Merge pull request #134816 from MicrosoftDocs/master

10/21 AM Publish

Author: huypub

articles/active-directory-b2c/configure-tokens-custom-policy.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 05/07/2020
+ms.date: 10/21/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -87,6 +87,45 @@ The following values are set in the previous example:
 > [!NOTE]
 > Single-page applications using the authorization code flow with PKCE always have a refresh token lifetime of 24 hours. [Learn more about the security implications of refresh tokens in the browser](../active-directory/develop/reference-third-party-cookies-spas.md#security-implications-of-refresh-tokens-in-the-browser).
 
+## Provide optional claims to your app
+
+The [Relying party policy technical profile](relyingparty.md#technicalprofile) output claims are values that are returned to an application. Adding output claims will issue the claims into the token after a successful user journey, and will be sent to the application. Modify the technical profile element within the relying party section to add the desired claims as an output claim.
+
+1. Open your custom policy file. For example, SignUpOrSignin.xml.
+1. Find the OutputClaims element. Add the OutputClaim you want to be included in the token. 
+1. Set the output claim attributes. 
+
+The following example adds the `accountBalance` claim. The accountBalance claim is sent to the application as a balance. 
+
+```xml
+<RelyingParty>
+  <DefaultUserJourney ReferenceId="SignUpOrSignIn" />
+  <TechnicalProfile Id="PolicyProfile">
+    <DisplayName>PolicyProfile</DisplayName>
+    <Protocol Name="OpenIdConnect" />
+    <OutputClaims>
+      <OutputClaim ClaimTypeReferenceId="displayName" />
+      <OutputClaim ClaimTypeReferenceId="givenName" />
+      <OutputClaim ClaimTypeReferenceId="surname" />
+      <OutputClaim ClaimTypeReferenceId="email" />
+      <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
+      <OutputClaim ClaimTypeReferenceId="identityProvider" />
+      <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
+      <!--Add the optional claims here-->
+      <OutputClaim ClaimTypeReferenceId="accountBalance" DefaultValue="" PartnerClaimType="balance" />
+    </OutputClaims>
+    <SubjectNamingInfo ClaimType="sub" />
+  </TechnicalProfile>
+</RelyingParty>
+```
+
+The OutputClaim element contains the following attributes:
+
+  - **ClaimTypeReferenceId** - The identifier of a claim type already defined in the [ClaimsSchema](claimsschema.md) section in the policy file or parent policy file.
+  - **PartnerClaimType** - Allows you to change the name of the claim in the token. 
+  - **DefaultValue** - A default value. You can also set the default value to a [claim resolver](claim-resolver-overview.md), such as tenant ID.
+  - **AlwaysUseDefaultValue** - Force the use of the default value.
+
 ## Next steps
 
 - Learn more about [Azure AD B2C session](session-overview.md).

articles/active-directory-b2c/configure-tokens.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 05/07/2020
+ms.date: 10/15/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -51,6 +51,17 @@ You can configure the token lifetime on any user flow.
 
 5. Click **Save**.
 
+## Provide optional claims to your app
+
+The application claims are values that are returned to the application. Update your user flow to contain the desired claims.
+
+1. Select **User flows (policies)**.
+1. Open the user flow that you previously created.
+1. Select **Application claims**.
+1. Choose the claims and attributes that you want send back to your application.
+1. Click **Save**.
+
+
 ## Next steps
 
 Learn more about how to [request access tokens](access-tokens.md).

articles/active-directory/external-identities/invitation-email-elements.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 09/28/2020
+ms.date: 10/20/2020
 
 ms.author: mimart
 author: msmimart
@@ -22,9 +22,6 @@ Invitation emails are a critical component to bring partners on board as B2B col
 
 ![Screenshot showing the B2B invitation email](media/invitation-email-elements/invitation-email.png)
 
-> [!NOTE]
-> This new email template is still being rolled out to all tenants, so some tenants are still using an older design. By the end of May 2020, invitations from all tenants will be using this template.
-
 ## Explaining the email
 
 Let's look at a few elements of the email so you know how best to use their capabilities.
@@ -49,17 +46,11 @@ The email starts with a brief warning to the user about phishing, alerting them
 
 ![Image of the phishing warning in the email](media/invitation-email-elements/phishing-warning.png)
 
-### Inviter's information
-
-The email includes information about the inviter and the organization they’re sending the invitation from. This includes the sender’s name and email address, as well as the name and primary domain associated with the organization. All of this information should help the invitee make an informed decision about accepting the invitation.
-
-![Image of the inviter's information in the email](media/invitation-email-elements/inviters-information.png)
-
-### Invitation message
+### Inviter's information and invitation message
 
-If the inviter includes a message as part of their invitation when they [invite a guest user to the directory, group, or app](add-users-administrator.md) or when they [use the invitation API](customize-invitation-api.md), the message is highlighted in the main section of the email. Also included are the inviter’s name and profile image if they’ve set one. The message itself is a text area, so for security reasons, it doesn't process HTML tags.
+The email includes the name and primary domain associated with the organization sending the invitation. This information should help the invitee make an informed decision about accepting the invitation. If the inviter includes a message as part of their invitation when they [invite a guest user to the directory, group, or app](add-users-administrator.md) or when they [use the invitation API](customize-invitation-api.md), the message is highlighted in the main section of the email. Also included are the inviter’s name and profile image if they’ve set one. The message itself is a text area, so for security reasons, it doesn't process HTML tags.
 
-![Image of the invitation message in the email](media/invitation-email-elements/invitation-message.png)
+![Image of the invitation message in the email](media/invitation-email-elements/invitation-message-inviters-info.png)
 
 ### Accept button and redirect URL
 

articles/active-directory/external-identities/media/invitation-email-elements/accept-button.png

@@ -22,7 +22,7 @@ There are two basic steps:
 > [!NOTE]
 > This article assumes that you have set a public IP address on the cluster controller or on another VM inside your cluster's virtual network. This article describes how to use that VM as a host to access the cluster. If you are using a VPN or ExpressRoute for virtual network access, skip to [Connect to the Avere Control Panel](#connect-to-the-avere-control-panel-in-a-browser).
 
-Before connecting, make sure that the SSH public/private key pair that you used when creating the cluster controller is installed on your local machine. Read the SSH keys documentation for [Windows](https://docs.microsoft.com/azure/virtual-machines/linux/ssh-from-windows) or for [Linux](https://docs.microsoft.com/azure/virtual-machines/linux/mac-create-ssh-keys) if you need help. If you used a password instead of a public key, you will be prompted to enter it when you connect.
+Before connecting, make sure that the SSH public/private key pair that you used when creating the cluster controller is installed on your local machine. Read the SSH keys documentation for [Windows](../virtual-machines/linux/ssh-from-windows.md) or for [Linux](../virtual-machines/linux/mac-create-ssh-keys.md) if you need help. If you used a password instead of a public key, you will be prompted to enter it when you connect.
 
 ## Create an SSH tunnel
 
@@ -62,4 +62,4 @@ Click **Login** or press enter on your keyboard.
 
 ## Next steps
 
-After you have logged in to the cluster's control panel, enable [support](avere-vfxt-enable-support.md).
+After you have logged in to the cluster's control panel, enable [support](avere-vfxt-enable-support.md).