MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/custom-policy-developer-notes.md
Lines changed: 4 additions & 4 deletions b/‎articles/active-directory-b2c/custom-policy-developer-notes.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/active-directory-b2c/page-layout.md
Lines changed: 120 additions & 51 deletions b/‎articles/active-directory-b2c/page-layout.md
Lines changed: 120 additions & 51 deletions
diff --git a/‎articles/active-directory/develop/active-directory-certificate-credentials.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/develop/active-directory-certificate-credentials.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/develop/active-directory-claims-mapping.md
Lines changed: 32 additions & 33 deletions b/‎articles/active-directory/develop/active-directory-claims-mapping.md
Lines changed: 32 additions & 33 deletions
@@ -108,10 +108,10 @@ Custom policy/Identity Experience Framework capabilities are under constant and
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
-| [2.0.0](page-layout.md#200) |  | X |  |  |
-| [1.2.0](page-layout.md#120) |  | X |  |  |
-| [1.1.0](page-layout.md#110) |  |  | X |  |
-| [1.0.0](page-layout.md#100) |  |  | X |  |
+| [2.0.0](page-layout.md) |  | X |  |  |
+| [1.2.0](page-layout.md) |  | X |  |  |
+| [1.1.0](page-layout.md) |  |  | X |  |
+| [1.0.0](page-layout.md) |  |  | X |  |
 | [JavaScript support](javascript-samples.md) |  | X |  |  |
 
 ### App-IEF integration
 
@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 07/30/2020
+ms.date: 08/24/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -20,56 +20,125 @@ Page layout packages are periodically updated to include fixes and improvements
 
 [!INCLUDE [active-directory-b2c-public-preview](../../includes/active-directory-b2c-public-preview.md)]
 
-## 2.1.0
-
-- Self-asserted page (`selfasserted`)
-  - Localization and accessibility fixes.
-- Unified SSP page (`unifiedssp`)
-  - Added support for multiple sign-up links.
-  - Added support for user input validation according to the predicate rules defined in the policy.
-
-## 2.0.0
-
-- Self-asserted page (`selfasserted`)
-  - Added support for [display controls](display-controls.md) in custom policies.
-
-## 1.2.0
-
-- All pages
-  - Accessibility fixes
-  - You can now add the `data-preload="true"` attribute [in your HTML tags](custom-policy-ui-customization.md#guidelines-for-using-custom-page-content) to control the load order for CSS and JavaScript.
-    - Load linked CSS files at the same time as your HTML template so it doesn't 'flicker' between loading the files.
-    - Control the order in which your `script` tags are fetched and executed before the page load.
-  - Email field is now `type=email` and mobile keyboards will provide the correct suggestions
-  - Support for Chrome translate
-- Unified and self-asserted pages
-  - The username/email and password fields now use the `form` HTML element to allow Edge and Internet Explorer (IE) to properly save this information.
-- Self-asserted page
-  - Added a configurable user input validation delay for improved user experience.
-
-## 1.1.0
-
-- Exception page (globalexception)
-  - Accessibility fix
-  - Removed the default message when there is no contact from the policy
-  - Default CSS removed
-- MFA page (multifactor)
-  - 'Confirm Code' button removed
-  - The input field for the code now only takes input up to six (6) characters
-  - The page will automatically attempt to verify the code entered when a 6-digit code is entered, without any button having to be clicked
-  - If the code is wrong, the input field is automatically cleared
-  - After three (3) attempts with an incorrect code, B2C sends an error back to the relying party
-  - Accessibility fixes
-  - Default CSS removed
-- Self-asserted page (selfasserted)
-  - Removed cancel alert
-  - CSS class for error elements
-  - Show/hide error logic improved
-  - Default CSS removed
-- Unified SSP (unifiedssp)
-  - Added keep me signed in (KMSI) control
-
-## 1.0.0
+## Self-asserted page (selfasserted)
+
+**2.1.0**
+
+- Localization and accessibility fixes.
+
+**2.0.0**
+
+- Added support for [display controls](display-controls.md) in custom policies.
+
+**1.2.0**
+
+- The username/email and password fields now use the `form` HTML element to allow Edge and Internet Explorer (IE) to properly save this information.
+- Added a configurable user input validation delay for improved user experience.
+- Accessibility fixes
+- You can now add the `data-preload="true"` attribute [in your HTML tags](custom-policy-ui-customization.md#guidelines-for-using-custom-page-content) to control the load order for CSS and JavaScript.
+  - Load linked CSS files at the same time as your HTML template so it doesn't 'flicker' between loading the files.
+  - Control the order in which your `script` tags are fetched and executed before the page load.
+- Email field is now `type=email` and mobile keyboards will provide the correct suggestions
+- Support for Chrome translate
+
+**1.1.0**
+
+- Removed cancel alert
+- CSS class for error elements
+- Show/hide error logic improved
+- Default CSS removed
+
+**1.0.0**
+
+- Initial release
+
+## Unified sign-in sign-up page with password reset link (unifiedssp)
+
+**2.1.0**
+
+- Added support for multiple sign-up links.
+- Added support for user input validation according to the predicate rules defined in the policy.
+
+**1.2.0**
+
+- The username/email and password fields now use the `form` HTML element to allow Edge and Internet Explorer (IE) to properly save this information.
+- Accessibility fixes
+- You can now add the `data-preload="true"` attribute [in your HTML tags](custom-policy-ui-customization.md#guidelines-for-using-custom-page-content) to control the load order for CSS and JavaScript.
+  - Load linked CSS files at the same time as your HTML template so it doesn't 'flicker' between loading the files.
+  - Control the order in which your `script` tags are fetched and executed before the page load.
+- Email field is now `type=email` and mobile keyboards will provide the correct suggestions
+- Support for Chrome translate
+
+**1.1.0**
+
+- Added keep me signed in (KMSI) control
+
+**1.0.0**
+
+- Initial release
+
+## MFA page (multifactor)
+
+**1.2.1**
+
+- Accessibility fixes on default templates
+
+**1.2.0**
+
+- Accessibility fixes
+- You can now add the `data-preload="true"` attribute [in your HTML tags](custom-policy-ui-customization.md#guidelines-for-using-custom-page-content) to control the load order for CSS and JavaScript.
+  - Load linked CSS files at the same time as your HTML template so it doesn't 'flicker' between loading the files.
+  - Control the order in which your `script` tags are fetched and executed before the page load.
+- Email field is now `type=email` and mobile keyboards will provide the correct suggestions
+- Support for Chrome translate
+
+**1.1.0**
+
+- 'Confirm Code' button removed
+- The input field for the code now only takes input up to six (6) characters
+- The page will automatically attempt to verify the code entered when a 6-digit code is entered, without any button having to be clicked
+- If the code is wrong, the input field is automatically cleared
+- After three (3) attempts with an incorrect code, B2C sends an error back to the relying party
+- Accessibility fixes
+- Default CSS removed
+
+**1.0.0**
+
+- Initial release
+
+## Exception Page (globalexception)
+
+**1.2.0**
+
+- Accessibility fixes
+- You can now add the `data-preload="true"` attribute [in your HTML tags](custom-policy-ui-customization.md#guidelines-for-using-custom-page-content) to control the load order for CSS and JavaScript.
+  - Load linked CSS files at the same time as your HTML template so it doesn't 'flicker' between loading the files.
+  - Control the order in which your `script` tags are fetched and executed before the page load.
+- Email field is now `type=email` and mobile keyboards will provide the correct suggestions
+- Support for Chrome translate
+
+**1.1.0**
+
+- Accessibility fix
+- Removed the default message when there is no contact from the policy
+- Default CSS removed
+
+**1.0.0**
+
+- Initial release
+
+## Other pages (ProviderSelection, ClaimsConsent, UnifiedSSD)
+
+**1.2.0**
+
+- Accessibility fixes
+- You can now add the `data-preload="true"` attribute [in your HTML tags](custom-policy-ui-customization.md#guidelines-for-using-custom-page-content) to control the load order for CSS and JavaScript.
+  - Load linked CSS files at the same time as your HTML template so it doesn't 'flicker' between loading the files.
+  - Control the order in which your `script` tags are fetched and executed before the page load.
+- Email field is now `type=email` and mobile keyboards will provide the correct suggestions
+- Support for Chrome translate
+
+**1.0.0**
 
 - Initial release
 
 
@@ -32,7 +32,7 @@ To compute the assertion, you can use one of the many JWT libraries in the langu
 | --- | --- |
 | `alg` | Should be **RS256** |
 | `typ` | Should be **JWT** |
-| `x5t` | The X.509 certificate hash (also known as the cert's SHA-1 *thumbprint*) encoded as a Base64 string value. For example, given an X.509 certificate hash of `84E05C1D98BCE3A5421D225B140B36E86A3D5534`, the `x5t` claim would be `hOBcHZi846VCHSJbFAs26Go9VTQ`. |
+| `x5t` | The X.509 certificate hash's (also known as the cert's SHA-1 *thumbprint*) Hex representation encoded as a Base64 string value. For example, given an X.509 certificate hash of `84E05C1D98BCE3A5421D225B140B36E86A3D5534` (Hex), the `x5t` claim would be `hOBcHZi846VCHSJbFAs26Go9VTQ=` (Base64). |
 
 ### Claims (payload)
 
 
@@ -7,10 +7,10 @@ author: rwike77
 manager: CelesteDG
 ms.service: active-directory
 ms.subservice: develop
-ms.custom: aaddev 
+ms.custom: aaddev
 ms.workload: identity
 ms.topic: how-to
-ms.date: 08/06/2020
+ms.date: 08/25/2020
 ms.author: ryanwi
 ms.reviewer: paulgarn, hirsin, jeedes, luleon
 ---
@@ -138,7 +138,6 @@ There are certain sets of claims that define how and when they're used in tokens
 | onprem_sid |
 | openid2_id |
 | password |
-| platf |
 | polids |
 | pop_jwk |
 | preferred_username |
@@ -243,11 +242,11 @@ To control what claims are emitted and where the data comes from, use the proper
 
 **Summary:** This property determines whether the basic claim set is included in tokens affected by this policy.
 
-- If set to True, all claims in the basic claim set are emitted in tokens affected by the policy. 
+- If set to True, all claims in the basic claim set are emitted in tokens affected by the policy.
 - If set to False, claims in the basic claim set are not in the tokens, unless they are individually added in the claims schema property of the same policy.
 
-> [!NOTE] 
-> Claims in the core claim set are present in every token, regardless of what this property is set to. 
+> [!NOTE]
+> Claims in the core claim set are present in every token, regardless of what this property is set to.
 
 ### Claims schema
 
@@ -262,14 +261,14 @@ For each claim schema entry defined in this property, certain information is req
 
 **Value:** The Value element defines a static value as the data to be emitted in the claim.
 
-**Source/ID pair:** The Source and ID elements define where the data in the claim is sourced from.  
+**Source/ID pair:** The Source and ID elements define where the data in the claim is sourced from.
 
 **Source/ExtensionID pair:** The Source and ExtensionID elements define the directory schema extension attribute where the data in the claim is sourced from. For more information, see [Using directory schema extension attributes in claims](active-directory-schema-extensions.md).
 
-Set the Source element to one of the following values: 
+Set the Source element to one of the following values:
 
-- "user": The data in the claim is a property on the User object. 
-- "application": The data in the claim is a property on the application (client) service principal. 
+- "user": The data in the claim is a property on the User object.
+- "application": The data in the claim is a property on the application (client) service principal.
 - "resource": The data in the claim is a property on the resource service principal.
 - "audience": The data in the claim is a property on the service principal that is the audience of the token (either the client or resource service principal).
 - "company": The data in the claim is a property on the resource tenant's Company object.
@@ -344,7 +343,7 @@ The ID element identifies which property on the source provides the value for th
 
 **String:** ClaimsTransformation
 
-**Data type:** JSON blob, with one or more transformation entries 
+**Data type:** JSON blob, with one or more transformation entries
 
 **Summary:** Use this property to apply common transformations to source data, to generate the output data for claims specified in the Claims Schema.
 
@@ -363,7 +362,7 @@ Based on the method chosen, a set of inputs and outputs is expected. Define the
 
 **InputClaims:** Use an InputClaims element to pass the data from a claim schema entry to a transformation. It has two attributes: **ClaimTypeReferenceId** and **TransformationClaimType**.
 
-- **ClaimTypeReferenceId** is joined with ID element of the claim schema entry to find the appropriate input claim. 
+- **ClaimTypeReferenceId** is joined with ID element of the claim schema entry to find the appropriate input claim.
 - **TransformationClaimType** is used to give a unique name to this input. This name must match one of the expected inputs for the transformation method.
 
 **InputParameters:** Use an InputParameters element to pass a constant value to a transformation. It has two attributes: **Value** and **ID**.
@@ -415,7 +414,7 @@ Based on the method chosen, a set of inputs and outputs is expected. Define the
 
 A custom signing key must be assigned to the service principal object for a claims mapping policy to take effect. This ensures acknowledgment that tokens have been modified by the creator of the claims mapping policy and protects applications from claims mapping policies created by malicious actors. In order to add a custom signing key, you can use the Azure PowerShell cmdlet `new-azureadapplicationkeycredential` to create a symmetric key credential for your Application object. For more information on this Azure PowerShell cmdlet, see [New-AzureADApplicationKeyCredential](/powerShell/module/Azuread/New-AzureADApplicationKeyCredential?view=azureadps-2.0).
 
-Apps that have claims mapping enabled must validate their token signing keys by appending `appid={client_id}` to their [OpenID Connect metadata requests](v2-protocols-oidc.md#fetch-the-openid-connect-metadata-document). Below is the format of the OpenID Connect metadata document you should use: 
+Apps that have claims mapping enabled must validate their token signing keys by appending `appid={client_id}` to their [OpenID Connect metadata requests](v2-protocols-oidc.md#fetch-the-openid-connect-metadata-document). Below is the format of the OpenID Connect metadata document you should use:
 
 ```
 https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration?appid={client-id}
@@ -459,20 +458,20 @@ To get started, do the following steps:
 In this example, you create a policy that removes the basic claim set from tokens issued to linked service principals.
 
 1. Create a claims mapping policy. This policy, linked to specific service principals, removes the basic claim set from tokens.
-   1. To create the policy, run this command: 
-    
+   1. To create the policy, run this command:
+
       ``` powershell
       New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"false"}}') -DisplayName "OmitBasicClaims" -Type "ClaimsMappingPolicy"
       ```
    2. To see your new policy, and to get the policy ObjectId, run the following command:
-    
+
       ``` powershell
       Get-AzureADPolicy
       ```
 1. Assign the policy to your service principal. You also need to get the ObjectId of your service principal.
    1. To see all your organization's service principals, you can [query the Microsoft Graph API](/graph/traverse-the-graph). Or, in [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer), sign in to your Azure AD account.
-   2. When you have the ObjectId of your service principal, run the following command:  
-     
+   2. When you have the ObjectId of your service principal, run the following command:
+
       ``` powershell
       Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>
       ```
@@ -482,21 +481,21 @@ In this example, you create a policy that removes the basic claim set from token
 In this example, you create a policy that adds the EmployeeID and TenantCountry to tokens issued to linked service principals. The EmployeeID is emitted as the name claim type in both SAML tokens and JWTs. The TenantCountry is emitted as the country/region claim type in both SAML tokens and JWTs. In this example, we continue to include the basic claims set in the tokens.
 
 1. Create a claims mapping policy. This policy, linked to specific service principals, adds the EmployeeID and TenantCountry claims to tokens.
-   1. To create the policy, run the following command:  
-     
+   1. To create the policy, run the following command:
+
       ``` powershell
       New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema": [{"Source":"user","ID":"employeeid","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid","JwtClaimType":"name"},{"Source":"company","ID":"tenantcountry","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country","JwtClaimType":"country"}]}}') -DisplayName "ExtraClaimsExample" -Type "ClaimsMappingPolicy"
       ```
-    
+
    2. To see your new policy, and to get the policy ObjectId, run the following command:
-     
-      ``` powershell  
+
+      ``` powershell
       Get-AzureADPolicy
       ```
-1. Assign the policy to your service principal. You also need to get the ObjectId of your service principal. 
+1. Assign the policy to your service principal. You also need to get the ObjectId of your service principal.
    1. To see all your organization's service principals, you can [query the Microsoft Graph API](/graph/traverse-the-graph). Or, in [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer), sign in to your Azure AD account.
-   2. When you have the ObjectId of your service principal, run the following command:  
-     
+   2. When you have the ObjectId of your service principal, run the following command:
+
       ``` powershell
       Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>
       ```
@@ -507,20 +506,20 @@ In this example, you create a policy that emits a custom claim "JoinedData" to J
 
 1. Create a claims mapping policy. This policy, linked to specific service principals, adds the EmployeeID and TenantCountry claims to tokens.
    1. To create the policy, run the following command:
-     
+
       ``` powershell
       New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema":[{"Source":"user","ID":"extensionattribute1"},{"Source":"transformation","ID":"DataJoin","TransformationId":"JoinTheData","JwtClaimType":"JoinedData"}],"ClaimsTransformations":[{"ID":"JoinTheData","TransformationMethod":"Join","InputClaims":[{"ClaimTypeReferenceId":"extensionattribute1","TransformationClaimType":"string1"}], "InputParameters": [{"ID":"string2","Value":"sandbox"},{"ID":"separator","Value":"."}],"OutputClaims":[{"ClaimTypeReferenceId":"DataJoin","TransformationClaimType":"outputClaim"}]}]}}') -DisplayName "TransformClaimsExample" -Type "ClaimsMappingPolicy"
       ```
-    
-   2. To see your new policy, and to get the policy ObjectId, run the following command: 
-     
+
+   2. To see your new policy, and to get the policy ObjectId, run the following command:
+
       ``` powershell
       Get-AzureADPolicy
       ```
-1. Assign the policy to your service principal. You also need to get the ObjectId of your service principal. 
+1. Assign the policy to your service principal. You also need to get the ObjectId of your service principal.
    1. To see all your organization's service principals, you can [query the Microsoft Graph API](/graph/traverse-the-graph). Or, in [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer), sign in to your Azure AD account.
-   2. When you have the ObjectId of your service principal, run the following command: 
-     
+   2. When you have the ObjectId of your service principal, run the following command:
+
       ``` powershell
       Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>
       ```