From f961fd000e341b16488a46573dcef6ba6e03c088 Mon Sep 17 00:00:00 2001 From: Christer Ljung Date: Tue, 1 Oct 2024 07:26:20 +0100 Subject: [PATCH 1/6] rm includeQRCode + did:web:path rel link --- docs/verified-id/did-web-path.md | 2 +- docs/verified-id/get-started-request-api.md | 12 ++++-------- docs/verified-id/issuance-request-api.md | 6 ++---- docs/verified-id/presentation-request-api.md | 6 ++---- 4 files changed, 9 insertions(+), 17 deletions(-) diff --git a/docs/verified-id/did-web-path.md b/docs/verified-id/did-web-path.md index 90e0acda16b..9ecf7044a78 100644 --- a/docs/verified-id/did-web-path.md +++ b/docs/verified-id/did-web-path.md @@ -23,7 +23,7 @@ In this article, we go over the steps to enable support for did:web:path to your ## What is did:web:path? -Did:web:path is described in the [did:web Method Specification](https://w3c-ccg.github.io/did-method-web/#optional-path-considerations). If you have an environment where you're required to use a high number of authorities, acquiring domain names for them becomes a problem. Using one single domain and having the different authorities appear as paths under the domain may be a more favorable approach. +Did:web:path is described in the [did:web Method Specification](https://w3c-ccg.github.io/did-method-web/#optional-path-considerations). If you have an environment where you're required to use a high number of [authorities](admin-api.md#authorities), acquiring domain names for them becomes an administrative problem. Using one single domain and having the different authorities appear as paths under the domain may be a more favorable approach. ## Enable domain for did:web:path support diff --git a/docs/verified-id/get-started-request-api.md b/docs/verified-id/get-started-request-api.md index 7f2fcfafbae..0680be737ff 100644 --- a/docs/verified-id/get-started-request-api.md +++ b/docs/verified-id/get-started-request-api.md @@ -308,7 +308,7 @@ Issuance request using the `idTokenHint` attestation flow: ```JSON { - "includeQRCode": false, + "authority": "did:web:verifiedid.contoso.com", "callback": { "url": "https://contoso.com/api/issuer/issuanceCallback", "state": "de19cb6b-36c1-45fe-9409-909a51292a9c", @@ -316,7 +316,6 @@ Issuance request using the `idTokenHint` attestation flow: "api-key": "OPTIONAL API-KEY for CALLBACK EVENTS" } }, - "authority": "did:web:verifiedid.contoso.com", "registration": { "clientName": "Verifiable Credential Expert Sample" }, @@ -338,7 +337,8 @@ Issuance request using the `idTokenHint` attestation flow: Issuance request using the `idTokenHint` attestation flow that [sets the expiry date](issuance-request-api.md#issuance-request-payload): ```JSON - "includeQRCode": false, +{ + "authority": "did:web:verifiedid.contoso.com", "callback": { "url": "https://contoso.com/api/issuer/issuanceCallback", "state": "de19cb6b-36c1-45fe-9409-909a51292a9c", @@ -346,7 +346,6 @@ Issuance request using the `idTokenHint` attestation flow that [sets the expiry "api-key": "OPTIONAL API-KEY for CALLBACK EVENTS" } }, - "authority": "did:web:verifiedid.contoso.com", "registration": { "clientName": "Verifiable Credential Expert Sample" }, @@ -390,7 +389,7 @@ Presentation request for a credential with a certain type and issuer: ```JSON { - "includeQRCode": true, + "authority": "did:web:verifiedid.contoso.com", "callback": { "url": "https://contoso.com/api/verifier/presentationCallback", "state": "92d076dd-450a-4247-aa5b-d2e75a1a5d58", @@ -398,7 +397,6 @@ Presentation request for a credential with a certain type and issuer: "api-key": "OPTIONAL API-KEY for CALLBACK EVENTS" } }, - "authority": "did:web:verifiedid.contoso.com", "registration": { "clientName": "Veritable Credential Expert Verifier" }, @@ -428,7 +426,6 @@ Presentation request with [claims constraints](presentation-request-api.md#const ```JSON { "authority": "did:web:verifiedid.contoso.com", - "includeQRCode": false, "includeReceipt": false, "registration": { "clientName": "Contoso Job Application Center", @@ -473,7 +470,6 @@ Presentation request with FaceCheck. When using FaceCheck, the `includeReceipt` ```JSON { "authority": "did:web:verifiedid.contoso.com", - "includeQRCode": false, "includeReceipt": false, "registration": { "clientName": "Contoso Job Application Center", diff --git a/docs/verified-id/issuance-request-api.md b/docs/verified-id/issuance-request-api.md index 2a896c9c09d..10edb5e7bd0 100644 --- a/docs/verified-id/issuance-request-api.md +++ b/docs/verified-id/issuance-request-api.md @@ -48,7 +48,6 @@ Content-Type: application/json Authorization: Bearer { - "includeQRCode": true, "callback": { "url": "https://contoso.com/api/issuer/issuanceCallback", "state": "Aaaabbbb11112222", @@ -72,7 +71,7 @@ The issuance request payload contains information about your verifiable credenti ```json { - "includeQRCode": false, + "authority": "did:web:verifiedid.contoso.com", "callback": { "url": "https://contoso.com/api/issuer/issuanceCallback", "state": "de19cb6b-36c1-45fe-9409-909a51292a9c", @@ -80,7 +79,6 @@ The issuance request payload contains information about your verifiable credenti "api-key": "OPTIONAL API-KEY for CALLBACK EVENTS" } }, - "authority": "did:web:verifiedid.contoso.com", "registration": { "clientName": "Verifiable Credential Expert Sample" }, @@ -102,7 +100,7 @@ The payload contains the following properties: |Parameter |Type | Description | |---------|---------|---------| -| `includeQRCode` | Boolean | Determines whether a QR code is included in the response of this request. Present the QR code and ask the user to scan it. Scanning the QR code launches the authenticator app with this issuance request. Possible values are `true` (default) or `false`. When you set the value to `false`, use the return `url` property to render a deep link. | +| `includeQRCode` | Boolean | Optional. Determines whether a QR code is included in the response of this request. Present the QR code and ask the user to scan it. Scanning the QR code launches the authenticator app with this issuance request. Possible values are `true` or `false` (default). When you set the value to `false`, use the return `url` property to render a deep link. | |`callback`| [Callback](#callback-type)| Mandatory. Allows the developer to asynchronously get information on the flow during the verifiable credential issuance process. For example, the developer might want a call when the user has scanned the QR code or if the issuance request succeeds or fails.| | `authority` | string| The issuer's decentralized identifier (DID). For more information, see [Gather credentials and environment details to set up your sample application](verifiable-credentials-configure-issuer.md).| | `registration` | [RequestRegistration](#requestregistration-type)| Provides information about the issuer that can be displayed in the authenticator app. | diff --git a/docs/verified-id/presentation-request-api.md b/docs/verified-id/presentation-request-api.md index 14befbfb64a..65ac2bfb6f2 100644 --- a/docs/verified-id/presentation-request-api.md +++ b/docs/verified-id/presentation-request-api.md @@ -49,7 +49,6 @@ Content-Type: application/json Authorization: Bearer { -    "includeQRCode": true, "callback": {       "url": "https://contoso.com/api/verifier/presentationCallback",       "state": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee", @@ -73,9 +72,8 @@ The presentation request payload contains information about your verifiable cred ```json { - "includeQRCode": true, - "includeReceipt": true, "authority": "did:web:verifiedid.contoso.com", + "includeReceipt": true, "registration": { "clientName": "Veritable Credential Expert Verifier" }, @@ -108,7 +106,7 @@ The payload contains the following properties. |Parameter |Type | Description | |---------|---------|---------| -| `includeQRCode` | Boolean | Optional. Determines whether a QR code is included in the response of this request. Present the QR code and ask the user to scan it. Scanning the QR code launches the authenticator app with this presentation request. Possible values are `true` (default) or `false`. When you set the value to `false`, use the return `url` property to render a deep link. | +| `includeQRCode` | Boolean | Optional. Determines whether a QR code is included in the response of this request. Present the QR code and ask the user to scan it. Scanning the QR code launches the authenticator app with this presentation request. Possible values are `true` or `false` (default). When you set the value to `false`, use the return `url` property to render a deep link. | | `includeReceipt` | Boolean | Optional. Determines whether a receipt should be included in the response of this request. Possible values are `true` or `false` (default). The receipt contains the original payload sent from the authenticator to the Verifiable Credentials service. The receipt is useful for troubleshooting or if you have the need to ge the full details of the payload. There's otherwise no need be set this value to `true `by default. In the `OpenId Connect SIOP` request, the receipt contains the ID token from the original request. | | `authority` | string| Your decentralized identifier (DID) of your verifier Microsoft Entra tenant. For more information, see [Gather tenant details to set up your sample application](verifiable-credentials-configure-verifier.md#gather-tenant-details-to-set-up-your-sample-application).| | `registration` | [RequestRegistration](#requestregistration-type)| Provides information about the verifier. | From 0f67012655563a190aac17c9fad0f5c92805da40 Mon Sep 17 00:00:00 2001 From: henrymbuguakiarie Date: Tue, 1 Oct 2024 14:19:39 +0300 Subject: [PATCH 2/6] Septmber 2024 - What's new doc update --- docs/identity-platform/whats-new-docs.md | 26 ++++++++++++------------ 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/identity-platform/whats-new-docs.md b/docs/identity-platform/whats-new-docs.md index a4b8da92f1c..197235f5d9b 100644 --- a/docs/identity-platform/whats-new-docs.md +++ b/docs/identity-platform/whats-new-docs.md @@ -5,7 +5,7 @@ author: henrymbuguakiarie manager: CelesteDG ms.author: henrymbugua ms.custom: has-adal-ref -ms.date: 09/02/2024 +ms.date: 10/01/2024 ms.service: identity-platform ms.topic: whats-new @@ -16,6 +16,18 @@ ms.topic: whats-new Welcome to what's new in the Microsoft identity platform documentation. This article lists new articles that were added or had significant updates in the last three months. +## September 2024 + +### New articles + +- [Set up an Android device in Shared Device Mode](tutorial-mobile-android-device-shared-mode.md) + +### Updated articles + +- [Overview of shared device mode](msal-shared-devices.md) - Added clarity to the content +- [Shared device mode for Android devices](msal-android-shared-devices.md) - Added clarity to the content +- [Tutorial: Add shared-device mode support to your Android application](tutorial-v2-shared-device-mode.md) - Added clarity to the content + ## August 2024 ### Updated articles @@ -34,15 +46,3 @@ Welcome to what's new in the Microsoft identity platform documentation. This art - [Customize claims issued in the JSON web token (JWT) for enterprise applications](jwt-claims-customization.md) - Updating the script with a working version - [Troubleshoot publisher verification](troubleshoot-publisher-verification.md) - Removed reference to Postman - [Restrict a Microsoft Entra app to a set of users](howto-restrict-your-app-to-a-set-of-users.md) - Added clarity to the content - - -## June 2024 - -### Updated articles - -- [Microsoft identity platform code samples](sample-v2-code.md) - Removed archived samples from code sample page and articles -- [Quickstart: Configure a client application to access a web API](quickstart-configure-app-access-web-apis.md) - Added clarity to the content -- [Quickstart: Configure an application to expose a web API](quickstart-configure-app-expose-web-apis.md) - Added clarity to the content -- [Quickstart: Sign in users and call Microsoft Graph from an Android app](quickstart-mobile-app-android-sign-in.md) - Added clarity to the content -- [Redirect URI (reply URL) outline and restrictions](reply-url.md) - Added clarity to the content - From 5d4370a7b0bf47ca9d4451a80126b2e754f30cc4 Mon Sep 17 00:00:00 2001 From: csmulligan <110535300+csmulligan@users.noreply.github.com> Date: Tue, 1 Oct 2024 13:32:58 +0100 Subject: [PATCH 3/6] What's new in Sept updates. --- docs/external-id/customers/whats-new-docs.md | 22 +++++++++++++------- docs/external-id/whats-new-docs.md | 17 +++++++-------- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/docs/external-id/customers/whats-new-docs.md b/docs/external-id/customers/whats-new-docs.md index 37f14a52697..b2167b97fc5 100644 --- a/docs/external-id/customers/whats-new-docs.md +++ b/docs/external-id/customers/whats-new-docs.md @@ -1,7 +1,7 @@ --- title: "What's new in Microsoft Entra External ID in external tenants" description: "New and updated documentation for Microsoft Entra External ID in external tenants." -ms.date: 09/11/2024 +ms.date: 10/01/2024 ms.service: entra-external-id ms.subservice: customers ms.topic: whats-new @@ -16,6 +16,19 @@ manager: CelesteDG Welcome to what's new in documentation for Microsoft Entra External ID in external tenants. This article lists new docs that were added and docs that were significantly updated in the last three months. +## September 2024 + +### New articles + +- [Set up Azure Monitor in external tenants (preview)](how-to-azure-monitor.md) +- [Microsoft Entra External ID training, live demo, and videos](reference-training-videos.md) + +### Updated articles + +- [Quickstart: Get started with the Microsoft Entra External ID extension for Visual Studio Code](visual-studio-code-extension.md) - Updated sign-in experience +- [Service limits and restrictions](reference-service-limits.md) - Updated phone limits +- [Tutorial: Prepare your iOS/macOS app for native authentication](tutorial-native-authentication-prepare-ios-macos-app.md) - MSAL framework update + ## August 2024 ### New article @@ -41,10 +54,3 @@ Welcome to what's new in documentation for Microsoft Entra External ID in extern - [Sign in users in a sample Electron desktop application](how-to-desktop-app-electron-sample-sign-in.md) - Added user flow testing instructions - [Sign in users and edit profile in a sample Node.js web application](sample-web-app-node-sign-in-edit-profile.md) - Editorial updates -## June 2024 - -### Updated articles - -- [Add multifactor authentication (MFA) to an app](how-to-multifactor-authentication-customers.md) - Screenshots and instructions updated -- [Sign in users and call a web API in sample Node.js web application](sample-web-app-node-sign-in-call-api.md) - Editorial updates -- [Tutorial: Add sign-in in Android app by using native authentication](tutorial-native-authentication-android-sign-in-sign-out.md) - Updated sign in instructions diff --git a/docs/external-id/whats-new-docs.md b/docs/external-id/whats-new-docs.md index 7dcd4eb409f..6b63454de8f 100644 --- a/docs/external-id/whats-new-docs.md +++ b/docs/external-id/whats-new-docs.md @@ -1,7 +1,7 @@ --- title: What's new in Microsoft Entra External ID description: New and updated documentation for the Microsoft Entra External ID. -ms.date: 09/11/2024 +ms.date: 10/01/2024 ms.service: entra-external-id ms.topic: whats-new @@ -15,6 +15,13 @@ manager: CelesteDG Welcome to what's new in documentation for Microsoft Entra External ID in workforce tenants. This article lists new docs that were added and docs that were significantly updated in the last three months. To learn what's new with the Microsoft Entra ID service, see [What's new in Microsoft Entra ID](~/fundamentals/whats-new.md). +## September 2024 + +### Updated articles + +- [Configure cross-tenant access settings for B2B collaboration](cross-tenant-access-settings-b2b-collaboration.yml) - Microsoft SharePoint dependency update +- [Leave an organization where you have a guest account](leave-the-organization.md) - Editorial updates + ## August 2024 ### Updated articles @@ -28,11 +35,3 @@ Welcome to what's new in documentation for Microsoft Entra External ID in workfo - [Microsoft Entra External ID documentation](index.yml) - Editorial updates -## June 2024 - -### Updated articles - -- [Federation with SAML/WS-Fed identity providers for guest users](direct-federation.md) - Updated verified domain information and steps for adding new identity providers -- [The elements of the B2B collaboration invitation email](invitation-email-elements.md) - Editorial updates -- [How users in your organization can invite guest users to an app](add-users-information-worker.md) - Editorial updates -- [Overview: Cross-tenant access with Microsoft Entra External ID](cross-tenant-access-overview.md) - Removed the [configurable redemption](cross-tenant-access-overview.md#configurable-redemption) SharePoint limitation for guest users who redeem invites with email one-time passcode From 47e4fe9e58581f5daa5034469591c06b60bc7e1d Mon Sep 17 00:00:00 2001 From: Ortagus Winfrey <85191667+OWinfreyATL@users.noreply.github.com> Date: Tue, 1 Oct 2024 12:06:13 -0400 Subject: [PATCH 4/6] Bypass fix --- .../entitlement-management-access-package-approval-policy.md | 2 +- docs/id-governance/entitlement-management-request-behalf.md | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/id-governance/entitlement-management-access-package-approval-policy.md b/docs/id-governance/entitlement-management-access-package-approval-policy.md index 29b935ea7a2..2a642a85422 100644 --- a/docs/id-governance/entitlement-management-access-package-approval-policy.md +++ b/docs/id-governance/entitlement-management-access-package-approval-policy.md @@ -164,7 +164,7 @@ For example, if you listed Alice and Bob as the first stage approver(s), list Ca ![Access package - Policy- Enable policy setting](./media/entitlement-management-access-package-approval-policy/enable-requests.png) -1. When new requests are enabled, you can specify whether you want to **Allow managers to request on behalf of their employees (preview)**. Enabling this setting will also give you the option to **Bypass approval stage if manager is the requestor and the approver (preview)**. Bypassing an approval stage when the manager is both the requestor, and the approver for that stage, streamlines the request process by reducing redundancy. +1. When new requests are enabled, you can specify whether you want to **Allow managers to request on behalf of their employees (preview)**. :::image type="content" source="media/entitlement-management-access-package-approval-policy/manager-enable-approval.png" alt-text="Screenshot of manager approval of request options."::: 1. Select **Next**. diff --git a/docs/id-governance/entitlement-management-request-behalf.md b/docs/id-governance/entitlement-management-request-behalf.md index b84d0318fcc..37e8da23a16 100644 --- a/docs/id-governance/entitlement-management-request-behalf.md +++ b/docs/id-governance/entitlement-management-request-behalf.md @@ -49,8 +49,6 @@ Follow these steps to edit the policies, allowing on behalf of requests, for an 1. On the **Requests** tab, set **Enable new requests** to Yes. This should show you the option **Allow managers to request on behalf of employees (preview)**. Set that option to Yes. :::image type="content" source="media/entitlement-management-request-behalf/edit-request-policy-behalf.png" lightbox="media/entitlement-management-request-behalf/edit-request-policy-behalf.png" alt-text="Screenshot of editing an access package;s request on behalf of policy."::: - > [!NOTE] - > If approval is required, you will also see the option to **Bypass approval stage if manager is the requestor and approver (preview)**. 1. Save your policy. ## Request an access package on behalf of an employee From ad9826849fd880d17c73899cec9254b63351e9f6 Mon Sep 17 00:00:00 2001 From: Ortagus Winfrey <85191667+OWinfreyATL@users.noreply.github.com> Date: Tue, 1 Oct 2024 12:07:01 -0400 Subject: [PATCH 5/6] Bypass information removed --- .../entitlement-management-access-package-approval-policy.md | 2 +- docs/id-governance/entitlement-management-request-behalf.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/id-governance/entitlement-management-access-package-approval-policy.md b/docs/id-governance/entitlement-management-access-package-approval-policy.md index 2a642a85422..a81302bdd86 100644 --- a/docs/id-governance/entitlement-management-access-package-approval-policy.md +++ b/docs/id-governance/entitlement-management-access-package-approval-policy.md @@ -167,7 +167,7 @@ For example, if you listed Alice and Bob as the first stage approver(s), list Ca 1. When new requests are enabled, you can specify whether you want to **Allow managers to request on behalf of their employees (preview)**. :::image type="content" source="media/entitlement-management-access-package-approval-policy/manager-enable-approval.png" alt-text="Screenshot of manager approval of request options."::: 1. Select **Next**. - + ## Collect additional requestor information for approval In order to make sure users are getting access to the right access packages, you can require requestors to answer custom text field or Multiple Choice questions at the time of request. The questions will then be shown to approvers to help them make a decision. diff --git a/docs/id-governance/entitlement-management-request-behalf.md b/docs/id-governance/entitlement-management-request-behalf.md index 37e8da23a16..936cc91db7e 100644 --- a/docs/id-governance/entitlement-management-request-behalf.md +++ b/docs/id-governance/entitlement-management-request-behalf.md @@ -52,7 +52,7 @@ Follow these steps to edit the policies, allowing on behalf of requests, for an 1. Save your policy. ## Request an access package on behalf of an employee - + As a manager, you can request an access package for a direct report by doing the following steps: 1. Sign in to the My Access portal at [https://myaccess.microsoft.com](https://myaccess.microsoft.com). For US Government, the domain in the My Access portal link is `myaccess.microsoft.us`. From 0c593bb7788f58e5d274c5fd79cfd37f94520973 Mon Sep 17 00:00:00 2001 From: Ortagus Winfrey <85191667+OWinfreyATL@users.noreply.github.com> Date: Tue, 1 Oct 2024 12:10:35 -0400 Subject: [PATCH 6/6] Other reference removed --- docs/id-governance/entitlement-management-request-approve.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/id-governance/entitlement-management-request-approve.md b/docs/id-governance/entitlement-management-request-approve.md index 837e460ea4c..54046bcf795 100644 --- a/docs/id-governance/entitlement-management-request-approve.md +++ b/docs/id-governance/entitlement-management-request-approve.md @@ -57,9 +57,6 @@ If you don't have the email, you can find the access requests pending your appro 1. Based on the information the requestor provided, you can then approve or deny the request. See the steps in Approve or deny request for guidance. -> [!NOTE] -> If the manager of the user the request is for is the approver, and also the requestor, of the the access package then the approval stage might be bypassed depending on policy settings. For more information, see: [Configure an access package policy allowing on behalf of requests](entitlement-management-request-behalf.md). - ## Approve or deny request After you open an access request pending approval, you can see details that will help you make an approve or deny decision.