Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into patch-42

Author: sdgilley

.openpublishing.publish.config.json

@@ -233,6 +233,11 @@
       "url": "https://github.com/Azure-Samples/azure-iot-samples-node",
       "branch": "master"
     },
+    {
+      "path_to_root": "azure-iot-sdk-node",
+      "url": "https://github.com/Azure/azure-iot-sdk-node",
+      "branch": "master"
+    },
     {
       "path_to_root": "iot-samples-c",
       "url": "https://github.com/Azure/azure-iot-sdk-c",
@@ -499,6 +504,11 @@
       "path_to_root": "azure-cosmosdb-java-v4-getting-started",
       "url": "https://github.com/Azure-Samples/azure-cosmos-java-getting-started",
       "branch": "master"
+    },
+    {
+      "path_to_root": "azure-storage-snippets",
+      "url": "https://github.com/azure-samples/AzureStorageSnippets",
+      "branch": "master"
     }
   ],
   "branch_target_mapping": {

.openpublishing.redirection.json

@@ -1,4 +1,17 @@
 # Testing the new code owners feature in GitHub. Please contact Cory Fowler if you have questions.
+
+# Horizontals
+
+## Azure Policy: Samples
+articles/**/policy-samples.md @DCtheGeek
+includes/policy/ @DCtheGeek
+
+# Azure Active Directory
+
+articles/active-directory-b2c/ @msmimart @yoelhor
+articles/active-directory/app-provisioning/ @CelesteDG
+articles/active-directory/manage-apps/ @CelesteDG
+
 # Cognitive Services
 articles/cognitive-services/ @diberry @erhopf @aahill @ievangelist @patrickfarley @nitinme
 
@@ -9,7 +22,7 @@ articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
 # Requires Internal Review
-articles/best-practices-availability-paired-regions.md @jpconnock @martinekuan @syntaxc4 @tysonn @snoviking
+articles/best-practices-availability-paired-regions.md @martinekuan @syntaxc4 @snoviking
 
 # Governance
 articles/governance/ @DCtheGeek

CODEOWNERS

@@ -11,7 +11,7 @@ For more information, see the [Code of Conduct FAQ](https://opensource.microsoft
 
 ## How can I contribute?
 
-There are a variety of ways to contribute to the documentation, review the sections below to find out which one is right for you.
+There are many ways to contribute to the documentation, review the sections below to find out which one is right for you.
 
 ### Reporting Bugs and Suggesting Enhancements
 

CONTRIBUTING.md

@@ -76,6 +76,8 @@
     href: user-overview.md
   - name: User profile attributes
     href: user-profile-attributes.md
+  - name: SSO sessions
+    href: session-overview.md
 - name: How-to guides
   items:
   - name: App integration
@@ -224,7 +226,9 @@
     - name: Tokens and session management
       items:
       - name: Customize tokens
-        href: custom-policy-manage-sso-and-token-config.md
+        href: configure-tokens-custom-policy.md
+      - name: Configure session behavior
+        href: session-behavior-custom-policy.md
     - name: Pass through external IdP token
       href: idp-pass-through-custom.md
     - name: Adaptive experience
@@ -335,8 +339,8 @@
             href: phone-factor-technical-profile.md 
           - name: REST
             href: restful-technical-profile.md
-          - name: SAML
-            href: saml-technical-profile.md
+          - name: SAML identity provider 
+            href: saml-identity-provider-technical-profile.md
           - name: SAML token issuer
             href: saml-issuer-technical-profile.md
           - name: Self-asserted

articles/active-directory-b2c/TOC.yml

@@ -39,7 +39,7 @@ Define your application and service architecture, inventory current systems, and
 | Create a migration plan |Planning ahead can make migration go more smoothly. Learn more about [user migration](user-migration.md).|
 | Usability vs. security | Your solution must strike the right balance between application usability and your organization's acceptable level of risk. |
 | Move on-premises dependencies to the cloud | To help ensure a resilient solution, consider moving existing application dependencies to the cloud. |
-| Migrate existing apps to b2clogin.com | The deprecation of login.microsoftonline.com went into effect for all Azure AD B2C tenants on 04 December 2020. [Learn more](b2clogin.md). |
+| Migrate existing apps to b2clogin.com | The deprecation of login.microsoftonline.com will go into effect for all Azure AD B2C tenants on 04 December 2020. [Learn more](b2clogin.md). |
 
 ## Implementation
 
@@ -88,4 +88,4 @@ Stay up to date with the state of the service and find support options.
 |--|--|
 | [Service updates](https://azure.microsoft.com/updates/?product=active-directory-b2c) |  Stay up to date with Azure AD B2C product updates and announcements. |
 | [Microsoft Support](support-options.md) | File a support request for Azure AD B2C technical issues. Billing and subscription management support is provided at no cost. |
-| [Azure status](https://status.azure.com/status) | View the current health status of all Azure services. |
+| [Azure status](https://status.azure.com/status) | View the current health status of all Azure services. |

articles/active-directory-b2c/best-practices.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/30/2020
+ms.date: 04/21/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -86,7 +86,14 @@ The following sections list available claim resolvers.
 | {Context:IPAddress} | The user IP address. | 11.111.111.11 |
 | {Context:KMSI} | Indicates whether [Keep me signed in](custom-policy-keep-me-signed-in.md) checkbox is selected. |  true |
 
-### Non-protocol parameters
+### Claims 
+
+| Claim | Description | Example |
+| ----- | ----------- | --------|
+| {Claim:claim type} | An identifier of a claim type already defined in the ClaimsSchema section in the policy file or parent policy file.  For example: `{Claim:displayName}`, or `{Claim:objectId}`. | A claim type value.|
+
+
+### OAuth2 key-value parameters
 
 Any parameter name included as part of an OIDC or OAuth2 request can be mapped to a claim in the user journey. For example, the request from the application might include a query string parameter with a name of `app_session`, `loyalty_number`, or any custom query string.
 
@@ -114,6 +121,7 @@ Any parameter name included as part of an OIDC or OAuth2 request can be mapped t
 | {SAML:AllowCreate} | The `AllowCreate` attribute value, from the `NameIDPolicy` element of the SAML request. | True |
 | {SAML:ForceAuthn} | The `ForceAuthN` attribute value, from the `AuthnRequest` element of the SAML request. | True |
 | {SAML:ProviderName} | The `ProviderName` attribute value, from the `AuthnRequest` element of the SAML request.| Contoso.com |
+| {SAML:RelayState} | The `RelayState` query string parameter.| 
 
 ## Using claim resolvers
 
@@ -127,7 +135,7 @@ You can use claims resolvers with the following elements:
 |[OpenID Connect](openid-connect-technical-profile.md) technical profile| `InputClaim`, `OutputClaim`| 1, 2|
 |[Claims transformation](claims-transformation-technical-profile.md) technical profile| `InputClaim`, `OutputClaim`| 1, 2|
 |[RESTful provider](restful-technical-profile.md) technical profile| `InputClaim`| 1, 2|
-|[SAML2](saml-technical-profile.md)  technical profile| `OutputClaim`| 1, 2|
+|[SAML identity provider](saml-identity-provider-technical-profile.md)  technical profile| `OutputClaim`| 1, 2|
 |[Self-Asserted](self-asserted-technical-profile.md) technical profile| `InputClaim`, `OutputClaim`| 1, 2|
 |[ContentDefinition](contentdefinitions.md)| `LoadUri`| |
 |[ContentDefinitionParameters](relyingparty.md#contentdefinitionparameters)| `Parameter` | |

articles/active-directory-b2c/claim-resolver-overview.md

@@ -43,3 +43,9 @@ The following tables provide links to samples for applications including iOS, An
 | Sample | Description |
 |--------| ----------- |
 | [javascript-msal-singlepageapp](https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp) | A single page application (SPA) calling a Web API. Authentication is done with Azure AD B2C by using MSAL.js. |
+
+## SAML test application
+
+| Sample | Description |
+|--------| ----------- |
+| [saml-sp-tester](https://github.com/azure-ad-b2c/saml-sp-tester/tree/master/source-code) | SAML test application to test Azure AD B2C configured to act as SAML identity provider. |

articles/active-directory-b2c/code-samples.md

@@ -0,0 +1,91 @@
+---
+title: Manage SSO and token customization using custom policies
+titleSuffix: Azure AD B2C
+description: Learn about managing SSO and token customization using custom policies in Azure Active Directory B2C.
+services: active-directory-b2c
+author: msmimart
+manager: celestedg
+
+ms.service: active-directory
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 05/07/2020
+ms.author: mimart
+ms.subservice: B2C
+---
+
+# Manage SSO and token customization using custom policies in Azure Active Directory B2C
+
+This article provides information about how you can manage your token, session, and single sign-on (SSO) configurations using [custom policies](custom-policy-overview.md) in Azure Active Directory B2C (Azure AD B2C).
+
+## JTW token lifetimes and claims configuration
+
+To change the settings on your token lifetimes, you add a [ClaimsProviders](claimsproviders.md) element in the relying party file of the policy you want to impact.  The **ClaimsProviders** element is a child of the [TrustFrameworkPolicy](trustframeworkpolicy.md) element.
+
+Insert the ClaimsProviders element between the BasePolicy element and the RelyingParty element of the relying party file.
+
+Inside, you'll need to put the information that affects your token lifetimes. The XML looks like this example:
+
+```XML
+<ClaimsProviders>
+  <ClaimsProvider>
+    <DisplayName>Token Issuer</DisplayName>
+    <TechnicalProfiles>
+      <TechnicalProfile Id="JwtIssuer">
+        <Metadata>
+          <Item Key="token_lifetime_secs">3600</Item>
+          <Item Key="id_token_lifetime_secs">3600</Item>
+          <Item Key="refresh_token_lifetime_secs">1209600</Item>
+          <Item Key="rolling_refresh_token_lifetime_secs">7776000</Item>
+          <Item Key="IssuanceClaimPattern">AuthorityAndTenantGuid</Item>
+          <Item Key="AuthenticationContextReferenceClaimPattern">None</Item>
+        </Metadata>
+      </TechnicalProfile>
+    </TechnicalProfiles>
+  </ClaimsProvider>
+</ClaimsProviders>
+```
+
+The following values are set in the previous example:
+
+- **Access token lifetimes** - The access token lifetime value is set with **token_lifetime_secs** metadata item. The default value is 3600 seconds (60 minutes).
+- **ID token lifetime** - The ID token lifetime value is set with the **id_token_lifetime_secs** metadata item. The default value is 3600 seconds (60 minutes).
+- **Refresh token lifetime** - The refresh token lifetime value is set with the **refresh_token_lifetime_secs** metadata item. The default value is 1209600 seconds (14 days).
+- **Refresh token sliding window lifetime** - If you would like to set a sliding window lifetime to your refresh token, set the value of **rolling_refresh_token_lifetime_secs** metadata item. The default value is 7776000 (90 days). If you don't want to enforce a sliding window lifetime, replace the item with `<Item Key="allow_infinite_rolling_refresh_token">True</Item>`.
+- **Issuer (iss) claim** - The Issuer (iss) claim is set with the **IssuanceClaimPattern** metadata item. The applicable values are `AuthorityAndTenantGuid` and `AuthorityWithTfp`.
+- **Setting claim representing policy ID** - The options for setting this value are `TFP` (trust framework policy) and `ACR` (authentication context reference). `TFP` is the recommended value. Set **AuthenticationContextReferenceClaimPattern** with the value of `None`.
+
+    In the **ClaimsSchema** element, add this element:
+
+    ```XML
+    <ClaimType Id="trustFrameworkPolicy">
+      <DisplayName>Trust framework policy name</DisplayName>
+      <DataType>string</DataType>
+    </ClaimType>
+    ```
+
+    In your **OutputClaims** element, add this element:
+
+    ```XML
+    <OutputClaim ClaimTypeReferenceId="trustFrameworkPolicy" Required="true" DefaultValue="{policy}" />
+    ```
+
+    For ACR, remove the **AuthenticationContextReferenceClaimPattern** item.
+
+- **Subject (sub) claim** - This option defaults to ObjectID, if you would like to switch this setting to `Not Supported`, replace this line:
+
+    ```XML
+    <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
+    ```
+
+    with this line:
+
+    ```XML
+    <OutputClaim ClaimTypeReferenceId="sub" />
+    ```
+
+## Next steps
+
+- Learn more about [Azure AD B2C session](session-overview.md).
+- Learn how to [configure session behavior in custom policies](session-behavior-custom-policy.md).
+- Reference: [JwtIssuer](jwt-issuer-technical-profile.md).

articles/active-directory-b2c/configure-tokens-custom-policy.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/16/2019
+ms.date: 05/07/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -21,7 +21,7 @@ In this article, you learn how to configure the [lifetime and compatibility of a
 
 [Create a user flow](tutorial-create-user-flows.md) to enable users to sign up and sign in to your application.
 
-## Configure token lifetime
+## Configure JWT token lifetime
 
 You can configure the token lifetime on any user flow.
 
@@ -37,7 +37,7 @@ You can configure the token lifetime on any user flow.
 
 8. Click **Save**.
 
-## Configure token compatibility
+## Configure JWT token compatibility
 
 1. Select **User flows (policies)**.
 2. Open the user flow that you previously created.