Skip to content

Commit f47eed5

Browse files
authored
Merge pull request #214352 from MicrosoftDocs/main
10/12 PM Publish
2 parents 37385ab + c899478 commit f47eed5

File tree

112 files changed

+1545
-491
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

112 files changed

+1545
-491
lines changed

articles/active-directory-b2c/json-transformations.md

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ manager: CelesteDG
99
ms.service: active-directory
1010
ms.workload: identity
1111
ms.topic: reference
12-
ms.date: 08/10/2022
12+
ms.date: 09/07/2022
1313
ms.author: kengaderdus
1414
ms.subservice: B2C
1515
---
@@ -251,6 +251,26 @@ The following claims transformation outputs a JSON string claim that will be the
251251
}
252252
```
253253

254+
The **GenerateJson** claims transformation accepts plain strings. If an input claim contains a JSON string, that string will be escaped. In the following example, if you use email output from [CreateJsonArray above](json-transformations.md#example-of-createjsonarray), that is ["[email protected]"], as an input parameter, the email will look like as shown in the following JSON claim:
255+
256+
- Output claim:
257+
- **requestBody**:
258+
259+
```json
260+
{
261+
"customerEntity":{
262+
"email":"[\"[email protected]\"]",
263+
"userObjectId":"01234567-89ab-cdef-0123-456789abcdef",
264+
"firstName":"John",
265+
"lastName":"Smith",
266+
"role":{
267+
"name":"Administrator",
268+
"id": 1
269+
}
270+
}
271+
}
272+
```
273+
254274
## GetClaimFromJson
255275

256276
Get a specified element from a JSON data. Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation/json#getclaimfromjson) of this claims transformation.

articles/active-directory-b2c/user-profile-attributes.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,10 @@ manager: CelesteDG
88
ms.service: active-directory
99
ms.workload: identity
1010
ms.topic: conceptual
11-
ms.date: 09/24/2021
11+
ms.date: 10/11/2021
1212
ms.author: kengaderdus
1313
ms.subservice: B2C
14+
ms.custom: b2c-support
1415
---
1516

1617
# User profile attributes
@@ -48,7 +49,7 @@ The table below lists the [user resource type](/graph/api/resources/user) attrib
4849
|creationType |String|If the user account was created as a local account for an Azure Active Directory B2C tenant, the value is LocalAccount or nameCoexistence. Read only.|No|No|Persisted, Output|
4950
|dateOfBirth |Date|Date of birth.|No|No|Persisted, Output|
5051
|department |String|The name for the department in which the user works. Max length 64.|Yes|No|Persisted, Output|
51-
|displayName |String|The display name for the user. Max length 256.|Yes|Yes|Persisted, Output|
52+
|displayName |String|The display name for the user. Max length 256. \< \> characters aren't allowed. | Yes|Yes|Persisted, Output|
5253
|facsimileTelephoneNumber<sup>1</sup>|String|The telephone number of the user's business fax machine.|Yes|No|Persisted, Output|
5354
|givenName |String|The given name (first name) of the user. Max length 64.|Yes|Yes|Persisted, Output|
5455
|jobTitle |String|The user's job title. Max length 128.|Yes|Yes|Persisted, Output|
@@ -165,7 +166,7 @@ In user migration scenarios, if the accounts you want to migrate have weaker pas
165166

166167
## MFA phone number attribute
167168

168-
When using a phone for multi-factor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programmatically, [update](/graph/api/b2cauthenticationmethodspolicy-update), [get](/graph/api/b2cauthenticationmethodspolicy-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod).
169+
When using a phone for multi-factor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programmatically, [update](/graph/api/phoneauthenticationmethod-update), [get](/graph/api/phoneauthenticationmethod-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod).
169170

170171
In Azure AD B2C [custom policies](custom-policy-overview.md), the phone number is available through `strongAuthenticationPhoneNumber` claim type.
171172

articles/active-directory/enterprise-users/groups-dynamic-membership.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ dirSyncEnabled |true false |user.dirSyncEnabled -eq true
104104
| memberOf | Any string value (valid group object ID) | user.memberof -any (group.objectId -in ['value']) |
105105
| mobile |Any string value or *null* | user.mobile -eq "value" |
106106
| objectId |GUID of the user object | user.objectId -eq "11111111-1111-1111-1111-111111111111" |
107-
| onPremisesDistinguishedName (preview)| Any string value or *null* | user.onPremisesDistinguishedName -eq "value" |
107+
| onPremisesDistinguishedName | Any string value or *null* | user.onPremisesDistinguishedName -eq "value" |
108108
| onPremisesSecurityIdentifier | On-premises security identifier (SID) for users who were synchronized from on-premises to the cloud. | user.onPremisesSecurityIdentifier -eq "S-1-1-11-1111111111-1111111111-1111111111-1111111" |
109109
| passwordPolicies |None<br>DisableStrongPassword<br>DisablePasswordExpiration<br>DisablePasswordExpiration, DisableStrongPassword | user.passwordPolicies -eq "DisableStrongPassword" |
110110
| physicalDeliveryOfficeName |Any string value or *null* | user.physicalDeliveryOfficeName -eq "value" |
11.6 KB
Loading
1.48 KB
Loading

articles/active-directory/external-identities/self-service-sign-up-user-flow.md

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: active-directory
55
ms.service: active-directory
66
ms.subservice: B2B
77
ms.topic: how-to
8-
ms.date: 04/26/2022
8+
ms.date: 10/12/2022
99

1010
ms.author: mimart
1111
author: msmimart
@@ -61,9 +61,10 @@ Next, you'll create the user flow for self-service sign-up and add it to an appl
6161

6262
![Add a new user flow button](media/self-service-sign-up-user-flow/new-user-flow.png)
6363

64-
5. On the **Create** page, enter a **Name** for the user flow. Note that the name is automatically prefixed with **B2X_1_**.
65-
6. In the **Identity providers** list, select one or more identity providers that your external users can use to log into your application. **Azure Active Directory Sign up** is selected by default. (See [Before you begin](#before-you-begin) earlier in this article to learn how to add identity providers.)
66-
7. Under **User attributes**, choose the attributes you want to collect from the user. For additional attributes, select **Show more**. For example, select **Show more**, and then choose attributes and claims for **Country/Region**, **Display Name**, and **Postal Code**. Select **OK**.
64+
5. Select the user flow type (for example, **Sign up and sign in**), and then select the version (**Recommended** or **Preview**).
65+
6. On the **Create** page, enter a **Name** for the user flow. Note that the name is automatically prefixed with **B2X_1_**.
66+
7. In the **Identity providers** list, select one or more identity providers that your external users can use to log into your application. **Azure Active Directory Sign up** is selected by default. (See [Before you begin](#before-you-begin) earlier in this article to learn how to add identity providers.)
67+
8. Under **User attributes**, choose the attributes you want to collect from the user. For additional attributes, select **Show more**. For example, select **Show more**, and then choose attributes and claims for **Country/Region**, **Display Name**, and **Postal Code**. Select **OK**.
6768

6869
![Create a new user flow page](media/self-service-sign-up-user-flow/create-user-flow.png)
6970

@@ -86,7 +87,7 @@ You can choose order in which the attributes are displayed on the sign-up page.
8687

8788
## Add applications to the self-service sign-up user flow
8889

89-
Now you can associate applications with the user flow.
90+
Now you'll associate applications with the user flow to enable sign-up for those applications. New users who access the associated applications will be presented with your new self-service sign-up experience.
9091

9192
1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
9293
2. Under **Azure services**, select **Azure Active Directory**.
@@ -107,3 +108,4 @@ Now you can associate applications with the user flow.
107108
- [Add Facebook to your list of social identity providers](facebook-federation.md)
108109
- [Use API connectors to customize and extend your user flows via web APIs](api-connectors-overview.md)
109110
- [Add custom approval workflow to your user flow](self-service-sign-up-add-approvals.md)
111+
- [Learn more about initiating an OAuth 2.0 authorization code flow](../develop/v2-oauth2-auth-code-flow.md#request-an-authorization-code)

articles/active-directory/governance/how-to-lifecycle-workflow-sync-attributes.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ To ensure timing accuracy of scheduled workflows it’s curial to consider:
9494
6. Select **Add attribute**.
9595
7. Fill in the following information:
9696
- Mapping Type: Direct
97-
- Source attribute: msDS-cloudExtensionAttribute1
97+
- Source attribute: extensionAttribute1
9898
- Default value: Leave blank
9999
- Target attribute: employeeHireDate
100100
- Apply this mapping: Always
@@ -157,4 +157,4 @@ For more information, see [How to customize a synchronization rule](../hybrid/ho
157157
## Next steps
158158
- [What are lifecycle workflows?](what-are-lifecycle-workflows.md)
159159
- [Create a custom workflow using the Azure portal](tutorial-onboard-custom-workflow-portal.md)
160-
- [Create a Lifecycle workflow](create-lifecycle-workflow.md)
160+
- [Create a Lifecycle workflow](create-lifecycle-workflow.md)

articles/active-directory/governance/tutorial-prepare-azure-ad-user-accounts.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -58,8 +58,8 @@ First we'll create our employee, Melva Prince.
5858
"displayName": "Melva Prince",
5959
"mailNickname": "mprince",
6060
"department": "sales",
61-
"mail": "mpricne@<your tenant name here>",
62-
"employeeHireDate": "2022-04-15T22:10:00Z"
61+
"mail": "mprince@<your tenant name here>",
62+
"employeeHireDate": "2022-04-15T22:10:00Z",
6363
"userPrincipalName": "mprince@<your tenant name here>",
6464
"passwordProfile" : {
6565
"forceChangePasswordNextSignIn": true,
@@ -84,7 +84,7 @@ Next, we'll create Britta Simon. This is the account that will be used as our m
8484
"mailNickname": "bsimon",
8585
"department": "sales",
8686
"mail": "bsimon@<your tenant name here>",
87-
"employeeHireDate": "2021-01-15T22:10:00Z"
87+
"employeeHireDate": "2021-01-15T22:10:00Z",
8888
"userPrincipalName": "bsimon@<your tenant name here>",
8989
"passwordProfile" : {
9090
"forceChangePasswordNextSignIn": true,

articles/active-directory/hybrid/how-to-connect-group-writeback-v2.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ manager: amycolannino
77
ms.service: active-directory
88
ms.topic: how-to
99
ms.workload: identity
10-
ms.date: 06/15/2022
10+
ms.date: 10/12/2022
1111
ms.subservice: hybrid
1212
ms.author: billmath
1313

@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
1919
Group writeback allows you to write cloud groups back to your on-premises Active Directory instance by using Azure Active Directory (Azure AD) Connect sync. You can use this feature to manage groups in the cloud, while controlling access to on-premises applications and resources.
2020

2121
>[NOTE]
22-
>The Group writeback functionality is currently in Public Preview. We are collecting customer feedback and telemetry. Please refer to [the limitations]([#Understand limitations of public preview](https://learn.microsoft.com/azure/active-directory/hybrid/how-to-connect-group-writeback-v2#understand-limitations-of-public-preview) before you enable this funcitonality.
22+
>The Group writeback functionality is currently in Public Preview as we are collecting customer feedback and telemetry. Please refer to [the limitations](https://learn.microsoft.com/azure/active-directory/hybrid/how-to-connect-group-writeback-v2#understand-limitations-of-public-preview) before you enable this functionality.
2323
2424

2525
There are two versions of group writeback. The original version is in general availability and is limited to writing back Microsoft 365 groups to your on-premises Active Directory instance as distribution groups. The new, expanded version of group writeback is in public preview and enables the following capabilities:
@@ -121,8 +121,8 @@ If you plan to make changes to the default behavior, we recommend that you do so
121121

122122
## Understand limitations of public preview 
123123

124-
Although this release has undergone extensive testing, you might still encounter issues. One of the goals of this public preview release is to find and fix any issues before the feature moves to general availability. Please also note that any public preview functionality can still receive breaking changes which may require you to make changes to you configuration to continue using this feature. We may also decide to change certain functionality without prior notice.
125-
Microsoft provides support for this public preview release, but it might not be able to immediately fix issues that you encounter. For these reasons, we recommend that you do not deploy this release in your production environment. 
124+
Although this release has undergone extensive testing, you might still encounter issues. One of the goals of this public preview release is to find and fix any issues before the feature moves to general availability. Please also note that any public preview functionality can still receive breaking changes which may require you to make changes to you configuration to continue using this feature. We may also decide to change or remove certain functionality without prior notice.
125+
Microsoft provides support for this public preview release, but we might not be able to immediately fix issues that you encounter. For these reasons, we recommend that you do not deploy this release in your production environment. 
126126

127127
These limitations and known issues are specific to group writeback:
128128

articles/aks/cluster-configuration.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -369,7 +369,7 @@ This enables an OIDC Issuer URL of the provider which allows the API server to d
369369
370370
### Prerequisites
371371

372-
* The Azure CLI version 2.42.0 or higher. Run `az --version` to find your version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
372+
* The Azure CLI version 2.40.0 or higher. Run `az --version` to find your version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
373373
* AKS version 1.22 and higher. If your cluster is running version 1.21 and the OIDC Issuer preview is enabled, we recommend you upgrade the cluster to the minimum required version supported.
374374

375375
### Create an AKS cluster with OIDC Issuer

0 commit comments

Comments
 (0)