updates

Author: OWinfreyATL

articles/active-directory/governance/configure-logic-app-lifecycle-workflows.md

@@ -13,9 +13,9 @@ ms.custom: template-how-to #Required; leave this attribute/value as-is.
 
 # Configure a Logic App for Lifecycle Workflow use (Preview)
 
-Before you can use an existing Azure Logic App with the custom task extension feature of Lifecycle Workflows, it must first be made compatible. This reference guide provides a list of steps that must be taken to make the Azure Logic App compatible the custom task extension. For a simpler guide on creating a new Logic App with the custom task extension via the Lifecycle Workflows portal, see [Trigger Logic Apps based on custom task extensions (preview)](trigger-custom-task.md).
+Before you can use an existing Azure Logic App with the custom task extension feature of Lifecycle Workflows, it must first be made compatible. This reference guide provides a list of steps that must be taken to make the Azure Logic App compatible. For a guide on creating a new compatible Logic App via the Lifecycle Workflows portal, see [Trigger Logic Apps based on custom task extensions (preview)](trigger-custom-task.md).
 
-## Configure existing Logic Apps for LCW use with Microsoft Graph
+## Configure existing Logic Apps for LCW use
 
 Making an Azure Logic app compatible to run with the **Custom Task Extension** requires the following steps:
 
@@ -31,7 +31,7 @@ To configure those you'll follow these steps:
 
 1. Open the Azure Logic App you want to use with Lifecycle Workflow. Logic Apps may greet you with an introduction screen, which you can close with the X in the upper right corner.
 
-1. On the left of the screen select **Logic App code view**.
+1. On the left of the screen, select **Logic App code view**.
 
 1. In the editor paste the following code:
     ```LCW Logic App code view template
@@ -199,24 +199,31 @@ To configure those you'll follow these steps:
 
 1. Switch to the **Logic App designer** and inspect the configured trigger and callback action. To build your custom business logic, add other actions between the trigger and callback action. If you're only interested in the fire-and-forget scenario, you may remove the callback action.
 
-1. On the left of the screen select **Identity**. 
+1. On the left of the screen, select **Identity**. 
 
-1. Under the system assigned tab enable the status to register it with Azure Active Directory.
+1. Under the system assigned tab, enable the status to register it with Azure Active Directory.
 
 1. Select Save.    
 
 1. For Logic Apps authorization policy, we'll need the managed identities **Application ID**. Since the Azure portal only shows the Object ID, we need to look up the Application ID. You can search for the managed identity by Object ID under **Enterprise Applications in the Azure AD Portal** to find the required Application ID.
 
 1. Go back to the logic app you created, and select **Authorization**.
 
-1. Create a new authorization policy based on the table below:
+1. Create two authorization policies based on the tables below:
 
     |Claim  |Value  |
     |---------|---------|
     |Issuer     |  https://sts.windows.net/(Tenant ID)/       |
     |Audience     | Application ID of your Logic Apps Managed Identity       |
     |appID     |  ce79fdc4-cd1d-4ea5-8139-e74d7dbe0bb7   |
 
+    Policy name: AzureADLifecycleWorkflowsAuthPolicyV2App   
+ 
+    |Claim  |Value  |
+    |---------|---------|
+    |Issuer     |  https://login.microsoftonline.com/(Tenant ID)/v2.0       |
+    |Audience     | Application ID of your Logic Apps Managed Identity       |
+    |appID     |  ce79fdc4-cd1d-4ea5-8139-e74d7dbe0bb7   |
 
 1. Save the Authorization policy.
 > [!NOTE]
@@ -228,112 +235,9 @@ To configure those you'll follow these steps:
 -	For Audience, ensure you're using the Application ID and not the Object ID of your Managed Identity
 -	For appid, ensure the custom claim is “appid” in all lowercase. The appid value represents Lifecycle Workflows and is always the same.
 
-  
-
-## Linking Lifecycle Workflows with Logic Apps using Microsoft Graph
-
-After the Logic App, we can now integrate it with Lifecycle Workflows. As outlined in the high-level steps we first need to create the customTaskExtension and afterwards, we can reference the customTaskExtension in our “Run a custom task extension” task.
-
-The API call for creating a customTaskExtension is as follows:
-```http
-POST https://graph.microsoft.com/beta/identityGovernance/lifecycleManagement/customTaskExtensions
-Content-type: application/json
-
-{
-    "displayName": "<Custom task extension name>",
-    "description": "<description for custom task extension>",
-    "callbackConfiguration": {
-        "@odata.type": "#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration",
-        "durationBeforeTimeout": "PT1H"
-    },
-    "endpointConfiguration": {
-        "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
-        "subscriptionId": "<Your Azure subscription>",
-        "resourceGroupName": "<Resource group where the Logic App is located>",
-        "logicAppWorkflowName": "<Logic App workflow name>"
-    },
-    "authenticationConfiguration": {
-        "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
-        "resourceId": " f9c5dc6b-d72b-4226-8ccd-801f7a290428"
-    },
-    "clientConfiguration": {
-        "timeoutInMilliseconds": 1000,
-        "maximumRetries": 1
-    }
-}
-```
-> [!NOTE]
-> To create a custom task extension instance that does not wait for a response from the logic app, remove the **callbackConfiguration** parameter.
-
-After the task is created, you can run the following GET call to retrieve its details:
-
-```http
-GET https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/customTaskExtensions
-```
-
-An example response is as follows:
- ```Example Custom Task Extension return
-{
-  "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/customTaskExtensions",
-  "@odata.count": 1,
-  "value": [
-    {
-    "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/customTaskExtensions",
-    "@odata.count": 1,
-    "value": [
-        {
-            "id": "def9685c-e0f6-45aa-8fe8-a9f7ee6d30d6",
-            "displayName": "My Custom Task Extension",
-            "description": "My Custom Task Extension to test Lifecycle workflows Logic App integration",
-            "createdDateTime": "2022-06-28T10:47:08.9359567Z",
-            "lastModifiedDateTime": "2022-06-28T10:47:08.936017Z",
-            "endpointConfiguration": {
-                "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
-                "subscriptionId": "c500b67c-e9b7-4ad2-a90d-77d41385ae55",
-                "resourceGroupName": "RG-LCM",
-                "logicAppWorkflowName": "LcwDocsTest"
-            },
-            "authenticationConfiguration": {
-                "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
-                "resourceId": "f74118f0-849a-457d-a7e4-ee97eab6017a"
-            },
-            "clientConfiguration": {
-                "maximumRetries": 1,
-                "timeoutInMilliseconds": 1000
-            },
-            "callbackConfiguration": {
-                "@odata.type": "#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration",
-                "timeoutDuration": "PT1H"
-            }
-        }
-    ]
-}
-
-```
-
-You'll then take the custom extension **ID**, and use it as the value in the customTaskExtensionId parameter for the custom task example here:
-
-> [!NOTE]
-> The new “Run a Custom Task Extension” task is already available in the Public Preview UI.
-
-```Example of Custom Task extension task
-"tasks":[
-    {
-	"taskDefinitionId": "4262b724-8dba-4fad-afc3-43fcbb497a0e",
-	"continueOnError": false,
-	"displayName": "<Custom Task Extension displayName>",
-	"description": "<Custom Task Extension description>",
-	"isEnabled": true,
-	"arguments": [
-		{
-			"name": "customTaskExtensionID",
-			"value": "<ID of your Custom Task Extension>"
-		}
-	]
-}
-
+## Using the Logic App with Lifecycle Workflows
 
-```
+Now that your Logic app is configured for use with Lifecycle Workflows, you can create a custom task extension via UI or API and use it in a Lifecycle Workflow.
 
 ## Next steps
 

articles/active-directory/governance/lifecycle-workflow-tasks.md

@@ -129,7 +129,7 @@ For Microsoft Graph the parameters for the **Generate Temporary Access Password
 |displayName     | GenerateTAPAndSendEmail (Customizable by user)      |
 |description     | Generate Temporary Access Password and send via email to user's manager (Customizable by user)       |
 |taskDefinitionId     |   1b555e50-7f65-41d5-b514-5894a026d10d     |
-|arguments     |  Argument contains the name parameter "tapLifetimeInMinutes", which is the lifetime of the temporaryAccessPass in minutes starting at startDateTime. Minimum 10, Maximum 43200 (equivalent to 30 days). The argument also contains the tapIsUsableOnce parameter, which determines whether the password is limited to a one time use. If true, the pass can be used once; if false, the pass can be used multiple times within the temporaryAccessPass lifetime.    |
+|arguments     |  Argument contains the name parameter "tapLifetimeInMinutes", which is the lifetime of the temporaryAccessPass in minutes starting at startDateTime. Minimum 10, Maximum 43200 (equivalent to 30 days). The argument also contains the tapIsUsableOnce parameter, which determines whether the passcode is limited to a one time use. If true, the pass can be used once; if false, the pass can be used multiple times within the temporaryAccessPass lifetime.    |
 
 
 ```Example for usage within the workflow
@@ -643,4 +643,4 @@ For Microsoft Graph the parameters for the **Send offboarding email to users man
 ## Next steps
 
 - [Manage lifecycle workflows properties](manage-workflow-properties.md)
-- [Manage lifecycle workflow versions](delete-lifecycle-workflow.md)
+- [Manage lifecycle workflow versions](manage-workflow-tasks.md)