crowcoder
diff --git a/‎powerapps-docs/maker/portals/configure/configure-azure-ad-b2c-provider.md
Lines changed: 6 additions & 6 deletions b/‎powerapps-docs/maker/portals/configure/configure-azure-ad-b2c-provider.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎powerapps-docs/maker/portals/configure/configure-oauth2-google.md
Lines changed: 1 addition & 1 deletion b/‎powerapps-docs/maker/portals/configure/configure-oauth2-google.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎powerapps-docs/maker/portals/configure/configure-oauth2-provider.md
Lines changed: 1 addition & 1 deletion b/‎powerapps-docs/maker/portals/configure/configure-oauth2-provider.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎powerapps-docs/maker/portals/configure/configure-openid-faqs.md
Lines changed: 3 additions & 3 deletions b/‎powerapps-docs/maker/portals/configure/configure-openid-faqs.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎powerapps-docs/maker/portals/configure/configure-openid-provider.md
Lines changed: 6 additions & 9 deletions b/‎powerapps-docs/maker/portals/configure/configure-openid-provider.md
Lines changed: 6 additions & 9 deletions
diff --git a/‎powerapps-docs/maker/portals/configure/configure-openid-settings.md
Lines changed: 1 addition & 1 deletion b/‎powerapps-docs/maker/portals/configure/configure-openid-settings.md
Lines changed: 1 addition & 1 deletion
@@ -91,11 +91,11 @@ A portal owner can configure the portal to accept [!include[Azure](../../../incl
 
               ![Run user flow](media/use-simplified-authentication-configuration/run-user-flow.png "Run user flow")
 
-           1. Select the OpenID configuration URL to open in a new browser window or tab.<!--note from editor: Should we add alt text to describe the URL in more detail here? If it would be essential to a user with low vision, any information in an image needs to be available in alt text or an :::image::: description.-->
+           1. Select the OpenID configuration URL to open in a new browser window or tab.
 
-               ![Select the OpenID configuration URL](media/use-simplified-authentication-configuration/select-openid-configuration-url.png "Select the OpenID configuration URL")
+               ![Select the OpenID configuration URL](media/use-simplified-authentication-configuration/select-openid-configuration-url.png "Select the OpenID configuration URL. Format: https://<B2C-tenant-name>.b2clogin.com/tfp/<B2C-tenant-name>.onmicrosoft.com/<user-flow-name>/v2.0/.well-known/openid-configuration")
 
-               The URL refers to the OpenID Connect identity provider configuration document, also known as the *OpenID well-known configuration endpoint*.<!--note from editor: This should either be the URL you show in the previous image or a link to more information.-->
+               The URL refers to the OpenID Connect identity provider configuration document, also known as the *OpenID well-known configuration endpoint*.
 
            1. Copy the URL of the **Issuer** from the new browser window or tab.
 
@@ -117,13 +117,13 @@ A portal owner can configure the portal to accept [!include[Azure](../../../incl
         - **Password reset policy ID**: Enter the name of the password reset user flow you created earlier. The name is prefixed with *B2C_1*.
 
         - **Valid issuers**: Enter a comma-delimited list of issuer URLs for the sign-up and sign-in user flow, and password reset user flow, you created earlier. 
-        <br> To get the issuer URLs for the sign-up and sign-in user flow, and the password reset user flow, open each flow and then follow the steps under **Authority**, in step 5a<!--note from editor: Edit okay?--> earlier in this article.
+        <br> To get the issuer URLs for the sign-up and sign-in user flow, and the password reset user flow, open each flow and then follow the steps under **Authority**, in step 5a earlier in this article.
 
-1. In this step, you have the option of configuring additional settings for the Azure AD B2C identity provider.<!--note from editor: Made this into a bulleted list to be parallel with the previous step.-->
+1. In this step, you have the option of configuring additional settings for the Azure AD B2C identity provider.
 
     ![Configure additional settings](media/use-simplified-authentication-configuration/configure-ad-b2c-step3.png "Configure additional settings")
 
-    - **Registration claims mapping**: Enter a list of logical name/claim pairs to be used to map claim values returned from Azure AD B2C (created during sign-up)<!--note from editor: Edit okay? I want to make it clearer what was "created during sign-up" --> to attributes in the contact record. <br> Format: `field_logical_name=jwt_attribute_name`, where `field_logical_name` is the logical name of the field in portals and `jwt_attribute_name` is the attribute with the value returned from the identity provider. <br> 
+    - **Registration claims mapping**: Enter a list of logical name/claim pairs to be used to map claim values returned from Azure AD B2C (created during sign-up) to attributes in the contact record. <br> Format: `field_logical_name=jwt_attribute_name`, where `field_logical_name` is the logical name of the field in portals and `jwt_attribute_name` is the attribute with the value returned from the identity provider. <br> 
      For example, if you've enabled **Job Title (jobTitle)** and **Postal Code (postalCode)** as **User Attributes** in your user flow, and you want to update the corresponding Contact entity fields **Job Title (jobtitle)** and **Address 1: ZIP / Postal Code (address1_postalcode)**, enter the claims mapping as ```jobtitle=jobTitle,address1_postalcode=postalCode```.
 
     - **Login claims mapping**: Enter a list of logical name/claim pairs to be used to map claim values returned from Azure AD B2C after sign-in to the attributes in the contact record. <br> Format: `field_logical_name=jwt_attribute_name` where `field_logical_name` is the logical name of the field in portals, and `jwt_attribute_name` is the attribute with the value returned from the identity provider. <br> 
 
@@ -35,7 +35,7 @@ To use **Google** as an identity provider, you need to [create an app in Google]
 1. In **Google APIs**, select **Credentials** on the left pane.
 
     > [!NOTE]
-    > If you've already configured a consent screen with the portal's<!--note from editor: Edit okay? I assume this should be singular "portal's" rather than "portals' top-level ___domain."--> top-level ___domain, you can skip steps 6 through 14 and go directly to step 15. However, if your consent screen is configured but the portals' top-level ___domain hasn't been added, go through step 11 before you skip to step 15.
+    > If you've already configured a consent screen with the portal's top-level ___domain, you can skip steps 6 through 14 and go directly to step 15. However, if your consent screen is configured but the portals' top-level ___domain hasn't been added, go through step 11 before you skip to step 15.
 
 1. Select **Configure consent screen**.
 1. Select the **External** user type.
 
@@ -12,7 +12,7 @@ ms.reviewer: tapanm
 
 # Configure an OAuth 2.0 provider for portals
 
-To use OAuth 2.0&ndash;based external identity providers, you <!--note from editor: Edit okay? I didn't think "involves" was clear enough. --> register an application with a third-party service to obtain a *client ID* and *client secret* pair. Often this application requires that you specify a redirect URL to allow the identity provider to send users back to the portal (the *relying party*). The client ID and client secret are configured as portal site settings to establish a secure connection from the relying party to the identity provider. The settings are based on the properties of the [[!INCLUDE[cc-microsoft](../../../includes/cc-microsoft.md)]AccountAuthenticationOptions](https://msdn.microsoft.com//library/microsoft.owin.security.microsoftaccount.microsoftaccountauthenticationoptions.aspx), [TwitterAuthenticationOptions](https://msdn.microsoft.com//library/microsoft.owin.security.twitter.twitterauthenticationoptions.aspx), [FacebookAuthenticationOptions](https://msdn.microsoft.com//library/microsoft.owin.security.facebook.facebookauthenticationoptions.aspx), and [GoogleOAuth2AuthenticationOptions](https://msdn.microsoft.com//library/microsoft.owin.security.google.googleoauth2authenticationoptions.aspx) classes.  
+To use OAuth 2.0&ndash;based external identity providers, you register an application with a third-party service to obtain a *client ID* and *client secret* pair. Often this application requires that you specify a redirect URL to allow the identity provider to send users back to the portal (the *relying party*). The client ID and client secret are configured as portal site settings to establish a secure connection from the relying party to the identity provider. The settings are based on the properties of the [[!INCLUDE[cc-microsoft](../../../includes/cc-microsoft.md)]AccountAuthenticationOptions](https://msdn.microsoft.com//library/microsoft.owin.security.microsoftaccount.microsoftaccountauthenticationoptions.aspx), [TwitterAuthenticationOptions](https://msdn.microsoft.com//library/microsoft.owin.security.twitter.twitterauthenticationoptions.aspx), [FacebookAuthenticationOptions](https://msdn.microsoft.com//library/microsoft.owin.security.facebook.facebookauthenticationoptions.aspx), and [GoogleOAuth2AuthenticationOptions](https://msdn.microsoft.com//library/microsoft.owin.security.google.googleoauth2authenticationoptions.aspx) classes.  
 
 To learn about individual OAuth 2.0 providers, select the name of the provider that you want to configure:
 
 
@@ -34,14 +34,14 @@ The following optional parameters are supported:
 
 ## Does portals support custom scope parameters in authentication requests?
 
-Yes. Custom scope parameters can be specified by using the scope option during<!--note from editor: Edit okay? Or should it be "...by configuring the **Scope** option"?--> configuration.
+Yes. Custom scope parameters can be specified by using the scope option during configuration.
 
 ## Why does the username value in a contact, or an external identity record in Common Data Service, show a different value compared to what the user entered on the sign-in page?
 
 The username field on a contact record and an external identity record will show the value sent in either the sub-claim or object ID (OID) claim (for Azure AD&ndash;based providers). This is because the sub-claim represents the identifier for the end user and is guaranteed by the identity provider to be unique. An OID claim (where the object ID is a unique identifier for all users in a tenant) is supported when used with single-tenant Azure AD&ndash;based providers.
 
 ## Does portals support sign-out from OpenID Connect&ndash;based providers?
-<!--note from editor: Following edits to "logout" okay? This follows Writing Style Guide and I don't find any other sources that indicate that "sign out" is inaccurate.-->
+
 Yes. The portals feature supports the front-channel sign-out technique to sign out from both the application and the OpenID Connect&ndash;based providers.
 
 ## Does portals support single sign-out?
@@ -50,7 +50,7 @@ No. Portals doesn't support the single sign-out technique for OpenID Connect&nda
 
 ## Does portals require any specific claim in an ID token*?
 
-In addition to<!--note from editor: Edit okay?--> all required claims, the portals feature requires a claim representing the email address of users in the ID token. This claim must be named `email`, `emails`, or `upn`.
+In addition to all required claims, the portals feature requires a claim representing the email address of users in the ID token. This claim must be named `email`, `emails`, or `upn`.
 
 Apart from all the required claims, portals requires a claim representing email address of the users in the *id_token*. This claim must be named as either “email”, “emails” or “upn”.
 
 
@@ -14,7 +14,7 @@ ms.reviewer: tapanm
 
 [OpenID Connect](https://openid.net/connect/) external identity providers are services that conform to the [Open ID Connect specification](https://openid.net/specs/openid-connect-core-1_0.html). OpenID Connect introduces the concept of an *ID token*, which is a security token that allows the client to verify the identity of the user. The ID token also gets basic profile information about users&mdash;also known as *claims*.
 
-This article explains how an identity provider that supports OpenID Connect can be integrated with Power Apps portals.
+This article explains how an identity provider that supports OpenID Connect can be integrated with Power Apps portals. Some of the examples of OpenID Connect providers for portals: [Azure Active Directory (Azure AD) B2C](configure-azure-ad-b2c-provider.md), [Azure AD](configure-openid-settings.md), [Azure AD with multiple tenants](configure-openid-settings.md#enable-authentication-using-a-multi-tenant-azure-active-directory-application).
 
 ## Supported and unsupported authentication flows in portals
 
@@ -52,10 +52,7 @@ Similar to all other providers, you have to sign in to [Power Apps](https://make
     ![Create application](media/authentication/step-1-openid.png "Create application")
 
     > [!NOTE]
-    > The Reply URL is used by the app to redirect users to the portal after the authentication succeeds. If your portal uses a custom ___domain name, you might have a different URL than the one provided here.<br><br>Examples of OpenID Connect providers for portals include:<!--note from editor: This list isn't "tip"-type content. I think the list probably should be taken out of the steps entirely and moved to the introduction. -->
-       > - [Azure Active Directory (Azure AD) B2C](configure-azure-ad-b2c-provider.md)
-       > - [Azure AD](configure-openid-settings.md)
-       > - [Azure AD with multiple tenants](configure-openid-settings.md#enable-authentication-using-a-multi-tenant-azure-active-directory-application)
+    > The Reply URL is used by the app to redirect users to the portal after the authentication succeeds. If your portal uses a custom ___domain name, you might have a different URL than the one provided here.
 
 1. Enter the following site settings for portal configuration.
 
@@ -82,7 +79,7 @@ Similar to all other providers, you have to sign in to [Power Apps](https://make
     | Name | Description |
     | - | - |
     | External logout | Enables or disables external account sign-out. When enabled, users are redirected to the external sign-out user experience when they sign out from the portal. When disabled, users are only signed out from the portal. |
-    | Post logout redirect<!--note from editor: Edit okay? To match the UI.--> URL | The ___location where the identity provider will redirect a user after external sign-out. This ___location should be set appropriately in the identity provider configuration. |
+    | Post logout redirect URL | The ___location where the identity provider will redirect a user after external sign-out. This ___location should be set appropriately in the identity provider configuration. |
     | RP initiated logout | Enables or disables a sign-out initiated by the relying party. To use this setting, enable **External logout** first. |
 
 1. (Optional) Configure additional settings.
@@ -96,9 +93,9 @@ Similar to all other providers, you have to sign in to [Power Apps](https://make
     | Valid audiences | Comma-separated list of audience URLs.  |
     | Validate issuers | If enabled, the issuer is validated during token validation. |
     | Valid issuers | Comma-separated list of issuer URLs. |
-    | Registration claims mapping | List of logical name-claim pairs to map claim values returned from the provider during sign-up for<!--note from editor: I get a bit confused by the use of "for" here.Shouldn't it be "to", so it would be "map claim values...to the attributes of the contact record"?--> the attributes of the contact record. <br> Format: `field_logical_name=jwt_attribute_name` where `field_logical_name` is the logical name of the field in portals, and `jwt_attribute_name` is the attribute with the value returned from the identity provider. <br> Example: `firstname=given_name,lastname=family_name` when using *Scope* as `profile` for Azure AD. In this example, `firstname` and `lastname` are the logical names for the profile fields in portals, whereas `given_name` and `family_name` are the attributes with the values returned by the identity provider for the respective fields. |
-    | Login claims mapping | List of logical name-claim pairs to map claim values returned from the provider during sign-up for<!--note from editor: See note above; same question here.--> the attributes of the contact record. <br> Format: `field_logical_name=jwt_attribute_name` where `field_logical_name` is the logical name of the field in portals, and `jwt_attribute_name` is the attribute with the value returned from the identity provider. <br> Example: `firstname=given_name,lastname=family_name` when using *Scope* as `profile` for Azure AD. In this example, `firstname` and `lastname` are the logical names for the profile fields in portals, whereas `given_name` and `family_name` are the attributes with the values returned by the identity provider for the respective fields. |
-    | Nonce lifetime | Lifetime of the nonce value<!--note from editor: Suggested-->, in minutes. Default: 10 minutes. |
+    | Registration claims mapping | List of logical name-claim pairs to map claim values returned from the provider during sign-up to the attributes of the contact record. <br> Format: `field_logical_name=jwt_attribute_name` where `field_logical_name` is the logical name of the field in portals, and `jwt_attribute_name` is the attribute with the value returned from the identity provider. <br> Example: `firstname=given_name,lastname=family_name` when using *Scope* as `profile` for Azure AD. In this example, `firstname` and `lastname` are the logical names for the profile fields in portals, whereas `given_name` and `family_name` are the attributes with the values returned by the identity provider for the respective fields. |
+    | Login claims mapping | List of logical name-claim pairs to map claim values returned from the provider during sign-up to the attributes of the contact record. <br> Format: `field_logical_name=jwt_attribute_name` where `field_logical_name` is the logical name of the field in portals, and `jwt_attribute_name` is the attribute with the value returned from the identity provider. <br> Example: `firstname=given_name,lastname=family_name` when using *Scope* as `profile` for Azure AD. In this example, `firstname` and `lastname` are the logical names for the profile fields in portals, whereas `given_name` and `family_name` are the attributes with the values returned by the identity provider for the respective fields. |
+    | Nonce lifetime | Lifetime of the nonce value, in minutes. Default: 10 minutes. |
     | Use token lifetime | Indicates that the authentication session lifetime (such as cookies) should match that of the authentication token. If specified, this value will override the **Application Cookie Expire Timespan** value in the **Authentication/ApplicationCookie/ExpireTimeSpan** site setting. |
     | Contact mapping with email | Specify whether the contacts are mapped to a corresponding email. <br> When set to **On**, a unique contact record is associated with a matching email address, assigning the external identity provider to the contact after a successful user sign-in. |
 
 
@@ -109,7 +109,7 @@ In this article, you'll learn about configuring an OpenID Connect provider for p
 
             ![OpenID Connect metadata document](media/authentication/openid-connect-metadata-document.png "OpenID Connect metadata document")
 
-        1. Paste the copied document URL as the **Metadata address** for portals.<!--note from editor: Will the reader know where/how to do this?-->
+        1. Paste the copied document URL as the **Metadata address** for portals.
 
     1. **Scope**: Set the **Scope** site setting value as: