Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into adt-aad

Author: KingdomOfEnds

.openpublishing.redirection.json

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 12/10/2019
+ms.date: 02/04/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -186,15 +186,16 @@ You can also call a REST API technical profile with your business logic, overwri
 
 | Attribute | Required | Description |
 | --------- | -------- | ----------- |
-| setting.showContinueButton | No | Displays the continue button. Possible values: `true` (default), or `false` |
-| setting.showCancelButton | No | Displays the cancel button. Possible values: `true` (default), or `false` |
 | setting.operatingMode | No | For a sign-in page, this property controls the behavior of the username field, such as input validation and error messages. Expected values: `Username` or `Email`. |
+| AllowGenerationOfClaimsWithNullValues| No| Allow to generate a claim with null value. For example, in a case user doesn't select a checkbox.|
 | ContentDefinitionReferenceId | Yes | The identifier of the [content definition](contentdefinitions.md) associated with this technical profile. |
 | EnforceEmailVerification | No | For sign-up or profile edit, enforces email verification. Possible values: `true` (default), or `false`. |
-| setting.showSignupLink | No | Displays the sign-up button. Possible values: `true` (default), or `false` |
 | setting.retryLimit | No | Controls the number of times a user can try to provide the data that is checked against a validation technical profile . For example, a user tries to sign-up with an account that already exists and keeps trying until the limit reached.
 | SignUpTarget | No | The signup target exchange identifier. When the user clicks the sign-up button, Azure AD B2C executes the specified exchange identifier. |
-
+| setting.showCancelButton | No | Displays the cancel button. Possible values: `true` (default), or `false` |
+| setting.showContinueButton | No | Displays the continue button. Possible values: `true` (default), or `false` |
+| setting.showSignupLink | No | Displays the sign-up button. Possible values: `true` (default), or `false` |
+| setting.forgotPasswordLinkLocation| No| Displays the forgot password link. Possible values: `AfterInput` (default) the link is displayed at the bottom of the page, or `None` removes the forgot password link.| 
 ## Cryptographic keys
 
 The **CryptographicKeys** element is not used.

articles/active-directory-b2c/self-asserted-technical-profile.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/03/2020
+ms.date: 02/04/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -495,6 +495,47 @@ Use this claims transformation to parse the domain name after the @ symbol of th
 - Output claims:
     - **domain**: outlook.com
 
+## SetClaimsIfRegexMatch
+
+Checks that a string claim `claimToMatch` and `matchTo` input parameter are equal, and sets the output claims with the value present in `outputClaimIfMatched` input parameter, along with  compare result output claim, which is to be set as `true` or `false` based on the result of comparison.
+
+| Item | TransformationClaimType | Data Type | Notes |
+| ---- | ----------------------- | --------- | ----- |
+| inputClaim | claimToMatch | string | The claim type, which is to be compared. |
+| InputParameter | matchTo | string | The regular expression to match. |
+| InputParameter | outputClaimIfMatched | string | The value to be set if strings are equal. |
+| OutputClaim | outputClaim | string | If regular expression is match, this output claim contains the value of `outputClaimIfMatched` input parameter. Or null, if no match. |
+| OutputClaim | regexCompareResultClaim | boolean | The regular expression match result output claim type, which is to be set as `true` or `false` based on the result of matching. |
+
+For example, checks whether the provided phone number is valid, based on phone number regular expression pattern.  
+
+```XML
+<ClaimsTransformation Id="SetIsPhoneRegex" TransformationMethod="setClaimsIfRegexMatch">
+  <InputClaims>
+    <InputClaim ClaimTypeReferenceId="phone" TransformationClaimType="claimToMatch" />
+  </InputClaims>
+  <InputParameters>
+    <InputParameter Id="matchTo" DataType="string" Value="^[0-9]{4,16}$" />
+    <InputParameter Id="outputClaimIfMatched" DataType="string" Value="isPhone" />
+  </InputParameters>
+  <OutputClaims>
+    <OutputClaim ClaimTypeReferenceId="validationResult" TransformationClaimType="outputClaim" />
+    <OutputClaim ClaimTypeReferenceId="isPhoneBoolean" TransformationClaimType="regexCompareResultClaim" />
+  </OutputClaims>
+</ClaimsTransformation>
+```
+
+### Example
+
+- Input claims:
+    - **claimToMatch**: "64854114520"
+- Input parameters:
+    - **matchTo**: "^[0-9]{4,16}$"
+    - **outputClaimIfMatched**:  "isPhone"
+- Output claims:
+    - **outputClaim**: "isPhone"
+    - **regexCompareResultClaim**: true
+
 ## SetClaimsIfStringsAreEqual
 
 Checks that a string claim and `matchTo` input parameter are equal, and sets the output claims with the value present in `stringMatchMsg` and `stringMatchMsgCode` input parameters, along with  compare result output claim, which is to be set as `true` or `false` based on the result of comparison.
@@ -703,3 +744,73 @@ For example, normalize a phone number, by removing the `-` characters
 - Output claims:
     - **outputClaim**: "+164411452054"
 
+## StringJoin
+
+Concatenates the elements of a specified string collection claim type, using the specified separator between each element or member.
+
+| Item | TransformationClaimType | Data Type | Notes |
+| ---- | ----------------------- | --------- | ----- |
+| InputClaim | inputClaim | stringCollection | A collection that contains the strings to concatenate. |
+| InputParameter | delimiter | string | The string to use as a separator, such as comma `,`. |
+| OutputClaim | outputClaim | string | A string that consists of the members of the `inputClaim` string collection, delimited by the `delimiter` input parameter. |
+  
+The following example takes a string collection of user roles, and convert it to a comma delimiter string. You can user this method to store a string collection in Azure AD user account. Later, when you read the account from the directory, use the `StringSplit` to convert the comma delimiter string back to string collection.
+
+```XML
+<ClaimsTransformation Id="ConvertRolesStringCollectionToCommaDelimiterString" TransformationMethod="StringJoin">
+  <InputClaims>
+   <InputClaim ClaimTypeReferenceId="roles" TransformationClaimType="inputClaim" />
+  </InputClaims>
+  <InputParameters>
+    <InputParameter DataType="string" Id="delimiter" Value="," />
+  </InputParameters>
+  <OutputClaims>
+    <OutputClaim ClaimTypeReferenceId="rolesCommaDelimiterConverted" TransformationClaimType="outputClaim" />
+  </OutputClaims>
+</ClaimsTransformation>
+```
+
+### Example
+
+- Input claims:
+  - **inputClaim**: [ "Admin", "Author", "Reader" ]
+- Input parameters:
+  - **delimiter**: ","
+- Output claims:
+  - **outputClaim**: "Admin,Author,Reader"
+
+
+## StringSplit
+
+Returns a string array that contains the substrings in this instance that are delimited by elements of a specified string.
+
+| Item | TransformationClaimType | Data Type | Notes |
+| ---- | ----------------------- | --------- | ----- |
+| InputClaim | inputClaim | string | A string claim type that contains the sub strings to split. |
+| InputParameter | delimiter | string | The string to use as a separator, such as comma `,`. |
+| OutputClaim | outputClaim | stringCollection | A string collection whose elements contain the substrings in this string that are delimited by the `delimiter` input parameter. |
+  
+The following example takes a comma delimiter string of user roles, and convert it to a string collection.
+
+```XML
+<ClaimsTransformation Id="ConvertRolesToStringCollection" TransformationMethod="StringSplit">
+  <InputClaims>
+    <InputClaim ClaimTypeReferenceId="rolesCommaDelimiter" TransformationClaimType="inputClaim" />
+  </InputClaims>
+  <InputParameters>
+  <InputParameter DataType="string" Id="delimiter" Value="," />
+    </InputParameters>
+  <OutputClaims>
+    <OutputClaim ClaimTypeReferenceId="roles" TransformationClaimType="outputClaim" />
+  </OutputClaims>
+</ClaimsTransformation>
+```
+
+### Example
+
+- Input claims:
+  - **inputClaim**: "Admin,Author,Reader"
+- Input parameters:
+  - **delimiter**: ","
+- Output claims:
+  - **outputClaim**: [ "Admin", "Author", "Reader" ]

articles/active-directory-b2c/string-transformations.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/03/2020
+ms.date: 02/04/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -158,12 +158,18 @@ Preconditions can check multiple preconditions. The following example checks whe
 
 An orchestration step of type `ClaimsProviderSelection` or `CombinedSignInAndSignUp` may contain a list of claims providers that a user can sign in with. The order of the elements inside the `ClaimsProviderSelections` elements controls the order of the identity providers presented to the user.
 
-The **ClaimsProviderSelection** element contains the following element:
+The **ClaimsProviderSelections** element contains the following element:
 
 | Element | Occurrences | Description |
 | ------- | ----------- | ----------- |
 | ClaimsProviderSelection | 1:n | Provides the list of claims providers that can be selected.|
 
+The **ClaimsProviderSelections** element contains the following attributes: 
+
+| Attribute | Required | Description |
+| --------- | -------- | ----------- |
+| DisplayOption| No | Controls the behavior of a case where a single claims provider selection is available. Possible values: `DoNotShowSingleProvider` (default) , the user is redirected immediately to the federated identity provider. Or `ShowSingleProvider` Azure AD B2C presents the sign-in page with the single identity provider selection. To use this attribute, the [content definition version](page-layout.md) must be `urn:com:microsoft:aad:b2c:elements:contract:providerselection:1.0.0` and above.| 
+
 The **ClaimsProviderSelection** element contains the following attributes: 
 
 | Attribute | Required | Description |

articles/active-directory-b2c/userjourneys.md

@@ -29,7 +29,7 @@ The following steps will help create a Conditional Access policy to block legacy
 1. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
 1. Under **Assignments**, select **Users and groups**
    1. Under **Include**, select **All users**.
-   1. Under **Exclude**, select **Users and groups** and choose any accounts that must maintain the ability to use legacy authentication. 
+   1. Under **Exclude**, select **Users and groups** and choose any accounts that must maintain the ability to use legacy authentication. You must exclude at least one account to prevent yourself from being locked out. If you do not exclude any account, you will not be able to create this policy.
    1. Select **Done**.
 1. Under **Cloud apps or actions** select **All cloud apps**.
    1. Select **Done**.