.
+1. To make your Facebook application available to Azure AD B2C, select the Status selector at the top right of the page and turn it **On** to make the Application public, and then select **Switch Mode**.  At this point the Status should change from **Development** to **Live**.
 
 ## Configure a Facebook account as an identity provider
 
