Merge pull request #177040 from WhippsP/patch-18

PRMerger10 · web-flow · commit d5f9c357dc5e · 2021-10-23T04:25:30.000-07:00
Update to IdentifierURI Requirement
diff --git a/articles/active-directory-b2c/saml-service-provider.md b/articles/active-directory-b2c/saml-service-provider.md
@@ -313,7 +313,10 @@ For SAML apps, you need to configure several properties in the application regis
 
 When your SAML application makes a request to Azure AD B2C, the SAML AuthN request includes an `Issuer` attribute. The value of this attribute is typically the same as the application's metadata `entityID` value. Azure AD B2C uses this value to look up the application registration in the directory and read the configuration. For this lookup to succeed, `identifierUri` in the application registration must be populated with a value that matches the `Issuer` attribute.
 
-In the registration manifest, find the `identifierURIs` parameter and add the appropriate value. This value will be the same value that's configured in the SAML AuthN requests for `EntityId` at the application, and the `entityID` value in the application's metadata.
+In the registration manifest, find the `identifierURIs` parameter and add the appropriate value. This value will be the same value that's configured in the SAML AuthN requests for `EntityId` at the application, and the `entityID` value in the application's metadata. You will also need to find the `accessTokenAcceptedVersion` paramater and set the value to `2`.
+
+> [!IMPORTANT]
+> If you do not update the `accessTokenAcceptedVersion` to `2` you will recive an error message requiring a verfied domain.
 
 The following example shows the `entityID` value in the SAML metadata:
 
@@ -434,4 +437,4 @@ The following SAML application scenarios are supported via your own metadata end
 <!-- LINKS - External -->
 [samltest]: https://aka.ms/samltestapp
 
-::: zone-end
+::: zone-end
