Merge pull request #247801 from msmimart/mm-customer-tip

[EXID] Add a tip to docs linked from the admin center to reference customer content

Author: v-dirichards

articles/active-directory/external-identities/authentication-conditional-access.md

@@ -17,6 +17,9 @@ ms.collection: M365-identity-device-management
 
 # Authentication and Conditional Access for External Identities
 
+> [!TIP]
+> This article applies to B2B collaboration and B2B direct connect. If your tenant is configured for customer identity and access management, see [Security and governance in Azure AD for customers](customers/concept-security-customers.md).
+
 When an external user accesses resources in your organization, the authentication flow is determined by the collaboration method (B2B collaboration or B2B direct connect), user's identity provider (an external Azure AD tenant, social identity provider, etc.), Conditional Access policies, and the [cross-tenant access settings](cross-tenant-access-overview.md) configured both in the user's home tenant and the tenant hosting resources.
 
 This article describes the authentication flow for external users who are accessing resources in your organization. Organizations can enforce multiple Conditional Access policies for their external users, which can be enforced at the tenant, app, or individual user level in the same way that they're enabled for full-time employees and members of the organization.

articles/active-directory/external-identities/facebook-federation.md

@@ -20,6 +20,9 @@ ms.collection: engagement-fy23, M365-identity-device-management
 
 # Add Facebook as an identity provider for External Identities
 
+> [!TIP]
+> This article describes adding Facebook as an identity provider for B2B collaboration. If your tenant is configured for customer identity and access management, see [Add Facebook as an identity provider](customers/how-to-facebook-federation-customers.md) for customers.
+
 You can add Facebook to your self-service sign-up user flows so that users can sign in to your applications using their own Facebook accounts. To allow users to sign in using Facebook, you'll first need to [enable self-service sign-up](self-service-sign-up-user-flow.md) for your tenant. After you add Facebook as an identity provider, set up a user flow for the application and select Facebook as one of the sign-in options.
 
 After you've added Facebook as one of your application's sign-in options, on the **Sign in** page, a user can simply enter the email they use to sign in to Facebook, or they can select **Sign-in options** and choose **Sign in with Facebook**. In either case, they'll be redirected to the Facebook sign in page for authentication.

articles/active-directory/external-identities/google-federation.md

@@ -18,6 +18,9 @@ ms.collection: M365-identity-device-management
 
 # Add Google as an identity provider for B2B guest users
 
+> [!TIP]
+> This article describes adding Google as an identity provider for B2B collaboration. If your tenant is configured for customer identity and access management, see [Add Google as an identity provider](customers/how-to-google-federation-customers.md) for customers.
+
 By setting up federation with Google, you can allow invited users to sign in to your shared apps and resources with their own Gmail accounts, without having to create Microsoft accounts. After you've added Google as one of your application's sign-in options, on the **Sign in** page, a user can simply enter the Gmail address they use to sign in to Google.
 
 ![Sign in options for Google users](media/google-federation/sign-in-with-google-overview.png)

articles/active-directory/external-identities/identity-providers.md

@@ -16,6 +16,9 @@ ms.collection: M365-identity-device-management
 
 # Identity Providers for External Identities
 
+> [!TIP]
+> This article applies to B2B collaboration identity providers. If your tenant is configured for customer identity and access management, see [Authentication methods and identity providers for customers](customers/concept-authentication-methods-customers.md).
+
 An *identity provider* creates, maintains, and manages identity information while providing authentication services to applications. When sharing your apps and resources with external users, Azure AD is the default identity provider for sharing. This means when you invite external users who already have an Azure AD or Microsoft account, they can automatically sign in without further configuration on your part.
 
 External Identities offers a variety of identity providers.

articles/active-directory/external-identities/self-service-sign-up-overview.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 09/28/2022
+ms.date: 08/14/2023
 
 ms.author: mimart
 author: msmimart
@@ -17,25 +17,28 @@ ms.collection: M365-identity-device-management
 
 # Self-service sign-up
 
-When sharing an application with external users, you might not always know in advance who will need access to the application. As an alternative to sending invitations directly to individuals, you can allow external users to sign up for specific applications themselves by enabling [self-service sign-up user flow](self-service-sign-up-user-flow.md). You can create a personalized sign-up experience by customizing the self-service sign-up user flow. For example, you can provide options to sign up with Azure AD or social identity providers and collect information about the user during the sign-up process.
+Self-service sign-up is an essential feature for your External ID workforce and customer scenarios. It gives your partners, consumers, and other external users a frictionless way to sign up and get access to your apps without any intervention on your part.
+
+- In a B2B collaboration scenario, you might not always know in advance who will need access to an application you want to share. As an alternative to sending invitations directly to individuals, you can allow external users to sign up for specific applications themselves. Learn how to [create a self-service sign-up user flow for B2B collaboration](self-service-sign-up-user-flow.md).
+- In a customer identity and access management (CIAM) scenario, it's important to add a self-service sign-up experience to the apps you build for consumers. You can do so by configuring self-service sign-up user flows. Learn more about [planning the customer experience](customers/concept-planning-your-solution.md) or [creating a sign-up and sign-in user flow for customers](customers/how-to-user-flow-sign-up-sign-in-customers.md).
+
+In either scenario, you can create a personalized sign-up experience by customizing the look and feel, providing sign-in with social identity providers, and collecting information about the user during the sign-up process.
 
 > [!NOTE]
 > You can associate user flows with apps built by your organization. User flows can't be used for Microsoft apps, like SharePoint or Teams.
 
 ## User flow for self-service sign-up
 
-A self-service sign-up user flow creates a sign-up experience for your external users through the application you want to share. The user flow can be associated with one or more of your applications. First you'll enable self-service sign-up for your tenant and federate with the identity providers you want to allow external users to use for sign-in. Then you'll create and customize the sign-up user flow and assign your applications to it.
-You can configure user flow settings to control how the user signs up for the application:
+A self-service sign-up user flow creates a sign-up experience for the application you're providing to external users. You can configure user flow settings to control how the user signs up for the application:
 
 - Account types used for sign-in, such as social accounts like Facebook, or Azure AD accounts
 - Attributes to be collected from the user signing up, such as first name, postal code, or country/region of residency
 
-The user can sign in to your application, via the web, mobile, desktop, or single-page application (SPA). The application initiates an authorization request to the user flow-provided endpoint. The user flow defines and controls the user's experience. When the user completes the sign-up user flow, Azure AD generates a token and redirects the user back to your application. Upon completion of sign-up, a guest account is provisioned for the user in the directory. Multiple applications can use the same user flow.
+The user can sign in to your application, via the web, mobile, desktop, or single-page application (SPA). The application initiates an authorization request to the user flow-provided endpoint. The user flow defines and controls the user's experience. When the user completes the sign-up user flow, Azure AD generates a token and redirects the user back to your application. Upon completion of sign-up, an account is provisioned for the user in the directory. Multiple applications can use the same user flow.
 
 ## Example of self-service sign-up
 
-The following example illustrates how we're bringing social identity providers to Azure AD with self-service sign-up capabilities for guest users.  
-A partner of Woodgrove opens the Woodgrove app. They decide they want to sign up for a supplier account, so they select Request your supplier account, which initiates the self-service sign-up flow.
+The following B2B collaboration example illustrates self-service sign-up capabilities for guest users. A partner of Woodgrove opens the Woodgrove app. They decide they want to sign up for a supplier account, so they select Request your supplier account, which initiates the self-service sign-up flow.
 
 ![Example of self-service sign-up starting page](media/self-service-sign-up-overview/example-start-sign-up-flow.png)
 
@@ -55,4 +58,11 @@ The user enters the information, continues the sign-up flow, and gets access to
 
 ## Next steps
 
- For details, see how to [add self-service sign-up to an app](self-service-sign-up-user-flow.md).
+User flows for B2B collaboration:
+
+- [Create a self-service sign-up user flow for B2B collaboration](self-service-sign-up-user-flow.md)
+
+User flows for customer identity and access management (CIAM):
+
+- [Plan a sign-up experience for customers or consumers](customers/concept-planning-your-solution.md)
+- [Create a sign-up and sign-in user flow for customers or consumers](customers/how-to-user-flow-sign-up-sign-in-customers.md).

articles/active-directory/external-identities/self-service-sign-up-user-flow.md

@@ -19,6 +19,9 @@ ms.collection: engagement-fy23, M365-identity-device-management
 
 # Add a self-service sign-up user flow to an app
 
+> [!TIP]
+> This article applies to B2B collaboration user flows. If your tenant is configured for customer identity and access management, see [Create a sign-up and sign-in user flow for customers](customers/how-to-user-flow-sign-up-sign-in-customers.md).
+
 For applications you build, you can create user flows that allow a user to sign up for an app and create a new guest account. A self-service sign-up user flow defines the series of steps the user will follow during sign-up, the [identity providers](identity-providers.md) you'll allow them to use, and the user attributes you want to collect. You can associate one or more applications with a single user flow.
 
 > [!NOTE]

articles/active-directory/external-identities/user-flow-add-custom-attributes.md

@@ -18,6 +18,9 @@ ms.collection: M365-identity-device-management
 
 # Define custom attributes for user flows
 
+> [!TIP]
+> This article applies to B2B collaboration user flows. If your tenant is configured for customer identity and access management, see [Collect user attributes during sign-up](customers/how-to-define-custom-attributes.md) for customers.
+
 For each application, you might have different requirements for the information you want to collect during sign-up. Azure AD comes with a built-in set of information stored in attributes, such as Given Name, Surname, City, and Postal Code. With Azure AD, you can extend the set of attributes stored on a guest account when the external user signs up through a user flow.
 
 You can create custom attributes in the Azure portal and use them in your [self-service sign-up user flows](self-service-sign-up-user-flow.md). You can also read and write these attributes by using the [Microsoft Graph API](../../active-directory-b2c/microsoft-graph-operations.md). Microsoft Graph API supports creating and updating a user with extension attributes. Extension attributes in the Graph API are named by using the convention `extension_<extensions-app-id>_attributename`. For example:

articles/active-directory/external-identities/user-flow-customize-language.md

@@ -18,6 +18,9 @@ ms.custom: engagement-fy23
 
 # Language customization in Azure Active Directory
 
+> [!TIP]
+> This article applies to B2B collaboration user flows. If your tenant is configured for customer identity and access management, see [Customize the language of the authentication experience](customers/how-to-customize-languages-customers.md) for customers.
+
 Language customization in Azure Active Directory (Azure AD) allows your user flow to accommodate different languages to suit your user's needs. Microsoft provides the translations for [36 languages](#supported-languages). In this article, you'll learn how to customize the attribute names on the [attribute collection page](self-service-sign-up-user-flow.md#select-the-layout-of-the-attribute-collection-form), even if your experience is provided for only a single language.
 
 ## How language customization works