Merge branch 'main' into pauldsmith/537853847

Author: Paul D.Smith

.openpublishing.redirection.json

@@ -169,7 +169,7 @@ A claim provides temporary storage of data during an Azure AD B2C policy executi
 </ClaimType>
 ```
 ## Add the RESTful API technical profile 
-A [Restful technical profile](restful-technical-profile.md) provides support for interfacing with your own RESTful service. Azure AD B2C sends data to the RESTful service in an `InputClaims` collection and receives data back in an `OutputClaims` collection. Find the **ClaimsProviders** element in your <em>**`TrustFrameworkExtensions.xml`**</em> file and add a new claims provider as follows:
+A [RESTful technical profile](restful-technical-profile.md) provides support for interfacing with your own RESTful service. Azure AD B2C sends data to the RESTful service in an `InputClaims` collection and receives data back in an `OutputClaims` collection. Find the **ClaimsProviders** element in your <em>**`TrustFrameworkExtensions.xml`**</em> file and add a new claims provider as follows:
 ```xml
 <ClaimsProvider>
   <DisplayName>REST APIs</DisplayName>

articles/active-directory-b2c/add-api-connector-token-enrichment.md

@@ -442,7 +442,7 @@ A claim provides temporary storage of data during an Azure AD B2C policy executi
 
 ## Add the RESTful API technical profile 
 
-A [Restful technical profile](restful-technical-profile.md) provides support for interfacing to your own RESTful service. Azure AD B2C sends data to the RESTful service in an `InputClaims` collection and receives data back in an `OutputClaims` collection. Find the **ClaimsProviders** element and add a new claims provider as follows:
+A [RESTful technical profile](restful-technical-profile.md) provides support for interfacing to your own RESTful service. Azure AD B2C sends data to the RESTful service in an `InputClaims` collection and receives data back in an `OutputClaims` collection. Find the **ClaimsProviders** element and add a new claims provider as follows:
 
 ```xml
 <ClaimsProvider>

articles/active-directory-b2c/add-api-connector.md

@@ -52,7 +52,7 @@ The following table shows which session provider to use depending on the type of
 |Session provider  |Applicable technical profile types| Purpose |Write claims|Read claims|
 |---------|---------|---------|---------|---------|
 |[DefaultSSOSessionProvider](#defaultssosessionprovider)  | [Self-asserted](self-asserted-technical-profile.md), [Microsoft Entra ID](active-directory-technical-profile.md), [Microsoft Entra multifactor authentication](multi-factor-auth-technical-profile.md), [Claims transformation](claims-transformation-technical-profile.md)| Skips technical profile execution.| Yes | Yes |
-|[ExternalLoginSSOSessionProvider](#externalloginssosessionprovider) | [OAuth1 identity provider](oauth1-technical-profile.md), [Oauth2 identity provider](oauth2-technical-profile.md), [OpenID Connect identity provider](openid-connect-technical-profile.md), [SAML identity provider](saml-identity-provider-technical-profile.md)| Accelerate identity provider selection page. Performing single-logout.|Yes|Yes|
+|[ExternalLoginSSOSessionProvider](#externalloginssosessionprovider) | [OAuth1 identity provider](oauth1-technical-profile.md), [OAuth2 identity provider](oauth2-technical-profile.md), [OpenID Connect identity provider](openid-connect-technical-profile.md), [SAML identity provider](saml-identity-provider-technical-profile.md)| Accelerate identity provider selection page. Performing single-logout.|Yes|Yes|
 |[OAuthSSOSessionProvider](#oauthssosessionprovider) |[JWT token issuer](jwt-issuer-technical-profile.md) | Manages session between OAuth2 or OpenId Connect relying party and Azure AD B2C. Performs single-logout. | No | No |
 |[SamlSSOSessionProvider](#samlssosessionprovider) | [SAML token issuer](saml-issuer-technical-profile.md) | Manages session between SAML relying party and Azure AD B2C. Performs single-logout. | No | No |
 |[NoopSSOSessionProvider](#noopssosessionprovider) |Any| Suppress any technical profile from being part of the session.| No | No |
@@ -291,7 +291,7 @@ To use the `SM-Saml-issuer` session management technical profile, add a referenc
 The `NoopSSOSessionProvider` session provider is used to suppress single sign on behavior. Technical profiles that use this type of session provider will always be processed, even when the user has an active session. This type of session provider can be useful to force particular technical profiles to always run, for example:
 
 - [Claims transformation](claims-transformation-technical-profile.md) - To create, or transform claims that are later used to determine which orchestration steps to process or skip.
-- [Restful](restful-technical-profile.md) - Fetch updated data from a Restful service each time the policy runs. You can also call a Restful for extended logging, and auditing.
+- [RESTful](restful-technical-profile.md) - Fetch updated data from a RESTful service each time the policy runs. You can also call a RESTful for extended logging, and auditing.
 - [Self-asserted](self-asserted-technical-profile.md) - Force the user to provide data each time the policy runs. For example, verify emails with one-time pass-code, or ask the user's consent.
 - [Phonefactor](phone-factor-technical-profile.md) - Force the user to perform multifactor authentication as part of a "step up authentication" even during subsequent logons (single sign-on).
 

articles/active-directory-b2c/custom-policy-reference-sso.md

@@ -51,7 +51,7 @@ To enable sign-in for users with a Google account in Azure Active Directory B2C
     1. In the **Authorized domains** section, enter *b2clogin.com*.
     1. In the **Developer contact information** section, enter comma separated emails for Google to notify you about any changes to your project. 
     1. Select **Save**.
-1. Select **Credentials** in the left menu, and then select **Create credentials** > **Oauth client ID**.
+1. Select **Credentials** in the left menu, and then select **Create credentials** > **OAuth client ID**.
 1. Under **Application type**, select **Web application**.
     1. Enter a **Name** for your application.
     1. For the **Authorized JavaScript origins**, enter `https://your-tenant-name.b2clogin.com`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name`.

articles/active-directory-b2c/identity-provider-google.md

@@ -102,7 +102,7 @@ Use these steps to generate custom values of error code and error message:
     </ClaimsTransformations> -->
     ```
 
-1. Add the two claims transformations in the `OutputClaimsTransformations` element of any technical profile before Oauth2 technical that you define:
+1. Add the two claims transformations in the `OutputClaimsTransformations` element of any technical profile before OAuth2 technical that you define:
 
     ```xml
         <OutputClaimsTransformations>
@@ -160,7 +160,7 @@ In the following example:
 </UserJourney>
 ```
 
-Optionally, you can use preconditions to manipulate the Oauth2 error technical profile. For example, if there is no email claim, you can set to call Oauth2 error technical profile:
+Optionally, you can use preconditions to manipulate the OAuth2 error technical profile. For example, if there is no email claim, you can set to call OAuth2 error technical profile:
 
 ```xml
 <OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="ReturnOAuth2Error">

articles/active-directory-b2c/oauth2-error-technical-profile.md

@@ -1,23 +1,23 @@
 ---
-title: Configure Transmit Security with Azure Active Directory B2C for passwordless authentication
+title: Configure Transmit Security with Azure Active Directory B2C for passkeys authentication
 titleSuffix: Azure AD B2C
-description: Configure Azure AD B2C with Transmit Security hosted sign in for passwordless customer authentication
+description: Configure Azure AD B2C with Transmit Security hosted sign in for passkeys customer authentication
 author: gargi-sinha
 manager: martinco
 ms.reviewer: kengaderdus
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 06/21/2024
+ms.date: 01/06/2025
 ms.author: gasinh
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
 
-# Customer intent: I'm a developer integrating Azure Active Directory B2C with Transmit Security BindID. I need instructions to configure integration, so I can enable passwordless authentication using FIDO2 biometrics for my application.
+# Customer intent: I'm a developer integrating Azure Active Directory B2C with Transmit Security BindID. I need instructions to configure integration, so I can enable passkeys authentication using FIDO2 biometrics for my application.
 ---
 
-# Configure Transmit Security with Azure Active Directory B2C for passwordless authentication
+# Configure Transmit Security with Azure Active Directory B2C for passkeys authentication
 
-In this tutorial, learn to integrate Azure Active Directory B2C (Azure AD B2C) authentication with [Transmit Security's hosted passwordless authentication solution](https://transmitsecurity.com/solutions/password-mfa-replacement). Transmit Security uses strong Fast Identity Online (FIDO2) biometric authentication for reliable omni-channel authentication. The solution ensures a smooth sign-in experience for customers across devices and channels, while reducing fraud, phishing, and credential reuse.
+In this tutorial, learn to integrate Azure Active Directory B2C (Azure AD B2C) authentication with [Transmit Security's hosted passkeys authentication solution](https://transmitsecurity.com/solutions/password-mfa-replacement). Transmit Security uses strong Fast Identity Online (FIDO2) biometric authentication for reliable omni-channel authentication. The solution ensures a smooth sign-in experience for customers across devices and channels, while reducing fraud, phishing, and credential reuse.
 
 ## Scenario description
 

articles/active-directory-b2c/partner-bindid.md

@@ -38,7 +38,7 @@ BlokSec integration includes the following components:
 * **BlokSec Decentralized Identity Router** – gateway for services that apply BlokSec DIaaS to route authentication and authorization requests to user Personal Identity Provider (PIdP) applications
   * It's an OpenID Connect (OIDC) identity provider in Azure AD B2C
 * **BlokSec SDK-based mobile app** – user PIdP in the decentralized authentication scenario. 
-  * If you're not using the BlokSec SDK, go to Google Play for the free [BlokSec yuID](https://play.google.com/store/apps/details?id=com.bloksec)
+  * If you're not using the BlokSec SDK, go to Google Play for the free [BlokSec yuID](https://play.google.com/store/apps/details/Google?id=com.google.android.googlequicksearchbox&hl=en-US)
 
 The following architecture diagram illustrates the sign-up, sign-in flow in the BlokSec solution implementation.
 

articles/active-directory-b2c/partner-bloksec.md

@@ -1,65 +1,62 @@
 ---
 title: Tutorial to configure Nok Nok S3 Authentication Suite with Azure Active Directory B2C for FIDO passkey authentication
 titleSuffix: Azure AD B2C
-description: Configure Nok Nok S3 Authentication Suite with Azure AD B2C to enable FIDO passkey authentication
+description: Configure Nok Nok S3 Authentication Suite with Azure AD B2C to enable FIDO passkey authentication.
 author: gargi-sinha
 manager: martinco
 ms.reviewer: kengaderdus
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 06/21/2024
-
+ms.date: 12/09/2024
 ms.author: gasinh
 ms.subservice: b2c
 
-# Customer intent: I'm a developer integrating Azure AD B2C with a third-party authentication provider. I want to learn how to configure Nok Nok S3 Authentication Suite as an identity provider (IdP) in Azure AD B2C. My goal is to implement FIDO Passkey authentication for my users.
+# Customer intent: I'm a developer integrating Azure AD B2C with a third-party authentication provider. I want to learn how to configure Nok Nok S3 Authentication Suite as an identity provider (IdP) in Azure AD B2C. My goal is to implement FIDO passkey authentication for my users.
 ---
-# Tutorial: Configure Nok Nok S3 Authentication Suite with Azure AD B2C for FIDO Passkey Authentication
+# Tutorial: Configure Nok Nok S3 Authentication Suite with Azure AD B2C for FIDO passkey authentication
 
-Learn to integrate the Nok Nok S3 Authentication Suite into your Azure Active Directory (AD) B2C tenant. The Nok Nok solution enables FIDO-certified multifactor authentication such as FIDO UAF, FIDO U2F, WebAuthn, and FIDO2 for mobile and web applications. The Nok Nok solution strengthens your security while maintaining an optimal user experience.
+In this article, you learn to integrate the Nok Nok S3 Authentication Suite into your Azure Active Directory (AD) B2C tenant. The Nok Nok solution enables FIDO-certified multifactor authentication, such as FIDO Universal Authentication Framework (UAF), FIDO Universal Second Factor (U2F), WebAuthn, and FIDO2, for mobile and web applications. The Nok Nok solution strengthens your security while maintaining an optimal user experience.
 
-Learn more at [Nok Nok](https://noknok.com/)
+Learn more at [Nok Nok](https://noknok.com/).
 
 ## Prerequisites
 
 To get started, you need:
 
 * An Azure subscription. If you don't have one, get an [Azure free account](https://azure.microsoft.com/free/).
-* An Azure AD B2C tenant linked to the Azure subscription [Tutorial: Create an Azure AD B2C tenant](tutorial-create-tenant.md).
+* An Azure AD B2C tenant linked to the Azure subscription. Learn how to [Create an Azure AD B2C tenant](tutorial-create-tenant.md).
 * A Nok Nok Cloud evaluation tenant for FIDO registration and authentication.
 
 ## Scenario description
 
-To enable Passkey authentication for your users, enable Nok Nok as an identity provider (IdP) in your Azure AD B2C tenant. The Nok Nok integration includes the following components:
+To enable passkey authentication for your users, enable Nok Nok as an identity provider (IdP) in your Azure AD B2C tenant. The Nok Nok integration includes the following components:
 
 * **Azure AD B2C** – authorization server that verifies user credentials.
 * **Web and mobile applications** – mobile or web apps to protect with Nok Nok solutions and Azure AD B2C.
-* **Nok Nok Tutorial Web App** – application to register the passkey on your device.
-* **Nok Nok Sign in App** – application for authenticating Azure AD B2C applications using passkey.
-
+* **Nok Nok tutorial web app** – application to register the passkey on your device.
+* **Nok Nok sign-in app** – application for authenticating Azure AD B2C applications with passkey.
 
-The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2C by using OpenID Connect (OIDC) for Passkey authentication.
+The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2C by using OpenID Connect (OIDC) for passkey authentication.
 
-![Diagram of Nok Nok as IdP for Azure AD B2C using OpenID Connect (OIDC) for Passkey authentication.](./media/partner-nok-nok/nok-nok-architecture-diagram.png)
+![Diagram of Nok Nok as IdP for Azure AD B2C using OpenID Connect (OIDC) for passkey authentication.](./media/partner-nok-nok/nok-nok-architecture-diagram.png)
 
-### Scenario 1: Passkey Registration
-1. The user navigates to the Nok Nok Tutorial Web App using the link provided by Nok Nok.
+### Scenario 1: Passkey registration
+1. The user navigates to the Nok Nok tutorial web app using the link provided by Nok Nok.
 2. The user enters their Azure AD B2C username and default tutorial app password.
 3. The user receives a prompt to register the passkey.
 4. The Nok Nok server validates the passkey credential and confirms successful passkey registration to the user.
 5. The passkey on the user's device is ready for authentication.
 
-### Scenario 2: Passkey Authentication
-1. The user selects the Sign in with Nok Nok Cloud button on the Azure AD B2C Sign in page.
-2. Azure AD B2C redirects the user to the Nok Nok Signin App.
-3. User authenticates with their passkey.
+### Scenario 2: Passkey authentication
+1. The user selects the sign-in with Nok Nok Cloud button on the Azure AD B2C sign-in page.
+2. Azure AD B2C redirects the user to the Nok Nok sign-in app.
+3. The user authenticates with their passkey.
 4. The Nok Nok server validates the passkey assertion and sends an OIDC authentication response to Azure AD B2C.
 5. Based on the authentication result, Azure AD B2C either grants or denies access to the target application.
 
-
 ## Get started with Nok Nok
 
-1. [Contact](https://noknok.com/contact/) Nok Nok.
+1. [Contact Nok Nok](https://noknok.com/contact/).
 2. Fill out the form for a Nok Nok tenant.
 3. An email arrives with tenant access information and links to documentation.
 4. Use the Nok Nok integration documentation to complete the tenant OIDC configuration.
@@ -68,11 +65,11 @@ The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2
 
 Use the following instructions to add and configure an IdP, and then configure a user flow.
 
-### Add a new Identity provider
+### Add a new identity provider
 
 For the following instructions, use the directory with the Azure AD B2C tenant. To add a new IdP:
 
-1. Sign in to the [Azure portal](https://portal.azure.com/#home) as at least as the B2C IEF Policy Administrator of the Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/#home) as at least as the B2C Identity Experience Framework (IEF) Policy Administrator of the Azure AD B2C tenant.
 2. In the portal toolbar, select **Directories + subscriptions**.
 3. On **Portal settings, Directories + subscriptions**, in the **Directory name** list, locate the Azure AD B2C directory.
 4. Select **Switch**.
@@ -82,13 +79,13 @@ For the following instructions, use the directory with the Azure AD B2C tenant.
 8. Select **Identity providers**.
 9. Select **Add**.
 
-### Configure an Identity provider
+### Configure an identity provider
 
 To configure an IdP:
 
 1. Select **Identity provider type** > **OpenID Connect (Preview)**.
-2. For **Name**, enter the Nok Nok Authentication Provider, or another name.
-3. For **Metadata URL**, enter the following URL after replacing the placeholder with the tenant ID provided by Nok Nok: `https://cloud.noknok.com/<tenant_id>/webapps/nnlfed/realms/<tenant_id>/.well-known/openid-configuration`.
+2. For **Name**, enter the Nok Nok Authentication Provider or another name.
+3. For **Metadata URL**, enter the following URL after replacing the placeholder with the tenant ID that Nok Nok provides: `https://cloud.noknok.com/<tenant_id>/webapps/nnlfed/realms/<tenant_id>/.well-known/openid-configuration`.
 4. For **Client Secret**, use the Client Secret from Nok Nok.
 5. For **Client ID**, use the Client ID provided by Nok Nok.
 6. For **Scope**, use **openid**.
@@ -109,19 +106,19 @@ For the following instructions, Nok Nok is a new OIDC IdP in the B2C identity pr
 5. Select **Create**.
 6. Enter a policy **Name**.
 7. In **Identity providers**, select the created Nok Nok IdP.
-8. Check **Email signup** under **Local accounts** to display an intermediate Azure AD B2C signin/signup page with a button that redirects the user to the Nok Nok Signin App.
+8. Check **Email signup** under **Local accounts** to display an intermediate Azure AD B2C signin/signup page with a button that redirects the user to the Nok Nok sign-in app.
 9. Leave the **Multi-factor Authentication** field.
-10. Click **Create** to save.
+10. Select **Create** to save.
 
 ## Test the user flow
 
 1. Open the Azure AD B2C tenant. Under **Policies**, select **Identity Experience Framework**.
 2. Select the created **SignUpSignIn**.
 3. Select **Run user flow**.
-4. For **Application**, select the registered app. The example is JWT.
-5. For **Reply URL**, select the redirect URL of the application that you previously selected at the previous step.
+4. For **Application**, select the registered app. The example is JSON Web Token (JWT).
+5. For **Reply URL**, select the redirect URL of the application that you selected at the previous step.
 6. Select **Run user flow**.
-7. Perform signin using the Azure AD B2C username and the passkey that you previously registered for the same user.
+7. Perform sign-in using the Azure AD B2C username and the passkey that you previously registered for the same user.
 8. Verify that you received the token after authentication.
 
 If the flow is incomplete, confirm the user is or isn't saved in the directory.