Merge pull request #219810 from v-edmckillop/patch-31

v-regandowner · web-flow · commit c75512e6bc3c · 2022-12-12T18:33:17.000-05:00
Update partner-experian.md
diff --git a/articles/active-directory-b2c/partner-experian.md b/articles/active-directory-b2c/partner-experian.md
@@ -4,21 +4,22 @@ titleSuffix: Azure AD B2C
 description: Learn how to integrate Azure AD B2C authentication with Experian for Identification verification and proofing based on user attributes to prevent fraud.
 services: active-directory-b2c
 author: gargi-sinha
-manager: CelesteDG
+manager: martinco
 ms.reviewer: kengaderdus
-
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/13/2022
+ms.date: 12/6/2022
 ms.author: gasinh
 ms.subservice: B2C
 ---
-# Tutorial for configuring Experian with Azure Active Directory B2C
+# Tutorial: Configure Experian with Azure Active Directory B2C
+
+In this tutorial, learn how to integrate Azure Active Directory B2C (Azure AD B2C) with Experian CrossCore, a service that verifies user identification. It does risk analysis based on information provided by the user during sign-up. CrossCore permits users to sign in, or not.
 
-In this sample tutorial, we provide guidance on how to integrate Azure AD B2C with [Experian](https://www.experian.com/decision-analytics/account-opening-fraud/microsoft-integration). Experian provides a variety of solutions, which you can find [here](https://www.experian.com/).
+Learn more about [Experian](https://www.experian.com/decision-analytics/account-opening-fraud/microsoft-integration) solutions, services, etc. 
 
-In this sample, Experian's integrated digital identity and fraud risk platform **CrossCore** is used. CrossCore is an ID verification service that is used to verify user identification. It does risk analysis based on several pieces of information provided by the user during sign-up flow. CrossCore is used to determine whether the user should be allowed to continue to log in or not. The following attributes can be used in CrossCore risk analysis:
+In this tutorial, you can use the following attributes in CrossCore risk analysis:
 
 - Email
 - IP Address
@@ -27,143 +28,136 @@ In this sample, Experian's integrated digital identity and fraud risk platform *
 - Surname
 - Street Address
 - City
-- State/Province
+- State or Province
 - Postal Code
-- Country/Region
+- Country or Region
 - Phone Number
 
 ## Prerequisites
 
 To get started, you'll need:
 
-- An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-
-- [An Azure AD B2C tenant](./tutorial-create-tenant.md) that is linked to your Azure subscription.
+- An Azure AD subscription
+  - If you don't have one, you can get an [Azure free account](https://azure.microsoft.com/free/)
+- [An Azure AD B2C tenant](./tutorial-create-tenant.md) linked to your Azure subscription
 
 ## Scenario description
 
 The Experian integration includes the following components:
 
-- Azure AD B2C – The authorization server, responsible for verifying the user's credentials, also known as the identity provider
-
-- Experian – The Experian service takes inputs provided by the user and verifies the user's identity
-
-- Custom REST API – This API implements the integration between Azure AD B2C and the Experian service.
+- **Azure AD B2C**: The authorization server that verifies user credentials, also known as the identity provider (IdP)
+- **Experian CrossCore**: The service takes inputs from the user and verifies their identity
+- **Custom REST API**: This implements the integration between Azure AD B2C and CrossCore
 
 The following architecture diagram shows the implementation.
 
-![screenshot for experian-architecture-diagram](media/partner-experian/experian-architecture-diagram.png)
+   ![Diagram of the Experian architecture.](media/partner-experian/experian-architecture-diagram.png)
 
-|Step | Description |
-|:-----| :-----------|
-| 1. | User arrives at a login page. User selects sign-up to create a new account and enters information into the page. Azure AD B2C collects the user attributes.
-| 2. | Azure AD B2C calls the middle layer API and passes on the user attributes.
-| 3. | Middle layer API collects user attributes and transforms it into a format that Experian API could consume. Then, sends it to Experian.
-| 4. | Experian consumes the information and processes it to validate user identification based on the risk analysis. Then, it returns the result to the middle layer API.
-| 5. | Middle layer API processes the information and sends back relevant information in the correct JSON format to Azure AD B2C.
-| 6. | Azure AD B2C receives information back from middle layer API. If it shows a Failure response, an error message is displayed to user. If it shows a Success response, the user is authenticated and written into the directory.
+1. User arrives at sign-in page, creates a new account, and enters information. Azure AD B2C collects user attributes.
+2. Azure AD B2C calls the middle-layer API and passes the user attributes.
+3. Middle-layer API collects user attributes and transforms it into an Experian CrossCore-ready format. Then, sends it to Experian CrossCore.
+4. Experian consumes the information validates user identification based on risk analysis. Then, it returns the result to the middle-layer API.
+5. Middle-layer API processes the information and sends relevant information in a JSON format to Azure AD B2C.
+6. Azure AD B2C receives information from middle-layer API. With a failure, an error message appears. With success, the user is authenticated and written into the directory.
 
 ## Onboard with Experian
 
-1. To create an Experian account, contact [Experian](https://www.experian.com/decision-analytics/account-opening-fraud/microsoft-integration)
-
-2. Once an account is created, you'll receive the information you need for API configuration. The following sections describe the process.
+1. Create an Experian account. To get started, go to [Experian](https://www.experian.com/decision-analytics/account-opening-fraud/microsoft-integration) and scroll to the bottom for the contact form.
+2. When an account is created, you receive information for API configuration. The following sections continue the process.
 
 ## Configure Azure AD B2C with Experian
 
-### Part 1 - Deploy the API
+### Deploy the API
 
-Deploy the provided [API code](https://github.com/azure-ad-b2c/partner-integrations/blob/master/samples/Experian/CrossCoreIntegrationApi/CrossCoreIntegrationApi.sln) to an Azure service. The code can be published from Visual Studio, following these [instructions](/visualstudio/deployment/quickstart-deploy-to-azure).
+1. Deploy the partner-integration to an Azure service: Go to [/CrossCoreIntegrationApi.sln](https://github.com/azure-ad-b2c/partner-integrations/blob/master/samples/Experian/CrossCoreIntegrationApi/CrossCoreIntegrationApi.sln). 
+2. Publish the code from Visual Studio. 
 
 >[!NOTE]
->You'll need the URL of the deployed service to configure Azure AD with the required settings.
+>Use the deployed service URL to configure Azure AD with the required settings.
+
+### Deploy the client certificate
+
+The Experian API call is protected by a client certificate, provided by Experian. 
 
-### Part 2 - Deploy the client certificate
+1. Follow the instructions in [Private client certificate](../app-service/environment/certificates.md#private-client-certificate). 
+2. Upload the certificate to the Azure App service. 
 
-The Experian API call is protected by a client certificate. This client certificate will be provided by Experian. Following the  instructions mentioned in this [document](../app-service/environment/certificates.md#private-client-certificate), the certificate must be uploaded to the Azure App service. The sample policy uses these keys steps in the process:
+The sample policy has two steps:
 
-- Upload the certificate
+1. Upload the certificate.
+2. Set the `WEBSITE_LOAD_ROOT_CERTIFICATES` key with the thumbprint of the certificate.
 
-- Set the `WEBSITE_LOAD_ROOT_CERTIFICATES` key with the thumbprint of the certificate.
+### Configure the API
 
-### Part 3 - Configure the API
+Application settings can be [configured in the App service in Azure](../app-service/configure-common.md#configure-app-settings). Use this method to configure settings without checking them into a repository. 
 
-Application settings can be [configured in the App service in Azure](../app-service/configure-common.md#configure-app-settings). With this method,  settings can be securely configured without checking them into a repository. You'll need to provide the following settings to the REST API:
+Provide the following application settings to the REST API:
 
 | Application settings | Source | Notes |
-| :-------- | :------------| :-----------|
-|CrossCoreConfig:TenantId | Experian account configuration |     |
-|CrossCoreConfig:OrgCode | Experian account configuration |     |
-|CrossCore:ApiEndpoint |Experian account configuration|  |
-|CrossCore:ClientReference | Experian account configuration | |
-| CrossCore:ModelCode |Experian account configuration|
-| CrossCore:OrgCode | Experian account configuration |
-| CrossCore:SignatureKey  | Experian account configuration |
-| CrossCore:TenantId  | Experian account configuration |
-| CrossCore:CertificateThumbprint | Experian certificate |
-| BasicAuth:ApiUsername | Define a username for the API | Used in the ExtId configuration |
-| BasicAuth:ApiPassword | Define a password for the API | Used in the ExtId configuration
-
-### Part 4 - Create API policy keys
-
-Refer to this [document](./secure-rest-api.md#add-rest-api-username-and-password-policy-keys) and create two policy keys – one for the API username, and one for the API password that you defined above for HTTP basic authentication.
+| --- | ---| ---|
+|CrossCoreConfig:TenantId | Experian account configuration |N/A|
+|CrossCoreConfig:OrgCode | Experian account configuration |N/A|
+|CrossCore:ApiEndpoint |Experian account configuration|N/A|
+|CrossCore:ClientReference | Experian account configuration |N/A|
+|CrossCore:ModelCode |Experian account configuration|N/A|
+|CrossCore:OrgCode | Experian account configuration |N/A|
+|CrossCore:SignatureKey  | Experian account configuration |N/A|
+|CrossCore:TenantId  | Experian account configuration |N/A|
+|CrossCore:CertificateThumbprint | Experian certificate |N/A|
+|BasicAuth:ApiUsername | Define a username for the API | Used in the ExtId configuration |
+|BasicAuth:ApiPassword | Define a password for the API | Used in the ExtId configuration|
+
+### Create API policy keys
+
+Refer to [Custom policy starter pack](./secure-rest-api.md#add-rest-api-username-and-password-policy-keys) to create two policy keys, one each for:
+
+* API username
+* API password you defined for HTTP basic authentication
 
 >[!NOTE]
->You'll need the keys for configuring the policies later.
+>Later, you will need the keys for configuring the policies.
 
-### Part 5 - Replace the configuration values
+### Replace the configuration values
 
-In the provided [custom policies](https://github.com/azure-ad-b2c/partner-integrations/tree/master/samples/Experian/policy), find the following placeholders and replace with the corresponding values from your instance
+In the partner-integration [custom policies](https://github.com/azure-ad-b2c/partner-integrations/tree/master/samples/Experian/policy), find the following placeholders and replace with the corresponding values from your instance
 
-|                      Placeholder                       |                                   Replace with value                                 |                   Example                    |
-| ------------------------------------------------------ | -------------------------------------------------------------------------------- | -------------------------------------------- |
-| {your_tenant_name}                                     | Your tenant short name                                                           | "yourtenant" from yourtenant.onmicrosoft.com |
-| {your_trustframeworkbase_policy}                       | Azure AD B2C name of your TrustFrameworkBase policy                  | B2C_1A_experian_TrustFrameworkBase           |
-| {your_tenant_IdentityExperienceFramework_appid}        | App ID of the IdentityExperienceFramework app configured in your Azure AD B2C tenant      | 01234567-89ab-cdef-0123-456789abcdef         |
-| {your_tenant_ ProxyIdentityExperienceFramework _appid} | App ID of the ProxyIdentityExperienceFramework app configured in your Azure AD B2C tenant | 01234567-89ab-cdef-0123-456789abcdef         |
-| {your_tenant_extensions_appid}                         | App ID of your tenant's storage application                                      | 01234567-89ab-cdef-0123-456789abcdef         |
-| {your_tenant_extensions_app_objectid}                  | Object ID of your tenant's storage application                                   | 01234567-89ab-cdef-0123-456789abcdef         |
-| {your_api_username_key_name}                           | Name of the username key you created [here](#part-4---create-api-policy-keys)             | B2C\_1A\_RestApiUsername                     |
-| {your_api_password_key_name}                           | Name of the password key you created [here](#part-4---create-api-policy-keys)             | B2C\_1A\_RestApiPassword                     |
-| {your_app_service_URL}                                 | URL of the app service you've set up                                             | `https://yourapp.azurewebsites.net`          |
+|Placeholder|Replace with value|Example |
+| --- | --- | --- |
+| {your_tenant_name} | Your tenant short name | "yourtenant" from yourtenant.onmicrosoft.com |
+| {your_trustframeworkbase_policy} | Azure AD B2C name of your TrustFrameworkBase policy| B2C_1A_experian_TrustFrameworkBase|
+| {your_tenant_IdentityExperienceFramework_appid} |App ID of the IdentityExperienceFramework app configured in your Azure AD B2C tenant| 01234567-89ab-cdef-0123-456789abcdef|
+| {your_tenant_ ProxyIdentityExperienceFramework_appid}| App ID of the ProxyIdentityExperienceFramework app configured in your Azure AD B2C tenant | 01234567-89ab-cdef-0123-456789abcdef|
+| {your_tenant_extensions_appid} | App ID of your tenant storage application| 01234567-89ab-cdef-0123-456789abcdef|
+| {your_tenant_extensions_app_objectid}| Object ID of your tenant storage application| 01234567-89ab-cdef-0123-456789abcdef|
+| {your_api_username_key_name}| Username key name, made in **Create API policy keys**| B2C\_1A\_RestApiUsername|
+| {your_api_password_key_name}| Password key name, made in **Create API policy keys**| B2C\_1A\_RestApiPassword|
+| {your_app_service_URL}| App service URL you set up| `https://yourapp.azurewebsites.net`|
 
-### Part 6 - Configure the Azure AD B2C policy
+### Configure the Azure AD B2C policy
 
-Refer to this [document](./tutorial-create-user-flows.md?pivots=b2c-custom-policy#custom-policy-starter-pack) for instructions on how to set up your Azure AD B2C tenant and configure policies.
+Refer to [Custom policy starter pack](./tutorial-create-user-flows.md?pivots=b2c-custom-policy#custom-policy-starter-pack) for instructions to set up your Azure AD B2C tenant and configure policies.
 
 >[!NOTE]
->This sample policy is based on [Local Accounts starter
-pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/LocalAccounts).
+>This sample policy is based on [Active Directory B2C custom policy starterpack/LocalAccounts](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/LocalAccounts).
 
->[!NOTE]
-> As a best practice, we recommend that customers add consent notification in the attribute collection page. Notify users that information will be send to third-party services for Identity verification.
+>[!TIP]
+> We recommend that customers add consent notification in the attribute collection page. Notify users that information goes to third-party services for identity verification.
 
 ## Test the user flow
 
-1. Open the Azure AD B2C tenant and under Policies select **User flows**.
-
+1. Open the Azure AD B2C tenant and under **Policies** select **User flows**.
 2. Select your previously created **User Flow**.
-
-3. Select **Run user flow** and select the settings:
-
-   a. **Application**: select the registered app (sample is JWT)
-
-   b. **Reply URL**: select the **redirect URL**
-
-   c. Select **Run user flow**.
-
-4. Go through sign-up flow and create an account
-
-5. Log-out
-
-6. Go through sign-in flow  
-
-7. CrossCore puzzle will pop up after you enter **continue**.
+3. Select **Run user flow**.
+4. **Application**: the registered app (example is JWT).
+5. **Reply URL**: **redirect URL**.
+6. Select **Run user flow**.
+7. Complete sign-up flow and create an account.
+8. Sign out.
+9. Complete sign-in flow. 
+10. Select **continue**
+11. CrossCore puzzle appears. 
 
 ## Next steps
 
-For additional information, review the following articles:
-
 - [Custom policies in Azure AD B2C](./custom-policy-overview.md)
-
 - [Get started with custom policies in Azure AD B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy)
