Updates from: 11/08/2023 02:27:11
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c Add Api Connector Token Enrichment https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-api-connector-token-enrichment.md
Repeat this step for the **ProfileEdit.xml**, and **PasswordReset.xml** user jou
Save the files you changed: *TrustFrameworkBase.xml*, and *TrustFrameworkExtensions.xml*, *SignUpOrSignin.xml*, *ProfileEdit.xml*, and *PasswordReset.xml*. ## Test the custom policy 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Microsoft Entra tenant by selecting the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**. 1. Select **Identity Experience Framework**. 1. Select **Upload Custom Policy**, and then upload the policy files that you changed: *TrustFrameworkBase.xml*, and *TrustFrameworkExtensions.xml*, *SignUpOrSignin.xml*, *ProfileEdit.xml*, and *PasswordReset.xml*.
active-directory-b2c Add Api Connector https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-api-connector.md
To return the promo code claim back to the relying party application, add an out
## Test the custom policy 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Microsoft Entra tenant by selecting the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**. 1. Select **Identity Experience Framework**. 1. Select **Upload Custom Policy**, and then upload the policy files that you changed: *TrustFrameworkExtensions.xml*, and *SignUpOrSignin.xml*.
active-directory-b2c Add Password Change Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-password-change-policy.md
The password change flow involves the following steps:
## Upload and test the policy 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity Experience Framework**. 1. In **Custom Policies**, select **Upload Policy**.
active-directory-b2c Add Password Reset Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-password-reset-policy.md
The self-service password reset experience can be configured for the Sign in (Re
To set up self-service password reset for the sign-up or sign-in user flow: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. In the portal toolbar, select the **Directories + Subscriptions** icon.
-1. In the **Portal settings | Directories + subscriptions** pane, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **User flows**. 1. Select a sign-up or sign-in user flow (of type **Recommended**) that you want to customize.
Your application might need to detect whether the user signed in by using the Fo
### Upload the custom policy 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. In the portal toolbar, select the **Directories + Subscriptions** icon.
-1. In the **Portal settings | Directories + subscriptions** pane, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to the Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. In the menu under **Policies**, select **Identity Experience Framework**. 1. Select **Upload custom policy**. In the following order, upload the policy files that you changed:
active-directory-b2c Add Ropc Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-ropc-policy.md
When using the ROPC flow, consider the following:
## Create a resource owner user flow 1. Sign in to the [Azure portal](https://portal.azure.com) as the **global administrator** of your Azure AD B2C tenant.
-2. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **User flows**, and select **New user flow**. 1. Select **Sign in using resource owner password credentials (ROPC)**.
active-directory-b2c Add Sign In Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-sign-in-policy.md
The sign-in policy lets users:
To add sign-in policy: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Select the **Directories + Subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Policies**, select **User flows**, and then select **New user flow**. 1. On the **Create a user flow** page, select the **Sign in** user flow.
The **SelfAsserted-LocalAccountSignin-Email** technical profile is a [self-asser
## Update and test your policy 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**. 1. Select **Identity Experience Framework**. 1. Select **Upload Custom Policy**, and then upload the policy file that you changed, *TrustFrameworkExtensions.xml*.
active-directory-b2c Add Sign Up And Sign In Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-sign-up-and-sign-in-policy.md
Watch this video to learn how the user sign-up and sign-in policy works.
The sign-up and sign-in user flow handles both sign-up and sign-in experiences with a single configuration. Users of your application are led down the right path depending on the context. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Select the **Directories + Subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Policies**, select **User flows**, and then select **New user flow**.
active-directory-b2c Add Web Api Application https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/add-web-api-application.md
To register an application in your Azure AD B2C tenant, you can use the Azure po
#### [App registrations](#tab/app-reg-ga/) 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Enter a **Name** for the application. For example, *webapi1*.
To register an application in your Azure AD B2C tenant, you can use the Azure po
#### [Applications (Legacy)](#tab/applications-legacy/) 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Applications (Legacy)**, and then select **Add**. 1. Enter a name for the application. For example, *webapi1*.
active-directory-b2c Age Gating https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/age-gating.md
Azure AD B2C uses the information that the user enters to identify whether they'
To use age gating in a user flow, you need to configure your tenant to have extra properties. 1. Use [this link](https://portal.azure.com/?Microsoft_AAD_B2CAdmin_agegatingenabled=true#blade/Microsoft_AAD_B2CAdmin/TenantManagementMenuBlade/overview) to try the age gating preview.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Select **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Properties** for your tenant in the menu on the left. 1. Under the **Age gating**, select **Configure**.
active-directory-b2c Analytics With Application Insights https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/analytics-with-application-insights.md
When you use Application Insights, consider the following:
When you use Application Insights with Azure AD B2C, all you need to do is create a resource and get the instrumentation key. For information, see [Create an Application Insights resource](/previous-versions/azure/azure-monitor/app/create-new-resource). 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that has your Microsoft Entra subscription, and not your Azure AD B2C directory. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find the Microsoft Entra directory that has your subscription in the **Directory name** list, and then select **Switch**
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. Choose **Create a resource** in the upper-left corner of the Azure portal, and then search for and select **Application Insights**. 1. Select **Create**. 1. For **Name**, enter a name for the resource.
active-directory-b2c Azure Monitor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/azure-monitor.md
In summary, you'll use Azure Lighthouse to allow a user or group in your Azure A
First, create, or choose a resource group that contains the destination Log Analytics workspace that will receive data from Azure AD B2C. You'll specify the resource group name when you deploy the Azure Resource Manager template. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your *Microsoft Entra ID* tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. [Create a resource group](../azure-resource-manager/management/manage-resource-groups-portal.md#create-resource-groups) or choose an existing one. This example uses a resource group named _azure-ad-b2c-monitor_. ## 2. Create a Log Analytics workspace
First, create, or choose a resource group that contains the destination Log Anal
A **Log Analytics workspace** is a unique environment for Azure Monitor log data. You'll use this Log Analytics workspace to collect data from Azure AD B2C [audit logs](view-audit-logs.md), and then visualize it with queries and workbooks, or create alerts. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your *Microsoft Entra ID* tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. [Create a Log Analytics workspace](../azure-monitor/logs/quick-create-workspace.md). This example uses a Log Analytics workspace named _AzureAdB2C_, in a resource group named _azure-ad-b2c-monitor_. ## 3. Delegate resource management
In this step, you choose your Azure AD B2C tenant as a **service provider**. You
First, get the **Tenant ID** of your Azure AD B2C directory (also known as the directory ID). 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your *Azure AD B2C* tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Select **Microsoft Entra ID**, select **Overview**. 1. Record the **Tenant ID**.
To make management easier, we recommend using Microsoft Entra user _groups_ for
To create the custom authorization and delegation in Azure Lighthouse, we use an Azure Resource Manager template. This template grants Azure AD B2C access to the Microsoft Entra resource group, which you created earlier, for example, _azure-ad-b2c-monitor_. Deploy the template from the GitHub sample by using the **Deploy to Azure** button, which opens the Azure portal and lets you configure and deploy the template directly in the portal. For these steps, make sure you're signed in to your Microsoft Entra tenant (not the Azure AD B2C tenant). 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your *Microsoft Entra tenant*. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. Use the **Deploy to Azure** button to open the Azure portal and deploy the template directly in the portal. For more information, see [create an Azure Resource Manager template](../lighthouse/how-to/onboard-customer.md#create-an-azure-resource-manager-template). [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fazure-ad-b2c%2Fsiem%2Fmaster%2Ftemplates%2FrgDelegatedResourceManagement.json)
After you've deployed the template and waited a few minutes for the resource pro
> On the **Portal settings | Directories + subscriptions** page, ensure that your Azure AD B2C and Microsoft Entra tenants are selected under **Current + delegated directories**. 1. Sign out of the [Azure portal](https://portal.azure.com) and sign back in with your **Azure AD B2C** administrative account. This account must be a member of the security group you specified in the [Delegate resource management](#3-delegate-resource-management) step. Signing out and singing back in allows your session credentials to be refreshed in the next step.
-1. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, in the **Directory name** list, find your Microsoft Entra directory that contains the Azure subscription and the _azure-ad-b2c-monitor_ resource group you created, and then select **Switch**.
+1. Select the **Settings** icon in the portal toolbar.
+1. On the **Portal settings | Directories + subscriptions** page, in the **Directory name** list, find your Microsoft Entra ID directory that contains the Azure subscription and the _azure-ad-b2c-monitor_ resource group you created, and then select **Switch**.
1. Verify that you've selected the correct directory and your Azure subscription is listed and selected in the **Default subscription filter**. ![Screenshot of the default subscription filter](./media/azure-monitor/default-subscription-filter.png)
You're ready to [create diagnostic settings](../active-directory/reports-monitor
To configure monitoring settings for Azure AD B2C activity logs: 1. Sign in to the [Azure portal](https://portal.azure.com/) with your *Azure AD B2C* administrative account. This account must be a member of the security group you specified in the [Select a security group](#32-select-a-security-group) step.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 2. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Select **Microsoft Entra ID** 1. Under **Monitoring**, select **Diagnostic settings**. 1. If there are existing settings for the resource, you'll see a list of settings already configured. Either select **Add diagnostic setting** to add a new setting, or select **Edit settings** to edit an existing setting. Each setting can have no more than one of each of the destination types.
Now you can configure your Log Analytics workspace to visualize your data and co
Log queries help you to fully use the value of the data collected in Azure Monitor Logs. A powerful query language allows you to join data from multiple tables, aggregate large sets of data, and perform complex operations with minimal code. Virtually any question can be answered and analysis performed as long as the supporting data has been collected, and you understand how to construct the right query. For more information, see [Get started with log queries in Azure Monitor](../azure-monitor/logs/get-started-queries.md). 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your *Microsoft Entra ID* tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. From **Log Analytics workspace** window, select **Logs** 1. In the query editor, paste the following [Kusto Query Language](/azure/data-explorer/kusto/query/) query. This query shows policy usage by operation over the past x days. The default duration is set to 90 days (90d). Notice that the query is focused only on the operation where a token/code is issued by policy.
Workbooks provide a flexible canvas for data analysis and the creation of rich v
Follow the instructions below to create a new workbook using a JSON Gallery Template. This workbook provides a **User Insights** and **Authentication** dashboard for Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your *Microsoft Entra ID* tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. From the **Log Analytics workspace** window, select **Workbooks**. 1. From the toolbar, select **+ New** option to create a new workbook. 1. On the **New workbook** page, select the **Advanced Editor** using the **</>** option on the toolbar.
Alerts are created by alert rules in Azure Monitor and can automatically run sav
Use the following instructions to create a new Azure Alert, which will send an [email notification](../azure-monitor/alerts/action-groups.md) whenever there's a 25% drop in the **Total Requests** compared to previous period. Alert will run every 5 minutes and look for the drop in the last hour compared to the hour before it. The alerts are created using Kusto query language. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your *Microsoft Entra ID* tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. From **Log Analytics workspace**, select **Logs**. 1. Create a new **Kusto query** by using this query.
To stop collecting logs to your Log Analytics workspace, delete the diagnostic s
## Delete Log Analytics workspace and resource group 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your *Microsoft Entra ID* tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch** button next to it.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. Choose the resource group that contains the Log Analytics workspace. This example uses a resource group named _azure-ad-b2c-monitor_ and a Log Analytics workspace named `AzureAdB2C`. 1. [Delete the Logs Analytics workspace](../azure-monitor/logs/delete-workspace.md#azure-portal). 1. Select the **Delete** button to delete the resource group.
active-directory-b2c Billing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/billing.md
A subscription linked to an Azure AD B2C tenant can be used for the billing of A
### Create the link 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that has your Microsoft Entra subscription, and not the directory containing your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Select **Create a resource**, and then, in the **Search services and Marketplace** field, search for and select **Azure Active Directory B2C**. 1. Select **Create**. 1. Select **Link an existing Azure AD B2C Tenant to my Azure subscription**.
To change your pricing tier, follow these steps:
1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the Microsoft Entra directory that contains the subscription your Azure B2C tenant and not the Azure AD B2C tenant itself:
- 1. In the Azure portal toolbar, select the **Directories + subscriptions** icon.
-
- 1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch** button next to it.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. In the search box at the top of the portal, enter the name of your Azure AD B2C tenant. Then select the tenant in the search results under **Resources**.
The switch to monthly active users (MAU) billing is **irreversible**. Once you c
Here's how to make the switch to MAU billing for an existing Azure AD B2C resource: 1. Sign in to the [Azure portal](https://portal.azure.com) as the subscription owner with administrative access to the Azure AD B2C resource.
-1. To select the Azure AD B2C directory that you want to upgrade to MAU billing, select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**. 1. On the **Overview** page of the Azure AD B2C tenant, select the link under **Resource name**. You're directed to the Azure AD B2C resource in your Microsoft Entra tenant.<br/>
active-directory-b2c Conditional Access User Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/conditional-access-user-flow.md
Azure AD B2C **Premium P2** is required to create risky sign-in policies. **Prem
To add a Conditional Access policy, disable security defaults: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Microsoft Entra ID**. Or use the search box to find and select **Microsoft Entra ID**. 1. Select **Properties**, and then select **Manage Security defaults**.
When adding Conditional Access to a user flow, consider using **Multi-factor aut
To enable Conditional Access for a user flow, make sure the version supports Conditional Access. These user flow versions are labeled **Recommended**. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Under **Policies**, select **User flows**. Then select the user flow. 1. Select **Properties** and make sure the user flow supports Conditional Access by looking for the setting labeled **Conditional Access**.
The claims transformation isn't limited to the `strongAuthenticationPhoneNumber`
To review the result of a Conditional Access event: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Under **Activities**, select **Audit logs**. 1. Filter the audit log by setting **Category** to **B2C** and setting **Activity Resource Type** to **IdentityProtection**. Then select **Apply**.
active-directory-b2c Configure A Sample Node Web App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-a-sample-node-web-app.md
During app registration, you'll specify the *Redirect URI*. The redirect URI is
To register the web app, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Under **Name**, enter a name for the application (for example, *webapp1*).
active-directory-b2c Configure Authentication In Azure Static App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-azure-static-app.md
During app registration, you specify a *redirect URI*. The redirect URI is the e
To register your application, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Under **Name**, enter a name for the application (for example, *My Azure Static web app*).
active-directory-b2c Configure Authentication In Azure Web App File Based https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-azure-web-app-file-based.md
During app registration, you'll specify the *redirect URI*. The redirect URI is
To register your application, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Under **Name**, enter a name for the application (for example, *My Azure web app*).
active-directory-b2c Configure Authentication In Azure Web App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-azure-web-app.md
During app registration, you'll specify the *redirect URI*. The redirect URI is
To register your application, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Under **Name**, enter a name for the application (for example, *My Azure web app*).
To register your application, follow these steps:
## Step 3: Configure the Azure App 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Microsoft Entra tenant (not the Azure AD B2C tenant). Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find the Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. Navigate to your Azure web app. 1. Select **Authentication** in the menu on the left. Select **Add identity provider**. 1. Select **OpenID Connect** in the identity provider dropdown.
active-directory-b2c Configure Authentication In Sample Node Web App With Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-in-sample-node-web-app-with-api.md
In this step, you create the web and the web API application registrations, and
To create the SPA registration, do the following: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Enter a **Name** for the application (for example, *App ID: 1*).
active-directory-b2c Configure Authentication Sample Angular Spa App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-angular-spa-app.md
In this step, you create the registrations for the Angular SPA and the web API a
Follow these steps to create the Angular app registration: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 2. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. For **Name**, enter a name for the application. For example, enter **MyApp**.
active-directory-b2c Configure Authentication Sample Python Web App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-python-web-app.md
During app registration, you'll specify the *Redirect URI*. The redirect URI is
To create the web app registration, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Under **Name**, enter a name for the application (for example, *webapp1*).
active-directory-b2c Configure Authentication Sample React Spa App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-react-spa-app.md
In this step, you create the registrations for the React SPA and the web API app
Follow these steps to create the React app registration: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. For **Name**, enter a name for the application. For example, enter **MyApp**.
active-directory-b2c Configure Authentication Sample Spa App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-spa-app.md
In this step, you create the SPA and the web API application registrations, and
To create the SPA registration, use the following steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Enter a **Name** for the application (for example, *MyApp*).
active-directory-b2c Configure Authentication Sample Web App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-authentication-sample-web-app.md
During app registration, you'll specify the *redirect URI*. The redirect URI is
To create the web app registration, use the following steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Under **Name**, enter a name for the application (for example, *webapp1*).
active-directory-b2c Configure Tokens https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-tokens.md
The following diagram shows the refresh token sliding window lifetime behavior.
To configure your user flow token lifetime: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **User flows (policies)**. 1. Open the user flow that you previously created.
active-directory-b2c Configure User Input https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-user-input.md
In this article, you collect a new attribute during your sign-up journey in Azur
## Add user attributes your user flow 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. In your Azure AD B2C tenant, select **User flows**. 1. Select your policy (for example, "B2C_1_SignupSignin") to open it.
To return the city claim back to the relying party application, add an output cl
## Upload and test your updated custom policy
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Search for and select **Azure AD B2C**. 1. Under **Policies**, select **Identity Experience Framework**. 1. Select **Upload custom policy**.
active-directory-b2c Custom Domain https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-domain.md
Follow these steps to create an Azure Front Door:
1. Sign in to the [Azure portal](https://portal.azure.com).
-1. To choose the directory that contains the Azure subscription that youΓÇÖd like to use for Azure Front Door and *not* the directory containing your Azure AD B2C tenant:
-
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
-
- 1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch** button next to the directory.
+1. To choose the directory that contains the Azure subscription that youΓÇÖd like to use for Azure Front Door and *not* the directory containing your Azure AD B2C tenant select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Follow the steps in [Create Front Door profile - Quick Create](../frontdoor/create-front-door-portal.md#create-front-door-profilequick-create) to create a Front Door for your Azure AD B2C tenant using the following settings:
Configure Azure Blob storage for Cross-Origin Resource Sharing with the followin
## Test your custom domain 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 2. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch** button next to it.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Policies**, select **User flows (policies)**. 1. Select a user flow, and then select **Run user flow**.
active-directory-b2c Custom Email Mailjet https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-email-mailjet.md
If you don't already have one, start by setting up a Mailjet account (Azure cust
Next, store the Mailjet API key in an Azure AD B2C policy key for your policies to reference. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the **Overview** page, select **Identity Experience Framework**. 1. Select **Policy Keys**, and then select **Add**.
active-directory-b2c Custom Email Sendgrid https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-email-sendgrid.md
Be sure to complete the section in which you [create a SendGrid API key](https:/
Next, store the SendGrid API key in an Azure AD B2C policy key for your policies to reference. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Custom Policies Series Hello World https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-hello-world.md
After you complete [step 2](#step-2build-the-custom-policy-file), the `Contos
## Step 3 - Upload custom policy file 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. In the left menu, under **Policies**, select **Identity Experience Framework**. 1. Select **Upload custom policy**, browse select and then upload the `ContosoCustomPolicy.XML` file.
active-directory-b2c Custom Policies Series Store User https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-store-user.md
After the policy finishes execution, and you receive your ID token, check that t
1. Sign in to the [Azure portal](https://portal.azure.com/) with Global Administrator or Privileged Role Administrator permissions.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
-
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
-
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the Directory name list, and then select Switch.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**.
active-directory-b2c Customize Ui With Html https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/customize-ui-with-html.md
In this article, we use Azure Blob storage to host our content. You can choose t
To host your HTML content in Blob storage, use the following steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Microsoft Entra tenant, and which has a subscription:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the Directory name list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Storage accounts** 1. Select **+ Create**. 1. Select a **Subscription** for your storage account.
Learn more about [how to create and manage Azure storage accounts](../storage/co
### 4. Update the user flow
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the directory name list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. In the left-hand menu, select **User flows**, and then select the *B2C_1_signupsignin1* user flow. 1. Select **Page layouts**, and then under **Unified sign-up or sign-in page**, select **Yes** for **Use custom page content**.
To configure UI customization, copy the **ContentDefinition** and its child elem
#### 5.1 Upload the custom policy
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 2. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Search for and select **Azure AD B2C**. 1. Under **Policies**, select **Identity Experience Framework**. 1. Select **Upload custom policy**.
active-directory-b2c Customize Ui https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/customize-ui.md
The following example shows a *Sign up and sign in* page with a custom logo, bac
::: zone pivot="b2c-user-flow" 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **User flows**. 1. Select a user flow you want to customize.
To customize your user flow pages, you first configure company branding in Micro
Start by setting the banner logo, background image, and background color within **Company branding**. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Manage**, select **Company branding**. 1. Follow the steps in [Add branding to your organization's Microsoft Entra sign-in page](../active-directory/fundamentals/how-to-customize-branding.md).
The following example shows the content definitions with their corresponding the
## Rearrange input fields in the sign-up form To rearrange the input fields on the sign-up page for local accounts form, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. In the left menu, select **User flows**. 1. Select a user flow (for local accounts only) that you want to rearrange its input fields.
active-directory-b2c Disable Email Verification https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/disable-email-verification.md
Some application developers prefer to skip email verification during the sign-up
Follow these steps to disable email verification: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**. 1. Select **User flows**. 1. Select the user flow for which you want to disable email verification.
The **LocalAccountSignUpWithLogonEmail** technical profile is a [self-asserted](
## Test your policy 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**. 1. Select **User flows**. 1. Select the user flow for which you want to disable email verification. For example, *B2C_1_signinsignup*.
The **LocalAccountSignUpWithLogonEmail** technical profile is a [self-asserted](
## Update and test the relying party file 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Microsoft Entra tenant. Select the **Directories + Subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**. 1. Select **Identity Experience Framework**. 1. Select **Upload Custom Policy**, and then upload the two policy files that you changed.
active-directory-b2c Enable Authentication Android App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-android-app.md
Configure where your application listens to the Azure AD B2C token response.
To update the mobile app registration with your app redirect URI, do the following: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select the application you registered in [Step 2.3: Register the mobile app](configure-authentication-sample-android-app.md#step-23-register-the-mobile-app). 1. Select **Authentication**.
active-directory-b2c Find Help Open Support Ticket https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/find-help-open-support-ticket.md
If you're unable to find answers by using self-help resources, you can open an o
1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the Microsoft Entra tenant that contains your Azure subscription:
-
- 1. In the Azure portal toolbar, select the **Directories + subscriptions** icon.
-
- 1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch** button next to it.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Microsoft Entra ID**.
active-directory-b2c Force Password Reset https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/force-password-reset.md
The password reset flow is applicable to local accounts in Azure AD B2C that use
To enable the **Forced password reset** setting in a sign-up or sign-in user flow: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **User flows**. 1. Select the sign-up and sign-in, or sign-in user flow (of type **Recommended**) that you want to customize.
To enable the **Forced password reset** setting in a sign-up or sign-in user flo
## Test the user flow 1. Sign in to the [Azure portal](https://portal.azure.com) as a user administrator or a password administrator. For more information about the available roles, see [Assigning administrator roles in Microsoft Entra ID](../active-directory/roles/permissions-reference.md#all-roles).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **Users**. Search for and select the user you'll use to test the password reset, and then select **Reset Password**. 1. In the Azure portal, search for and select **Azure AD B2C**.
Get the example of the force password reset policy on [GitHub](https://github.co
## Upload and test the policy 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity Experience Framework**. 1. In **Custom Policies**, select **Upload Policy**.
active-directory-b2c Id Token Hint https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/id-token-hint.md
This code creates a secret string like `VK62QTn0m1hMcn0DQ3RPYDAr6yIiSvYgdRwjZtU5
The same key that is used by the token issuer needs to be created in your Azure AD B2C policy keys. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. On the overview page, under **Policies**, select **Identity Experience Framework**. 1. Select **Policy Keys**
active-directory-b2c Identity Protection Investigate Risk https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-protection-investigate-risk.md
An administrator can choose to dismiss a user's risk in the Azure portal or prog
### Navigating the risky users report 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Under **Security**, select **Risky users**.
active-directory-b2c Identity Provider Adfs Saml https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-adfs-saml.md
This article shows you how to enable sign-in for an AD FS user account by using
You need to store your certificate in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
Open a browser and navigate to the URL. Make sure you type the correct URL and t
## Test your custom policy 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Policies**, select **Identity Experience Framework** 1. Select your relying party policy, for example `B2C_1A_signup_signin`.
active-directory-b2c Identity Provider Adfs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-adfs.md
In this step, configure the claims AD FS application returns to Azure AD B2C.
## Configure AD FS as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity providers**, and then select **New OpenID Connect provider**. 1. Enter a **Name**. For example, *Contoso*.
active-directory-b2c Identity Provider Amazon https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-amazon.md
To enable sign-in for users with an Amazon account in Azure Active Directory B2C
## Configure Amazon as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, then select **Amazon**. 1. Enter a **Name**. For example, *Amazon*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Apple Id https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-apple-id.md
To enable sign-in for users with an Apple ID in Azure Active Directory B2C (Azur
## Configure Apple as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/) as a global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Select **Identity providers**, then select **Apple**. 1. For the **Name**, enter **Sign in with Apple**.
The Azure function responds with a properly formatted and signed client secret J
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. On the **Overview** page, select **Identity Experience Framework**. 1. Select **Policy Keys**, and then select **Add**.
active-directory-b2c Identity Provider Azure Ad B2c https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-azure-ad-b2c.md
To enable sign-in for users with an account from another Azure AD B2C tenant (fo
To create an application. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your other Azure AD B2C tenant (for example, Fabrikam.com).
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Enter a **Name** for the application. For example, *ContosoApp*.
To create an application.
## Configure Azure AD B2C as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains the Azure AD B2C tenant you want to configure the federation (for example, Contoso). Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity providers**, and then select **New OpenID Connect provider**. 1. Enter a **Name**. For example, enter *Fabrikam*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the application key that you created earlier in your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains the Azure AD B2C tenant you want to configure the federation (for example, Contoso). Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Under **Policies**, select **Identity Experience Framework**. 1. Select **Policy keys** and then select **Add**.
active-directory-b2c Identity Provider Azure Ad Multi Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-azure-ad-multi-tenant.md
This article shows you how to enable sign-in for users using the multi-tenant en
To enable sign-in for users with a Microsoft Entra account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in the [Azure portal](https://portal.azure.com). For more information, see [Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your organizational Microsoft Entra tenant (for example, Contoso). Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**. 1. Select **New registration**. 1. Enter a **Name** for your application. For example, `Azure AD B2C App`.
If you want to get the `family_name`, and `given_name` claims from Microsoft Ent
You need to store the application key that you created in your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Under **Policies**, select **Identity Experience Framework**. 1. Select **Policy keys** and then select **Add**.
active-directory-b2c Identity Provider Azure Ad Single Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-azure-ad-single-tenant.md
As of November 2020, new application registrations show up as unverified in the
To enable sign-in for users with a Microsoft Entra account from a specific Microsoft Entra organization, in Azure Active Directory B2C (Azure AD B2C), you need to create an application in the [Azure portal](https://portal.azure.com). For more information, see [Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your organizational Microsoft Entra tenant (for example, Contoso):
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 2. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Microsoft Entra ID**. 1. In the left menu, under **Manage**, select **App registrations**. 1. Select **+ New registration**.
To enable sign-in for users with a Microsoft Entra account from a specific Micro
## Configure Microsoft Entra ID as an identity provider
-1. Make sure you're using the directory that contains Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity providers**, and then select **New OpenID Connect provider**. 1. Enter a **Name**. For example, enter *Contoso Microsoft Entra ID*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the application key that you created in your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Under **Policies**, select **Identity Experience Framework**. 1. Select **Policy keys** and then select **Add**.
active-directory-b2c Identity Provider Ebay https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-ebay.md
To create an eBay application, follow these steps:
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Facebook https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-facebook.md
If you don't already have a Facebook account, sign up at [https://www.facebook.c
## Configure Facebook as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, then select **Facebook**. 1. Enter a **Name**. For example, *Facebook*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the App Secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Generic Openid Connect https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-generic-openid-connect.md
This article explains how you can add custom OpenID Connect identity providers i
::: zone pivot="b2c-user-flow" 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, and then select **New OpenID Connect provider**. 1. Enter a **Name**. For example, enter *Contoso*.
active-directory-b2c Identity Provider Generic Saml https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-generic-saml.md
A self-signed certificate is acceptable for most scenarios. For production envir
You need to store your certificate in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
Open a browser and navigate to the URL. Make sure you type the correct URL and t
## Test your custom policy 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Policies**, select **Identity Experience Framework** 1. Select your relying party policy, for example `B2C_1A_signup_signin`.
active-directory-b2c Identity Provider Github https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-github.md
To enable sign-in with a GitHub account in Azure Active Directory B2C (Azure AD
## Configure GitHub as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, then select **GitHub (Preview)**. 1. Enter a **Name**. For example, *GitHub*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Google https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-google.md
To enable sign-in for users with a Google account in Azure Active Directory B2C
## Configure Google as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, then select **Google**. 1. Enter a **Name**. For example, *Google*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Id Me https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-id-me.md
To enable sign-in for users with an ID.me account in Azure Active Directory B2C
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Linkedin https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-linkedin.md
To enable sign-in for users with a LinkedIn account in Azure Active Directory B2
## Configure LinkedIn as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, then select **LinkedIn**. 1. Enter a **Name**. For example, *LinkedIn*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy keys** and then select **Add**.
active-directory-b2c Identity Provider Local https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-local.md
You can choose the local account sign-in methods (email, username, or phone numb
To set your local account sign-in options at the tenant level: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Under **Manage**, select **Identity providers**. 1. In the identity provider list, select **Local account**.
To set your local account sign-in options at the tenant level:
If you choose the **Phone signup**, **Phone/Email signup** option, enable the recovery email prompt. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. In Azure AD B2C, under **Policies**, select **User flows**. 1. Select the user flow from the list.
active-directory-b2c Identity Provider Microsoft Account https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-microsoft-account.md
zone_pivot_groups: b2c-policy-type
To enable sign-in for users with a Microsoft account in Azure Active Directory B2C (Azure AD B2C), you need to create an application in the [Azure portal](https://portal.azure.com). For more information, see [Register an application with the Microsoft identity platform](../active-directory/develop/quickstart-register-app.md). If you don't already have a Microsoft account, you can get one at [https://www.live.com/](https://www.live.com/). 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Microsoft Entra tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**. 1. Select **New registration**. 1. Enter a **Name** for your application. For example, *MSAapp1*.
To enable sign-in for users with a Microsoft account in Azure Active Directory B
## Configure Microsoft as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, then select **Microsoft Account**. 1. Enter a **Name**. For example, *MSA*.
If you want to get the `family_name` and `given_name` claims from Microsoft Entr
Now that you've created the application in your Microsoft Entra tenant, you need to store that application's client secret in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Mobile Id https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-mobile-id.md
To enable sign-in for users with Mobile ID in Azure AD B2C, you need to create a
## Configure Mobile ID as an identity provider
-1. Make sure you're using the directory that contains Azure AD B2C tenant. Select the **Directory + subscription** filter in the top menu and choose the directory that contains your Azure AD B2C tenant.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity providers**, and then select **New OpenID Connect provider**. 1. Enter a **Name**. For example, enter *Mobile ID*.
active-directory-b2c Identity Provider Ping One https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-ping-one.md
To enable sign-in for users with a PingOne (Ping Identity) account in Azure Acti
## Configure PingOne as an identity provider
-1. Make sure you're using the directory that contains Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity providers**, and then select **New OpenID Connect provider**. 1. Enter a **Name**. For example, enter *PingOne*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Qq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-qq.md
To enable sign-in for users with a QQ account in Azure Active Directory B2C (Azu
## Configure QQ as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, then select **QQ (Preview)**. 1. Enter a **Name**. For example, *QQ*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Salesforce Saml https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-salesforce-saml.md
This article shows you how to enable sign-in for users from a Salesforce organiz
You need to store the certificate that you created in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Salesforce https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-salesforce.md
To enable sign-in for users with a Salesforce account in Azure Active Directory
## Configure Salesforce as an identity provider
-1. Make sure you're using the directory that contains Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity providers**, and then select **New OpenID Connect provider**. 1. Enter a **Name**. For example, enter *Salesforce*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Swissid https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-swissid.md
To enable sign-in for users with a SwissID account in Azure AD B2C, you need to
## Configure SwissID as an identity provider
-1. Make sure you're using the directory that contains Azure AD B2C tenant. Select the **Directory + subscription** filter in the top menu and choose the directory that contains your Azure AD B2C tenant.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity providers**, and then select **New OpenID Connect provider**. 1. Enter a **Name**. For example, enter *SwissID*.
active-directory-b2c Identity Provider Twitter https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-twitter.md
To enable sign-in for users with a Twitter account in Azure AD B2C, you need to
## Configure Twitter as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant.
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, then select **Twitter**. 1. Enter a **Name**. For example, *Twitter*.
At this point, the Twitter identity provider has been set up, but it's not yet a
You need to store the secret key that you previously recorded for Twitter app in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant.
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. On the left menu, under **Policies**, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Wechat https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-wechat.md
To enable sign-in for users with a WeChat account in Azure Active Directory B2C
## Configure WeChat as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, then select **WeChat (Preview)**. 1. Enter a **Name**. For example, *WeChat*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Identity Provider Weibo https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/identity-provider-weibo.md
To enable sign-in for users with a Weibo account in Azure Active Directory B2C (
## Configure Weibo as an identity provider 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Identity providers**, then select **Weibo (Preview)**. 1. Enter a **Name**. For example, *Weibo*.
If the sign-in process is successful, your browser is redirected to `https://jwt
You need to store the client secret that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Idp Pass Through User Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/idp-pass-through-user-flow.md
The following diagram shows how an identity provider token returns to your app:
## Enable the claim 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **User flows (policies)**, and then select your user flow. For example, **B2C_1_signupsignin1**. 1. Select **Application claims**.
When testing your applications in Azure AD B2C, it can be useful to have the Azu
### Upload the files 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity Experience Framework**. 1. On the Custom Policies page, click **Upload Policy**.
active-directory-b2c Language Customization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/language-customization.md
In the following example, English (en) and Spanish (es) custom strings are added
### Upload the custom policy 1. Save the extensions file.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Search for and select **Azure AD B2C**. 1. Under **Policies**, select **Identity Experience Framework**. 1. Select **Upload custom policy**.
active-directory-b2c Manage Users Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/manage-users-portal.md
This article focuses on working with **consumer accounts** in the Azure portal.
## Create a consumer user 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Microsoft Entra ID**. Or, select **All services** and search for and select **Microsoft Entra ID**. 1. Under **Manage**, select **Users**. 1. Select **New user**.
active-directory-b2c Microsoft Graph Get Started https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/microsoft-graph-get-started.md
Azure AD B2C authentication service directly supports OAuth 2.0 client credentia
Before your scripts and applications can interact with the [Microsoft Graph API][ms-graph-api] to manage Azure AD B2C resources, you need to create an application registration in your Azure AD B2C tenant that grants the required API permissions. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Enter a **Name** for the application. For example, *managementapp1*.
If your application or script needs to update users' passwords, you need to assi
To add the *User administrator* role, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Search for and select **Azure AD B2C**. 1. Under **Manage**, select **Roles and administrators**. 1. Select the **User administrator** role.
active-directory-b2c Multi Factor Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/multi-factor-authentication.md
With [Conditional Access](conditional-access-identity-protection-overview.md) us
::: zone pivot="b2c-user-flow" 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**. 1. Select **User flows**. 1. Select the user flow for which you want to enable MFA. For example, *B2C_1_signinsignup*.
In Azure AD B2C, you can delete a user's TOTP authenticator app enrollment. Then
### Delete TOTP authenticator app enrollment using the Azure portal 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Users**. 1. Search for and select the user for which you want to delete TOTP authenticator app enrollment. 1. In the left menu, select **Authentication methods**.
active-directory-b2c Partner Akamai Secure Hybrid Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-akamai-secure-hybrid-access.md
Save your changes and upload the `TrustFrameworkBase.xml`, the new `TrustFramewo
1. Sign in to the [Azure portal](https://portal.azure.com/#home).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the [Azure portal](https://portal.azure.com/#home), search for and select **Azure AD B2C**.
For Azure AD B2C to trust Akamai Enterprise Application Access, create an Azure
1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. On the left menu, select **Azure AD B2C**. Or, select **All services** and then search for and select **Azure AD B2C**.
active-directory-b2c Partner Deduce https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-deduce.md
The relying party policy specifies the user journey which Azure AD B2C will exec
1. Sign in to the [Azure portal](https://portal.azure.com/#home).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
-
- a. Select the **Directories + subscriptions** icon in the portal toolbar.
-
- b. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch** button next to it.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the [Azure portal](https://portal.azure.com/#home), search for and select **Azure AD B2C**.
active-directory-b2c Partner Itsme https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-itsme.md
Please clarify step 1 in the description below - we don't have steps in this tut
> [!NOTE] > If you don't have one already, [create an Azure AD B2C tenant](tutorial-create-tenant.md) that is linked to your Azure subscription.
-1. Make sure you're using the directory that contains Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C** (or select **More services** and use the **All services** search box to search for *Azure AD B2C*). 1. Select **Identity providers**, and then select **New OpenID Connect provider**. 1. Fill in the form with the following information:
active-directory-b2c Partner Trusona https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-trusona.md
Before your applications can interact with Azure AD B2C, they must be registered
To register a web application in your Azure AD B2C tenant, use our new unified app registration experience. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Enter a **Name** for the application. For example, *jwt ms*.
If you register this app and configure it with `https://jwt.ms/` app for testing
1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
Store the client secret that you previously generated in [step 1](#step-1-onboar
1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
In the following example, for the `Trusona Authentication Cloud` user journey, t
1. Sign in to the [Azure portal](https://portal.azure.com/#home).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
-
- a. Select the **Directories + subscriptions** icon in the portal toolbar.
-
- b. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
-
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the [Azure portal](https://portal.azure.com/#home), search for and select **Azure AD B2C**. 1. Under Policies, select **Identity Experience Framework**.
active-directory-b2c Partner Twilio https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-twilio.md
The following components make up the Twilio solution:
Add the policy files to Azure AD B2C: 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Navigate to **Azure AD B2C** > **Identity Experience Framework** > **Policy Keys**. 1. Add a new key with the name **B2cRestTwilioClientId**. Select **manual**, and provide the value of the Twilio AccountSID.
active-directory-b2c Password Complexity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/password-complexity.md
If you're using custom policies, you can [configure password complexity in a cus
## Configure password complexity 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**..
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **User flows**. 1. Select a user flow, and click **Properties**.
Save the policy file.
### Upload the files 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity Experience Framework**. 1. On the Custom Policies page, select **Upload Policy**.
active-directory-b2c Phone Authentication User Flows https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/phone-authentication-user-flows.md
Multi-factor authentication (MFA) is disabled by default when you configure a us
Email sign-up is enabled by default in your local account identity provider settings. You can change the identity types you'll support in your tenant by selecting or deselecting email sign-up, username, or phone number. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Under **Manage**, select **Identity providers**. 1. In the identity provider list, select **Local account**.
After you've added phone sign-up as an identity option for local accounts, you c
Here's an example showing how to add phone sign-up to a new user flow. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Policies**, select **User flows**, and then select **New user flow**.
You can enable the recovery email prompt in the user flow properties.
### To enable the recovery email prompt 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. In Azure AD B2C, under **Policies**, select **User flows**. 1. Select the user flow from the list.
We strongly suggest you include consent information in your sign-up and sign-in
To enable consent information 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. In Azure AD B2C, under **Policies**, select **User flows**. 1. Select the user flow from the list.
active-directory-b2c Phone Based Mfa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/phone-based-mfa.md
Take the following actions to help mitigate fraudulent sign-ups.
- Remove country codes that aren't relevant to your organization from the drop-down menu where the user verifies their phone number (this change will apply to future sign-ups): 1. Sign in to the [Azure portal](https://portal.azure.com) as the global administrator of your Azure AD B2C tenant.
- 1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+ 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select the user flow, and then select **Languages**. Select the language for your organization's geographic location to open the language details panel. (For this example, we'll select **English en** for the United States). Select **Multifactor authentication page**, and then select **Download defaults (en)**.
active-directory-b2c Policy Keys Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/policy-keys-overview.md
To get the current active key within a key container, use the Microsoft Graph AP
To add or delete signing and encryption keys: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. On the overview page, under **Policies**, select **Identity Experience Framework**. 1. Select **Policy Keys**
active-directory-b2c Saml Service Provider https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/saml-service-provider.md
To have a trust relationship between your application and Azure AD B2C, create a
You need to store your certificate in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Select **All services** in the upper-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the **Overview** page, select **Identity Experience Framework**. 1. Select **Policy Keys**, and then select **Add**.
Replace `<tenant-name>` with the name of your Azure AD B2C tenant. Replace `<pol
For Azure AD B2C to trust your application, you create an Azure AD B2C application registration. The registration contains configuration information, such as the application's metadata endpoint. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. On the left menu, select **Azure AD B2C**. Or, select **All services** and then search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Enter a **Name** for the application. For example, enter **SAMLApp1**.
active-directory-b2c Secure Api Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/secure-api-management.md
To register an application in your Azure AD B2C tenant, you can use our new, uni
# [App registrations](#tab/app-reg-ga/) 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. On the left pane, select **Azure AD B2C**. Alternatively, you can select **All services** and then search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select the **Owned applications** tab. 1. Record the value in the **Application (client) ID** column for *webapp1* or for another application you've previously created.
To register an application in your Azure AD B2C tenant, you can use our new, uni
# [Applications (Legacy)](#tab/applications-legacy/) 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. On the left pane, select **Azure AD B2C**. Alternatively, you can select **All services** and then search for and select **Azure AD B2C**. 1. Under **Manage**, select **Applications (Legacy)**. 1. Record the value in the **Application ID** column for *webapp1* or for another application you've previously created.
active-directory-b2c Secure Rest Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/secure-rest-api.md
To configure an API Connector with HTTP basic authentication, follow these steps
To configure a REST API technical profile with HTTP basic authentication, create the following cryptographic keys to store the username and password: 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys**, and then select **Add**.
To upload a new certificate to an existing API connector, select the API connect
### Add a client certificate policy key 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys**, and then select **Add**.
The following example uses a REST API technical profile to make a request to the
Before the technical profile can interact with Microsoft Entra ID to obtain an access token, you need to register an application. Azure AD B2C relies the Microsoft Entra platform. You can create the app in your Azure AD B2C tenant, or in any Microsoft Entra tenant you manage. To register an application: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Microsoft Entra ID or Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Microsoft Entra ID**. Or, select **All services** and search for and select **Microsoft Entra ID**. 1. Select **App registrations**, and then select **New registration**. 1. Enter a **Name** for the application. For example, *Client_Credentials_Auth_app*.
For a client credentials flow, you need to create an application secret. The cli
You need to store the client ID and the client secret value that you previously recorded in your Azure AD B2C tenant. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
The following example shows how to call the `REST-GetProfile` technical profile
To configure a REST API technical profile with an OAuth2 bearer token, obtain an access token from the REST API owner. Then create the following cryptographic key to store the bearer token. 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys**, and then select **Add**.
API key is a unique identifier used to authenticate a user to access a REST API
To configure a REST API technical profile with API key authentication, create the following cryptographic key to store the API key: 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys**, and then select **Add**.
active-directory-b2c Session Behavior https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/session-behavior.md
You can configure the Azure AD B2C session behavior, including:
To configure the session behavior in your user flow, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **User flows**. 1. Open the user flow that you previously created.
KMSI is configurable at the individual user flow level. Before enabling KMSI for
To enable KMSI for your user flow: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **User flows (policies)**. 1. Open the user flow that you previously created.
After logout, the user is redirected to the URI specified in the `post_logout_re
To require an ID Token in logout requests: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **User flows**. 1. Open the user flow that you previously created.
To require an ID Token in logout requests, add a **UserJourneyBehaviors** elemen
To configure your application Logout URL: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select your application. 1. Select **Authentication**.
active-directory-b2c Tenant Management Check Tenant Creation Permission https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-check-tenant-creation-permission.md
As a *Global Administrator* in an Azure AD B2C tenant, you can restrict non-admi
1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
-
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
-
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Microsoft Entra ID**.
Before you create an Azure AD B2C tenant, make sure that you've the permission t
1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
-
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
-
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Microsoft Entra ID**.
active-directory-b2c Tenant Management Manage Administrator https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-manage-administrator.md
In this article, you learn how to:
To create a new administrative account, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com/) with Global Administrator or Privileged Role Administrator permissions.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Under **Manage**, select **Users**. 1. Select **New user**.
You can also invite a new guest user to manage your tenant. The guest account is
To invite a user, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com/) with Global Administrator or Privileged Role Administrator permissions.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Under **Manage**, select **Users**. 1. Select **New guest account**.
An invitation email is sent to the user. The user needs to accept the invitation
If the guest didn't receive the invitation email, or the invitation expired, you can resend the invite. As an alternative to the invitation email, you can give a guest a direct link to accept the invitation. To resend the invitation and get the direct link: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Under **Manage**, select **Users**. 1. Search for and select the user you want to resend the invite to.
If the guest didn't receive the invitation email, or the invitation expired, you
You can assign a role when you [create a user](#add-an-administrator-work-account) or [invite a guest user](#invite-an-administrator-guest-account). You can add a role, change the role, or remove a role for a user: 1. Sign in to the [Azure portal](https://portal.azure.com/) with Global Administrator or Privileged Role Administrator permissions.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Under **Manage**, select **Users**. 1. Select the user you want to change the roles for. Then select **Assigned roles**.
If you need to remove a role assignment from a user, follow these steps:
As part of an auditing process, you typically review which users are assigned to specific roles in the Azure AD B2C directory. Use the following steps to audit which users are currently assigned privileged roles. 1. Sign in to the [Azure portal](https://portal.azure.com/) with Global Administrator or Privileged Role Administrator permissions.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Under **Manage**, select **Roles and administrators**. 1. Select a role, such as **Global administrator**. The **Role | Assignments** page lists the users with that role.
active-directory-b2c Tenant Management Read Tenant Name https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-read-tenant-name.md
In this article, you learn how to:
To get your Azure AD B2C tenant name, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. In the **Overview**, copy the **Domain name**.
To get your Azure AD B2C tenant name, follow these steps:
To get your Azure AD B2C tenant ID, follow these steps: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Microsoft Entra ID**. 1. In the **Overview**, copy the **Tenant ID**.
active-directory-b2c Threat Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/threat-management.md
The first 10 lockout periods are one minute long. The next 10 lockout periods ar
To manage smart lockout settings, including the lockout threshold: 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**. 1. Under **Security**, select **Authentication methods (Preview)**, then select **Password protection**. 1. Under **Custom smart lockout**, enter your desired smart lockout settings:
active-directory-b2c Tutorial Create Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-create-tenant.md
Azure AD B2C allows you to activate Go-Local add-on on an existing tenant as lon
1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
-
- 1. In the Azure portal toolbar, select the **Directories + subscriptions** icon.
-
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select the **Switch** button next to it.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**.
active-directory-b2c Tutorial Create User Flows https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-create-user-flows.md
A user flow lets you determine how users interact with your application when the
The sign-up and sign-in user flow handles both sign-up and sign-in experiences with a single configuration. Users of your application are led down the right path depending on the context. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Policies**, select **User flows**, and then select **New user flow**.
If you want to enable users to edit their profile in your application, you use a
## Add signing and encryption keys for Identity Experience Framework applications 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. On the overview page, under **Policies**, select **Identity Experience Framework**.
Use the steps outlined in [Create a Facebook application](identity-provider-face
Add your Facebook application's [App Secret](identity-provider-facebook.md) as a policy key. You can use the App Secret of the application you created as part of this article's prerequisites. 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. On the overview page, under **Policies**, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**.
active-directory-b2c Tutorial Delete Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-delete-tenant.md
When you've finished the Azure Active Directory B2C (Azure AD B2C) tutorials, yo
## Identify cleanup tasks 1. Sign in to the [Azure portal](https://portal.azure.com/) with a global administrator or subscription administrator role. Use the same work or school account or the same Microsoft account that you used to sign up for Azure.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch** button next to it.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select the **Microsoft Entra ID** service. 1. In the left menu, under **Manage**, select **Properties**. 1. Under **Access management for Azure resources**, select **Yes**, and then select **Save**.
When you've finished the Azure Active Directory B2C (Azure AD B2C) tutorials, yo
If you've the confirmation page open from the previous section, you can use the links in the **Required action** column to open the Azure portal pages where you can remove these resources. Or, you can remove tenant resources from within the Azure AD B2C service using the following steps. 1. Sign in to the [Azure portal](https://portal.azure.com/) with a global administrator or subscription administrator role. Use the same work or school account or the same Microsoft account that you used to sign up for Azure.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch** button next to it.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, select the **Azure AD B2C** service, or search for and select **Azure AD B2C**. 1. Delete all users *except* the admin account you're currently signed in as: 1. Under **Manage**, select **Users**.
If you've the confirmation page open from the previous section, you can use the
Once you delete all the tenant resources, you can now delete the tenant itself: 1. Sign in to the [Azure portal](https://portal.azure.com/) with a global administrator or subscription administrator role. Use the same work or school account or the same Microsoft account that you used to sign up for Azure.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch** button next to it.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select the **Microsoft Entra ID** service. 1. If you haven't already granted yourself access management permissions, do the following:
active-directory-b2c Tutorial Register Applications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-register-applications.md
To register a web application in your Azure AD B2C tenant, you can use our new u
#### [App registrations](#tab/app-reg-ga/) 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Enter a **Name** for the application. For example, *webapp1*.
To register a web application in your Azure AD B2C tenant, you can use our new u
#### [Applications (Legacy)](#tab/applications-legacy/) 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **Applications (Legacy)**, and then select **Add**. 1. Enter a name for the application. For example, *webapp1*.
active-directory-b2c Tutorial Register Spa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-register-spa.md
This authentication flow doesn't include application scenarios that use cross-pl
## Register the SPA application 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **New registration**. 1. Enter a **Name** for the application. For example, *spaapp1*.
active-directory-b2c User Flow Custom Attributes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-flow-custom-attributes.md
Azure AD B2C allows you to extend the set of attributes stored on each user acco
## Create a custom attribute 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the Directory name list, and then select **Switch**
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **User attributes**, and then select **Add**. 1. Provide a **Name** for the custom attribute (for example, "ShoeSize")
Extension attributes can only be registered on an application object, even thoug
### Get extensions app's application ID 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant;
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 2. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **All applications**. 1. Select the `b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.` application.
Extension attributes can only be registered on an application object, even thoug
### Get extensions app's application properties 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 2. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select **All applications**. 1. Select the **b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.** application.
To enable custom attributes in your policy, provide **Application ID** and Appli
## Upload your custom policy 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure B2C AD tenant:
- 1. Select the **Directories + subscriptions** icon in the portal toolbar.
- 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**. 1. Select **Identity Experience Framework**. 1. Select **Upload Custom Policy**, and then upload the TrustFrameworkExtensions.xml policy files that you changed.
active-directory-b2c Userinfo Endpoint https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/userinfo-endpoint.md
The completed relying party element will be as follows:
### 4. Upload the files 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **Identity Experience Framework**. 1. On the **Custom policies** page, select **Upload custom policy**.
ai-services Content Filter https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/concepts/content-filter.md
Previously updated : 09/15/2023 Last updated : 11/06/2023 keywords:
When annotations are enabled as shown in the code snippet below, the following i
Annotations are currently in preview for Completions and Chat Completions (GPT models); the following code snippet shows how to use annotations in preview:
-# [Python](#tab/python)
+# [OpenAI Python 0.28.1](#tab/python)
```python
-# Note: The openai-python library support for Azure OpenAI is in preview.
# os.getenv() for the endpoint and key assumes that you are using environment variables. import os
print(response)
The following code snippet shows how to retrieve annotations when content was filtered: ```python
-# Note: The openai-python library support for Azure OpenAI is in preview.
# os.getenv() for the endpoint and key assumes that you are using environment variables. import os
except openai.error.InvalidRequestError as e:
```
+# [OpenAI Python 1.x](#tab/python-new)
+
+```python
+# os.getenv() for the endpoint and key assumes that you are using environment variables.
+
+import os
+from openai import AzureOpenAI
+client = AzureOpenAI(
+ api_key=os.getenv("AZURE_OPENAI_KEY"),
+ api_version="2023-10-01-preview",
+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")
+ )
+
+response = client.completions.create(
+ model="gpt-35-turbo-instruct", # model = "deployment_name".
+ prompt="{Example prompt where a severity level of low is detected}"
+ # Content that is detected at severity level medium or high is filtered,
+ # while content detected at severity level low isn't filtered by the content filters.
+)
+
+print(response.model_dump_json(indent=2))
+```
+ # [JavaScript](#tab/javascrit) [Azure OpenAI JavaScript SDK source code & samples](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/openai/openai)
ai-services Function Calling https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/function-calling.md
Previously updated : 07/20/2023 Last updated : 11/06/2023
To use function calling with the Chat Completions API, you need to include two n
When functions are provided, by default the `function_call` will be set to `"auto"` and the model will decide whether or not a function should be called. Alternatively, you can set the `function_call` parameter to `{"name": "<insert-function-name>"}` to force the API to call a specific function or you can set the parameter to `"none"` to prevent the model from calling any functions.
+# [OpenAI Python 0.28.1](#tab/python)
+ ```python
-# Note: The openai-python library support for Azure OpenAI is in preview.
+ import os import openai
functions= [
] response = openai.ChatCompletion.create(
- engine="gpt-35-turbo-0613",
+ engine="gpt-35-turbo-0613", # engine = "deployment_name"
messages=messages, functions=functions, function_call="auto",
The response from the API includes a `function_call` property if the model deter
In some cases, the model may generate both `content` and a `function_call`. For example, for the prompt above the content could say something like "Sure, I can help you find some hotels in San Diego that match your criteria" along with the function_call.
+# [OpenAI Python 1.x](#tab/python-new)
+
+```python
+import os
+from openai import AzureOpenAI
+
+client = AzureOpenAI(
+ api_key=os.getenv("AZURE_OPENAI_KEY"),
+ api_version="2023-10-01-preview",
+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT"
+)
+
+messages= [
+ {"role": "user", "content": "Find beachfront hotels in San Diego for less than $300 a month with free breakfast."}
+]
+
+functions= [
+ {
+ "name": "search_hotels",
+ "description": "Retrieves hotels from the search index based on the parameters provided",
+ "parameters": {
+ "type": "object",
+ "properties": {
+ "location": {
+ "type": "string",
+ "description": "The location of the hotel (i.e. Seattle, WA)"
+ },
+ "max_price": {
+ "type": "number",
+ "description": "The maximum price for the hotel"
+ },
+ "features": {
+ "type": "string",
+ "description": "A comma separated list of features (i.e. beachfront, free wifi, etc.)"
+ }
+ },
+ "required": ["location"]
+ }
+ }
+]
+
+response = client.chat.completions.create(
+ model="gpt-35-turbo-0613", # model = "deployment_name"
+ messages= messages,
+ functions = functions,
+ function_call="auto",
+)
+
+print(response.choices[0].message.model_dump_json(indent=2))
+```
+
+The response from the API includes a `function_call` property if the model determines that a function should be called. The `function_call` property includes the name of the function to call and the arguments to pass to the function. The arguments are a JSON string that you can parse and use to call your function.
+
+```json
+{
+ "content": null,
+ "role": "assistant",
+ "function_call": {
+ "arguments": "{\n \"location\": \"San Diego\",\n \"max_price\": 300,\n \"features\": \"beachfront, free breakfast\"\n}",
+ "name": "search_hotels"
+ }
+}
+```
+
+In some cases, the model may generate both `content` and a `function_call`. For example, for the prompt above the content could say something like "Sure, I can help you find some hotels in San Diego that match your criteria" along with the function_call.
+++ ## Working with function calling The following section goes into additional detail on how to effectively use functions with the Chat Completions API.
If you want to describe a function that doesn't accept any parameters, use `{"ty
### Managing the flow with functions ```python+ response = openai.ChatCompletion.create( deployment_id="gpt-35-turbo-0613", messages=messages,
ai-services Migration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/migration.md
+
+ Title: How to migrate to OpenAI Python v1.x
+
+description: Learn about migrating to the latest release of the OpenAI Python library with Azure OpenAI
+++++ Last updated : 11/06/2023+++
+# Migrating to the OpenAI Python API library 1.x
+
+OpenAI has just released a new version of the [OpenAI Python API library](https://github.com/openai/openai-python/). This guide is supplemental to [OpenAI's migration guide](https://github.com/openai/openai-python/discussions/631) and will help bring you up to speed on the changes specific to Azure OpenAI.
+
+## Updates
+
+- This is a completely new version of the OpenAI Python API library.
+- Starting on November 6, 2023 `pip install openai` and `pip install openai --upgrade` will install `version 1.x` of the OpenAI Python library.
+- Upgrading from `version 0.28.1` to `version 1.x` is a breaking change, you'll need to test and update your code.
+- Auto-retry with backoff if there's an error
+- Proper types (for mypy/pyright/editors)
+- You can now instantiate a client, instead of using a global default.
+- Switch to explicit client instantiation
+- [Name changes](#name-changes)
+
+## Known issues
+
+- The latest release of the [OpenAI Python library](https://pypi.org/project/openai/) doesn't currently support DALL-E when used with Azure OpenAI. DALL-E with Azure OpenAI is still supported with `0.28.1`. For those who can't wait for native support for DALL-E and Azure OpenAI we're providing [two code examples](#dall-e-fix) which can be used as a workaround.
+- `embeddings_utils.py` which was used to provide functionality like cosine similarity for semantic text search is [no longer part of the OpenAI Python API library](https://github.com/openai/openai-python/issues/676).
+- You should also check the active [GitHub Issues](https://github.com/openai/openai-python/issues/703) for the OpenAI Python library.
+
+## Test before you migrate
+
+> [!IMPORTANT]
+> Automatic migration of your code using `openai migrate` is not supported with Azure OpenAI.
+
+As this is a new version of the library with breaking changes, you should test your code extensively against the new release before migrating any production applications to rely on version 1.x. You should also review your code and internal processes to make sure that you're following best practices and pinning your production code to only versions that you have fully tested.
+
+To make the migration process easier, we're updating existing code examples in our docs for Python to a tabbed experience:
+
+# [OpenAI Python 0.28.1](#tab/python)
+
+```console
+pip install openai==0.28.1
+```
+
+# [OpenAI Python 1.x](#tab/python-new)
+
+```console
+pip install openai --upgrade
+```
+++
+This provides context for what has changed and allows you to test the new library in parallel while continuing to provide support for version `0.28.1`. If you upgrade to `1.x` and realize you need to temporarily revert back to the previous version, you can always `pip uninstall openai` and then reinstall targeted to `0.28.1` with `pip install openai==0.28.1`.
+
+## Chat completions
+
+# [OpenAI Python 0.28.1](#tab/python)
+
+You need to set the `engine` variable to the deployment name you chose when you deployed the GPT-3.5-Turbo or GPT-4 models. Entering the model name will result in an error unless you chose a deployment name that is identical to the underlying model name.
+
+```python
+import os
+import openai
+openai.api_type = "azure"
+openai.api_base = os.getenv("AZURE_OPENAI_ENDPOINT")
+openai.api_key = os.getenv("AZURE_OPENAI_KEY")
+openai.api_version = "2023-05-15"
+
+response = openai.ChatCompletion.create(
+ engine="gpt-35-turbo", # engine = "deployment_name".
+ messages=[
+ {"role": "system", "content": "You are a helpful assistant."},
+ {"role": "user", "content": "Does Azure OpenAI support customer managed keys?"},
+ {"role": "assistant", "content": "Yes, customer managed keys are supported by Azure OpenAI."},
+ {"role": "user", "content": "Do other Azure AI services support this too?"}
+ ]
+)
+
+print(response)
+print(response['choices'][0]['message']['content'])
+```
+
+# [OpenAI Python 1.x](#tab/python-new)
+
+You need to set the `model` variable to the deployment name you chose when you deployed the GPT-3.5-Turbo or GPT-4 models. Entering the model name results in an error unless you chose a deployment name that is identical to the underlying model name.
+
+```python
+import os
+from openai import AzureOpenAI
+
+client = AzureOpenAI(
+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT"),
+ api_key=os.getenv("AZURE_OPENAI_KEY"),
+ api_version="2023-05-15"
+)
+
+response = client.chat.completions.create(
+ model="gpt-35-turbo", # model = "deployment_name".
+ messages=[
+ {"role": "system", "content": "You are a helpful assistant."},
+ {"role": "user", "content": "Does Azure OpenAI support customer managed keys?"},
+ {"role": "assistant", "content": "Yes, customer managed keys are supported by Azure OpenAI."},
+ {"role": "user", "content": "Do other Azure AI services support this too?"}
+ ]
+)
+
+print(response.choices[0].message.content)
+```
+
+Additional examples can be found in our [in-depth Chat Completion article](chatgpt.md).
+++
+## Completions
+
+# [OpenAI Python 0.28.1](#tab/python)
+
+```python
+import os
+import openai
+
+openai.api_key = os.getenv("AZURE_OPENAI_KEY")
+openai.api_base = os.getenv("AZURE_OPENAI_ENDPOINT") # your endpoint should look like the following https://YOUR_RESOURCE_NAME.openai.azure.com/
+openai.api_type = 'azure'
+openai.api_version = '2023-05-15' # this might change in the future
+
+deployment_name='REPLACE_WITH_YOUR_DEPLOYMENT_NAME' #This will correspond to the custom name you chose for your deployment when you deployed a model.
+
+# Send a completion call to generate an answer
+print('Sending a test completion job')
+start_phrase = 'Write a tagline for an ice cream shop. '
+response = openai.Completion.create(engine=deployment_name, prompt=start_phrase, max_tokens=10)
+text = response['choices'][0]['text'].replace('\n', '').replace(' .', '.').strip()
+print(start_phrase+text)
+```
+
+# [OpenAI Python 1.x](#tab/python-new)
+
+```python
+import os
+from openai import AzureOpenAI
+
+client = AzureOpenAI(
+ api_key=os.getenv("AZURE_OPENAI_KEY"),
+ api_version="2023-10-01-preview",
+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")
+ )
+
+deployment_name='REPLACE_WITH_YOUR_DEPLOYMENT_NAME' #This will correspond to the custom name you chose for your deployment when you deployed a model.
+
+# Send a completion call to generate an answer
+print('Sending a test completion job')
+start_phrase = 'Write a tagline for an ice cream shop. '
+response = client.completions.create(model=deployment_name, prompt=start_phrase, max_tokens=10)
+print(response.choices[0].text)
+```
+++
+## Embeddings
+
+# [OpenAI Python 0.28.1](#tab/python)
+
+```python
+import openai
+
+openai.api_type = "azure"
+openai.api_key = YOUR_API_KEY
+openai.api_base = "https://YOUR_RESOURCE_NAME.openai.azure.com"
+openai.api_version = "2023-05-15"
+
+response = openai.Embedding.create(
+ input="Your text string goes here",
+ engine="YOUR_DEPLOYMENT_NAME"
+)
+embeddings = response['data'][0]['embedding']
+print(embeddings)
+```
+
+# [OpenAI Python 1.x](#tab/python-new)
+
+```python
+import os
+from openai import AzureOpenAI
+
+client = AzureOpenAI(
+ api_key = os.getenv("AZURE_OPENAI_KEY"),
+ api_version = "2023-05-15",
+ azure_endpoint =os.getenv("AZURE_OPENAI_ENDPOINT")
+)
+
+response = client.embeddings.create(
+ input = "Your text string goes here",
+ model= "text-embedding-ada-002"
+)
+
+print(response.model_dump_json(indent=2))
+```
+
+Additional examples including how to handle semantic text search without `embeddings_utils.py` can be found in our [embeddings tutorial](../tutorials/embeddings.md).
+++
+## Async
+
+OpenAI doesn't support calling asynchronous methods in the module-level client, instead you should instantiate an async client.
+
+```python
+from openai import AsyncAzureOpenAI
+
+client = AsyncAzureOpenAI(
+ api_key = os.getenv("AZURE_OPENAI_KEY"),
+ api_version = "2023-10-01-preview",
+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")
+)
+response = await client.chat.completions.create(model="gpt-35-turbo", messages=[{"role": "user", "content": "Hello world"}])
+
+print(response.model_dump_json(indent=2))
+```
+
+## Authentication
+
+```python
+from azure.identity import DefaultAzureCredential, get_bearer_token_provider
+from openai import AzureOpenAI
+
+token_provider = get_bearer_token_provider(DefaultAzureCredential(), "https://cognitiveservices.azure.com/.default")
+
+api_version = "2023-10-01-preview"
+endpoint = "https://my-resource.openai.azure.com"
+
+client = AzureOpenAI(
+ api_version=api_version,
+ azure_endpoint=endpoint,
+ azure_ad_token_provider=token_provider,
+)
+
+completion = client.chat.completions.create(
+ model="deployment-name", # gpt-35-instant
+ messages=[
+ {
+ "role": "user",
+ "content": "How do I output all files in a directory using Python?",
+ },
+ ],
+)
+print(completion.model_dump_json(indent=2))
+```
+
+## DALL-E fix
+
+# [DALLE-Fix](#tab/dalle-fix)
+
+```python
+import time
+import json
+import httpx
+import openai
++
+class CustomHTTPTransport(httpx.HTTPTransport):
+ def handle_request(
+ self,
+ request: httpx.Request,
+ ) -> httpx.Response:
+ if "images/generations" in request.url.path and request.url.params[
+ "api-version"
+ ] in [
+ "2023-06-01-preview",
+ "2023-07-01-preview",
+ "2023-08-01-preview",
+ "2023-09-01-preview",
+ "2023-10-01-preview",
+ ]:
+ request.url = request.url.copy_with(path="/openai/images/generations:submit")
+ response = super().handle_request(request)
+ operation_location_url = response.headers["operation-location"]
+ request.url = httpx.URL(operation_location_url)
+ request.method = "GET"
+ response = super().handle_request(request)
+ response.read()
+
+ timeout_secs: int = 120
+ start_time = time.time()
+ while response.json()["status"] not in ["succeeded", "failed"]:
+ if time.time() - start_time > timeout_secs:
+ timeout = {"error": {"code": "Timeout", "message": "Operation polling timed out."}}
+ return httpx.Response(
+ status_code=400,
+ headers=response.headers,
+ content=json.dumps(timeout).encode("utf-8"),
+ request=request,
+ )
+
+ time.sleep(int(response.headers.get("retry-after")) or 10)
+ response = super().handle_request(request)
+ response.read()
+
+ if response.json()["status"] == "failed":
+ error_data = response.json()
+ return httpx.Response(
+ status_code=400,
+ headers=response.headers,
+ content=json.dumps(error_data).encode("utf-8"),
+ request=request,
+ )
+
+ result = response.json()["result"]
+ return httpx.Response(
+ status_code=200,
+ headers=response.headers,
+ content=json.dumps(result).encode("utf-8"),
+ request=request,
+ )
+ return super().handle_request(request)
++
+client = openai.AzureOpenAI(
+ azure_endpoint="<azure_endpoint>",
+ api_key="<api_key>",
+ api_version="<api_version>",
+ http_client=httpx.Client(
+ transport=CustomHTTPTransport(),
+ ),
+)
+image = client.images.generate(prompt="a cute baby seal")
+
+print(image.data[0].url)
+```
+
+# [DALLE-Fix Async](#tab/dalle-fix-async)
+
+```python
+import time
+import asyncio
+import json
+import httpx
+import openai
++
+class AsyncCustomHTTPTransport(httpx.AsyncHTTPTransport):
+ async def handle_async_request(
+ self,
+ request: httpx.Request,
+ ) -> httpx.Response:
+ if "images/generations" in request.url.path and request.url.params[
+ "api-version"
+ ] in [
+ "2023-06-01-preview",
+ "2023-07-01-preview",
+ "2023-08-01-preview",
+ "2023-09-01-preview",
+ "2023-10-01-preview",
+ ]:
+ request.url = request.url.copy_with(path="/openai/images/generations:submit")
+ response = await super().handle_async_request(request)
+ operation_location_url = response.headers["operation-location"]
+ request.url = httpx.URL(operation_location_url)
+ request.method = "GET"
+ response = await super().handle_async_request(request)
+ await response.aread()
+
+ timeout_secs: int = 120
+ start_time = time.time()
+ while response.json()["status"] not in ["succeeded", "failed"]:
+ if time.time() - start_time > timeout_secs:
+ timeout = {"error": {"code": "Timeout", "message": "Operation polling timed out."}}
+ return httpx.Response(
+ status_code=400,
+ headers=response.headers,
+ content=json.dumps(timeout).encode("utf-8"),
+ request=request,
+ )
+
+ await asyncio.sleep(int(response.headers.get("retry-after")) or 10)
+ response = await super().handle_async_request(request)
+ await response.aread()
+
+ if response.json()["status"] == "failed":
+ error_data = response.json()
+ return httpx.Response(
+ status_code=400,
+ headers=response.headers,
+ content=json.dumps(error_data).encode("utf-8"),
+ request=request,
+ )
+
+ result = response.json()["result"]
+ return httpx.Response(
+ status_code=200,
+ headers=response.headers,
+ content=json.dumps(result).encode("utf-8"),
+ request=request,
+ )
+ return await super().handle_async_request(request)
++
+async def dall_e():
+ client = openai.AsyncAzureOpenAI(
+ azure_endpoint="<azure_endpoint>",
+ api_key="<api_key>",
+ api_version="<api_version>",
+ http_client=httpx.AsyncClient(
+ transport=AsyncCustomHTTPTransport(),
+ ),
+ )
+ image = await client.images.generate(prompt="a cute baby seal")
+
+ print(image.data[0].url)
+
+asyncio.run(dall_e())
+```
++
+## Name changes
+
+> [!NOTE]
+> All a* methods have been removed; the async client must be used instead.
+
+| OpenAI Python 0.28.1 | OpenAI Python 1.x |
+| | |
+| `openai.api_base` | `openai.base_url` |
+| `openai.proxy` | `openai.proxies` |
+| `openai.InvalidRequestError` | `openai.BadRequestError` |
+| `openai.Audio.transcribe()` | `client.audio.transcriptions.create()` |
+| `openai.Audio.translate()` | `client.audio.translations.create()` |
+| `openai.ChatCompletion.create()` | `client.chat.completions.create()` |
+| `openai.Completion.create()` | `client.completions.create()` |
+| `openai.Edit.create()` | `client.edits.create()` |
+| `openai.Embedding.create()` | `client.embeddings.create()` |
+| `openai.File.create()` | `client.files.create()` |
+| `openai.File.list()` | `client.files.list()` |
+| `openai.File.retrieve()` | `client.files.retrieve()` |
+| `openai.File.download()` | `client.files.retrieve_content()` |
+| `openai.FineTune.cancel()` | `client.fine_tunes.cancel()` |
+| `openai.FineTune.list()` | `client.fine_tunes.list()` |
+| `openai.FineTune.list_events()` | `client.fine_tunes.list_events()` |
+| `openai.FineTune.stream_events()` | `client.fine_tunes.list_events(stream=True)` |
+| `openai.FineTune.retrieve()` | `client.fine_tunes.retrieve()` |
+| `openai.FineTune.delete()` | `client.fine_tunes.delete()` |
+| `openai.FineTune.create()` | `client.fine_tunes.create()` |
+| `openai.FineTuningJob.create()` | `client.fine_tuning.jobs.create()` |
+| `openai.FineTuningJob.cancel()` | `client.fine_tuning.jobs.cancel()` |
+| `openai.FineTuningJob.delete()` | `client.fine_tuning.jobs.create()` |
+| `openai.FineTuningJob.retrieve()` | `client.fine_tuning.jobs.retrieve()` |
+| `openai.FineTuningJob.list()` | `client.fine_tuning.jobs.list()` |
+| `openai.FineTuningJob.list_events()` | `client.fine_tuning.jobs.list_events()` |
+| `openai.Image.create()` | `client.images.generate()` |
+| `openai.Image.create_variation()` | `client.images.create_variation()` |
+| `openai.Image.create_edit()` | `client.images.edit()` |
+| `openai.Model.list()` | `client.models.list()` |
+| `openai.Model.delete()` | `client.models.delete()` |
+| `openai.Model.retrieve()` | `client.models.retrieve()` |
+| `openai.Moderation.create()` | `client.moderations.create()` |
+| `openai.api_resources` | `openai.resources` |
+
+### Removed
+
+- `openai.api_key_path`
+- `openai.app_info`
+- `openai.debug`
+- `openai.log`
+- `openai.OpenAIError`
+- `openai.Audio.transcribe_raw()`
+- `openai.Audio.translate_raw()`
+- `openai.ErrorObject`
+- `openai.Customer`
+- `openai.api_version`
+- `openai.verify_ssl_certs`
+- `openai.api_type`
+- `openai.enable_telemetry`
+- `openai.ca_bundle_path`
+- `openai.requestssession` (OpenAI now uses `httpx`)
+- `openai.aiosession` (OpenAI now uses `httpx`)
+- `openai.Deployment` (Previously used for Azure OpenAI)
+- `openai.Engine`
+- `openai.File.find_matching_files()`
ai-services Working With Models https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/working-with-models.md
keywords:
Azure OpenAI Service is powered by a diverse set of models with different capabilities and price points. [Model availability varies by region](../concepts/models.md).
-You can get a list of models that are available for both inference and fine-tuning by your Azure OpenAI resource by using the [Models List API](/rest/api/cognitiveservices/azureopenaistable/models/list).
+You can get a list of models that are available for both inference and fine-tuning by your Azure OpenAI resource by using the [Models List API](/rest/api/azureopenai/models/list).
## Model updates
ai-services Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/reference.md
Azure OpenAI is deployed as a part of the Azure AI services. All Azure AI servic
## Next steps
-Learn about [ Models, and fine-tuning with the REST API](/rest/api/cognitiveservices/azureopenaistable/files).
+Learn about [ Models, and fine-tuning with the REST API](/rest/api/azureopenai/fine-tuning?view=rest-azureopenai-2023-10-01-preview).
Learn more about the [underlying models that power Azure OpenAI](./concepts/models.md).
ai-services Embeddings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/tutorials/embeddings.md
Previously updated : 09/12/2023 Last updated : 11/06/2023 recommendations: false
In this tutorial, you learn how to:
If you haven't already, you need to install the following libraries:
+# [OpenAI Python 0.28.1](#tab/python)
+ ```cmd pip install "openai==0.28.1" num2words matplotlib plotly scipy scikit-learn pandas tiktoken ```
+# [OpenAI Python 1.x](#tab/python-new)
+
+```console
+pip install openai num2words matplotlib plotly scipy scikit-learn pandas tiktoken
+```
+++ <!--Alternatively, you can use our [requirements.txt file](https://github.com/Azure-Samples/Azure-OpenAI-Docs-Samples/blob/main/Samples/Tutorials/Embeddings/requirements.txt).--> ### Download the BillSum dataset
Run the following code in your preferred Python IDE:
<!--If you wish to view the Jupyter notebook that corresponds to this tutorial you can download the tutorial from our [samples repo](https://github.com/Azure-Samples/Azure-OpenAI-Docs-Samples/blob/main/Samples/Tutorials/Embeddings/embedding_billsum.ipynb).-->
-## Import libraries and list models
+## Import libraries
+
+# [OpenAI Python 0.28.1](#tab/python)
```python import openai
print(r.text)
The output of this command will vary based on the number and type of models you've deployed. In this case, we need to confirm that we have an entry for **text-embedding-ada-002**. If you find that you're missing this model, you'll need to [deploy the model](../how-to/create-resource.md#deploy-a-model) to your resource before proceeding.
+# [OpenAI Python 1.x](#tab/python-new)
+
+```python
+import os
+import re
+import requests
+import sys
+from num2words import num2words
+import os
+import pandas as pd
+import numpy as np
+import tiktoken
+from openai import AzureOpenAI
+```
+++ Now we need to read our csv file and create a pandas DataFrame. After the initial DataFrame is created, we can view the contents of the table by running `df`. ```python
len(decode)
Now that we understand more about how tokenization works we can move on to embedding. It is important to note, that we haven't actually tokenized the documents yet. The `n_tokens` column is simply a way of making sure none of the data we pass to the model for tokenization and embedding exceeds the input token limit of 8,192. When we pass the documents to the embeddings model, it will break the documents into tokens similar (though not necessarily identical) to the examples above and then convert the tokens to a series of floating point numbers that will be accessible via vector search. These embeddings can be stored locally or in an [Azure Database to support Vector Search](../../../cosmos-db/mongodb/vcore/vector-search.md). As a result, each bill will have its own corresponding embedding vector in the new `ada_v2` column on the right side of the DataFrame.
+# [OpenAI Python 0.28.1](#tab/python)
+ ```python df_bills['ada_v2'] = df_bills["text"].apply(lambda x : get_embedding(x, engine = 'text-embedding-ada-002')) # engine should be set to the deployment name you chose when you deployed the text-embedding-ada-002 (Version 2) model ```
+# [OpenAI Python 1.x](#tab/python-new)
+
+```python
+client = AzureOpenAI(
+ api_key = os.getenv("AZURE_OPENAI_API_KEY"),
+ api_version = "2023-05-15",
+ azure_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")
+)
+
+def generate_embeddings(text, model="text-embedding-ada-002"): # model = "deployment_name"
+ return client.embeddings.create(input = [text], model=model).data[0].embedding
+
+df_bills['ada_v2'] = df_bills["text"].apply(lambda x : generate_embeddings (x, model = 'text-embedding-ada-002')) # model should be set to the deployment name you chose when you deployed the text-embedding-ada-002 (Version 2) model
+```
+++ ```python df_bills ```
df_bills
As we run the search code block below, we'll embed the search query *"Can I get information on cable company tax revenue?"* with the same **text-embedding-ada-002 (Version 2)** model. Next we'll find the closest bill embedding to the newly embedded text from our query ranked by [cosine similarity](../concepts/understand-embeddings.md).
+# [OpenAI Python 0.28.1](#tab/python)
+ ```python # search through the reviews for a specific product def search_docs(df, user_query, top_n=3, to_print=True):
def search_docs(df, user_query, top_n=3, to_print=True):
res = search_docs(df_bills, "Can I get information on cable company tax revenue?", top_n=4) ```
+# [OpenAI Python 1.x](#tab/python-new)
+
+```python
+def cosine_similarity(a, b):
+ return np.dot(a, b) / (np.linalg.norm(a) * np.linalg.norm(b))
+
+def get_embedding(text, model="text-embedding-ada-002"): # model = "deployment_name"
+ return client.embeddings.create(input = [text], model=model).data[0].embedding
+
+def search_docs(df, user_query, top_n=4, to_print=True):
+ embedding = get_embedding(
+ user_query,
+ model="text-embedding-ada-002" # model should be set to the deployment name you chose when you deployed the text-embedding-ada-002 (Version 2) model
+ )
+ df["similarities"] = df.ada_v2.apply(lambda x: cosine_similarity(x, embedding))
+
+ res = (
+ df.sort_values("similarities", ascending=False)
+ .head(top_n)
+ )
+ if to_print:
+ display(res)
+ return res
++
+res = search_docs(df_bills, "Can I get information on cable company tax revenue?", top_n=4)
+```
+++ **Output**: :::image type="content" source="../media/tutorials/query-result.png" alt-text="Screenshot of the formatted results of res once the search query has been run." lightbox="../media/tutorials/query-result.png":::
ai-services Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure AI services description: Lists Azure Policy Regulatory Compliance controls available for Azure AI services. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 10/23/2023 Last updated : 11/06/2023
ai-services Batch Transcription Create https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/batch-transcription-create.md
Previously updated : 10/3/2023 Last updated : 11/7/2023 zone_pivot_groups: speech-cli-rest
Here are some property options that you can use to configure a transcription whe
|`contentContainerUrl`| You can submit individual audio files, or a whole storage container.<br/><br/>You must specify the audio data location via either the `contentContainerUrl` or `contentUrls` property. For more information about Azure blob storage for batch transcription, see [Locate audio files for batch transcription](batch-transcription-audio-data.md).<br/><br/>This property won't be returned in the response.| |`contentUrls`| You can submit individual audio files, or a whole storage container.<br/><br/>You must specify the audio data location via either the `contentContainerUrl` or `contentUrls` property. For more information, see [Locate audio files for batch transcription](batch-transcription-audio-data.md).<br/><br/>This property won't be returned in the response.| |`destinationContainerUrl`|The result can be stored in an Azure container. If you don't specify a container, the Speech service stores the results in a container managed by Microsoft. When the transcription job is deleted, the transcription result data is also deleted. For more information such as the supported security scenarios, see [Destination container URL](#destination-container-url).|
-|`diarization`|Indicates that diarization analysis should be carried out on the input, which is expected to be a mono channel that contains multiple voices. Specify the minimum and maximum number of people who might be speaking. You must also set the `diarizationEnabled` property to `true`. The [transcription file](batch-transcription-get.md#transcription-result-file) will contain a `speaker` entry for each transcribed phrase.<br/><br/>You need to use this property when you expect three or more speakers. For two speakers setting `diarizationEnabled` property to `true` is enough. See an example of the property usage in [Transcriptions_Create](https://eastus.dev.cognitive.microsoft.com/docs/services/speech-to-text-api-v3-1/operations/Transcriptions_Create) operation description.<br/><br/>Diarization is the process of separating speakers in audio data. The batch pipeline can recognize and separate multiple speakers on mono channel recordings. The maximum number of speakers for diarization must be less than 36 and more or equal to the `minSpeakers` property (see [example](https://eastus.dev.cognitive.microsoft.com/docs/services/speech-to-text-api-v3-1/operations/Transcriptions_Create)). The feature isn't available with stereo recordings.<br/><br/>When this property is selected, source audio length can't exceed 240 minutes per file.<br/><br/>**Note**: This property is only available with Speech to text REST API version 3.1 and later.|
+|`diarization`|Indicates that diarization analysis should be carried out on the input, which is expected to be a mono channel that contains multiple voices. Specify the minimum and maximum number of people who might be speaking. You must also set the `diarizationEnabled` property to `true`. The [transcription file](batch-transcription-get.md#transcription-result-file) will contain a `speaker` entry for each transcribed phrase.<br/><br/>You need to use this property when you expect three or more speakers. For two speakers setting `diarizationEnabled` property to `true` is enough. See an example of the property usage in [Transcriptions_Create](https://eastus.dev.cognitive.microsoft.com/docs/services/speech-to-text-api-v3-1/operations/Transcriptions_Create) operation description.<br/><br/>Diarization is the process of separating speakers in audio data. The batch pipeline can recognize and separate multiple speakers on mono channel recordings. The maximum number of speakers for diarization must be less than 36 and more or equal to the `minSpeakers` property (see [example](https://eastus.dev.cognitive.microsoft.com/docs/services/speech-to-text-api-v3-1/operations/Transcriptions_Create)). The feature isn't available with stereo recordings.<br/><br/>When this property is selected, source audio length can't exceed 240 minutes per file.<br/><br/>**Note**: This property is only available with Speech to text REST API version 3.1 and later. If you set this property with any previous version (such as version 3.0) then it will be ignored and only 2 speakers will be identified.|
|`diarizationEnabled`|Specifies that diarization analysis should be carried out on the input, which is expected to be a mono channel that contains two voices. The default value is `false`.<br/><br/>For three or more voices you also need to use property `diarization` (only with Speech to text REST API version 3.1 and later).<br/><br/>When this property is selected, source audio length can't exceed 240 minutes per file.| |`displayName`|The name of the batch transcription. Choose a name that you can refer to later. The display name doesn't have to be unique.<br/><br/>This property is required.| |`displayFormWordLevelTimestampsEnabled`|Specifies whether to include word-level timestamps on the display form of the transcription results. The results are returned in the displayWords property of the transcription file. The default value is `false`.<br/><br/>**Note**: This property is only available with Speech to text REST API version 3.1 and later.|
ai-services Speech Services Quotas And Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/speech-services-quotas-and-limits.md
You can use real-time speech to text with the [Speech SDK](speech-sdk.md) or the
|--|--|--| | [Speech to text REST API](rest-speech-to-text.md) limit | Not available for F0 | 300 requests per minute | | Max audio input file size | N/A | 1 GB |
-| Max input blob size (for example, can contain more than one file in a zip archive). Note the file size limit from the preceding row. | N/A | 2.5 GB |
-| Max blob container size | N/A | 5 GB |
| Max number of blobs per container | N/A | 10000 | | Max number of files per transcription request (when you're using multiple content URLs as input). | N/A | 1000 | | Max audio length for transcriptions with diarizaion enabled. | N/A | 240 minutes per file |
ai-services Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/translator/custom-translator/release-notes.md
This page presents the latest feature, improvement, bug fix, and known issue rel
#### June language model updates
-&emsp; Current supported language pairs are listed in the following table. For higher quality, we encourage you to retrain your models accordingly. For more information, *see* [Language support](../language-support.md#custom-translator-language-pairs).
+&emsp; Current supported language pairs are listed in the following table. For higher quality, we encourage you to retrain your models accordingly. For more information, *see* [Language support](../language-support.md).
|Source Language|Target Language| |:-|:-|
ai-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/translator/language-support.md
Previously updated : 07/18/2023 Last updated : 11/06/2023 # Translator language support
> [!NOTE] > Language code `pt` will default to `pt-br`, Portuguese (Brazil).
-|Language | Language code | Cloud ΓÇô Text Translation and Document Translation | Containers ΓÇô Text Translation|Custom Translator|Auto Language Detection|Dictionary
-|:-|:-:|:-:|:-:|:-:|:-:|:-:|
-| Afrikaans | `af` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Albanian | `sq` |Γ£ö|Γ£ö||Γ£ö||
-| Amharic | `am` |Γ£ö|Γ£ö||||
-| Arabic | `ar` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Armenian | `hy` |Γ£ö|Γ£ö||Γ£ö||
-| Assamese | `as` |Γ£ö|Γ£ö|Γ£ö|||
-| Azerbaijani (Latin) | `az` |Γ£ö|Γ£ö||||
-| Bangla | `bn` |Γ£ö|Γ£ö|Γ£ö||Γ£ö|
-| Bashkir | `ba` |Γ£ö|Γ£ö||||
-| Basque | `eu` |Γ£ö|Γ£ö||||
-| Bosnian (Latin) | `bs` |Γ£ö|Γ£ö|Γ£ö||Γ£ö|
-| Bulgarian | `bg` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Cantonese (Traditional) | `yue` |Γ£ö|Γ£ö||||
-| Catalan | `ca` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Chinese (Literary) | `lzh` |Γ£ö|Γ£ö||||
-| Chinese Simplified | `zh-Hans` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Chinese Traditional | `zh-Hant` |Γ£ö|Γ£ö|Γ£ö|Γ£ö||
-| chiShona|`sn`|Γ£ö|Γ£ö||||
-| Croatian | `hr` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Czech | `cs` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Danish | `da` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Dari | `prs` |Γ£ö|Γ£ö||||
-| Divehi | `dv` |Γ£ö|Γ£ö||Γ£ö||
-| Dutch | `nl` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| English | `en` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Estonian | `et` |Γ£ö|Γ£ö|Γ£ö|Γ£ö||
-| Faroese | `fo` |Γ£ö|Γ£ö||||
-| Fijian | `fj` |Γ£ö|Γ£ö|Γ£ö|||
-| Filipino | `fil` |Γ£ö|Γ£ö|Γ£ö|||
-| Finnish | `fi` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| French | `fr` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| French (Canada) | `fr-ca` |Γ£ö|Γ£ö||||
-| Galician | `gl` |Γ£ö|Γ£ö||||
-| Georgian | `ka` |Γ£ö|Γ£ö||Γ£ö||
-| German | `de` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Greek | `el` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Gujarati | `gu` |Γ£ö|Γ£ö|Γ£ö|Γ£ö||
-| Haitian Creole | `ht` |Γ£ö|Γ£ö||Γ£ö|Γ£ö|
-| Hausa|`ha`|Γ£ö|Γ£ö||||
-| Hebrew | `he` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Hindi | `hi` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Hmong Daw (Latin) | `mww` |Γ£ö|Γ£ö|||Γ£ö|
-| Hungarian | `hu` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Icelandic | `is` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Igbo|`ig`|Γ£ö|Γ£ö||||
-| Indonesian | `id` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Inuinnaqtun | `ikt` |Γ£ö|Γ£ö||||
-| Inuktitut | `iu` |Γ£ö|Γ£ö|Γ£ö|Γ£ö||
-| Inuktitut (Latin) | `iu-Latn` |Γ£ö|Γ£ö||||
-| Irish | `ga` |Γ£ö|Γ£ö|Γ£ö|Γ£ö||
-| Italian | `it` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Japanese | `ja` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Kannada | `kn` |Γ£ö|Γ£ö|Γ£ö|||
-| Kazakh | `kk` |Γ£ö|Γ£ö||||
-| Khmer | `km` |Γ£ö|Γ£ö||Γ£ö||
-| Kinyarwanda|`rw`|Γ£ö|Γ£ö||||
-| Klingon | `tlh-Latn` |Γ£ö| ||Γ£ö|Γ£ö|
-| Klingon (plqaD) | `tlh-Piqd` |Γ£ö| ||Γ£ö||
-| Konkani|`gom`|Γ£ö|Γ£ö||||
-| Korean | `ko` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Kurdish (Central) | `ku` |Γ£ö|Γ£ö||Γ£ö||
-| Kurdish (Northern) | `kmr` |Γ£ö|Γ£ö||||
-| Kyrgyz (Cyrillic) | `ky` |Γ£ö|Γ£ö||||
-| Lao | `lo` |Γ£ö|Γ£ö||Γ£ö||
-| Latvian | `lv` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Lithuanian | `lt` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Lingala|`ln`|Γ£ö|Γ£ö||||
-| Lower Sorbian|`dsb`|Γ£ö| ||||
-| Luganda|`lug`|Γ£ö|Γ£ö||||
-| Macedonian | `mk` |Γ£ö|Γ£ö||Γ£ö||
-| Maithili|`mai`|Γ£ö|Γ£ö||||
-| Malagasy | `mg` |Γ£ö|Γ£ö|Γ£ö|||
-| Malay (Latin) | `ms` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Malayalam | `ml` |Γ£ö|Γ£ö|Γ£ö|||
-| Maltese | `mt` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Maori | `mi` |Γ£ö|Γ£ö|Γ£ö|||
-| Marathi | `mr` |Γ£ö|Γ£ö|Γ£ö|||
-| Mongolian (Cyrillic) | `mn-Cyrl` |Γ£ö|Γ£ö||||
-| Mongolian (Traditional) | `mn-Mong` |Γ£ö|Γ£ö||Γ£ö||
-| Myanmar | `my` |Γ£ö|Γ£ö||Γ£ö||
-| Nepali | `ne` |Γ£ö|Γ£ö||||
-| Norwegian | `nb` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Nyanja|`nya`|Γ£ö|Γ£ö||||
-| Odia | `or` |Γ£ö|Γ£ö|Γ£ö|||
-| Pashto | `ps` |Γ£ö|Γ£ö||Γ£ö||
-| Persian | `fa` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Polish | `pl` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Portuguese (Brazil) | `pt` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Portuguese (Portugal) | `pt-pt` |Γ£ö|Γ£ö||||
-| Punjabi | `pa` |Γ£ö|Γ£ö|Γ£ö|||
-| Queretaro Otomi | `otq` |Γ£ö|Γ£ö||||
-| Romanian | `ro` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Rundi|`run`|Γ£ö|Γ£ö||||
-| Russian | `ru` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Samoan (Latin) | `sm` |Γ£ö|Γ£ö |Γ£ö|||
-| Serbian (Cyrillic) | `sr-Cyrl` |Γ£ö|Γ£ö||Γ£ö||
-| Serbian (Latin) | `sr-Latn` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Sesotho|`st`|Γ£ö|Γ£ö||||
-| Sesotho sa Leboa|`nso`|Γ£ö|Γ£ö||||
-| Setswana|`tn`|Γ£ö|Γ£ö||||
-| Sindhi|`sd`|Γ£ö|Γ£ö||||
-| Sinhala|`si`|Γ£ö|Γ£ö||||
-| Slovak | `sk` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Slovenian | `sl` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Somali (Arabic) | `so` |Γ£ö|Γ£ö||Γ£ö||
-| Spanish | `es` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Swahili (Latin) | `sw` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Swedish | `sv` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Tahitian | `ty` |Γ£ö|Γ£ö |Γ£ö|Γ£ö||
-| Tamil | `ta` |Γ£ö|Γ£ö|Γ£ö||Γ£ö|
-| Tatar (Latin) | `tt` |Γ£ö|Γ£ö||||
-| Telugu | `te` |Γ£ö|Γ£ö|Γ£ö|||
-| Thai | `th` |Γ£ö|Γ£ö |Γ£ö|Γ£ö|Γ£ö|
-| Tibetan | `bo` |Γ£ö|Γ£ö|||
-| Tigrinya | `ti` |Γ£ö|Γ£ö||||
-| Tongan | `to` |Γ£ö|Γ£ö|Γ£ö|||
-| Turkish | `tr` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Turkmen (Latin) | `tk` |Γ£ö|Γ£ö|||
-| Ukrainian | `uk` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Upper Sorbian | `hsb` |Γ£ö|Γ£ö||||
-| Urdu | `ur` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Uyghur (Arabic) | `ug` |Γ£ö|Γ£ö|||
-| Uzbek (Latin) | `uz` |Γ£ö|Γ£ö||Γ£ö||
-| Vietnamese | `vi` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Welsh | `cy` |Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
-| Xhosa|`xh`|Γ£ö|Γ£ö||||
-| Yoruba|`yo`|Γ£ö|Γ£ö||||
-| Yucatec Maya | `yua` |Γ£ö|Γ£ö||Γ£ö||
-| Zulu | `zu` |Γ£ö|Γ£ö||||
+|Language|Language code|Cloud ΓÇô Text Translation and Document Translation|Containers ΓÇô Text Translation|Custom Translator|Auto Language Detection|Dictionary|
+|:-|:-|:-|:-|:-|:-|:-|
+|Afrikaans|af|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Albanian|sq|Γ£ö|Γ£ö| |Γ£ö| |
+|Amharic|am|Γ£ö|Γ£ö| |Γ£ö| |
+|Arabic|ar|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Armenian|hy|Γ£ö|Γ£ö| |Γ£ö| |
+|Assamese|as|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Azerbaijani (Latin)|az|Γ£ö|Γ£ö| |Γ£ö| |
+|Bangla|bn|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Bashkir|ba|Γ£ö|Γ£ö| |Γ£ö| |
+|Basque|eu|Γ£ö|Γ£ö| |Γ£ö| |
+|Bhojpuri|bho|Γ£ö|Γ£ö | | | |
+|Bodo|brx |Γ£ö|Γ£ö | | | |
+|Bosnian (Latin)|bs|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Bulgarian|bg|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Cantonese (Traditional)|yue|Γ£ö|Γ£ö| |Γ£ö| |
+|Catalan|ca|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Chinese (Literary)|lzh|Γ£ö|Γ£ö| | | |
+|Chinese Simplified|zh-Hans|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Chinese Traditional|zh-Hant|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|chiShona|sn|Γ£ö|Γ£ö| | | |
+|Croatian|hr|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Czech|cs|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Danish|da|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Dari|prs|Γ£ö|Γ£ö| |Γ£ö| |
+|Divehi|dv|Γ£ö|Γ£ö| |Γ£ö| |
+|Dogri|doi|Γ£ö| | | | |
+|Dutch|nl|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|English|en|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Estonian|et|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Faroese|fo|Γ£ö|Γ£ö| |Γ£ö| |
+|Fijian|fj|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Filipino|fil|Γ£ö|Γ£ö|Γ£ö| | |
+|Finnish|fi|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|French|fr|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|French (Canada)|fr-ca|Γ£ö|Γ£ö| | | |
+|Galician|gl|Γ£ö|Γ£ö| |Γ£ö| |
+|Georgian|ka|Γ£ö|Γ£ö| |Γ£ö| |
+|German|de|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Greek|el|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Gujarati|gu|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Haitian Creole|ht|Γ£ö|Γ£ö| |Γ£ö|Γ£ö|
+|Hausa|ha|Γ£ö|Γ£ö| |Γ£ö| |
+|Hebrew|he|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Hindi|hi|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Hmong Daw (Latin)|mww|Γ£ö|Γ£ö| |Γ£ö|Γ£ö|
+|Hungarian|hu|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Icelandic|is|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Igbo|ig|Γ£ö|Γ£ö| |Γ£ö| |
+|Indonesian|id|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Inuinnaqtun|ikt|Γ£ö|Γ£ö| | | |
+|Inuktitut|iu|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Inuktitut (Latin)|iu-Latn|Γ£ö|Γ£ö| |Γ£ö| |
+|Irish|ga|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Italian|it|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Japanese|ja|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Kannada|kn|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Kashmiri|ks|Γ£ö|Γ£ö | | | |
+|Kazakh|kk|Γ£ö|Γ£ö| |Γ£ö| |
+|Khmer|km|Γ£ö|Γ£ö| |Γ£ö| |
+|Kinyarwanda|rw|Γ£ö|Γ£ö| |Γ£ö| |
+|Klingon|tlh-Latn|Γ£ö| | |Γ£ö|Γ£ö|
+|Klingon (plqaD)|tlh-Piqd|Γ£ö| | |Γ£ö| |
+|Konkani|gom|Γ£ö|Γ£ö| | | |
+|Korean|ko|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Kurdish (Central)|ku|Γ£ö|Γ£ö| |Γ£ö| |
+|Kurdish (Northern)|kmr|Γ£ö|Γ£ö| | | |
+|Kyrgyz (Cyrillic)|ky|Γ£ö|Γ£ö| |Γ£ö| |
+|Lao|lo|Γ£ö|Γ£ö| |Γ£ö| |
+|Latvian|lv|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Lithuanian|lt|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Lingala|ln|Γ£ö|Γ£ö| | | |
+|Lower Sorbian|dsb|Γ£ö| | | | |
+|Luganda|lug|Γ£ö|Γ£ö| | | |
+|Macedonian|mk|Γ£ö|Γ£ö| |Γ£ö| |
+|Maithili|mai|Γ£ö|Γ£ö| | | |
+|Malagasy|mg|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Malay (Latin)|ms|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Malayalam|ml|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Maltese|mt|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Maori|mi|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Marathi|mr|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Mongolian (Cyrillic)|mn-Cyrl|Γ£ö|Γ£ö| |Γ£ö| |
+|Mongolian (Traditional)|mn-Mong|Γ£ö|Γ£ö| | | |
+|Myanmar|my|Γ£ö|Γ£ö| |Γ£ö| |
+|Nepali|ne|Γ£ö|Γ£ö| |Γ£ö| |
+|Norwegian|nb|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Nyanja|nya|Γ£ö|Γ£ö| | | |
+|Odia|or|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Pashto|ps|Γ£ö|Γ£ö| |Γ£ö| |
+|Persian|fa|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Polish|pl|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Portuguese (Brazil)|pt|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Portuguese (Portugal)|pt-pt|Γ£ö|Γ£ö| | | |
+|Punjabi|pa|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Queretaro Otomi|otq|Γ£ö|Γ£ö| |Γ£ö| |
+|Romanian|ro|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Rundi|run|Γ£ö|Γ£ö| | | |
+|Russian|ru|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Samoan (Latin)|sm|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Serbian (Cyrillic)|sr-Cyrl|Γ£ö|Γ£ö| |Γ£ö| |
+|Serbian (Latin)|sr-Latn|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Sesotho|st|Γ£ö|Γ£ö| | | |
+|Sesotho sa Leboa|nso|Γ£ö|Γ£ö| | | |
+|Setswana|tn|Γ£ö|Γ£ö| | | |
+|Sindhi|sd|Γ£ö|Γ£ö| |Γ£ö| |
+|Sinhala|si|Γ£ö|Γ£ö| |Γ£ö| |
+|Slovak|sk|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Slovenian|sl|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Somali (Arabic)|so|Γ£ö|Γ£ö| |Γ£ö| |
+|Spanish|es|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Swahili (Latin)|sw|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Swedish|sv|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Tahitian|ty|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Tamil|ta|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Tatar (Latin)|tt|Γ£ö|Γ£ö| |Γ£ö| |
+|Telugu|te|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Thai|th|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Tibetan|bo|Γ£ö|Γ£ö| |Γ£ö| |
+|Tigrinya|ti|Γ£ö|Γ£ö| |Γ£ö| |
+|Tongan|to|Γ£ö|Γ£ö|Γ£ö|Γ£ö| |
+|Turkish|tr|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Turkmen (Latin)|tk|Γ£ö|Γ£ö| |Γ£ö| |
+|Ukrainian|uk|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Upper Sorbian|hsb|Γ£ö|Γ£ö| |Γ£ö| |
+|Urdu|ur|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Uyghur (Arabic)|ug|Γ£ö|Γ£ö| |Γ£ö| |
+|Uzbek (Latin)|uz|Γ£ö|Γ£ö| |Γ£ö| |
+|Vietnamese|vi|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Welsh|cy|Γ£ö|Γ£ö|Γ£ö|Γ£ö|Γ£ö|
+|Xhosa|xh|Γ£ö|Γ£ö| |Γ£ö| |
+|Yoruba|yo|Γ£ö|Γ£ö| |Γ£ö| |
+|Yucatec Maya|yua|Γ£ö|Γ£ö| |Γ£ö| |
+|Zulu|zu|Γ£ö|Γ£ö| |Γ£ö| |
## Document Translation: scanned PDF support
The [Transliterate operation](reference/v3-0-transliterate.md) in the Text Trans
|Ukrainian| `uk` | Cyrillic `Cyrl` | <--> | Latin `Latn` | |Urdu| `ur` | Arabic `Arab` | <--> | Latin `Latn` |
-## Custom Translator language pairs
-
-|Source Language|Target Language|
-|:-|:-|
-| Czech (cs-cz) | English (en-us) |
-| Danish (da-dk) | English (en-us) |
-| German (de-&#8203;de) | English (en-us) |
-| Greek (el-gr) | English (en-us) |
-| English (en-us) | Arabic (ar-sa) |
-| English (en-us) | Czech (cs-cz) |
-| English (en-us) | Danish (da-dk) |
-| English (en-us) | German (de-&#8203;de) |
-| English (en-us) | Greek (el-gr) |
-| English (en-us) | Spanish (es-es) |
-| English (en-us) | French (fr-fr) |
-| English (en-us) | Hebrew (he-il) |
-| English (en-us) | Hindi (hi-in) |
-| English (en-us) | Croatian (hr-hr) |
-| English (en-us) | Hungarian (hu-hu) |
-| English (en-us) | Indonesian (id-id) |
-| English (en-us) | Italian (it-it) |
-| English (en-us) | Japanese (ja-jp) |
-| English (en-us) | Korean (ko-kr) |
-| English (en-us) | Lithuanian (lt-lt) |
-| English (en-us) | Latvian (lv-lv) |
-| English (en-us) | Norwegian (nb-no) |
-| English (en-us) | Polish (pl-pl) |
-| English (en-us) | Portuguese (pt-pt) |
-| English (en-us) | Russian (ru-ru) |
-| English (en-us) | Slovak (sk-sk) |
-| English (en-us) | Swedish (sv-se) |
-| English (en-us) | Ukrainian (uk-ua) |
-| English (en-us) | Vietnamese (vi-vn) |
-| English (en-us) | Chinese Simplified (zh-cn) |
-| Spanish (es-es) | English (en-us) |
-| French (fr-fr) | English (en-us) |
-| Hindi (hi-in) | English (en-us) |
-| Hungarian (hu-hu) | English (en-us) |
-| Indonesian (id-id) | English (en-us) |
-| Italian (it-it) | English (en-us) |
-| Japanese (ja-jp) | English (en-us) |
-| Korean (ko-kr) | English (en-us) |
-| Norwegian (nb-no) | English (en-us) |
-| Dutch (nl-nl) | English (en-us) |
-| Polish (pl-pl) | English (en-us) |
-| Portuguese (pt-br) | English (en-us) |
-| Russian (ru-ru) | English (en-us) |
-| Swedish (sv-se) | English (en-us) |
-| Thai (th-th) | English (en-us) |
-| Turkish (tr-tr) | English (en-us) |
-| Vietnamese (vi-vn) | English (en-us) |
-| Chinese Simplified (zh-cn) | English (en-us) |
- ## Other Azure AI services Add more capabilities to your apps and workflows by utilizing other Azure AI services with Translator. Language support for other
aks Azure Cni Overlay https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/azure-cni-overlay.md
Previously updated : 08/11/2023 Last updated : 11/03/2023 # Configure Azure CNI Overlay networking in Azure Kubernetes Service (AKS)
You can configure the maximum number of pods per node at the time of cluster cre
## Choosing a network model to use
-Azure CNI offers two IP addressing options for pods: the traditional configuration that assigns VNet IPs to pods and Overlay networking. The choice of which option to use for your AKS cluster is a balance between flexibility and advanced configuration needs. The following considerations help outline when each network model may be the most appropriate.
+Azure CNI offers two IP addressing options for pods: The traditional configuration that assigns VNet IPs to pods and Overlay networking. The choice of which option to use for your AKS cluster is a balance between flexibility and advanced configuration needs. The following considerations help outline when each network model might be the most appropriate.
**Use Overlay networking when**:
Azure CNI Overlay has the following limitations:
- You can't use Application Gateway as an Ingress Controller (AGIC) for an Overlay cluster. - Virtual Machine Availability Sets (VMAS) aren't supported for Overlay.-- Dual stack networking isn't supported in Overlay. - You can't use [DCsv2-series](/azure/virtual-machines/dcv2-series) virtual machines in node pools. To meet Confidential Computing requirements, consider using [DCasv5 or DCadsv5-series confidential VMs](/azure/virtual-machines/dcasv5-dcadsv5-series) instead. ## Set up Overlay clusters
clusterName="myOverlayCluster"
resourceGroup="myResourceGroup" location="westcentralus"
-az aks create -n $clusterName -g $resourceGroup --location $location --network-plugin azure --network-plugin-mode overlay --pod-cidr 192.168.0.0/16
+az aks create -n $clusterName -g $resourceGroup \
+ --location $location \
+ --network-plugin azure \
+ --network-plugin-mode overlay \
+ --pod-cidr 192.168.0.0/16
``` ## Upgrade an existing cluster to CNI Overlay
az aks create -n $clusterName -g $resourceGroup --location $location --network-p
> Prior to Windows OS Build 20348.1668, there was a limitation around Windows Overlay pods incorrectly SNATing packets from host network pods, which had a more detrimental effect for clusters upgrading to Overlay. To avoid this issue, **use Windows OS Build greater than or equal to 20348.1668**. > [!WARNING]
-> If using a custom azure-ip-masq-agent config to include additional IP ranges that should not SNAT packets from pods, upgrading to Azure CNI Overlay may break connectivity to these ranges. Pod IPs from the overlay space will not be reachable by anything outside the cluster nodes.
-> Additionally, for sufficiently old clusters there may be a ConfigMap left over from a previous version of azure-ip-masq-agent. If this ConfigMap, named `azure-ip-masq-agent-config`, exists and is not intetionally in-place it should be deleted before running the update command.
+> If using a custom azure-ip-masq-agent config to include additional IP ranges that should not SNAT packets from pods, upgrading to Azure CNI Overlay can break connectivity to these ranges. Pod IPs from the overlay space will not be reachable by anything outside the cluster nodes.
+> Additionally, for sufficiently old clusters there might be a ConfigMap left over from a previous version of azure-ip-masq-agent. If this ConfigMap, named `azure-ip-masq-agent-config`, exists and is not intetionally in-place it should be deleted before running the update command.
> If not using a custom ip-masq-agent config, only the `azure-ip-masq-agent-config-reconciled` ConfigMap should exist with respect to Azure ip-masq-agent ConfigMaps and this will be updated automatically during the upgrade process. The upgrade process triggers each node pool to be re-imaged simultaneously. Upgrading each node pool separately to Overlay isn't supported. Any disruptions to cluster networking are similar to a node image upgrade or Kubernetes version upgrade where each node in a node pool is re-imaged.
az aks update --name $clusterName \
The `--pod-cidr` parameter is required when upgrading from legacy CNI because the pods need to get IPs from a new overlay space, which doesn't overlap with the existing node subnet. The pod CIDR also can't overlap with any VNet address of the node pools. For example, if your VNet address is *10.0.0.0/8*, and your nodes are in the subnet *10.240.0.0/16*, the `--pod-cidr` can't overlap with *10.0.0.0/8* or the existing service CIDR on the cluster.
+## Dual-stack Networking (Preview)
+
+You can deploy your AKS clusters in a dual-stack mode when using Overlay networking and a dual-stack Azure virtual network. In this configuration, nodes receive both an IPv4 and IPv6 address from the Azure virtual network subnet. Pods receive both an IPv4 and IPv6 address from a logically different address space to the Azure virtual network subnet of the nodes. Network address translation (NAT) is then configured so that the pods can reach resources on the Azure virtual network. The source IP address of the traffic is NAT'd to the node's primary IP address of the same family (IPv4 to IPv4 and IPv6 to IPv6).
++
+### Prerequisites
+
+ - You must have Azure CLI 2.48.0 or later installed.
+ - You must register the `Microsoft.ContainerService` `AzureOverlayDualStackPreview` feature flag.
+ - Kubernetes version 1.26.3 or greater.
+
+### Limitations
+
+The following features aren't supported with dual-stack networking:
+ - Windows Nodepools
+ - Azure network policies
+ - Calico network policies
+ - NAT Gateway
+ - Virtual nodes add-on
+
+## Deploy a dual-stack AKS cluster
+
+The following attributes are provided to support dual-stack clusters:
+
+* **`--ip-families`**: Takes a comma-separated list of IP families to enable on the cluster.
+ * Only `ipv4` or `ipv4,ipv6` are supported.
+* **`--pod-cidrs`**: Takes a comma-separated list of CIDR notation IP ranges to assign pod IPs from.
+ * The count and order of ranges in this list must match the value provided to `--ip-families`.
+ * If no values are supplied, the default value `10.244.0.0/16,fd12:3456:789a::/64` is used.
+* **`--service-cidrs`**: Takes a comma-separated list of CIDR notation IP ranges to assign service IPs from.
+ * The count and order of ranges in this list must match the value provided to `--ip-families`.
+ * If no values are supplied, the default value `10.0.0.0/16,fd12:3456:789a:1::/108` is used.
+ * The IPv6 subnet assigned to `--service-cidrs` can be no larger than a /108.
+
+### Register the `AzureOverlayDualStackPreview` feature flag
+
+1. Register the `AzureOverlayDualStackPreview` feature flag using the [`az feature register`][az-feature-register] command. It takes a few minutes for the status to show *Registered*.
+
+```azurecli-interactive
+az feature register --namespace "Microsoft.ContainerService" --name "AzureOverlayDualStackPreview"
+```
+
+2. Verify the registration status using the [`az feature show`][az-feature-show] command.
+
+```azurecli-interactive
+az feature show --namespace "Microsoft.ContainerService" --name "AzureOverlayDualStackPreview"
+```
+
+3. When the status reflects *Registered*, refresh the registration of the *Microsoft.ContainerService* resource provider using the [`az provider register`][az-provider-register] command.
+
+```azurecli-interactive
+az provider register --namespace Microsoft.ContainerService
+```
+
+### Create a dual-stack AKS cluster
+
+1. Create an Azure resource group for the cluster using the [`az group create`][az-group-create] command.
+
+ ```azurecli-interactive
+ az group create -l <region> -n <resourceGroupName>
+ ```
+
+2. Create a dual-stack AKS cluster using the [`az aks create`][az-aks-create] command with the `--ip-families` parameter set to `ipv4,ipv6`.
+
+ ```azurecli-interactive
+ az aks create -l <region> -g <resourceGroupName> -n <clusterName> \
+ --network-plugin azure \
+ --network-plugin-mode overlay \
+ --ip-families ipv4,ipv6
+ ```
+++
+## Create an example workload
+
+Once the cluster has been created, you can deploy your workloads. This article walks you through an example workload deployment of an NGINX web server.
+
+### Deploy an NGINX web server
+
+# [kubectl](#tab/kubectl)
+
+1. Create an NGINX web server using the `kubectl create deployment nginx` command.
+
+ ```bash-interactive
+ kubectl create deployment nginx --image=nginx:latest --replicas=3
+ ```
+
+2. View the pod resources using the `kubectl get pods` command.
+
+ ```bash-interactive
+ kubectl get pods -o custom-columns="NAME:.metadata.name,IPs:.status.podIPs[*].ip,NODE:.spec.nodeName,READY:.status.conditions[?(@.type=='Ready')].status"
+ ```
+
+ The output shows the pods have both IPv4 and IPv6 addresses. The pods don't show IP addresses until they're ready.
+
+ ```output
+ NAME IPs NODE READY
+ nginx-55649fd747-9cr7h 10.244.2.2,fd12:3456:789a:0:2::2 aks-nodepool1-14508455-vmss000002 True
+ nginx-55649fd747-p5lr9 10.244.0.7,fd12:3456:789a::7 aks-nodepool1-14508455-vmss000000 True
+ nginx-55649fd747-r2rqh 10.244.1.2,fd12:3456:789a:0:1::2 aks-nodepool1-14508455-vmss000001 True
+ ```
+
+# [YAML](#tab/yaml)
+
+1. Create an NGINX web server using the following YAML manifest.
+
+ ```yml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ app: nginx
+ name: nginx
+ spec:
+ replicas: 3
+ selector:
+ matchLabels:
+ app: nginx
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - image: nginx:latest
+ name: nginx
+ ```
+
+2. View the pod resources using the `kubectl get pods` command.
+
+ ```bash-interactive
+ kubectl get pods -o custom-columns="NAME:.metadata.name,IPs:.status.podIPs[*].ip,NODE:.spec.nodeName,READY:.status.conditions[?(@.type=='Ready')].status"
+ ```
+
+ The output shows the pods have both IPv4 and IPv6 addresses. The pods don't show IP addresses until they're ready.
+
+ ```output
+ NAME IPs NODE READY
+ nginx-55649fd747-9cr7h 10.244.2.2,fd12:3456:789a:0:2::2 aks-nodepool1-14508455-vmss000002 True
+ nginx-55649fd747-p5lr9 10.244.0.7,fd12:3456:789a::7 aks-nodepool1-14508455-vmss000000 True
+ nginx-55649fd747-r2rqh 10.244.1.2,fd12:3456:789a:0:1::2 aks-nodepool1-14508455-vmss000001 True
+ ```
+++
+## Expose the workload via a `LoadBalancer` type service
+
+> [!IMPORTANT]
+> There are currently **two limitations** pertaining to IPv6 services in AKS.
+>
+> 1. Azure Load Balancer sends health probes to IPv6 destinations from a link-local address. In Azure Linux node pools, this traffic can't be routed to a pod, so traffic flowing to IPv6 services deployed with `externalTrafficPolicy: Cluster` fail. IPv6 services must be deployed with `externalTrafficPolicy: Local`, which causes `kube-proxy` to respond to the probe on the node.
+> 2. Prior to Kubernetes version 1.27, only the first IP address for a service will be provisioned to the load balancer, so a dual-stack service only receives a public IP for its first-listed IP family. To provide a dual-stack service for a single deployment, please create two services targeting the same selector, one for IPv4 and one for IPv6. This is no longer a limitation in kubernetes 1.27 or later.
+
+# [kubectl](#tab/kubectl)
+
+1. Expose the NGINX deployment using the `kubectl expose deployment nginx` command.
+
+ ```bash-interactive
+ kubectl expose deployment nginx --name=nginx-ipv4 --port=80 --type=LoadBalancer'
+ kubectl expose deployment nginx --name=nginx-ipv6 --port=80 --type=LoadBalancer --overrides='{"spec":{"ipFamilies": ["IPv6"]}}'
+ ```
+
+ You receive an output that shows the services have been exposed.
+
+ ```output
+ service/nginx-ipv4 exposed
+ service/nginx-ipv6 exposed
+ ```
+
+2. Once the deployment is exposed and the `LoadBalancer` services are fully provisioned, get the IP addresses of the services using the `kubectl get services` command.
+
+ ```bash-interactive
+ kubectl get services
+ ```
+
+ ```output
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ nginx-ipv4 LoadBalancer 10.0.88.78 20.46.24.24 80:30652/TCP 97s
+ nginx-ipv6 LoadBalancer fd12:3456:789a:1::981a 2603:1030:8:5::2d 80:32002/TCP 63s
+ ```
+
+3. Verify functionality via a command-line web request from an IPv6 capable host. Azure Cloud Shell isn't IPv6 capable.
+
+ ```bash-interactive
+ SERVICE_IP=$(kubectl get services nginx-ipv6 -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ curl -s "http://[${SERVICE_IP}]" | head -n5
+ ```
+
+ ```html
+ <!DOCTYPE html>
+ <html>
+ <head>
+ <title>Welcome to nginx!</title>
+ <style>
+ ```
+
+# [YAML](#tab/yaml)
+
+1. Expose the NGINX deployment using the following YAML manifest.
+
+ ```yml
+
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ app: nginx
+ name: nginx-ipv4
+ spec:
+ externalTrafficPolicy: Cluster
+ ports:
+ - port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: nginx
+ type: LoadBalancer
+
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ app: nginx
+ name: nginx-ipv6
+ spec:
+ externalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ports:
+ - port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: nginx
+ type: LoadBalancer
+ ```
+
+2. Once the deployment is exposed and the `LoadBalancer` services are fully provisioned, get the IP addresses of the services using the `kubectl get services` command.
+
+ ```bash-interactive
+ kubectl get services
+ ```
+
+ ```output
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ nginx-ipv4 LoadBalancer 10.0.88.78 20.46.24.24 80:30652/TCP 97s
+ nginx-ipv6 LoadBalancer fd12:3456:789a:1::981a 2603:1030:8:5::2d 80:32002/TCP 63s
+ ```
+++ ## Next steps To learn how to utilize AKS with your own Container Network Interface (CNI) plugin, see [Bring your own Container Network Interface (CNI) plugin](use-byo-cni.md).
aks Azure Cni Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/azure-cni-overview.md
With [Azure Container Networking Interface (CNI)][cni-networking], every pod get
* The virtual network for the AKS cluster must allow outbound internet connectivity.
-* AKS clusters may not use `169.254.0.0/16`, `172.30.0.0/16`, `172.31.0.0/16`, or `192.0.2.0/24` for the Kubernetes service address range, pod address range, or cluster virtual network address range.
+* AKS clusters can't use `169.254.0.0/16`, `172.30.0.0/16`, `172.31.0.0/16`, or `192.0.2.0/24` for the Kubernetes service address range, pod address range, or cluster virtual network address range.
* The cluster identity used by the AKS cluster must have at least [Network Contributor](../role-based-access-control/built-in-roles.md#network-contributor) permissions on the subnet within your virtual network. If you wish to define a [custom role](../role-based-access-control/custom-roles.md) instead of using the built-in Network Contributor role, the following permissions are required:
IP addresses for the pods and the cluster's nodes are assigned from the specifie
> * When you **upgrade** your AKS cluster, a new node is deployed into the cluster. Services and workloads begin to run on the new node, and an older node is removed from the cluster. This rolling upgrade process requires a minimum of one additional block of IP addresses to be available. Your node count is then `n + 1`. > * This consideration is particularly important when you use Windows Server node pools. Windows Server nodes in AKS do not automatically apply Windows Updates, instead you perform an upgrade on the node pool. This upgrade deploys new nodes with the latest Window Server 2019 base node image and security patches. For more information on upgrading a Windows Server node pool, see [Upgrade a node pool in AKS][nodepool-upgrade]. >
-> * When you **scale** an AKS cluster, a new node is deployed into the cluster. Services and workloads begin to run on the new node. Your IP address range needs to take into considerations how you may want to scale up the number of nodes and pods your cluster can support. One additional node for upgrade operations should also be included. Your node count is then `n + number-of-additional-scaled-nodes-you-anticipate + 1`.
+> * When you **scale** an AKS cluster, a new node is deployed into the cluster. Services and workloads begin to run on the new node. Your IP address range needs to take into considerations how you might want to scale up the number of nodes and pods your cluster can support. One additional node for upgrade operations should also be included. Your node count is then `n + number-of-additional-scaled-nodes-you-anticipate + 1`.
-If you expect your nodes to run the maximum number of pods, and regularly destroy and deploy pods, you should also factor in some extra IP addresses per node. A few seconds may be required to delete a service and release its IP address for a new service to be deployed and acquire the address. These extra IP addresses consider this possibility.
+If you expect your nodes to run the maximum number of pods, and regularly destroy and deploy pods, you should also factor in some extra IP addresses per node. A few seconds can be required to delete a service and release its IP address for a new service to be deployed and acquire the address. These extra IP addresses consider this possibility.
The IP address plan for an AKS cluster consists of a virtual network, at least one subnet for nodes and pods, and a Kubernetes service address range. | Address range / Azure resource | Limits and sizing | | | - |
-| Virtual network | The Azure virtual network can be as large as /8, but is limited to 65,536 configured IP addresses. Consider all your networking needs, including communicating with services in other virtual networks, before configuring your address space. For example, if you configure too large of an address space, you may run into issues with overlapping other address spaces within your network.|
+| Virtual network | The Azure virtual network can be as large as /8, but is limited to 65,536 configured IP addresses. Consider all your networking needs, including communicating with services in other virtual networks, before configuring your address space. For example, if you configure too large of an address space, you might run into issues with overlapping other address spaces within your network.|
| Subnet | Must be large enough to accommodate the nodes, pods, and all Kubernetes and Azure resources that might be provisioned in your cluster. For example, if you deploy an internal Azure Load Balancer, its front-end IPs are allocated from the cluster subnet, not public IPs. The subnet size should also take into account upgrade operations or future scaling needs.<p/> Use the following equation to calculate the *minimum* subnet size including an extra node for upgrade operations: `(number of nodes + 1) + ((number of nodes + 1) * maximum pods per node that you configure)`<p/> Example for a 50 node cluster: `(51) + (51 * 30 (default)) = 1,581` (/21 or larger)<p/>Example for a 50 node cluster that also includes preparation to scale up an extra 10 nodes: `(61) + (61 * 30 (default)) = 1,891` (/21 or larger)<p>If you don't specify a maximum number of pods per node when you create your cluster, the maximum number of pods per node is set to *30*. The minimum number of IP addresses required is based on that value. If you calculate your minimum IP address requirements on a different maximum value, see [how to configure the maximum number of pods per node](#configure-maximumnew-clusters) to set this value when you deploy your cluster. | | Kubernetes service address range | Any network element on or connected to this virtual network must not use this range. Service address CIDR must be smaller than /12. You can reuse this range across different AKS clusters. | | Kubernetes DNS service IP address | IP address within the Kubernetes service address range that is used by cluster service discovery. Don't use the first IP address in your address range. The first address in your subnet range is used for the *kubernetes.default.svc.cluster.local* address. |
A minimum value for maximum pods per node is enforced to guarantee space for sys
The maxPod per node setting can be defined when you create a new node pool. If you need to increase the maxPod per node setting on an existing cluster, add a new node pool with the new desired maxPod count. After migrating your pods to the new pool, delete the older pool. To delete any older pool in a cluster, ensure you're setting node pool modes as defined in the [system node pools document][system-node-pools]. + ## Deployment parameters When you create an AKS cluster, the following parameters are configurable for Azure CNI networking:
aks Concepts Vulnerability Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/concepts-vulnerability-management.md
The following table describes vulnerability severity categories:
AKS patches CVEs that has a *vendor fix* every week. CVEs without a fix are waiting on a *vendor fix* before it can be remediated. The fixed container images are cached in the next corresponding Virtual Hard Disk (VHD) build, which also contains the updated Ubuntu/Azure Linux/Windows patched CVEs. As long as you're running the updated VHD, you shouldn't be running any container image CVEs with a vendor fix that is over 30 days old.
-For the OS-based vulnerabilities in the VHD, AKS uses **Unattended Update** by default, so any security updates should be applied to the existing VHDs daily. If **Unattended Update** is disabled, then it's a recommended best practice that you apply a Node Image update on a regular cadence to ensure the latest OS and Image security updates are applied.
+For the OS-based vulnerabilities in the VHD, AKS also relies on node image vhd updates by default, so any security updates will come with weekly node image releases . Unattended upgrades is disabled unless you switch to unmanaged which is not recommended as its release is global.
## Update release timelines
aks Configure Kubenet Dual Stack https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/configure-kubenet-dual-stack.md
Once the cluster has been created, you can deploy your workloads. This article w
## Expose the workload via a `LoadBalancer` type service > [!IMPORTANT]
-> There are currently **two limitations** pertaining to IPv6 services in AKS. These are both preview limitations and work is underway to remove them.
+> There are currently **two limitations** pertaining to IPv6 services in AKS.
> > 1. Azure Load Balancer sends health probes to IPv6 destinations from a link-local address. In Azure Linux node pools, this traffic can't be routed to a pod, so traffic flowing to IPv6 services deployed with `externalTrafficPolicy: Cluster` fail. IPv6 services must be deployed with `externalTrafficPolicy: Local`, which causes `kube-proxy` to respond to the probe on the node. > 2. Only the first IP address for a service will be provisioned to the load balancer, so a dual-stack service only receives a public IP for its first-listed IP family. To provide a dual-stack service for a single deployment, please create two services targeting the same selector, one for IPv4 and one for IPv6.
aks Keda About https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/keda-about.md
Title: Kubernetes Event-driven Autoscaling (KEDA) (Preview)
+ Title: Kubernetes Event-driven Autoscaling (KEDA)
description: Simplified application autoscaling with Kubernetes Event-driven Autoscaling (KEDA) add-on. Previously updated : 06/06/2023 Last updated : 08/08/2023
-# Simplified application autoscaling with Kubernetes Event-driven Autoscaling (KEDA) add-on (Preview)
+# Simplified application autoscaling with Kubernetes Event-driven Autoscaling (KEDA) add-on
Kubernetes Event-driven Autoscaling (KEDA) is a single-purpose and lightweight component that strives to make application autoscaling simple and is a CNCF Graduate project. It applies event-driven autoscaling to scale your application to meet demand in a sustainable and cost-efficient manner with scale-to-zero.
-The KEDA add-on makes it even easier by deploying a managed KEDA installation, providing you with [a rich catalog of 50+ KEDA scalers][keda-scalers] that you can scale your applications with on your Azure Kubernetes Services (AKS) cluster.
-
+The KEDA add-on makes it even easier by deploying a managed KEDA installation, providing you with [a rich catalog of Azure KEDA scalers][keda-scalers] that you can scale your applications with on your Azure Kubernetes Services (AKS) cluster.
## Architecture
The KEDA add-on makes it even easier by deploying a managed KEDA installation, p
Learn more about how KEDA works in the [official KEDA documentation][keda-architecture].
-## Installation and version
+## Installation
KEDA can be added to your Azure Kubernetes Service (AKS) cluster by enabling the KEDA add-on using an [ARM template][keda-arm] or [Azure CLI][keda-cli].
The KEDA add-on provides a fully supported installation of KEDA that is integrat
KEDA provides the following capabilities and features: - Build sustainable and cost-efficient applications with scale-to-zero-- Scale application workloads to meet demand using [a rich catalog of 50+ KEDA scalers][keda-scalers]
+- Scale application workloads to meet demand using [a rich catalog of Azure KEDA scalers][keda-scalers]
- Autoscale applications with `ScaledObjects`, such as Deployments, StatefulSets or any custom resource that defines `/scale` subresource - Autoscale job-like workloads with `ScaledJobs` - Use production-grade security by decoupling autoscaling authentication from workloads - Bring-your-own external scaler to use tailor-made autoscaling decisions
+- Integrate with [Microsoft Entra Workload ID][workload-identity] for authentication
+
+> [!NOTE]
+> If you plan to use workload identity, [enable the workload identity add-on][workload-identity-deploy] before enabling the KEDA add-on.
## Add-on limitations
The KEDA AKS add-on has the following limitations:
* KEDA's [external scaler for Azure Cosmos DB][keda-cosmos-db-scaler] to scale based on Azure Cosmos DB change feed isn't installed with the extension, but can be deployed separately. * Only one metric server is allowed in the Kubernetes cluster. Because of that the KEDA add-on should be the only metrics server inside the cluster. * Multiple KEDA installations aren't supported
-* Managed identity isn't supported.
For general KEDA questions, we recommend [visiting the FAQ overview][keda-faq]. +
+## Supported Kubernetes and KEDA versions
+
+Your cluster Kubernetes version determines what KEDA version will be installed on your AKS cluster. To see which KEDA version maps to each AKS version, see the **AKS managed add-ons** column of the [Kubernetes component version table](./supported-kubernetes-versions.md#aks-components-breaking-changes-by-version).
+
+For GA Kubernetes versions, AKS offers full support of the corresponding KEDA minor version in the table. Kubernetes preview versions and the latest KEDA patch are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use. For more information, see the following support articles:
+
+- [AKS support policies][support-policies]
+- [Azure support FAQ][azure-support-faq]
+ ## Next steps * [Enable the KEDA add-on with an ARM template][keda-arm] * [Enable the KEDA add-on with the Azure CLI][keda-cli] * [Troubleshoot KEDA add-on problems][keda-troubleshoot] * [Autoscale a .NET Core worker processing Azure Service Bus Queue messages][keda-sample]
+* [View the upstream KEDA docs][keda]
<!-- LINKS - internal --> [keda-azure-cli]: keda-deploy-addon-az-cli.md [keda-cli]: keda-deploy-add-on-cli.md [keda-arm]: keda-deploy-add-on-arm.md [keda-troubleshoot]: /troubleshoot/azure/azure-kubernetes/troubleshoot-kubernetes-event-driven-autoscaling-add-on?context=/azure/aks/context/aks-context
+[workload-identity]: ./workload-identity-overview.md
+[workload-identity-deploy]: ./workload-identity-deploy-cluster.md
+[support-policies]: ./support-policies.md
<!-- LINKS - external --> [keda]: https://keda.sh/
For general KEDA questions, we recommend [visiting the FAQ overview][keda-faq].
[keda-scalers]: https://keda.sh/docs/scalers/ [keda-http-add-on]: https://github.com/kedacore/http-add-on [keda-cosmos-db-scaler]: https://github.com/kedacore/external-scaler-azure-cosmos-db
+[azure-support-faq]: https://azure.microsoft.com/support/legal/faq/
aks Keda Deploy Add On Arm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/keda-deploy-add-on-arm.md
Title: Install the Kubernetes Event-driven Autoscaling (KEDA) add-on using an ARM template description: Use an ARM template to deploy the Kubernetes Event-driven Autoscaling (KEDA) add-on to Azure Kubernetes Service (AKS).-+ Last updated 09/26/2023-+ # Install the Kubernetes Event-driven Autoscaling (KEDA) add-on using an ARM template
This article shows you how to deploy the Kubernetes Event-driven Autoscaling (KE
- You need the [Azure CLI installed](/cli/azure/install-azure-cli). - This article assumes you have an existing Azure resource group. If you don't have an existing resource group, you can create one using the [`az group create`][az-group-create] command. - Ensure you have firewall rules configured to allow access to the Kubernetes API server. For more information, see [Outbound network and FQDN rules for Azure Kubernetes Service (AKS) clusters][aks-firewall-requirements].-- [Install the `aks-preview` Azure CLI extension](#install-the-aks-preview-azure-cli-extension).-- [Register the `AKS-KedaPreview` feature flag](#register-the-aks-kedapreview-feature-flag). - [Create an SSH key pair](#create-an-ssh-key-pair).
-### Install the `aks-preview` Azure CLI extension
-
-1. Install the `aks-preview` extension using the [`az extension add`][az-extension-add] command.
-
- ```azurecli-interactive
- az extension add --name aks-preview
- ```
-
-2. Update to the latest version of the `aks-preview` extension using the [`az extension update`][az-extension-update] command.
-
- ```azurecli-interactive
- az extension update --name aks-preview
- ```
-
-### Register the `AKS-KedaPreview` feature flag
-
-1. Register the `AKS-KedaPreview` feature flag using the [`az feature register`][az-feature-register] command.
-
- ```azurecli-interactive
- az feature register --namespace "Microsoft.ContainerService" --name "AKS-KedaPreview"
- ```
-
- It takes a few minutes for the status to show *Registered*.
-
-2. Verify the registration status using the [`az feature show`][az-feature-show] command.
-
- ```azurecli-interactive
- az feature show --namespace "Microsoft.ContainerService" --name "AKS-KedaPreview"
- ```
-
-3. When the status reflects *Registered*, refresh the registration of the *Microsoft.ContainerService* resource provider using the [`az provider register`][az-provider-register] command.
-
- ```azurecli-interactive
- az provider register --namespace Microsoft.ContainerService
- ```
-
-### Create an SSH key pair
+## Create an SSH key pair
1. Navigate to the [Azure Cloud Shell](https://shell.azure.com/). 2. Create an SSH key pair using the [`az sshkey create`][az-sshkey-create] command.
To connect to the Kubernetes cluster from your local device, you use [kubectl][k
If you use the Azure Cloud Shell, `kubectl` is already installed. You can also install it locally using the [`az aks install-cli`][az-aks-install-cli] command. -- Configure `kubectl` to connect to your Kubernetes cluster using the [`az aks get-credentials`][az-aks-get-credentials] command.-
- ```azurecli-interactive
- az aks get-credentials --resource-group <resource-group-name> --name <cluster-name>
- ```
+- Configure `kubectl` to connect to your Kubernetes cluster, use the [az aks get-credentials][az-aks-get-credentials] command. The following example gets credentials for the AKS cluster named *MyAKSCluster* in the *MyResourceGroup*:
+
+```azurecli
+az aks get-credentials --resource-group MyResourceGroup --name MyAKSCluster
+```
+
+## Example deployment
+
+The following snippet is a sample deployment that creates a cluster with KEDA enabled with a single node pool comprised of three `DS2_v5` nodes.
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "apiVersion": "2023-03-01",
+ "dependsOn": [],
+ "type": "Microsoft.ContainerService/managedClusters",
+ "location": "westcentralus",
+ "name": "myAKSCluster",
+ "properties": {
+ "kubernetesVersion": "1.27",
+ "enableRBAC": true,
+ "dnsPrefix": "myAKSCluster",
+ "agentPoolProfiles": [
+ {
+ "name": "agentpool",
+ "osDiskSizeGB": 200,
+ "count": 3,
+ "enableAutoScaling": false,
+ "vmSize": "Standard_D2S_v5",
+ "osType": "Linux",
+ "storageProfile": "ManagedDisks",
+ "type": "VirtualMachineScaleSets",
+ "mode": "System",
+ "maxPods": 110,
+ "availabilityZones": [],
+ "nodeTaints": [],
+ "enableNodePublicIP": false
+ }
+ ],
+ "networkProfile": {
+ "loadBalancerSku": "standard",
+ "networkPlugin": "kubenet"
+ },
+ "workloadAutoScalerProfile": {
+ "keda": {
+ "enabled": true
+ }
+ }
+ },
+ "identity": {
+ "type": "SystemAssigned"
+ }
+ }
+ ]
+}
+```
## Start scaling apps with KEDA
This article showed you how to install the KEDA add-on on an AKS cluster, and th
For information on KEDA troubleshooting, see [Troubleshoot the Kubernetes Event-driven Autoscaling (KEDA) add-on][keda-troubleshoot].
+To learn more, view the [upstream KEDA docs][keda].
+ <!-- LINKS - internal --> [az-group-delete]: /cli/azure/group#az-group-delete [keda-troubleshoot]: /troubleshoot/azure/azure-kubernetes/troubleshoot-kubernetes-event-driven-autoscaling-add-on?context=/azure/aks/context/aks-context
For information on KEDA troubleshooting, see [Troubleshoot the Kubernetes Event-
[kubectl]: https://kubernetes.io/docs/reference/kubectl/ [keda-scalers]: https://keda.sh/docs/scalers/ [keda-sample]: https://github.com/kedacore/sample-dotnet-worker-servicebus-queue
+[keda]: https://keda.sh/docs/2.12/
aks Keda Deploy Add On Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/keda-deploy-add-on-cli.md
This article shows you how to install the Kubernetes Event-driven Autoscaling (K
- You need an Azure subscription. If you don't have an Azure subscription, you can create a [free account](https://azure.microsoft.com/free). - You need the [Azure CLI installed](/cli/azure/install-azure-cli). - Ensure you have firewall rules configured to allow access to the Kubernetes API server. For more information, see [Outbound network and FQDN rules for Azure Kubernetes Service (AKS) clusters][aks-firewall-requirements].-- [Install the `aks-preview` Azure CLI extension](#install-the-aks-preview-azure-cli-extension).-- [Register the `AKS-KedaPreview` feature flag](#register-the-aks-kedapreview-feature-flag).
-### Install the `aks-preview` Azure CLI extension
+## Install the KEDA add-on with Azure CLI
-1. Install the `aks-preview` extension using the [`az extension add`][az-extension-add] command.
-
- ```azurecli-interactive
- az extension add --name aks-preview
- ```
-
-2. Update to the latest version of the `aks-preview` extension using the [`az extension update`][az-extension-update] command.
-
- ```azurecli-interactive
- az extension update --name aks-preview
- ```
-
-### Register the `AKS-KedaPreview` feature flag
-
-1. Register the `AKS-KedaPreview` feature flag using the [`az feature register`][az-feature-register] command.
-
- ```azurecli-interactive
- az feature register --namespace "Microsoft.ContainerService" --name "AKS-KedaPreview"
- ```
-
- It takes a few minutes for the status to show *Registered*.
-
-2. Verify the registration status using the [`az feature show`][az-feature-show] command.
-
- ```azurecli-interactive
- az feature show --namespace "Microsoft.ContainerService" --name "AKS-KedaPreview"
- ```
-
-3. When the status reflects *Registered*, refresh the registration of the *Microsoft.ContainerService* resource provider using the [`az provider register`][az-provider-register] command.
-
- ```azurecli-interactive
- az provider register --namespace Microsoft.ContainerService
- ```
+To install the KEDA add-on, use `--enable-keda` when creating or updating a cluster.
## Enable the KEDA add-on on your AKS cluster
This article shows you how to install the Kubernetes Event-driven Autoscaling (K
## Verify KEDA is running on your cluster -- Verify the KEDA add-on is running on your cluster using the [`kubectl get pods`][kubectl] command.
+- Verify the KEDA add-on is running on your cluster using the `kubectl get pods` command.
```azurecli-interactive kubectl get pods -n kube-system ```
- The following example output shows the KEDA operator and metrics API server are installed on the cluster:
+ The following example output shows the KEDA operator, admissions hook, and metrics API server are installed on the cluster:
```output
- keda-operator-********-k5rfv 1/1 Running 0 43m
- keda-operator-metrics-apiserver-*******-sj857 1/1 Running 0 43m
+ keda-admission-webhooks-**********-2n9zl 1/1 Running 0 3d18h
+ keda-admission-webhooks-**********-69dkg 1/1 Running 0 3d18h
+ keda-operator-*********-4hb5n 1/1 Running 0 3d18h
+ keda-operator-*********-pckpx 1/1 Running 0 3d18h
+ keda-operator-metrics-apiserver-**********-gqg4s 1/1 Running 0 3d18h
+ keda-operator-metrics-apiserver-**********-trfcb 1/1 Running 0 3d18h
``` ## Verify the KEDA version on your cluster -- Verify the KEDA version using the `kubectl get crd/scaledobjects.keda.sh -o yaml` command.-
- ```azurecli-interactive
- kubectl get crd/scaledobjects.keda.sh -o yaml
- ```
-
- The following condensed example output shows the configuration of KEDA in the `app.kubernetes.io/version` label:
-
- ```output
- apiVersion: apiextensions.k8s.io/v1
- kind: CustomResourceDefinition
- metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.9.0
- meta.helm.sh/release-name: aks-managed-keda
- meta.helm.sh/release-namespace: kube-system
- creationTimestamp: "2023-09-26T10:31:06Z"
- generation: 1
- labels:
- app.kubernetes.io/component: operator
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: keda-operator
- app.kubernetes.io/part-of: keda-operator
- app.kubernetes.io/version: 2.10.1
- ...
- ```
+To verify the version of your KEDA, use `kubectl get crd/scaledobjects.keda.sh -o yaml `. For example:
+
+```azurecli-interactive
+kubectl get crd/scaledobjects.keda.sh -o yaml
+```
+
+The following example output shows the configuration of KEDA in the `app.kubernetes.io/version` label:
+
+```yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.0
+ meta.helm.sh/release-name: aks-managed-keda
+ meta.helm.sh/release-namespace: kube-system
+ creationTimestamp: "2023-08-09T15:58:56Z"
+ generation: 1
+ labels:
+ app.kubernetes.io/component: operator
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: keda-operator
+ app.kubernetes.io/part-of: keda-operator
+ app.kubernetes.io/version: 2.10.1
+ helm.toolkit.fluxcd.io/name: keda-adapter-helmrelease
+ helm.toolkit.fluxcd.io/namespace: 64d3b6fd3365790001260647
+ name: scaledobjects.keda.sh
+ resourceVersion: "1421"
+ uid: 29109c8c-638a-4bf5-ac1b-c28ad9aa11fa
+spec:
+ conversion:
+ strategy: None
+ group: keda.sh
+ names:
+ kind: ScaledObject
+ listKind: ScaledObjectList
+ plural: scaledobjects
+ shortNames:
+ - so
+ singular: scaledobject
+ scope: Namespaced
+ # Redacted due to length
+```
## Disable the KEDA add-on on your AKS cluster
With the KEDA add-on installed on your cluster, you can [deploy a sample applica
For information on KEDA troubleshooting, see [Troubleshoot the Kubernetes Event-driven Autoscaling (KEDA) add-on][keda-troubleshoot].
+To learn more, view the [upstream KEDA docs][keda].
+ <!-- LINKS - internal --> [az-provider-register]: /cli/azure/provider#az-provider-register [az-feature-register]: /cli/azure/feature#az-feature-register
For information on KEDA troubleshooting, see [Troubleshoot the Kubernetes Event-
<!-- LINKS - external --> [kubectl]: https://kubernetes.io/docs/user-guide/kubectl [keda-sample]: https://github.com/kedacore/sample-dotnet-worker-servicebus-queue
+[keda]: https://keda.sh/docs/2.12/
aks Keda Integrations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/keda-integrations.md
Title: Integrations with Kubernetes Event-driven Autoscaling (KEDA) on Azure Kubernetes Service (AKS) (Preview)
-description: Integrations with Kubernetes Event-driven Autoscaling (KEDA) on Azure Kubernetes Service (AKS) (Preview).
+ Title: Integrations with Kubernetes Event-driven Autoscaling (KEDA) on Azure Kubernetes Service (AKS)
+description: Integrations with Kubernetes Event-driven Autoscaling (KEDA) on Azure Kubernetes Service (AKS).
Last updated 09/27/2023
-# Integrations with Kubernetes Event-driven Autoscaling (KEDA) on Azure Kubernetes Service (AKS) (Preview)
+# Integrations with Kubernetes Event-driven Autoscaling (KEDA) on Azure Kubernetes Service (AKS)
The Kubernetes Event-driven Autoscaling (KEDA) add-on for AKS integrates with features provided by Azure and open-source projects. - > [!IMPORTANT] > The [AKS support policy][aks-support-policy] doesn't cover integrations with open-source projects.
To learn about the available metrics, we recommend reading the [KEDA documentati
## Scalers for Azure services
-KEDA integrates with various tools and services through [a rich catalog of 50+ KEDA scalers][keda-scalers] and supports leading cloud platforms and open-source technologies.
+KEDA can integrate with various tools and services through [a rich catalog of Azure KEDA scalers][keda-scalers] and supports leading cloud platforms and open-source technologies.
KEDA leverages the following scalers for Azure
KEDA leverages the following scalers for Azure
- [Azure Service Bus](https://keda.sh/docs/latest/scalers/azure-service-bus/) - [Azure Storage Queue](https://keda.sh/docs/latest/scalers/azure-storage-queue/)
-You can also install external scalers to autoscale on other Azure
+As of KEDA version `2.10`, the [Prometheus scaler][prometheus-scaler] supports Azure managed service for Prometheus.
+You can also install external scalers to autoscale on other Azure
- [Azure Cosmos DB (Change feed)](https://github.com/kedacore/external-scaler-azure-cosmos-db)
-These external scalers *aren't supported as part of the add-on* and rely on community support.
+> [!IMPORTANT]
+> External scalers *aren't supported as part of the add-on* and rely on community support.
## Next steps -- [Enable the KEDA add-on with an ARM template][keda-arm]-- [Enable the KEDA add-on with the Azure CLI][keda-cli]-- [Troubleshoot KEDA add-on problems][keda-troubleshoot]-- [Autoscale a .NET Core worker processing Azure Service Bus Queue message][keda-sample]
+* [Enable the KEDA add-on with an ARM template][keda-arm]
+* [Enable the KEDA add-on with the Azure CLI][keda-cli]
+* [Troubleshoot KEDA add-on problems][keda-troubleshoot]
+* [Autoscale a .NET Core worker processing Azure Service Bus Queue message][keda-sample]
+* [View the upstream KEDA docs][keda]
<!-- LINKS - internal --> [aks-support-policy]: support-policies.md
These external scalers *aren't supported as part of the add-on* and rely on comm
[keda-scalers]: https://keda.sh/docs/latest/scalers/ [keda-event-docs]: https://keda.sh/docs/latest/operate/events/ [keda-sample]: https://github.com/kedacore/sample-dotnet-worker-servicebus-queue
+[prometheus-scaler]: https://keda.sh/docs/2.11/scalers/prometheus/
+[keda]: https://keda.sh/docs/2.12/
aks Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Kubernetes Service (AKS) description: Lists Azure Policy Regulatory Compliance controls available for Azure Kubernetes Service (AKS). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 10/23/2023 Last updated : 11/06/2023
aks Start Stop Cluster https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/start-stop-cluster.md
You may not need to continuously run your Azure Kubernetes Service (AKS) workloa
To better optimize your costs during these periods, you can turn off, or stop, your cluster. This action stops your control plane and agent nodes, allowing you to save on all the compute costs, while maintaining all objects except standalone pods. The cluster state is stored for when you start it again, allowing you to pick up where you left off.
-> [!NOTE]
-> AKS start operations will restore all objects from ETCD with the exception of standalone pods with the same names and ages. meaning that a pod's age will continue to be calculated from its original creation time. This count will keep increasing over time, regardless of whether the cluster is in a stopped state.
- ## Before you begin This article assumes you have an existing AKS cluster. If you need an AKS cluster, you can create one using [Azure CLI][aks-quickstart-cli], [Azure PowerShell][aks-quickstart-powershell], or the [Azure portal][aks-quickstart-portal].
aks Stop Cluster Upgrade Api Breaking Changes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/stop-cluster-upgrade-api-breaking-changes.md
Title: Stop Azure Kubernetes Service (AKS) cluster upgrades automatically on API breaking changes (Preview)
+ Title: Stop Azure Kubernetes Service (AKS) cluster upgrades automatically on API breaking changes
description: Learn how to stop Azure Kubernetes Service (AKS) cluster upgrades automatically on API breaking changes. Last updated 10/19/2023
-# Stop Azure Kubernetes Service (AKS) cluster upgrades automatically on API breaking changes (Preview)
-
+# Stop Azure Kubernetes Service (AKS) cluster upgrades automatically on API breaking changes
To stay within a supported Kubernetes version, you have to upgrade your cluster at least once per year and prepare for all possible disruptions. These disruptions include ones caused by API breaking changes, deprecations, and dependencies such as Helm and Container Storage Interface (CSI). It can be difficult to anticipate these disruptions and migrate critical workloads without experiencing any downtime.
Before you begin, make sure you meet the following prerequisites:
* The upgrade operation is a Kubernetes minor version change for the cluster control plane. * The Kubernetes version you're upgrading to is 1.26 or later.
-* If you're using REST, the upgrade operation uses a preview API version of `2023-01-02-preview` or later.
-* If you're using the Azure CLI, you need the `aks-preview` CLI extension 0.5.154 or later.
* The last seen usage of deprecated APIs for the targeted version you're upgrading to must occur within 12 hours before the upgrade operation. AKS records usage hourly, so any usage of deprecated APIs within one hour isn't guaranteed to appear in the detection. ## Mitigate stopped upgrade operations
You can also check past API usage by enabling [Container Insights][container-ins
### Bypass validation to ignore API changes > [!NOTE]
-> This method requires you to use the `aks-preview` Azure CLI extension version 0.5.134 or later. This method isn't recommended, as deprecated APIs in the targeted Kubernetes version may not work long term. We recommend removing them as soon as possible after the upgrade completes.
+> This method requires you to use the Azure CLI version 2.53 or `aks-preview` Azure CLI extension version 0.5.134 or later. This method isn't recommended, as deprecated APIs in the targeted Kubernetes version may not work long term. We recommend removing them as soon as possible after the upgrade completes.
* Bypass validation to ignore API breaking changes using the [`az aks update`][az-aks-update] command. Specify the `enable-force-upgrade` flag and set the `upgrade-override-until` property to define the end of the window during which validation is bypassed. If no value is set, it defaults the window to three days from the current time. The date and time you specify must be in the future.
aks Supported Kubernetes Versions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/supported-kubernetes-versions.md
Examples:
Each number in the version indicates general compatibility with the previous version:
-* **Major versions** change when incompatible API updates or backwards compatibility may be broken.
+* **Major versions** change when incompatible API updates or backwards compatibility might be broken.
* **Minor versions** change when functionality updates are made that are backwards compatible to the other minor releases. * **Patch versions** change when backwards-compatible bug fixes are made.
For the past release history, see [Kubernetes history](https://github.com/kubern
| 1.25 | Aug 2022 | Oct 2022 | Dec 2022 | Jan 2, 2024 | Until 1.29 GA | | 1.26 | Dec 2022 | Feb 2023 | Apr 2023 | Mar 2024 | Until 1.30 GA | | 1.27* | Apr 2023 | Jun 2023 | Jul 2023 | Jul 2024, LTS until Jul 2025 | Until 1.31 GA |
-| 1.28 | Aug 2023 | Sep 2023 | Oct 2023 || Until 1.32 GA|
+| 1.28 | Aug 2023 | Sep 2023 | Nov 2023 | Nov 2024 | Until 1.32 GA|
| 1.29 | Dec 2023 | Jan 2024 | Feb 2024 | | Until 1.33 GA | *\* Indicates the version is designated for Long Term Support*
Note the following important changes to make before you upgrade to any of the av
|Kubernetes Version | AKS Managed Addons | AKS Components | OS components | Breaking Changes | Notes |--||-||-||
-| 1.25 | Azure policy 1.0.1<br>Metrics-Server 0.6.3<br>KEDA 2.9.3<br>Open Service Mesh 1.2.3<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.11.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Ingress AppGateway 1.2.1<br>Eraser v1.1.1<br>Azure Workload identity v1.0.0<br>ASC Defender 1.0.56<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.7.0<br>KMS 0.5.0| Cilium 1.12.8<br>CNI 1.4.44<br> Cluster Autoscaler 1.8.5.3<br> | OS Image Ubuntu 18.04 Cgroups V1 <br>ContainerD 1.7<br>| Ubuntu 22.04 by default with cgroupv2 and Overlay VPA 0.13.0 |CgroupsV2 - If you deploy Java applications with the JDK, prefer to use JDK 11.0.16 and later or JDK 15 and later, which fully support cgroup v2
-| 1.26 | Azure policy 1.0.1<br>Metrics-Server 0.6.3<br>KEDA 2.9.3<br>Open Service Mesh 1.2.3<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.11.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Ingress AppGateway 1.2.1<br>Eraser v1.1.1<br>Azure Workload identity v1.0.0<br>ASC Defender 1.0.56<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.7.0<br>KMS 0.5.0| Cilium 1.12.8<br>CNI 1.4.44<br> Cluster Autoscaler 1.8.5.3<br> | OS Image Ubuntu 22.04 Cgroups V2 <br>ContainerD 1.7<br>|No Breaking Changes |None
-| 1.27 | Azure policy 1.1.0<br>Metrics-Server 0.6.3<br>KEDA 2.10.0<br>Open Service Mesh 1.2.3<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.11.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Ingress AppGateway 1.2.1<br>Eraser v1.1.1<br>Azure Workload identity v1.0.0<br>ASC Defender 1.0.56<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.7.0<br>KMS 0.5.0|Cilium 1.12.8<br>CNI 1.4.44<br> Cluster Autoscaler 1.8.5.3<br> | OS Image Ubuntu 22.04 Cgroups V2 <br>ContainerD 1.7 for Linux and 1.6 for Windows<br>|Keda 2.10.0 |Because of Ubuntu 22.04 FIPS certification status, we'll switch AKS FIPS nodes from 18.04 to 20.04 from 1.27 onwards.
+| 1.25 | Azure policy 1.0.1<br>Metrics-Server 0.6.3<br>KEDA 2.9.3<br>Open Service Mesh 1.2.3<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.11.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Application Gateway Ingress Controller (AGIC) 1.5.3<br>Image Cleaner v1.1.1<br>Azure Workload identity v1.0.0<br>MDC Defender 1.0.56<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.7.0<br>KMS 0.5.0| Cilium 1.12.8<br>CNI 1.4.44<br> Cluster Autoscaler 1.8.5.3<br> | OS Image Ubuntu 18.04 Cgroups V1 <br>ContainerD 1.7<br>| Ubuntu 22.04 by default with cgroupv2 and Overlay VPA 0.13.0 |CgroupsV2 - If you deploy Java applications with the JDK, prefer to use JDK 11.0.16 and later or JDK 15 and later, which fully support cgroup v2
+| 1.26 | Azure policy 1.0.1<br>Metrics-Server 0.6.3<br>KEDA 2.9.3<br>Open Service Mesh 1.2.3<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.11.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Application Gateway Ingress Controller (AGIC) 1.5.3<br>Image Cleaner v1.1.1<br>Azure Workload identity v1.0.0<br>MDC Defender 1.0.56<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.7.0<br>KMS 0.5.0| Cilium 1.12.8<br>CNI 1.4.44<br> Cluster Autoscaler 1.8.5.3<br> | OS Image Ubuntu 22.04 Cgroups V2 <br>ContainerD 1.7<br>|No breaking changes |None
+| 1.27 | Azure policy 1.1.0<br>Metrics-Server 0.6.3<br>KEDA 2.10.0<br>Open Service Mesh 1.2.3<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.11.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Application Gateway Ingress Controller (AGIC) 1.7.2<br>Image Cleaner v1.1.1<br>Azure Workload identity v1.0.0<br>MDC Defender 1.0.56<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.7.0<br>KMS 0.5.0|Cilium 1.12.8<br>CNI 1.4.44<br> Cluster Autoscaler 1.8.5.3<br> | OS Image Ubuntu 22.04 Cgroups V2 <br>ContainerD 1.7 for Linux and 1.6 for Windows<br>|Keda 2.10.0 |Because of Ubuntu 22.04 FIPS certification status, we'll switch AKS FIPS nodes from 18.04 to 20.04 from 1.27 onwards.
+| 1.28 | Azure policy 1.2.1<br>Metrics-Server 0.6.3<br>KEDA 2.11.2<br>Open Service Mesh 1.2.7<br>Core DNS V1.9.4<br>0.12.0</br>Overlay VPA 0.13.0<br>Azure-Keyvault-SecretsProvider 1.4.1<br>Application Gateway Ingress Controller (AGIC) 1.7.2<br>Image Cleaner v1.2.2<br>Azure Workload identity v2.0.0<br>MDC Defender Security Publisher 1.0.68<br>MDC Defender Old File Cleaner 1.3.68<br>MDC Defender Pod Collector 1.0.78<br>MDC Defender Low Level Collector 1.3.81<br>Azure Active Directory Pod Identity 1.8.13.6<br>GitOps 1.8.1|Cilium 1.13.5<br>CNI v1.4.43.1 (Default)/v1.5.11 (Azure CNI Overlay)<br> Cluster Autoscaler 1.27.3<br> | OS Image Ubuntu 22.04 Cgroups V2 <br>ContainerD 1.7.5 for Linux and 1.7.1 for Windows<br>|No breaking changes|None
## Alias minor version
AKS defines a generally available (GA) version as a version available in all reg
* Two previous minor versions. * Each supported minor version also supports a maximum of two stable patches.
-AKS may also support preview versions, which are explicitly labeled and subject to [preview terms and conditions][preview-terms].
+AKS might also support preview versions, which are explicitly labeled and subject to [preview terms and conditions][preview-terms].
AKS provides platform support only for one GA minor version of Kubernetes after the regular supported versions. The platform support window of Kubernetes versions on AKS is known as "N-3". For more information, see [platform support policy](#platform-support-policy). > [!NOTE]
-> AKS uses safe deployment practices which involve gradual region deployment. This means it may take up to 10 business days for a new release or a new version to be available in all regions.
+> AKS uses safe deployment practices which involve gradual region deployment. This means it might take up to 10 business days for a new release or a new version to be available in all regions.
The supported window of Kubernetes versions on AKS is known as "N-2": (N (Latest release) - 2 (minor versions)), and ".letter" is representative of patch versions.
For new **patch** versions of Kubernetes:
AKS reserves the right to add or remove new/existing versions with one or more critical production-impacting bugs or security issues without advance notice.
-Specific patch releases may be skipped or rollout accelerated, depending on the severity of the bug or security issue.
+Specific patch releases might be skipped or rollout accelerated, depending on the severity of the bug or security issue.
## Azure portal and CLI versions
When performing an upgrade from an _unsupported version_ that skips two or more
### Can I create a new 1.xx.x cluster during its 30 day support window?
-No. Once a version is deprecated/removed, you can't create a cluster with that version. As the change rolls out, you'll start to see the old version removed from your version list. This process may take up to two weeks from announcement, progressively by region.
+No. Once a version is deprecated/removed, you can't create a cluster with that version. As the change rolls out, you'll start to see the old version removed from your version list. This process might take up to two weeks from announcement, progressively by region.
### I'm on a freshly deprecated version, can I still add new node pools? Or will I have to upgrade?
-No. You aren't allowed to add node pools of the deprecated version to your cluster. You can add node pools of a new version, but it may require you to update the control plane first.
+No. You aren't allowed to add node pools of the deprecated version to your cluster. You can add node pools of a new version, but it might require you to update the control plane first.
### How often do you update patches?
api-management Api Management Api Templates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-api-templates.md
- Title: API templates in Azure API Management | Microsoft Docs
-description: Learn how to customize the content of the API pages in the developer portal in Azure API Management.
------- Previously updated : 11/04/2019----
-# API templates in Azure API Management
-
-Azure API Management provides you the ability to customize the content of developer portal pages using a set of templates that configure their content. Using [DotLiquid](https://github.com/dotliquid) syntax and the editor of your choice, such as [DotLiquid for Designers](https://github.com/dotliquid/dotliquid/wiki/DotLiquid-for-Designers), and a provided set of localized [String resources](api-management-template-resources.md#strings), [Glyph resources](api-management-template-resources.md#glyphs), and [Page controls](api-management-page-controls.md), you have great flexibility to configure the content of the pages as you see fit using these templates.
-
-The templates in this section allow you to customize the content of the API pages in the developer portal.
-
-- [API list](#APIList) -- [Operation](#Product) -- [Code samples](#CodeSamples)
- - [Curl](#Curl)
- - [C#](#CSharp)
- - [Java](#Stub)
- - [JavaScript](#JavaScript)
- - [Objective C](#ObjectiveC)
- - [PHP](#PHP)
- - [Python](#Python)
- - [Ruby](#Ruby)
-
-> [!NOTE]
-> Sample default templates are included in the following documentation, but are subject to change due to continuous improvements. You can view the live default templates in the developer portal by navigating to the desired individual templates. For more information about working with templates, see [How to customize the API Management developer portal using templates](./api-management-developer-portal-templates.md).
--
-
-## <a name="APIList"></a> API list
- The **API list** template allows you to customize the body of the API list page in the developer portal.
-
- ![Developer Portal API List](./media/api-management-api-templates/APIM-Developer-Portal-Templates-API-List.png "APIM Developer Portal Templates API List")
-
-### Default template
-
-```xml
-<search-control></search-control>
-<div class="row">
- <div class="col-md-9">
- <h2>{% localized "ApisStrings|PageTitleApis" %}</h2>
- </div>
-</div>
-<div class="row">
- <div class="col-md-12">
- {% if apis.size > 0 %}
- <ol class="list-unstyled">
- {% for api in apis %}
- <li>
- <h3>
- <a href="/docs/services/{{api.id}}">{{api.name}}</a>
- </h3>
- {{api.description}}
- </li>
- {% endfor %}
- </ol>
- <paging-control></paging-control>
- {% else %}
- {% localized "CommonResources|NoItemsToDisplay" %}
- {% endif %}
- </div>
-</div>
-```
-
-### Controls
- The `API list` template may use the following [page controls](api-management-page-controls.md).
-
-- [paging-control](api-management-page-controls.md#paging-control)
-
-- [search-control](api-management-page-controls.md#search-control)
-
-### Data model
-
-|Property|Type|Description|
-|--|-|--|
-|`apis`|Collection of [API summary](api-management-template-data-model-reference.md#APISummary) entities.|The APIs visible to the current user.|
-
-### Sample template data
-
-```json
-{
- "apis": [
- {
- "id": "570275f1b16653124c8f9ba3",
- "name": "Basic Calculator",
- "description": "Arithmetics is just a call away!"
- },
- {
- "id": "57026e30de15d80041040001",
- "name": "Echo API",
- "description": null
- }
- ],
- "pageTitle": "APIs"
-}
-```
-
-## <a name="Product"></a> Operation
- The **Operation** template allows you to customize the body of the operation page in the developer portal.
-
- ![Developer Portal Operation page](./media/api-management-api-templates/APIM-Developer-Portal-templates-Operation-page.png "APIM Developer Portal templates Operation page")
-
-### Default template
-
-```xml
-<h2>{{api.name}}</h2>
-<p>{{api.description }}</p>
-
-<div class="panel">
- <h3>{{operation.name}}</h3>
- <p>{{operation.description }}</p>
- <a class="btn btn-primary" href="{{consoleUrl}}" id="btnOpenConsole" role="button">
- Try it
- </a>
-</div>
-
-<h4>{% localized "Documentation|SectionHeadingRequestUrl" %}</h4>
-<div class="panel">
- <div class="panel-body">
- <label>{{ sampleUrl | escape }}</label>
- </div>
-</div>
-
-{% if operation.request %}
- {% if operation.request.parameters.size > 0 %}
- <h4>{% localized "Documentation|SectionHeadingRequestParameters" %}</h4>
-
- <div class="panel">
- {% for parameter in operation.request.parameters %}
- <div class="row panel-body">
- <div class="col-md-3">
- <label>{{parameter.name}}</label>
- {% unless parameter.required %}
- <span class="text-muted">({% localized "Documentation|FormLabelSubtextOptional" %})</span>
- {% endunless %}
- </div>
- <div class="col-md-1">
- {{parameter.typeName}}
- </div>
- <div class="col-md-8">
- {{parameter.description}}
- </div>
- </div>
- {% endfor %}
- </div>
- {% endif %}
-
- {% if operation.request.headers.size > 0 %}
- <h4>{% localized "Documentation|SectionHeadingRequestHeaders" %}</h4>
- <div class="panel">
- {% for header in operation.request.headers %}
- <div class="row panel-body">
- <div class="col-md-3">
- <label>{{header.name}}</label>
- {%unless header.required %}
- <span class="text-muted">({% localized "Documentation|FormLabelSubtextOptional" %})</span>
- {% endunless %}
- </div>
- <div class="col-md-1">
- {{header.typeName}}
- </div>
- <div class="col-md-8">
- {{header.description}}
- </div>
- </div>
- {% endfor %}
- </div>
- {% endif %}
-
- {% if operation.request.description or operation.request.representations.size > 0 %}
- <h4>{% localized "Documentation|SectionHeadingRequestBody" %}</h4>
- <div class="panel">
- {% if operation.request.description %}
- <p>{{operation.request.description }}</p>
- {% endif %}
-
- {% if operation.request.representations.size > 0 %}
- <div role="tabpanel">
- <ul class="nav nav-tabs" role="tablist">
- {% for representation in operation.request.representations %}
- <li role="presentation" {% if forloop.first %}class="active"{% endif %}>
- <a href="#requesttab{{forloop.index}}" role="tab" data-toggle="tab">
- {{representation.contentType}}
- </a>
- </li>
- {% endfor %}
- </ul>
- <div class="tab-content tab-content-boxed">
- {% for representation in operation.request.representations %}
- <div id="requesttab{{forloop.index}}" role="tabpanel" class="tab-pane snippet{% if forloop.first %} active{% endif %}">
-
- {% if representation.sample or representation.schema %}
- <div role="tabpanel">
- {% if representation.sample and representation.schema %}
- <ul class="nav nav-tabs-borderless" role="tablist">
- <li role="presentation" class="active">
- <a href="#requesttab{{forloop.index}}sample" role="tab" data-toggle="tab">Sample</a>
- </li>
- <li role="presentation">
- <a href="#requesttab{{forloop.index}}schema" role="tab" data-toggle="tab">Schema</a>
- </li>
- </ul>
- {% endif %}
-
- <div class="tab-content">
- {% if representation.sample %}
- <div id="requesttab{{forloop.index}}sample" role="tabpanel" class="tab-pane snippet active">
- <pre><code class="{{representation.Brush}}">{{ representation.sample | escape }}</code></pre>
- </div>
- {% endif %}
-
- {% if representation.schema %}
- <div id="requesttab{{forloop.index}}schema" role="tabpanel" class="tab-pane snippet">
- <pre><code class="{{representation.Brush}}">{{ representation.schema | escape }}</code></pre>
- </div>
- {% endif %}
- </div>
- </div>
- {% endif %}
- </div>
- {% endfor %}
- </div>
- </div>
- {% endif %}
-
- <div class="clearfix"></div>
- </div>
- {% endif %}
-{% endif %}
-
-{% if operation.responses.size > 0 %}
- {% for response in operation.responses %}
- {% if response.description or response.representations.size > 0 %}
- <h4>{% localized "Documentation|SectionHeadingResponse" %} {{response.statusCode}}</h4>
-
- <div class="panel">
- {% if response.description %}
- <p>{{ response.description }}</p>
- {% endif %}
-
- {% if response.representations.size > 0 %}
- <div role="tabpanel">
- <ul class="nav nav-tabs" role="tablist">
- {% for representation in response.representations %}
- <li role="presentation" {% if forloop.first %}class="active"{% endif %}>
- <a href="#response{{response.statusCode}}tab{{forloop.index}}" role="tab" data-toggle="tab">
- {{representation.contentType}}
- </a>
- </li>
- {% endfor %}
- </ul>
- <div class="tab-content tab-content-boxed">
- {% for representation in response.representations %}
- <div id="response{{response.statusCode}}tab{{forloop.index}}" role="tabpanel" class="tab-pane snippet{% if forloop.first %} active{% endif %}">
-
- {% if representation.sample or representation.schema %}
- <div role="tabpanel">
-
- {% if representation.sample and representation.schema %}
- <ul class="nav nav-tabs-borderless" role="tablist">
- <li role="presentation" class="active">
- <a href="#response{{response.statusCode}}tab{{forloop.index}}sample" role="tab" data-toggle="tab">
- Sample
- </a>
- </li>
- <li role="presentation">
- <a href="#response{{response.statusCode}}tab{{forloop.index}}schema" role="tab" data-toggle="tab">
- Schema
- </a>
- </li>
- </ul>
- {% endif %}
-
- <div class="tab-content">
- {% if representation.sample %}
- <div id="response{{response.statusCode}}tab{{forloop.index}}sample" role="tabpanel" class="tab-pane snippet active">
- <pre><code class="{{representation.Brush}}">{{ representation.sample | escape }}</code></pre>
- </div>
- {% endif %}
-
- {% if representation.schema %}
- <div id="response{{response.statusCode}}tab{{forloop.index}}schema" role="tabpanel" class="tab-pane snippet">
- <pre><code class="{{representation.Brush}}">{{ representation.schema | escape }}</code></pre>
- </div>
- {% endif %}
- </div>
- </div>
- {% endif %}
- </div>
- {% endfor %}
- </div>
- </div>
- {% endif %}
-
- <div class="clearfix"></div>
- </div>
-
- {% endif %}
- {% endfor %}
-{% endif %}
-
-<h4>{% localized "Documentation|SectionHeadingCodeSamples" %}</h4>
-<div role="tabpanel">
- <ul class="nav nav-tabs" role="tablist">
- {% for sample in samples %}
- <li role="presentation" {% if forloop.first %}class="active"{% endif %}>
- <a href="#{{sample.brush}}" aria-controls="{{sample.brush}}" role="tab" data-toggle="tab">
- {{sample.title}}
- </a>
- </li>
- {% endfor %}
- </ul>
- <div class="tab-content tab-content-boxed" title="{% localized "Documentation|TooltipTextDoubleClickToSelectAll=""" %}">
- {% for sample in samples %}
- <div role="tabpanel" class="tab-pane tab-content-boxed {% if forloop.first %} active{% endif %} snippet snippet-resizable" id="{{sample.brush}}" >
- <pre><code class="{{sample.brush}}">{% partial sample.template for sample in samples %}</code></pre>
- </div>
- {% endfor %}
- </div>
- <div class="clearfix"></div>
-</div>
-```
-
-### Controls
- The `Operation` template does not allow the use of any [page controls](api-management-page-controls.md).
-
-### Data model
-
-|Property|Type|Description|
-|--|-|--|
-|`apiId`|string|The ID of the current API.|
-|`apiName`|string|The name of the API.|
-|`apiDescription`|string|A description of the API.|
-|`api`|[API summary](api-management-template-data-model-reference.md#APISummary) entity.|The current API.|
-|`operation`|[Operation](api-management-template-data-model-reference.md#Operation)|The currently displayed operation.|
-|`sampleUrl`|string|The URL for the current operation.|
-|`operationMenu`|[Operation menu](api-management-template-data-model-reference.md#Menu)|A menu of operations for this API.|
-|`consoleUrl`|URI|The URI for the **Try it** button.|
-|`samples`|Collection of [Code sample](api-management-template-data-model-reference.md#Sample) entities.|The code samples for the current operation..|
-
-### Sample template data
-
-```json
-{
- "apiId": "570275f1b16653124c8f9ba3",
- "apiName": "Basic Calculator",
- "apiDescription": "Arithmetics is just a call away!",
- "api": {
- "id": "570275f1b16653124c8f9ba3",
- "name": "Basic Calculator",
- "description": "Arithmetics is just a call away!"
- },
- "operation": {
- "id": "570275f2b1665305c811cf49",
- "name": "Add two integers",
- "description": "Produces a sum of two numbers.",
- "scheme": "https",
- "uriTemplate": "calc/add?a={a}&b={b}",
- "host": "sdcontoso5.azure-api.net",
- "httpMethod": "GET",
- "request": {
- "description": null,
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": [
- {
- "name": "a",
- "description": "First operand. Default value is <code>51</code>.",
- "value": "51",
- "options": [
- "51"
- ],
- "required": true,
- "kind": 1,
- "typeName": null
- },
- {
- "name": "b",
- "description": "Second operand. Default value is <code>49</code>.",
- "value": "49",
- "options": [
- "49"
- ],
- "required": true,
- "kind": 1,
- "typeName": null
- }
- ],
- "representations": []
- },
- "responses": []
- },
- "sampleUrl": "https://sdcontoso5.azure-api.net/calc/add?a={a}&b={b}",
- "operationMenu": {
- "ApiId": "570275f1b16653124c8f9ba3",
- "CurrentOperationId": "570275f2b1665305c811cf49",
- "Action": "Operation",
- "MenuItems": [
- {
- "Id": "570275f2b1665305c811cf49",
- "Title": "Add two integers",
- "HttpMethod": "GET"
- },
- {
- "Id": "570275f2b1665305c811cf4c",
- "Title": "Divide two integers",
- "HttpMethod": "GET"
- },
- {
- "Id": "570275f2b1665305c811cf4b",
- "Title": "Multiply two integers",
- "HttpMethod": "GET"
- },
- {
- "Id": "570275f2b1665305c811cf4a",
- "Title": "Subtract two integers",
- "HttpMethod": "GET"
- }
- ]
- },
- "consoleUrl": "/docs/services/570275f1b16653124c8f9ba3/operations/570275f2b1665305c811cf49/console",
- "samples": [
- {
- "title": "Curl",
- "snippet": null,
- "brush": "plain",
- "template": "DocumentationSamplesCurl",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
- },
- {
- "title": "C#",
- "snippet": null,
- "brush": "csharp",
- "template": "DocumentationSamplesCsharp",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
- },
- {
- "title": "Java",
- "snippet": null,
- "brush": "java",
- "template": "DocumentationSamplesJava",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
- },
- {
- "title": "JavaScript",
- "snippet": null,
- "brush": "xml",
- "template": "DocumentationSamplesJs",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
- },
- {
- "title": "ObjC",
- "snippet": null,
- "brush": "objc",
- "template": "DocumentationSamplesObjc",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
- },
- {
- "title": "PHP",
- "snippet": null,
- "brush": "php",
- "template": "DocumentationSamplesPhp",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
- },
- {
- "title": "Python",
- "snippet": null,
- "brush": "python",
- "template": "DocumentationSamplesPython",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
- },
- {
- "title": "Ruby",
- "snippet": null,
- "brush": "ruby",
- "template": "DocumentationSamplesRuby",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
- }
- ]
-}
-```
-
-## <a name="CodeSamples"></a> Code samples
- The following templates allow you to customize the body of the individual code samples on the operation page.
-
- ![Developer Portal Templates Code samples](./media/api-management-api-templates/APIM-Developer-Portal-Templates-Code-samples.png "APIM Developer Portal Templates Code samples")
-
-- [Curl](#Curl)
-
-- [C#](#CSharp)
-
-- [Java](#Stub)
-
-- [JavaScript](#JavaScript)
-
-- [Objective C](#ObjectiveC)
-
-- [PHP](#PHP)
-
-- [Python](#Python)
-
-- [Ruby](#Ruby)
-
-### <a name="Curl"></a> Curl
- The **DocumentationSamplesCurl** template allows you to customize that code sample in the code samples section of the operation page.
-
-#### Default template
-
-```xml
-@ECHO OFF
-
-curl -v -X {{method}} "{{scheme}}://{{host}}{{path}}{{query | escape }}"
-{% for header in headers -%}
--H "{{ header.name }}: {{ header.value }}"
-{% endfor -%}
-{% if body -%}
data-ascii "{{ body | replace:'"','^"' }}"
-{% endif -%}
-
-```
-
-#### Controls
- The code sample templates do not allow the use of any [page controls](api-management-page-controls.md).
-
-#### Data model
- [Code sample](api-management-template-data-model-reference.md#Sample) entity.
-
-#### Sample template data
-
-```json
-{
- "title": "Curl",
- "snippet": null,
- "brush": "plain",
- "template": "DocumentationSamplesCurl",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
-}
-```
-
-### <a name="CSharp"></a> C#
- The **DocumentationSamplesCsharp** template allows you to customize that code sample in the code samples section of the operation page.
-
-#### Default template
-
-```csharp
-using System;
-using System.Net.Http.Headers;
-using System.Text;
-using System.Net.Http;
-using System.Web;
-
-namespace CSHttpClientSample
-{
- static class Program
- {
- static void Main()
- {
- MakeRequest();
- Console.WriteLine("Hit ENTER to exit...");
- Console.ReadLine();
- }
-
- static async void MakeRequest()
- {
- var client = new HttpClient();
- var queryString = HttpUtility.ParseQueryString(string.Empty);
-
-{% if headers.size > 0 -%}
- // Request headers
-{% for header in headers -%}
-{% case header.Name -%}
-{% when "Accept"%}
- client.DefaultRequestHeaders.Accept.Add(MediaTypeWithQualityHeaderValue.Parse("{{header.value}}"));
-{% when "Accept-Charset" -%}
- client.DefaultRequestHeaders.AcceptCharset.Add(StringWithQualityHeaderValue.Parse("{{header.value}}"));
-{% when "Accept-Encoding" -%}
- client.DefaultRequestHeaders.AcceptEncoding.Add(StringWithQualityHeaderValue.Parse("{{header.value}}"));
-{% when "Accept-Language" -%}
- client.DefaultRequestHeaders.AcceptLanguage.Add(StringWithQualityHeaderValue.Parse("{{header.value}}"));
-{% when "Cache-Control" -%}
- client.DefaultRequestHeaders.CacheControl = CacheControlHeaderValue.Parse("{{header.value}}");
-{% when "Connection" -%}
- client.DefaultRequestHeaders.Connection.Add("{{header.value}}");
-{% when "Date" -%}
- client.DefaultRequestHeaders.Date = DateTimeOffset.Parse("{{header.value}}");
-{% when "Expect" -%}
- client.DefaultRequestHeaders.Expect.Add(NameValueWithParametersHeaderValue.Parse("{{header.value}}"));
-{% when "If-Match" -%}
- client.DefaultRequestHeaders.IfMatch.Add(EntityTagHeaderValue.Parse("{{header.value}}"));
-{% when "If-Modified-Since" -%}
- client.DefaultRequestHeaders.IfModifiedSince = DateTimeOffset.Parse("{{header.value}}");
-{% when "If-None-Match" -%}
- client.DefaultRequestHeaders.IfNoneMatch.Add(EntityTagHeaderValue.Parse("{{header.value}}"));
-{% when "If-Range" -%}
- client.DefaultRequestHeaders.IfRange = RangeConditionHeaderValue.Parse("{{header.value}}");
-{% when "If-Unmodified-Since" -%}
- client.DefaultRequestHeaders.IfUnmodifiedSince = DateTimeOffset.Parse("{{header.value}}");
-{% when "Max-Forwards" -%}
- client.DefaultRequestHeaders.MaxForwards = int.Parse("{{header.value}}");
-{% when "Pragma" -%}
- client.DefaultRequestHeaders.Pragma.Add(NameValueHeaderValue.Parse("{{header.value}}"));
-{% when "Range" -%}
- client.DefaultRequestHeaders.Range = RangeHeaderValue.Parse("{{header.value}}");
-{% when "Referer" -%}
- client.DefaultRequestHeaders.Referrer = new Uri("{{header.value}}");
-{% when "TE" -%}
- client.DefaultRequestHeaders.TE.Add(TransferCodingWithQualityHeaderValue.Parse("{{header.value}}"));
-{% when "Transfer-Encoding" -%}
- client.DefaultRequestHeaders.TransferEncoding.Add(TransferCodingHeaderValue.Parse("{{header.value}}"));
-{% when "Upgrade" -%}
- client.DefaultRequestHeaders.Upgrade.Add(ProductHeaderValue.Parse("{{header.value}}"));
-{% when "User-Agent" -%}
- client.DefaultRequestHeaders.UserAgent.Add(ProductInfoHeaderValue.Parse("{{header.value}}"));
-{% when "Via" -%}
- client.DefaultRequestHeaders.Via.Add(ViaHeaderValue.Parse("{{header.value}}"));
-{% when "Warning" -%}
- client.DefaultRequestHeaders.Warning.Add(WarningHeaderValue.Parse("{{header.value}}"));
-{% when "Content-Type" -%}
-{% else -%}
- client.DefaultRequestHeaders.Add("{{header.Name}}", "{{header.value}}");
-{% endcase -%}
-{% endfor -%}
-{% endif -%}
-
-{% if parameters.size > 0 -%}
- // Request parameters
-{% for parameter in parameters -%}
- queryString["{{parameter.Name}}"] = "{{parameter.Value}}";
-{% endfor -%}
-{% endif -%}
- var uri = "{{scheme}}://{{host}}{{path}}{% if path contains '?' %}&{% else %}?{% endif %}" + queryString;
-
-{% case method -%}
-
-{% when "POST" -%}
- HttpResponseMessage response;
-
- // Request body
- byte[] byteData = Encoding.UTF8.GetBytes("{{ body | replace:'"','\"'}}");
-
- using (var content = new ByteArrayContent(byteData))
- {
-{% if body -%}
- content.Headers.ContentType = new MediaTypeHeaderValue("< your content type, i.e. application/json >");
-{% endif -%}
- response = await client.PostAsync(uri, content);
- }
-
-{% when "GET" -%}
- var response = await client.GetAsync(uri);
-{% when "DELETE" -%}
- var response = await client.DeleteAsync(uri);
-{% when "PUT" -%}
- HttpResponseMessage response;
-
- // Request body
- byte[] byteData = Encoding.UTF8.GetBytes("{{ body | replace:'"','\"'}}");
-
- using (var content = new ByteArrayContent(byteData))
- {
-{% if body -%}
- content.Headers.ContentType = new MediaTypeHeaderValue("< your content type, i.e. application/json >");
-{% endif -%}
- response = await client.PutAsync(uri, content);
- }
-{% when "HEAD" -%}
- var response = await client.SendAsync(new HttpRequestMessage(HttpMethod.Head, uri));
-{% when "OPTIONS" -%}
- var response = await client.SendAsync(new HttpRequestMessage(HttpMethod.Options, uri));
-{% when "TRACE" -%}
- var response = await client.SendAsync(new HttpRequestMessage(HttpMethod.Trace, uri));
-
- if (response.Content != null)
- {
- var responseString = await response.Content.ReadAsStringAsync();
- Console.WriteLine(responseString);
- }
-{% endcase -%}
- }
- }
-}
-```
-
-#### Controls
- The code sample templates do not allow the use of any [page controls](api-management-page-controls.md).
-
-#### Data model
- [Code sample](api-management-template-data-model-reference.md#Sample) entity.
-
-#### Sample template data
-
-```json
-{
- "title": "C#",
- "snippet": null,
- "brush": "csharp",
- "template": "DocumentationSamplesCsharp",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
-}
-```
-
-### <a name="Stub"></a> Java
- The **DocumentationSamplesJava** template allows you to customize that code sample in the code samples section of the operation page.
-
-#### Default template
-
-```java
-// // This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)
-import java.net.URI;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.util.EntityUtils;
-
-public class JavaSample
-{
- public static void main(String[] args)
- {
- HttpClient httpclient = HttpClients.createDefault();
-
- try
- {
- URIBuilder builder = new URIBuilder("{{scheme}}://{{host}}{{path}}");
-
-{% if parameters.size > 0 -%}
-{% for parameter in parameters -%}
- builder.setParameter("{{parameter.name}}", "{{parameter.value}}");
-{% endfor -%}
-{% endif -%}
-
- URI uri = builder.build();
- Http{{ method | downcase | capitalize }} request = new Http{{ method | downcase | capitalize }}(uri);
-{% for header in headers -%}
- request.setHeader("{{header.Name}}", "{{header.value}}");
-{% endfor %}
-
-{% if body -%}
- // Request body
- StringEntity reqEntity = new StringEntity("{{ body | replace:'"','\"' }}");
- request.setEntity(reqEntity);
-{% endif -%}
-
- HttpResponse response = httpclient.execute(request);
- HttpEntity entity = response.getEntity();
-
- if (entity != null)
- {
- System.out.println(EntityUtils.toString(entity));
- }
- }
- catch (Exception e)
- {
- System.out.println(e.getMessage());
- }
- }
-}
-
-```
-
-#### Controls
- The code sample templates do not allow the use of any [page controls](api-management-page-controls.md).
-
-#### Data model
- [Code sample](api-management-template-data-model-reference.md#Sample) entity.
-
-#### Sample template data
-
-```json
-{
- "title": "Java",
- "snippet": null,
- "brush": "java",
- "template": "DocumentationSamplesJava",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
-}
-```
-
-### <a name="JavaScript"></a> JavaScript
- The **DocumentationSamplesJs** template allows you to customize that code sample in the code samples section of the operation page.
-
-#### Default template
-
-```html
-<!DOCTYPE html>
-<html>
-<head>
- <title>JSSample</title>
- <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
-</head>
-<body>
-
-<script type="text/javascript">
- $(function() {
- var params = {
-{% if parameters.size > 0 -%}
- // Request parameters
-{% for parameter in parameters -%}
- "{{parameter.name}}": "{{parameter.value}}",
-{% endfor -%}
-{% endif -%}
- };
-
- $.ajax({
- url: "{{scheme}}://{{host}}{{path}}{% if path contains '?' %}&{% else %}?{% endif %}" + $.param(params),
-{% if headers.size > 0 -%}
- beforeSend: function(xhrObj){
- // Request headers
-{% for header in headers -%}
- xhrObj.setRequestHeader("{{header.name}}","{{header.value}}");
-{% endfor -%}
- },
-{% endif -%}
- type: "{{method}}",
-{% if body -%}
- // Request body
- data: "{{ body | replace:'"','\"' }}",
-{% endif -%}
- })
- .done(function(data) {
- alert("success");
- })
- .fail(function() {
- alert("error");
- });
- });
-</script>
-</body>
-</html>
-
-```
-
-#### Controls
- The code sample templates do not allow the use of any [page controls](api-management-page-controls.md).
-
-#### Data model
- [Code sample](api-management-template-data-model-reference.md#Sample) entity.
-
-#### Sample template data
-
-```json
-{
- "title": "JavaScript",
- "snippet": null,
- "brush": "xml",
- "template": "DocumentationSamplesJs",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
-}
-```
-
-### <a name="ObjectiveC"></a> Objective C
- The **DocumentationSamplesObjc** template allows you to customize that code sample in the code samples section of the operation page.
-
-#### Default template
-
-```objective-c
-#import <Foundation/Foundation.h>
-
-int main(int argc, const char * argv[])
-{
- NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
-
- NSString* path = @"{{scheme}}://{{host}}{{path}}";
- NSArray* array = @[
- // Request parameters
- @"entities=true",
-{% if parameters.size > 0 -%}
-{% for parameter in parameters -%}
- @"{{parameter.name}}={{parameter.value}}",
-{% endfor -%}
-{% endif -%}
- ];
-
- NSString* string = [array componentsJoinedByString:@"&"];
- path = [path stringByAppendingFormat:@"?%@", string];
-
- NSLog(@"%@", path);
-
- NSMutableURLRequest* _request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:path]];
- [_request setHTTPMethod:@"{{method}}"];
-{% if headers.size > 0 -%}
- // Request headers
-{% for header in headers -%}
- [_request setValue:@"{{header.value}}" forHTTPHeaderField:@"{{header.name}}"];
-{% endfor -%}
-{% endif -%}
-{% if body -%}
- // Request body
- [_request setHTTPBody:[@"{{ body | replace:'"','\"' }}" dataUsingEncoding:NSUTF8StringEncoding]];
-{% endif -%}
-
- NSURLResponse *response = nil;
- NSError *error = nil;
- NSData* _connectionData = [NSURLConnection sendSynchronousRequest:_request returningResponse:&response error:&error];
-
- if (nil != error)
- {
- NSLog(@"Error: %@", error);
- }
- else
- {
- NSError* error = nil;
- NSMutableDictionary* json = nil;
- NSString* dataString = [[NSString alloc] initWithData:_connectionData encoding:NSUTF8StringEncoding];
- NSLog(@"%@", dataString);
-
- if (nil != _connectionData)
- {
- json = [NSJSONSerialization JSONObjectWithData:_connectionData options:NSJSONReadingMutableContainers error:&error];
- }
-
- if (error || !json)
- {
- NSLog(@"Could not parse loaded json with error:%@", error);
- }
-
- NSLog(@"%@", json);
- _connectionData = nil;
- }
-
- [pool drain];
-
- return 0;
-}
-
-```
-
-#### Controls
- The code sample templates do not allow the use of any [page controls](api-management-page-controls.md).
-
-#### Data model
- [Code sample](api-management-template-data-model-reference.md#Sample) entity.
-
-#### Sample template data
-
-```json
-{
- "title": "ObjC",
- "snippet": null,
- "brush": "objc",
- "template": "DocumentationSamplesObjc",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
-}
-```
-
-### <a name="PHP"></a> PHP
- The **DocumentationSamplesPhp** template allows you to customize that code sample in the code samples section of the operation page.
-
-#### Default template
-
-```php
-<?php
-// This sample uses the HTTP_Request2 PHP library (https://github.com/pear/HTTP_Request2)
-require_once 'HTTP/Request2.php';
-
-$request = new Http_Request2('{{scheme}}://{{host}}{{path}}');
-$url = $request->getUrl();
-
-{% if headers.size > 0 -%}
-$headers = array(
- // Request headers
-{% for header in headers -%}
- '{{header.name}}' => '{{header.value}}',
-{% endfor -%}
-);
-
-$request->setHeader($headers);
-{% endif -%}
-
-{% if parameters.size > 0 -%}
-$parameters = array(
- // Request parameters
-{% for parameter in parameters -%}
- '{{parameter.name}}' => '{{parameter.value}}',
-{% endfor -%}
-);
-
-$url->setQueryVariables($parameters);
-{% endif -%}
-
-$request->setMethod(HTTP_Request2::METHOD_{{method}});
-
-{% if body -%}
-// Request body
-$request->setBody("{{ body | replace:'"','\"' }}");
-{% endif -%}
-
-try
-{
- $response = $request->send();
- echo $response->getBody();
-}
-catch (HttpException $ex)
-{
- echo $ex;
-}
-
-?>
-```
-
-#### Controls
- The code sample templates do not allow the use of any [page controls](api-management-page-controls.md).
-
-#### Data model
- [Code sample](api-management-template-data-model-reference.md#Sample) entity.
-
-#### Sample template data
-
-```json
-{
- "title": "PHP",
- "snippet": null,
- "brush": "php",
- "template": "DocumentationSamplesPhp",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
-}
-```
-
-### <a name="Python"></a> Python
- The **DocumentationSamplesPython** template allows you to customize that code sample in the code samples section of the operation page.
-
-#### Default template
-
-```python
-########### Python 2.7 #############
-import httplib, urllib, base64
-
-headers = {
-{% if headers.size > 0 -%}
- # Request headers
-{% for header in headers -%}
- '{{header.name}}': '{{header.value}}',
-{% endfor -%}
-{% endif -%}
-}
-
-params = urllib.urlencode({
-{% if parameters.size > 0 -%}
- # Request parameters
-{% for parameter in parameters -%}
- '{{parameter.name}}': '{{parameter.value}}',
-{% endfor -%}
-{% endif -%}
-})
-
-try:
-{% case scheme -%}
-{% when "http" -%}
- conn = httplib.HTTPConnection('{{host}}')
-{% when "https" -%}
- conn = httplib.HTTPSConnection('{{host}}')
-{% endcase -%}
- conn.request("{{method}}", "{{path}}{% if path contains '?' %}&{% else %}?{% endif %}%s" % params{% if body %}, "{{ body | replace:'"','\"' }}"{% endif %}, headers)
- response = conn.getresponse()
- data = response.read()
- print(data)
- conn.close()
-except Exception as e:
- print("[Errno {0}] {1}".format(e.errno, e.strerror))
-
-####################################
-
-########### Python 3.2 #############
-import http.client, urllib.request, urllib.parse, urllib.error, base64
-
-headers = {
-{% if headers.size > 0 -%}
- # Request headers
-{% for header in headers -%}
- '{{header.name}}': '{{header.value}}',
-{% endfor -%}
-{% endif -%}
-}
-
-params = urllib.parse.urlencode({
-{% if parameters.size > 0 -%}
- # Request parameters
-{% for parameter in parameters -%}
- '{{parameter.name}}': '{{parameter.value}}',
-{% endfor -%}
-{% endif -%}
-})
-
-try:
-{% case scheme -%}
-{% when "http" -%}
- conn = http.client.HTTPConnection('{{host}}')
-{% when "https" -%}
- conn = http.client.HTTPSConnection('{{host}}')
-{% endcase -%}
- conn.request("{{method}}", "{{path}}{% if path contains '?' %}&{% else %}?{% endif %}%s" % params{% if body %}, "{{ body | replace:'"','\"' }}"{% endif %}, headers)
- response = conn.getresponse()
- data = response.read()
- print(data)
- conn.close()
-except Exception as e:
- print("[Errno {0}] {1}".format(e.errno, e.strerror))
-
-####################################
-```
-
-#### Controls
- The code sample templates do not allow the use of any [page controls](api-management-page-controls.md).
-
-#### Data model
- [Code sample](api-management-template-data-model-reference.md#Sample) entity.
-
-#### Sample template data
-
-```json
-{
- "title": "Python",
- "snippet": null,
- "brush": "python",
- "template": "DocumentationSamplesPython",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
-}
-```
-
-### <a name="Ruby"></a> Ruby
- The **DocumentationSamplesRuby** template allows you to customize that code sample in the code samples section of the operation page.
-
-#### Default template
-
-```ruby
-require 'net/http'
-
-uri = URI('{{scheme}}://{{host}}{{path}}')
-uri.query = URI.encode_www_form({
-{% if parameters.size > 0 -%}
- # Request parameters
-{% for parameter in parameters -%}
- '{{parameter.name}}' => '{{parameter.value}}'{% unless forloop.last %},{% endunless %}
-{% endfor -%}
-{% endif -%}
-})
-
-request = Net::HTTP::{{ method | downcase | capitalize }}.new(uri.request_uri)
-{% for header in headers -%}
-# Request headers
-request['{{header.name}}'] = '{{header.value}}'
-{% endfor -%}
-{% if body -%}
-# Request body
-request.body = "{{ body | replace:'"','\"' }}"
-{% endif -%}
-
-response = Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
- http.request(request)
-end
-
-puts response.body
-
-```
-
-#### Controls
- The code sample templates do not allow the use of any [page controls](api-management-page-controls.md).
-
-#### Data model
- [Code sample](api-management-template-data-model-reference.md#Sample) entity.
-
-#### Sample template data
-
-```json
-{
- "title": "Ruby",
- "snippet": null,
- "brush": "ruby",
- "template": "DocumentationSamplesRuby",
- "body": "{body}",
- "method": "GET",
- "scheme": "https",
- "path": "/calc/add?a={a}&b={b}",
- "query": "",
- "host": "sdcontoso5.azure-api.net",
- "headers": [
- {
- "name": "Ocp-Apim-Subscription-Key",
- "description": "Subscription key which provides access to this API. Found in your <a href='/developer'>Profile</a>.",
- "value": "{subscription key}",
- "typeName": "string",
- "options": null,
- "required": true,
- "readonly": false
- }
- ],
- "parameters": []
-}
-```
-
-## Next steps
-For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
api-management Api Management Application Templates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-application-templates.md
- Title: Application templates in Azure API Management | Microsoft Docs
-description: Learn how to customize the content of the Application pages in the developer portal in Azure API Management.
------- Previously updated : 11/04/2019--
-# Application templates in Azure API Management
-Azure API Management provides you the ability to customize the content of developer portal pages using a set of templates that configure their content. Using DotLiquid syntax and the editor of your choice, such as [DotLiquid for Designers](https://github.com/dotliquid/dotliquid/wiki/DotLiquid-for-Designers), and a provided set of localized [String resources](api-management-template-resources.md#strings), [Glyph resources](api-management-template-resources.md#glyphs), and [Page controls](api-management-page-controls.md), you have great flexibility to configure the content of the pages as you see fit using these templates.
-
- The templates in this section allow you to customize the content of the Application pages in the developer portal.
-
-- [Application list](#ProductList)
-
-- [Application](#Application)
-
-> [!NOTE]
-> Sample default templates are included in the following documentation, but are subject to change due to continuous improvements. You can view the live default templates in the developer portal by navigating to the desired individual templates. For more information about working with templates, see [How to customize the API Management developer portal using templates](./api-management-developer-portal-templates.md).
--
-
-## <a name="ProductList"></a> Application list
- The **Application list** template allows you to customize the body of the application list page in the developer portal.
-
- ![Application List Page Developer Portal Templates](./media/api-management-application-templates/APIM-Application-List-Page-Developer-Portal-Templates.png "APIM Application List Page Developer Portal Templates")
-
-### Default template
-
-```xml
-<div class="row">
- <div class="col-md-9">
- <h2>{% localized "AppStrings|WebApplicationsHeader" %}</h2>
- </div>
-</div>
-<div class="row">
- <div class="col-md-12">
- {% if applications.size > 0 %}
- <ul class="list-unstyled">
- {% for app in applications %}
- <li>
- {% if app.application.icon.url != "" %}
- <aside>
- <a href="/applications/details/{{app.application.id}}"><img src="{{app.application.icon.url}}" alt="App Icon"></a>
- </aside>
- {% endif %}
- <h3><a href="/applications/details/{{app.application.id}}">{{app.application.title}}</a></h3>
- {{app.application.description}}
- </li>
- {% endfor %}
- </ul>
- <paging-control></paging-control>
- {% else %}
- {% localized "CommonResources|NoItemsToDisplay" %}
- {% endif %}
- </div>
-</div>
-```
-
-### Controls
- The `Product list` template may use the following [page controls](api-management-page-controls.md).
-
-- [paging-control](api-management-page-controls.md#paging-control)
-
-### Data model
-
-|Property|Type|Description|
-|--|-|--|
-|`Paging`|[Paging](api-management-template-data-model-reference.md#Paging) entity.|The paging information for the applications collection.|
-|`Applications`|Collection of [Application](api-management-template-data-model-reference.md#Application) entities.|The applications visible to the current user.|
-|`CategoryName`|string|The category of application.|
-
-### Sample template data
-
-```json
-{
- "Paging": {
- "Page": 1,
- "PageSize": 10,
- "TotalItemCount": 1,
- "ShowAll": false,
- "PageCount": 1
- },
- "Applications": [
- {
- "Application": {
- "Id": "5702b96fb16653124c8f9ba8",
- "Title": "Contoso Calculator",
- "Description": "A simple online calculator.",
- "Url": null,
- "Version": null,
- "Requirements": "Free application with no requirements.",
- "State": 2,
- "RegistrationDate": "2016-04-04T18:59:00",
- "CategoryId": 5,
- "DeveloperId": "5702b5b0b16653124c8f9ba4",
- "Attachments": [
- {
- "UniqueId": "a58af001-e6c3-45fd-8bc9-c60a1875c3f6",
- "Url": "https://apimgmtst65gdjvjrgdbfhr4.blob.core.windows.net/content/applications/a58af001-e6c3-45fd-8bc9-c60a1875c3f6.png",
- "Type": "Icon",
- "ContentType": "image/png"
- },
- {
- "UniqueId": "2b4fa5dd-00ff-4a8f-b1b7-51e715849ede",
- "Url": "https://apimgmtst65gdjvjrgdbfhr4.blob.core.windows.net/content/applications/2b4fa5dd-00ff-4a8f-b1b7-51e715849ede.png",
- "Type": "Screenshot",
- "ContentType": "image/png"
- }
- ],
- "Icon": {
- "UniqueId": "a58af001-e6c3-45fd-8bc9-c60a1875c3f6",
- "Url": "https://apimgmtst65gdjvjrgdbfhr4.blob.core.windows.net/content/applications/a58af001-e6c3-45fd-8bc9-c60a1875c3f6.png",
- "Type": "Icon",
- "ContentType": "image/png"
- }
- },
- "CategoryName": "Finance"
- }
- ]
-}
-```
-
-## <a name="Application"></a> Application
- The **Application** template allows you to customize the body of the application page in the developer portal.
-
- ![Application Page Developer Portal Templates](./media/api-management-application-templates/APIM-Application-Page-Developer-Portal-Templates.png "APIM Application Page Developer Portal Templates")
-
-### Default template
-
-```xml
-<h2>{{title}}</h2>
-{% if icon.url != "" %}
-<aside class="applications_aside">
- <div class="image-placeholder">
- <img src="{{icon.url}}" alt="Application Icon" />
- </div>
-</aside>
-{% endif %}
-
-<article>
- {% if url != "" %}
- <a target="_blank" href="{{url}}">{{url}}</a>
- {% endif %}
-
- <p>{{description}}</p>
-
- {% if requirements != null %}
- <h3>{% localized "AppDetailsStrings|WebApplicationsRequirementsHeader" %}</h3>
- <p>{{requirements}}</p>
- {% endif %}
-
- {% if attachments.size > 0 %}
- <h3>{% localized "AppDetailsStrings|WebApplicationsScreenshotsHeader" %}</h3>
- {% for screenshot in attachments %}
- {% if screenshot.type != "Icon" %}
- <a href="{{screenshot.url}}" data-lightbox="example-set">
- <img src="/Developer/Applications/Thumbnail?url={{screenshot.url}}" alt='{% localized "AppDetailsStrings|WebApplicationsScreenshotAlt" %}' />
- </a>
- {% endif %}
- {% endfor %}
- {% endif %}
-</article>
-
-```
-
-### Controls
- The `Application` template does not allow the use of any [page controls](api-management-page-controls.md).
-
-### Data model
- [Application](api-management-template-data-model-reference.md#Application) entity.
-
-### Sample template data
-
-```json
-{
- "Id": "5702b96fb16653124c8f9ba8",
- "Title": "Contoso Calculator",
- "Description": "A simple online calculator.",
- "Url": null,
- "Version": null,
- "Requirements": "Free application with no requirements.",
- "State": 2,
- "RegistrationDate": "2016-04-04T18:59:00",
- "CategoryId": 5,
- "DeveloperId": "5702b5b0b16653124c8f9ba4",
- "Attachments": [
- {
- "UniqueId": "a58af001-e6c3-45fd-8bc9-c60a1875c3f6",
- "Url": "https://apimgmtst3aybshdqqcqrle4.blob.core.windows.net/content/applications/a58af001-e6c3-45fd-8bc9-c60a1875c3f6.png",
- "Type": "Icon",
- "ContentType": "image/png"
- },
- {
- "UniqueId": "2b4fa5dd-00ff-4a8f-b1b7-51e715849ede",
- "Url": "https://apimgmtst3aybshdqqcqrle4.blob.core.windows.net/content/applications/2b4fa5dd-00ff-4a8f-b1b7-51e715849ede.png",
- "Type": "Screenshot",
- "ContentType": "image/png"
- }
- ],
- "Icon": {
- "UniqueId": "a58af001-e6c3-45fd-8bc9-c60a1875c3f6",
- "Url": "https://apimgmtst3aybshdqqcqrle4.blob.core.windows.net/content/applications/a58af001-e6c3-45fd-8bc9-c60a1875c3f6.png",
- "Type": "Icon",
- "ContentType": "image/png"
- }
-}
-```
-
-## Next steps
-For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
api-management Api Management Customize Styles https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-customize-styles.md
- Title: Customize page style on API Management legacy developer portal-
-description: Follow the steps of this quickstart to customize the styling of elements on the Azure API Management developer portal.
-------- Previously updated : 11/04/2019---
-# Customize the style of the developer portal pages
-
-There are three most common ways to customize the developer portal in Azure API Management:
-
-* [Edit the contents of static pages and page layout elements](api-management-modify-content-layout.md)
-* Update the styles used for page elements across the developer portal (explained in this guide)
-* [Modify the templates used for pages generated by the portal](api-management-developer-portal-templates.md) (for example, API docs, products, user authentication)
-
-In this article, you learn how to customize the style of elements on pages of the legacy **developer** portal and view your changes.
-
-![Screenshot that shows where you change your settings in the legacy Developer portal.](./media/modify-developer-portal-style/developer_portal.png)
---
-## Prerequisites
-
-+ Learn the [Azure API Management terminology](api-management-terminology.md).
-+ Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md).
-+ Also, complete the following tutorial: [Import and publish your first API](import-and-publish.md).
-
-## Customize the developer portal
-
-1. Select **Overview**.
-2. Click the **Developer portal (legacy)** button on the top of the **Overview** window.
-3. On the upper left side of the screen, you see an icon comprised of two paint brushes. Hover over this icon to open the portal customization menu.
-
- ![Screenshot that highlights the icon with two paint brushes.](./media/modify-developer-portal-style/modify-developer-portal-style01.png)
-4. Select **Styles** from the menu to open the styling customization pane.
-
- All elements that you can customize using **Styles** appear on the page
-5. Enter "headings-color" in the **Change variable values to customize developer portal appearance:** field.
-
- The **\@headings-color** element appears on the page. This variable controls the color of the text.
-
- ![customize style](./media/modify-developer-portal-style/modify-developer-portal-style02.png)
-
-6. Click on the field for the **\@headings-color** variable.
-
- Color picker drop-down opens.
-7. From the color pickers drop-down select a new color.
-
- > [!TIP]
- > Real-time preview is available for all changes. A progress indicator appears at the top of the customization pane. After a couple seconds the header text changes in color to the newly selected.
-
-8. Select **Publish** from the lower left on the customization pane menu.
-9. Select **Publish customizations** to make the changes publicly available.
-
-## View your change
-
-1. Navigate to the developer portal.
-2. You can see the change that you made.
-
-## Next steps
-
-You might also be interested in learning [how to customize the Azure API Management developer portal using templates](api-management-developer-portal-templates.md).
api-management Api Management Developer Portal Templates Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-developer-portal-templates-reference.md
- Title: Azure API Management Developer portal templates | Microsoft Docs
-description: Learn how to customize the content of developer portal pages using a set of templates in Azure API Management.
------- Previously updated : 11/04/2019---
-# Developer portal templates
-
-Azure API Management provides you the ability to customize the content of developer portal pages using a set of templates that configure their content. Using [DotLiquid](https://github.com/dotliquid) syntax and the editor of your choice, such as [DotLiquid for Designers](https://github.com/dotliquid/dotliquid/wiki/DotLiquid-for-Designers), and a provided set of localized [String resources](api-management-template-resources.md#strings), [Glyph resources](api-management-template-resources.md#glyphs), and [Page controls](api-management-page-controls.md), you have great flexibility to configure the content of the pages as you see fit using these templates.
-
-For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
---
-## <a name="DeveloperPortalTemplates"></a> Developer portal templates
-
-- [APIs](api-management-api-templates.md)
- - [API list](api-management-api-templates.md#APIList)
- - [Operation](api-management-api-templates.md#Product)
- - [Code samples](api-management-api-templates.md#CodeSamples)
- - [Curl](api-management-api-templates.md#Curl)
- - [C#](api-management-api-templates.md#CSharp)
- - [Java](api-management-api-templates.md#Stub)
- - [JavaScript](api-management-api-templates.md#JavaScript)
- - [Objective C](api-management-api-templates.md#ObjectiveC)
- - [PHP](api-management-api-templates.md#PHP)
- - [Python](api-management-api-templates.md#Python)
- - [Ruby](api-management-api-templates.md#Ruby)
-- [Products](api-management-product-templates.md)
- - [Product list](api-management-product-templates.md#ProductList)
- - [Product](api-management-product-templates.md#Product)
-- [Applications](api-management-application-templates.md)
- - [Application list](api-management-application-templates.md#ProductList)
- - [Application](api-management-application-templates.md#Application)
-- [Issues](api-management-issue-templates.md)
- - [Issue list](api-management-issue-templates.md#IssueList)
-- [User Profile](api-management-user-profile-templates.md)
- - [Profile](api-management-user-profile-templates.md#Profile)
- - [Subscriptions](api-management-user-profile-templates.md#Subscriptions)
- - [Applications](api-management-user-profile-templates.md#Applications)
- - [Update account info](api-management-user-profile-templates.md#UpdateAccountInfo)
-- [Pages](api-management-page-templates.md)
- - [Sign in](api-management-page-templates.md#SignIn)
- - [Sign up](api-management-page-templates.md#SignUp)
- - [Page not found](api-management-page-templates.md#PageNotFound)
-
-## Next steps
-
-+ [Template reference](api-management-developer-portal-templates-reference.md)
-+ [Data model reference](api-management-template-data-model-reference.md)
-+ [Page controls](api-management-page-controls.md)
-+ [Template resources](api-management-template-resources.md)
api-management Api Management Developer Portal Templates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-developer-portal-templates.md
- Title: Customize the API Management developer portal using templates-
-description: Learn how to customize the Azure API Management developer portal using templates.
------- Previously updated : 11/04/2019---
-# How to customize the Azure API Management developer portal using templates
-
-There are three fundamental ways to customize the developer portal in Azure API Management:
-
-* [Edit the contents of static pages and page layout elements][modify-content-layout]
-* [Update the styles used for page elements across the developer portal][customize-styles]
-* [Modify the templates used for pages generated by the portal][portal-templates] (explained in this guide)
-
-Templates are used to customize the content of system-generated developer portal pages (for example, API docs, products, user authentication, etc.). Using [DotLiquid](https://github.com/dotliquid) syntax, and a provided set of localized string resources, icons, and page controls, you have great flexibility to configure the content of the pages as you see fit.
---
-## Developer portal templates overview
-
-Editing templates is done from the **Developer portal** while being logged in as an administrator. To get there first open the Azure portal and click **Developer portal** from the service toolbar of your API Management instance.
-
-To access the developer portal templates, click the customize icon on the left to display the customization menu, and click **Templates**.
-
-![Screenshot that highlights the customize icon to display the customization menu.][api-management-customize-menu]
-
-The templates list displays several categories of templates covering the different pages in the developer portal. Each template is different, but the steps to edit them and publish the changes are the same. To edit a template, click the name of the template.
-
-![Developer portal templates][api-management-templates-menu]
-
-Clicking a template takes you to the developer portal page that is customizable by that template. In this example, the **Product list** template is displayed. The **Product list** template controls the area of the screen indicated by the red rectangle.
-
-![Products list template][api-management-developer-portal-templates-overview]
-
-Some templates, like the **User Profile** templates, customize different parts of the same page.
-
-![User profile templates][api-management-user-profile-templates]
-
-The editor for each developer portal template has two sections displayed at the bottom of the page. The left-hand side displays the editing pane for the template, and the right-hand side displays the data model for the template.
-
-The template editing pane contains the markup that controls the appearance and behavior of the corresponding page in the developer portal. The markup in the template uses the [DotLiquid](https://github.com/dotliquid) syntax. One popular editor for DotLiquid is [DotLiquid for Designers](https://github.com/dotliquid/dotliquid/wiki/DotLiquid-for-Designers). Any changes made to the template during editing are displayed in real-time in the browser, but are not visible to your customers until you [save](#to-save-a-template) and [publish](#to-publish-a-template) the template.
-
-![Template markup][api-management-template]
-
-The **Template data** pane provides a guide to the data model for the entities that are available for use in a particular template. It provides this guide by displaying the live data that are currently displayed in the developer portal. You can expand the template panes by clicking the rectangle in the upper-right corner of the **Template data** pane.
-
-![Template data model][api-management-template-data]
-
-In the previous example, there are two products displayed in the developer portal that were retrieved from the data displayed in the **Template data** pane, as shown in the following example:
-
-```json
-{
- "Paging": {
- "Page": 1,
- "PageSize": 10,
- "TotalItemCount": 2,
- "ShowAll": false,
- "PageCount": 1
- },
- "Filtering": {
- "Pattern": null,
- "Placeholder": "Search products"
- },
- "Products": [
- {
- "Id": "56ec64c380ed850042060001",
- "Title": "Starter",
- "Description": "Subscribers will be able to run 5 calls/minute up to a maximum of 100 calls/week.",
- "Terms": "",
- "ProductState": 1,
- "AllowMultipleSubscriptions": false,
- "MultipleSubscriptionsCount": 1
- },
- {
- "Id": "56ec64c380ed850042060002",
- "Title": "Unlimited",
- "Description": "Subscribers have completely unlimited access to the API. Administrator approval is required.",
- "Terms": null,
- "ProductState": 1,
- "AllowMultipleSubscriptions": false,
- "MultipleSubscriptionsCount": 1
- }
- ]
-}
-```
-
-The markup in the **Product list** template processes the data to provide the desired output by iterating through the collection of products to display information and a link to each individual product. Note the `<search-control>` and `<page-control>` elements in the markup. These control the display of the searching and paging controls on the page. `ProductsStrings|PageTitleProducts` is a localized string reference that contains the `h2` header text for the page. For a list of string resources, page controls, and icons available for use in developer portal templates, see [API Management developer portal templates reference](api-management-developer-portal-templates-reference.md).
-
-```html
-<search-control></search-control>
-<div class="row">
- <div class="col-md-9">
- <h2>{% localized "ProductsStrings|PageTitleProducts" %}</h2>
- </div>
-</div>
-<div class="row">
- <div class="col-md-12">
- {% if products.size > 0 %}
- <ul class="list-unstyled">
- {% for product in products %}
- <li>
- <h3><a href="/products/{{product.id}}">{{product.title}}</a></h3>
- {{product.description}}
- </li>
- {% endfor %}
- </ul>
- <paging-control></paging-control>
- {% else %}
- {% localized "CommonResources|NoItemsToDisplay" %}
- {% endif %}
- </div>
-</div>
-```
-
-## To save a template
-To save a template, click save in the template editor.
-
-![Save template][api-management-save-template]
-
-Saved changes are not live in the developer portal until they are published.
-
-## To publish a template
-Saved templates can be published either individually, or all together. To publish an individual template, click publish in the template editor.
-
-![Publish template][api-management-publish-template]
-
-Click **Yes** to confirm and make the template live on the developer portal.
-
-![Screenshot that shows where you select Yes to make the template live.][api-management-publish-template-confirm]
-
-To publish all currently unpublished template versions, click **Publish** in the templates list. Unpublished templates are designated by an asterisk following the template name. In this example, the **Product list** and **Product** templates are being published.
-
-![Publish templates][api-management-publish-templates]
-
-Click **Publish customizations** to confirm.
-
-![Confirm publish][api-management-publish-customizations]
-
-Newly published templates are effective immediately in the developer portal.
-
-## To revert a template to the previous version
-To revert a template to the previous published version, click revert in the template editor.
-
-![Screenshot that highlights the icon you use to revert a template.][api-management-revert-template]
-
-Click **Yes** to confirm.
-
-![Screenshot that shows where you select Yes to confirm the changes.][api-management-revert-template-confirm]
-
-The previously published version of a template is live in the developer portal once the revert operation is complete.
-
-## To restore a template to the default version
-Restoring templates to their default version is a two-step process. First the templates must be restored, and then the restored versions must be published.
-
-To restore a single template to the default version click restore in the template editor.
-
-![Revert template][api-management-reset-template]
-
-Click **Yes** to confirm.
-
-![Confirm][api-management-reset-template-confirm]
-
-To restore all templates to their default versions, click **Restore default templates** on the template list.
-
-![Restore templates][api-management-restore-templates]
-
-The restored templates must then be published individually or all at once by following the steps in [To publish a template](#to-publish-a-template).
-
-## Next steps
-For reference information for developer portal templates, string resources, icons, and page controls, see [API Management developer portal templates reference](api-management-developer-portal-templates-reference.md).
-
-[modify-content-layout]: api-management-modify-content-layout.md
-[customize-styles]: api-management-customize-styles.md
-[portal-templates]: api-management-developer-portal-templates.md
-
-[api-management-customize-menu]: ./media/api-management-developer-portal-templates/api-management-customize-menu.png
-[api-management-templates-menu]: ./media/api-management-developer-portal-templates/api-management-templates-menu.png
-[api-management-developer-portal-templates-overview]: ./media/api-management-developer-portal-templates/api-management-developer-portal-templates-overview.png
-[api-management-template]: ./media/api-management-developer-portal-templates/api-management-template.png
-[api-management-template-data]: ./media/api-management-developer-portal-templates/api-management-template-data.png
-[api-management-developer-portal-menu]: ./media/api-management-developer-portal-templates/api-management-developer-portal-menu.png
-[api-management-management-console]: ./media/api-management-developer-portal-templates/api-management-management-console.png
-[api-management-browse]: ./media/api-management-developer-portal-templates/api-management-browse.png
-[api-management-user-profile-templates]: ./media/api-management-developer-portal-templates/api-management-user-profile-templates.png
-[api-management-save-template]: ./media/api-management-developer-portal-templates/api-management-save-template.png
-[api-management-publish-template]: ./media/api-management-developer-portal-templates/api-management-publish-template.png
-[api-management-publish-template-confirm]: ./media/api-management-developer-portal-templates/api-management-publish-template-confirm.png
-[api-management-publish-templates]: ./media/api-management-developer-portal-templates/api-management-publish-templates.png
-[api-management-publish-customizations]: ./media/api-management-developer-portal-templates/api-management-publish-customizations.png
-[api-management-revert-template]: ./media/api-management-developer-portal-templates/api-management-revert-template.png
-[api-management-revert-template-confirm]: ./media/api-management-developer-portal-templates/api-management-revert-template-confirm.png
-[api-management-reset-template]: ./media/api-management-developer-portal-templates/api-management-reset-template.png
-[api-management-reset-template-confirm]: ./media/api-management-developer-portal-templates/api-management-reset-template-confirm.png
-[api-management-restore-templates]: ./media/api-management-developer-portal-templates/api-management-restore-templates.png
api-management Api Management Features https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-features.md
Each API Management [pricing tier](https://aka.ms/apimpricing) offers a distinct
| [Pass-through WebSocket APIs](websocket-api.md) | No | Yes | Yes | Yes | Yes | | [Pass-through GraphQL APIs](graphql-apis-overview.md) | Yes | Yes | Yes | Yes | Yes | | [Synthetic GraphQL APIs](graphql-apis-overview.md) | Yes | Yes | Yes | Yes | Yes |
+| [Pass-through gRPC APIs](grpc-api.md) (preview) | No | Yes | No | No | Yes |
<sup>1</sup> Enables the use of Microsoft Entra ID (and Azure AD B2C) as an identity provider for user sign in on the developer portal.<br/> <sup>2</sup> Including related functionality such as users, groups, issues, applications, and email templates and notifications.<br/>
api-management Api Management Gateways Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-gateways-overview.md
Previously updated : 06/27/2023 Last updated : 11/6/2023
The following table compares features available in the managed gateway versus th
| [Function App](import-function-app-as-api.md) | ✔️ | ✔️ | ✔️ | | [Container App](import-container-app-with-oas.md) | ✔️ | ✔️ | ✔️ | | [Service Fabric](../service-fabric/service-fabric-api-management-overview.md) | Developer, Premium | ❌ | ❌ |
-| [Pass-through GraphQL](graphql-apis-overview.md) | ✔️ | ✔️ | ❌ |
-| [Synthetic GraphQL](graphql-apis-overview.md)| ✔️ | ✔️<sup>1</sup> | ❌ |
+| [Pass-through GraphQL](graphql-apis-overview.md) | ✔️ | ✔️ | ✔️ |
+| [Synthetic GraphQL](graphql-apis-overview.md)| ✔️ | ✔️<sup>1</sup> | ✔️<sup>1</sup> |
| [Pass-through WebSocket](websocket-api.md) | ✔️ | ❌ | ✔️ |
+| [Pass-through gRPC](grpc-api.md) | ❌ | ❌ | ✔️ |
+| [Circuit Breaker](backends.md#circuit-breaker-preview) | ✔️ | ✔️ | ✔️ |
-<sup>1</sup> Synthetic GraphQL subscriptions (preview) aren't supported in the Consumption tier.
+<sup>1</sup> Synthetic GraphQL subscriptions (preview) aren't supported.
### Policies
api-management Api Management Issue Templates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-issue-templates.md
- Title: Issue templates in Azure API Management | Microsoft Docs
-description: Learn how to customize the content of the Issue pages in the developer portal in Azure API Management.
------- Previously updated : 11/04/2019--
-# Issue templates in Azure API Management
-Azure API Management provides you the ability to customize the content of developer portal pages using a set of templates that configure their content. Using [DotLiquid](https://github.com/dotliquid) syntax and the editor of your choice, such as [DotLiquid for Designers](https://github.com/dotliquid/dotliquid/wiki/DotLiquid-for-Designers), and a provided set of localized [String resources](api-management-template-resources.md#strings), [Glyph resources](api-management-template-resources.md#glyphs), and [Page controls](api-management-page-controls.md), you have great flexibility to configure the content of the pages as you see fit using these templates.
-
- The templates in this section allow you to customize the content of the Issue pages in the developer portal.
-
-- [Issue list](#IssueList)
-
-> [!NOTE]
-> Sample default templates are included in the following documentation, but are subject to change due to continuous improvements. You can view the live default templates in the developer portal by navigating to the desired individual templates. For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
--
-
-## <a name="IssueList"></a> Issue list
- The **Issue list** template allows you to customize the body of the issue list page in the developer portal.
-
- ![Issue List Developer Portal](./media/api-management-issue-templates/APIM-Issue-List-Developer-Portal.png "APIM Issue List Developer Portal")
-
-### Default template
-
-```xml
-<div class="row">
- <div class="col-md-9">
- <h2>{% localized "IssuesStrings|WebIssuesIndexTitle" %}</h2>
- </div>
-</div>
-<div class="row">
- <div class="col-md-12">
- {% if issues.size > 0 %}
- <ul class="list-unstyled">
- {% capture reportedBy %}{% localized "IssuesStrings|WebIssuesStatusReportedBy" %}{% endcapture %}
- {% assign replaceString0 = '{0}' %}
- {% assign replaceString1 = '{1}' %}
- {% for issue in issues %}
- <li>
- <h3>
- <a href="/issues/{{issue.id}}">{{issue.title}}</a>
- </h3>
- <p>{{issue.description}}</p>
- <em>
- {% capture state %}{{issue.issueState}}{% endcapture %}
- {% capture devName %}{{issue.subscriptionDeveloperName}}{% endcapture %}
- {% capture str1 %}{{ reportedBy | replace : replaceString0, state }}{% endcapture %}
- {{ str1 | replace : replaceString1, devName }}
- <span class="UtcDateElement">{{ issue.reportedOn | date: "r" }}</span>
- </em>
- </li>
- {% endfor %}
- </ul>
- <paging-control></paging-control>
- {% else %}
- {% localized "CommonResources|NoItemsToDisplay" %}
- {% endif %}
- {% if canReportIssue %}
- <a class="btn btn-primary" id="createIssue" href="/Issues/Create">{% localized "IssuesStrings|WebIssuesReportIssueButton" %}</a>
- {% elsif isAuthenticated %}
- <hr />
- <p>{% localized "IssuesStrings|WebIssuesNoActiveSubscriptions" %}</p>
- {% else %}
- <hr />
- <p>
- {% capture signIntext %}{% localized "IssuesStrings|WebIssuesNotSignin" %}{% endcapture %}
- {% capture link %}<a href="/signin">{% localized "IssuesStrings|WebIssuesSignIn" %}</a>{% endcapture %}
- {{ signIntext | replace : replaceString0, link }}
- </p>
- {% endif %}
- </div>
-</div>
-```
-
-### Controls
- The `Issue list` template may use the following [page controls](api-management-page-controls.md).
-
-- [paging-control](api-management-page-controls.md#paging-control)
-
-### Data model
-
-|Property|Type|Description|
-|--|-|--|
-|`Issues`|Collection of [Issue](api-management-template-data-model-reference.md#Issue) entities.|The issues visible to the current user.|
-|`Paging`|[Paging](api-management-template-data-model-reference.md#Paging) entity.|The paging information for the applications collection.|
-|`IsAuthenticated`|boolean|Whether the current user is signed-in to the developer portal.|
-|`CanReportIssues`|boolean|Whether the current user has permissions to file an issue.|
-|`Search`|string|This property is deprecated and should not be used.|
-
-### Sample template data
-
-```json
-{
- "Issues": [
- {
- "Id": "5702b68bb16653124c8f9ba7",
- "ApiId": "570275f1b16653124c8f9ba3",
- "Title": "I couldn't figure out how to connect my application to the API",
- "Description": "I'm having trouble connecting my application to the backend API.",
- "SubscriptionDeveloperName": "Clayton",
- "IssueState": "Proposed",
- "ReportedOn": "2016-04-04T18:46:35.64",
- "Comments": null,
- "Attachments": null,
- "Services": null
- }
- ],
- "Paging": {
- "Page": 1,
- "PageSize": 10,
- "TotalItemCount": 1,
- "ShowAll": false,
- "PageCount": 1
- },
- "IsAuthenticated": true,
- "CanReportIssue": true,
- "Search": null
-}
-```
-
-## Next steps
-For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
api-management Api Management Modify Content Layout https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-modify-content-layout.md
- Title: Modify page contents in developer portal in API Management-
-description: Learn how to edit page contents on the developer portal in Azure API Management.
------- Previously updated : 02/09/2017---
-# Modify the content and layout of pages on the developer portal in Azure API Management
-There are three fundamental ways to customize the developer portal in Azure API Management:
-
-* [Edit the contents of static pages and page layout elements][modify-content-layout] (explained in this guide)
-* [Update the styles used for page elements across the developer portal][customize-styles]
-* [Modify the templates used for pages generated by the portal][portal-templates] (for example, API docs, products, user authentication, etc.)
--
-## <a name="page-structure"> </a>Structure of developer portal pages
-
-The developer portal is based on a content management system. The layout of every page is built based on set of small page elements known as widgets:
-
-![Developer portal page structure][api-management-customization-widget-structure]
-
-All widgets are editable.
-* The core contents specific to each individual page reside in the "Contents" widget. Editing a page means editing the contents of this widget.
-* All page layout elements are contained with the remaining widgets. Changes made to these widgets are applied to all pages. They are referred to as "layout widgets."
-
-In day-to-day page editing one would often modify just the Content widget, which will have different content for each individual page.
-
-## <a name="modify-layout-widget"> </a>Modifying the contents of a layout widget
-
-The Developer portal is accessible from the Azure Portal.
-
-1. Click **Developer Portal** from the toolbar of your API Management instance.
-2. To edit the contents of widgets, click the icon comprised of two paint brushes from the **Developer** portal menu on the left.
-3. To modify the contents of the header, scroll to the **Header** section in the list on the left.
-
- The widgets are editable from within the fields.
-4. Once you are ready to publish your changes, click **Publish** at the bottom of the page.
-
-Now you should be able to see the new header on every page within the developer portal.
-
-## <a name="next-steps"> </a>Next steps
-* [Update the styles used for page elements across the developer portal][customize-styles]
-* [Modify the templates used for pages generated by the portal][portal-templates] (for example, API docs, products, user authentication, etc.)
-
-[Structure of developer portal pages]: #page-structure
-[Modifying the contents of a layout widget]: #modify-layout-widget
-[Edit the contents of a page]: #edit-page-contents
-[Next steps]: #next-steps
-
-[modify-content-layout]: api-management-modify-content-layout.md
-[customize-styles]: api-management-customize-styles.md
-[portal-templates]: api-management-developer-portal-templates.md
-
-[api-management-customization-widget-structure]: ./media/api-management-modify-content-layout/portal-widget-structure.png
-[api-management-management-console]: ./media/api-management-modify-content-layout/api-management-management-console.png
-[api-management-widgets-header]: ./media/api-management-modify-content-layout/api-management-widgets-header.png
-[api-management-customization-manage-content]: ./media/api-management-modify-content-layout/api-management-customization-manage-content.png
api-management Api Management Page Controls https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-page-controls.md
- Title: Azure API Management page controls | Microsoft Docs
-description: Learn about the page controls available for use in developer portal templates in Azure API Management.
------- Previously updated : 11/04/2019---
-# Azure API Management page controls
-Azure API Management provides the following controls for use in the developer portal templates.
-
-To use a control, place it in the desired location in the developer portal template. Some controls, such as the [app-actions](#app-actions) control, have parameters, as shown in the following example:
-
-```xml
-<app-actions params="{ appId: '{{app.id}}' }"></app-actions>
-```
-
-The values for the parameters are passed in as part of the data model for the template. In most cases, you can simply paste in the provided example for each control for it to work correctly. For more information on the parameter values, you can see the data model section for each template in which a control may be used.
-
-For more information about working with templates, see [How to customize the API Management developer portal using templates](./api-management-developer-portal-templates.md).
--
-
-## Developer portal template page controls
-
-- [app-actions](#app-actions) -- [basic-signin](#basic-signin) -- [paging-control](#paging-control) -- [providers](#providers) -- [search-control](#search-control) -- [sign-up](#sign-up) -- [subscribe-button](#subscribe-button) -- [subscription-cancel](#subscription-cancel)
-
-## <a name="app-actions"></a> app-actions
- The `app-actions` control provides a user interface for interacting with applications on the user profile page in the developer portal.
-
- ![app&#45;actions control](./media/api-management-page-controls/APIM-app-actions-control.png "APIM app-actions control")
-
-### Usage
-
-```xml
-<app-actions params="{ appId: '{{app.id}}' }"></app-actions>
-```
-
-### Parameters
-
-|Parameter|Description|
-||--|
-|appId|The ID of the application.|
-
-### Developer portal templates
- The `app-actions` control may be used in the following developer portal templates:
-
-- [Applications](api-management-user-profile-templates.md#Applications)
-
-## <a name="basic-signin"></a> basic-signin
- The `basic-signin` control provides a control for collecting user sign-in information in the sign-in page in the developer portal.
-
- ![basic&#45;signin control](./media/api-management-page-controls/APIM-basic-signin-control.png "APIM basic-signin control")
-
-### Usage
-
-```xml
-<basic-SignIn></basic-SignIn>
-```
-
-### Parameters
- None.
-
-### Developer portal templates
- The `basic-signin` control may be used in the following developer portal templates:
-
-- [Sign in](api-management-page-templates.md#SignIn)
-
-## <a name="paging-control"></a> paging-control
- The `paging-control` provides paging functionality on developer portal pages that display a list of items.
-
- ![paging control](./media/api-management-page-controls/APIM-paging-control.png "APIM paging control")
-
-### Usage
-
-```xml
-<paging-control></paging-control>
-```
-
-### Parameters
- None.
-
-### Developer portal templates
- The `paging-control` control may be used in the following developer portal templates:
-
-- [API list](api-management-api-templates.md#APIList)
-
-- [Issue list](api-management-issue-templates.md#IssueList)
-
-- [Product list](api-management-product-templates.md#ProductList)
-
-## <a name="providers"></a> providers
- The `providers` control provides a control for selection of authentication providers in the sign-in page in the developer portal.
-
- ![providers control](./media/api-management-page-controls/APIM-providers-control.png "APIM providers control")
-
-### Usage
-
-```xml
-<providers></providers>
-```
-
-### Parameters
- None.
-
-### Developer portal templates
- The `providers` control may be used in the following developer portal templates:
-
-- [Sign in](api-management-page-templates.md#SignIn)
-
-## <a name="search-control"></a> search-control
- The `search-control` provides search functionality on developer portal pages that display a list of items.
-
- ![search control](./media/api-management-page-controls/APIM-search-control.png "APIM search control")
-
-### Usage
-
-```xml
-<search-control></search-control>
-```
-
-### Parameters
- None.
-
-### Developer portal templates
- The `search-control` control may be used in the following developer portal templates:
-
-- [API list](api-management-api-templates.md#APIList)
-
-- [Product list](api-management-product-templates.md#ProductList)
-
-## <a name="sign-up"></a> sign-up
- The `sign-up` control provides a control for collecting user profile information in the sign-up page in the developer portal.
-
- ![sign&#45;up control](./media/api-management-page-controls/APIM-sign-up-control.png "APIM sign-up control")
-
-### Usage
-
-```xml
-<sign-up></sign-up>
-```
-
-### Parameters
- None.
-
-### Developer portal templates
- The `sign-up` control may be used in the following developer portal templates:
-
-- [Sign up](api-management-page-templates.md#SignUp)
-
-## <a name="subscribe-button"></a> subscribe-button
- The `subscribe-button` provides a control for subscribing a user to a product.
-
- ![subscribe&#45;button control](./media/api-management-page-controls/APIM-subscribe-button-control.png "APIM subscribe-button control")
-
-### Usage
-
-```xml
-<subscribe-button></subscribe-button>
-```
-
-### Parameters
- None.
-
-### Developer portal templates
- The `subscribe-button` control may be used in the following developer portal templates:
-
-- [Product](api-management-product-templates.md#Product)
-
-## <a name="subscription-cancel"></a> subscription-cancel
- The `subscription-cancel` control provides a control for canceling a subscription to a product in the user profile page in the developer portal.
-
- ![subscription&#45;cancel control](./media/api-management-page-controls/APIM-subscription-cancel-control.png "APIM subscription-cancel control")
-
-### Usage
-
-```xml
-<subscription-cancel params="{ subscriptionId: '{{subscription.id}}', cancelUrl: '{{subscription.cancelUrl}}' }">
-</subscription-cancel>
-
-```
-
-### Parameters
-
-|Parameter|Description|
-||--|
-|subscriptionId|The ID of the subscription to cancel.|
-|cancelUrl|The subscription cancels URL.|
-
-### Developer portal templates
- The `subscription-cancel` control may be used in the following developer portal templates:
-
-- [Product](api-management-product-templates.md#Product)-
-## Next steps
-For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
api-management Api Management Page Templates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-page-templates.md
- Title: Page templates in Azure API Management | Microsoft Docs
-description: Learn how to customize the content of developer portal page templates in Azure API Management.
------- Previously updated : 11/04/2019--
-# Page templates in Azure API Management
-Azure API Management provides you the ability to customize the content of developer portal pages using a set of templates that configure their content. Using [DotLiquid](https://github.com/dotliquid) syntax and the editor of your choice, such as [DotLiquid for Designers](https://github.com/dotliquid/dotliquid/wiki/DotLiquid-for-Designers), and a provided set of localized [String resources](api-management-template-resources.md#strings), [Glyph resources](api-management-template-resources.md#glyphs), and [Page controls](api-management-page-controls.md), you have great flexibility to configure the content of the pages as you see fit using these templates.
-
- The templates in this section allow you to customize the content of the sign in, sign up, and page not found pages in the developer portal.
-
-- [Sign in](#SignIn)
-
-- [Sign up](#SignUp)
-
-- [Page not found](#PageNotFound)
-
-> [!NOTE]
-> Sample default templates are included in the following documentation, but are subject to change due to continuous improvements. You can view the live default templates in the developer portal by navigating to the desired individual templates. For more information about working with templates, see [How to customize the API Management developer portal using templates](./api-management-developer-portal-templates.md).
--
-
-## <a name="SignIn"></a> Sign in
- The **sign in** template allows you to customize the sign in page in the developer portal.
-
- ![Sign In Page](./media/api-management-page-templates/APIM-Sign-In-Page-Developer-Portal-Templates.png "APIM Sign In Page Developer Portal Templates")
-
-### Default template
-
-```xml
-<h2 class="text-center">{% localized "SigninStrings|WebAuthenticationSigninTitle" %}</h2>
-{% if registrationEnabled == true %}
-<p class="text-center">{% localized "SigninStrings|WebAuthenticationNotAMember" %}</p>
-{% endif %}
-
-<div class="row center-block ap-idp-container">
- <div class="col-md-6">
- {% if registrationEnabled == true %}
- <p>{% localized "SigninStrings|WebAuthenticationSigininWithPassword" %}</p>
- <basic-SignIn></basic-SignIn>
- {% endif %}
- </div>
-
- {% if registrationEnabled != true and providers.size == 0 %}
- {% localized "ProviderInfoStrings|TextboxExternalIdentitiesDisabled" %}
- {% else %}
- {% if providers.size > 0 %}
- <div class="col-md-6">
- <div class="providers-list">
- <p class="text-left">
- {% if registrationEnabled == true %}
- {% localized "ProviderInfoStrings|TextboxExternalIdentitiesSigninInvitation" %}
- {% else %}
- {% localized "ProviderInfoStrings|TextboxExternalIdentitiesSigninInvitationPrimary" %}
- {% endif %}
- </p>
- <providers></providers>
- </div>
- </div>
- {% endif %}
- {% endif %}
-
- {% if userRegistrationTermsEnabled == true %}
- <div class="col-md-6">
- <div id="terms" class="modal" role="dialog" tabindex="-1">
- <div class="modal-dialog">
- <div class="modal-content">
- <div class="modal-header">
- <h4 class="modal-title">{% localized "SigninResources|DialogHeadingTermsOfUse" %}</h4>
- </div>
- <div class="modal-body break-all">{{userRegistrationTerms}}</div>
- <div class="modal-footer">
- <button type="button" class="btn btn-default" data-dismiss="modal">{% localized "CommonStrings|ButtonLabelClose" %}</button>
- </div>
- </div>
- </div>
- </div>
- <p>{% localized "SigninResources|TextblockUserRegistrationTermsProvided" %}</p>
- </div>
- {% endif %}
-</div>
-```
-
-### Controls
- This template may use the following [page controls](api-management-page-controls.md).
-
-- [basic-signin](api-management-page-controls.md#basic-signin)
-
-- [providers](api-management-page-controls.md#providers)
-
-### Data model
- [User sign in](api-management-template-data-model-reference.md#UseSignIn) entity.
-
-### Sample template data
-
-```json
-{
- "Email": null,
- "Password": null,
- "ReturnUrl": null,
- "RememberMe": false,
- "RegistrationEnabled": true,
- "DelegationEnabled": false,
- "DelegationUrl": null,
- "SsoSignUpUrl": null,
- "AuxServiceUrl": "https://portal.azure.com/#resource/subscriptions/{subscription ID}/resourceGroups/Api-Default-West-US/providers/Microsoft.ApiManagement/service/contoso5",
- "Providers": [
- {
- "Properties": {
- "AuthenticationType": "Aad",
- "Caption": "Azure Active Directory"
- },
- "AuthenticationType": "Aad",
- "Caption": "Azure Active Directory"
- }
- ],
- "UserRegistrationTerms": null,
- "UserRegistrationTermsEnabled": false
-}
-```
-
-## <a name="SignUp"></a> Sign up
- The **sign up** template allows you to customize the sign up page in the developer portal.
-
- ![Sign Up Page](./media/api-management-page-templates/APIM-Sign-Up-Page-Developer-Portal-Templates.png "APIM Sign Up Page Developer Portal Templates")
-
-### Default template
-
-```xml
-<h2 class="text-center">{% localized "SignupStrings|PageTitleSignup" %}</h2>
-<p class="text-center">
- {% localized "SignupStrings|WebAuthenticationAlreadyAMember" %} <a href="/signin">{% localized "SignupStrings|WebAuthenticationSigninNow" %}</a>
-</p>
-
-<div class="row center-block ap-idp-container">
- <div class="col-md-6">
- <p>{% localized "SignupStrings|WebAuthenticationCreateNewAccount" %}</p>
- <sign-up></sign-up>
- </div>
-</div>
-```
-
-### Controls
- This template may use the following [page controls](api-management-page-controls.md).
-
-- [sign-up](api-management-page-controls.md#sign-up)
-
-### Data model
- [User sign up](api-management-template-data-model-reference.md#UserSignUp) entity.
-
-### Sample template data
-
-```json
-{
- "PasswordConfirm": null,
- "Password": null,
- "PasswordVerdictLevel": 0,
- "UserRegistrationTerms": null,
- "UserRegistrationTermsOptions": 0,
- "ConsentAccepted": false,
- "Email": null,
- "FirstName": null,
- "LastName": null,
- "UserData": null,
- "NameIdentifier": null,
- "ProviderName": null
-}
-```
-
-## <a name="PageNotFound"></a> Page not found
- The **page not found** template allows you to customize the page not found page in the developer portal.
-
- ![Not Found Page](./media/api-management-page-templates/APIM-Not-Found-Page-Developer-Portal-Templates.png "APIM Not Found Page Developer Portal Templates")
-
-### Default template
-
-```xml
-<h2>{% localized "NotFoundStrings|PageTitleNotFound" %}</h2>
-
-<h3>{% localized "NotFoundStrings|TitlePotentialCause" %}</h3>
-<ul>
- <li>{% localized "NotFoundStrings|TextblockPotentialCauseOldLink" %}</li>
- <li>{% localized "NotFoundStrings|TextblockPotentialCauseMisspelledUrl" %}</li>
-</ul>
-
-<h3>{% localized "NotFoundStrings|TitlePotentialSolution" %}</h3>
-<ul>
- <li>{% localized "NotFoundStrings|TextblockPotentialSolutionRetype" %}</li>
- <li>
- {% capture textPotentialSolutionStartOver %}{% localized "NotFoundStrings|TextblockPotentialSolutionStartOver" %}{% endcapture %}
- {% capture homeLink %}<a href="/">{% localized "NotFoundStrings|LinkLabelHomePage" %}</a>{% endcapture %}
- {% assign replaceString = '{0}' %}
-
- {{ textPotentialSolutionStartOver | replace : replaceString, homeLink }}
- </li>
-</ul>
-
-<p>
- {% capture textReportProblem %}{% localized "NotFoundStrings|TextReportProblem" %}{% endcapture %}
- {% capture emailLink %}<a href="mailto:apimgmt@microsoft.com" target="_self" title="API Management Support">{% localized "NotFoundStrings|LinkLabelSendUsEmail" %}</a>{% endcapture %}
- {% assign replaceString = '{0}' %}
-
- {{ textReportProblem | replace : replaceString, emailLink }}
-</p>
-```
-
-### Controls
- This template may not use any [page controls](api-management-page-controls.md).
-
-### Data model
-
-|Property|Type|Description|
-|--|-|--|
-|referenceCode|string|Code generated if this page was displayed as the result of an internal error.|
-|errorCode|string|Code generated if this page was displayed as the result of an internal error.|
-|emailBody|string|Email body generated if this page was displayed as the result of an internal error.|
-|requestedUrl|string|The URL requested when the page was not found.|
-|referrerUrl|string|The referrer URL to the requested URL.|
-
-### Sample template data
-
-```json
-{
- "referenceCode": null,
- "errorCode": null,
- "emailBody": null,
- "requestedUrl": "https://contoso5.portal.azure-api.net:443/NotFoundPage?startEditTemplate=NotFoundPage",
- "referrerUrl": "https://contoso5.portal.azure-api.net/signup?startEditTemplate=SignUpTemplate"
-}
-```
-
-## Next steps
-For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
api-management Api Management Product Templates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-product-templates.md
- Title: Product templates in Azure API Management | Microsoft Docs
-description: Learn how to customize the content of the product pages in the Azure API Management developer portal.
------- Previously updated : 11/04/2019--
-# Product templates in Azure API Management
-
-Azure API Management provides you the ability to customize the content of developer portal pages using a set of templates that configure their content. Using [DotLiquid](https://github.com/dotliquid) syntax and the editor of your choice, such as [DotLiquid for Designers](https://github.com/dotliquid/dotliquid/wiki/DotLiquid-for-Designers), and a provided set of localized [String resources](api-management-template-resources.md#strings), [Glyph resources](api-management-template-resources.md#glyphs), and [Page controls](api-management-page-controls.md), you have great flexibility to configure the content of the pages as you see fit using these templates.
-
- The templates in this section allow you to customize the content of the product pages in the developer portal.
-
-- [Product list](#ProductList)
-
-- [Product](#Product)
-
-> [!NOTE]
-> Sample default templates are included in the following documentation, but are subject to change due to continuous improvements. You can view the live default templates in the developer portal by navigating to the desired individual templates. For more information about working with templates, see [How to customize the API Management developer portal using templates](./api-management-developer-portal-templates.md).
--
-
-## <a name="ProductList"></a> Product list
- The **Product list** template allows you to customize the body of the product list page in the developer portal.
-
- ![Products list](./media/api-management-product-templates/APIM_ProductsListTemplatePage.png "APIM_ProductsListTemplatePage")
-
-### Default template
-
-```xml
-<search-control></search-control>
-<div class="row">
- <div class="col-md-9">
- <h2>{% localized "ProductsStrings|PageTitleProducts" %}</h2>
- </div>
-</div>
-<div class="row">
- <div class="col-md-12">
- {% if products.size > 0 %}
- <ul class="list-unstyled">
- {% for product in products %}
- <li>
- <h3><a href="/products/{{product.id}}">{{product.title}}</a></h3>
- {{product.description}}
- </li>
- {% endfor %}
- </ul>
- <paging-control></paging-control>
- {% else %}
- {% localized "CommonResources|NoItemsToDisplay" %}
- {% endif %}
- </div>
-</div>
-```
-
-### Controls
- The `Product list` template may use the following [page controls](api-management-page-controls.md).
-
-- [paging-control](api-management-page-controls.md#paging-control)
-
-- [search-control](api-management-page-controls.md#search-control)
-
-### Data model
-
-|Property|Type|Description|
-|--|-|--|
-|Paging|[Paging](api-management-template-data-model-reference.md#Paging) entity.|The paging information for the products collection.|
-|Filtering|[Filtering](api-management-template-data-model-reference.md#Filtering) entity.|The filtering information for the products list page.|
-|Products|Collection of [Product](api-management-template-data-model-reference.md#Product) entities.|The products visible to the current user.|
-
-### Sample template data
-
-```json
-{
- "Paging": {
- "Page": 1,
- "PageSize": 10,
- "TotalItemCount": 2,
- "ShowAll": false,
- "PageCount": 1
- },
- "Filtering": {
- "Pattern": null,
- "Placeholder": "Search products"
- },
- "Products": [
- {
- "Id": "56f9445ffaf7560049060001",
- "Title": "Starter",
- "Description": "Subscribers will be able to run 5 calls/minute up to a maximum of 100 calls/week.",
- "Terms": "",
- "ProductState": 1,
- "AllowMultipleSubscriptions": false,
- "MultipleSubscriptionsCount": 1
- },
- {
- "Id": "56f9445ffaf7560049060002",
- "Title": "Unlimited",
- "Description": "Subscribers have completely unlimited access to the API. Administrator approval is required.",
- "Terms": null,
- "ProductState": 1,
- "AllowMultipleSubscriptions": false,
- "MultipleSubscriptionsCount": 1
- }
- ]
-}
-```
-
-## <a name="Product"></a> Product
- The **Product** template allows you to customize the body of the product page in the developer portal.
-
- ![Developer portal product page](./media/api-management-product-templates/APIM_ProductPage.png "APIM_ProductPage")
-
-### Default template
-
-```xml
-<h2>{{Product.Title}}</h2>
-<p>{{Product.Description}}</p>
-
-{% assign replaceString0 = '{0}' %}
-
-{% if Limits and Limits.size > 0 %}
-<h3>{% localized "ProductDetailsStrings|WebProductsUsageLimitsHeader"%}</h3>
-<ul>
- {% for limit in Limits %}
- <li>{{limit.DisplayName}}</li>
- {% endfor %}
-</ul>
-{% endif %}
-
-{% if apis.size > 0 %}
-<p>
- <b>
- {% if apis.size == 1 %}
- {% capture apisCountText %}{% localized "ProductDetailsStrings|TextblockSingleApisCount" %}{% endcapture %}
- {% else %}
- {% capture apisCountText %}{% localized "ProductDetailsStrings|TextblockMultipleApisCount" %}{% endcapture %}
- {% endif %}
-
- {% capture apisCount %}{{apis.size}}{% endcapture %}
- {{ apisCountText | replace : replaceString0, apisCount }}
- </b>
-</p>
-
-<ul>
- {% for api in Apis %}
- <li>
- <a href="/docs/services/{{api.Id}}">{{api.Name}}</a>
- </li>
- {% endfor %}
-</ul>
-{% endif %}
-
-{% if subscriptions.size > 0 %}
-<p>
- <b>
- {% if subscriptions.size == 1 %}
- {% capture subscriptionsCountText %}{% localized "ProductDetailsStrings|TextblockSingleSubscriptionsCount" %}{% endcapture %}
- {% else %}
- {% capture subscriptionsCountText %}{% localized "ProductDetailsStrings|TextblockMultipleSubscriptionsCount" %}{% endcapture %}
- {% endif %}
-
- {% capture subscriptionsCount %}{{subscriptions.size}}{% endcapture %}
- {{ subscriptionsCountText | replace : replaceString0, subscriptionsCount }}
- </b>
-</p>
-
-<ul>
- {% for subscription in subscriptions %}
- <li>
- <a href="/developer#{{subscription.Id}}">{{subscription.DisplayName}}</a>
- </li>
- {% endfor %}
-</ul>
-{% endif %}
-{% if CannotAddBecauseSubscriptionNumberLimitReached %}
-<b>{% localized "ProductDetailsStrings|TextblockSubscriptionLimitReached" %}</b>
-{% elsif CannotAddBecauseMultipleSubscriptionsNotAllowed == false %}
-<subscribe-button></subscribe-button>
-{% endif %}
-```
-
-### Controls
- The `Product list` template may use the following [page controls](api-management-page-controls.md).
-
-- [subscribe-button](api-management-page-controls.md#subscribe-button)
-
-### Data model
-
-|Property|Type|Description|
-|--|-|--|
-|Product|[Product](api-management-template-data-model-reference.md#Product)|The specified product.|
-|IsDeveloperSubscribed|boolean|Whether the current user is subscribed to this product.|
-|SubscriptionState|number|The state of the subscription. Possible states are:<br /><br /> - `0 - suspended` ΓÇô the subscription is blocked, and the subscriber cannot call any APIs of the product.<br />- `1 - active` ΓÇô the subscription is active.<br />- `2 - expired` ΓÇô the subscription reached its expiration date and was deactivated.<br />- `3 - submitted` ΓÇô the subscription request has been made by the developer, but has not yet been approved or rejected.<br />- `4 - rejected` ΓÇô the subscription request has been denied by an administrator.<br />- `5 - cancelled` ΓÇô the subscription has been canceled by the developer or administrator.|
-|Limits|array|This property is deprecated and should not be used.|
-|DelegatedSubscriptionEnabled|boolean|Whether [delegation](./api-management-howto-setup-delegation.md) is enabled for this subscription.|
-|DelegatedSubscriptionUrl|string|If delegation is enabled, the delegated subscription URL.|
-|IsAgreed|boolean|If the product has terms, whether the current user has agreed to the terms.|
-|Subscriptions|Collection of [Subscription summary](api-management-template-data-model-reference.md#SubscriptionSummary) entities.|The subscriptions to the product.|
-|Apis|Collection of [API](api-management-template-data-model-reference.md#API) entities.|The APIs in this product.|
-|CannotAddBecauseSubscriptionNumberLimitReached|boolean|Whether the current user is eligible to subscribe to this product with regard to the subscription limit.|
-|CannotAddBecauseMultipleSubscriptionsNotAllowed|boolean|Whether the current user is eligible to subscribe to this product with regard to multiple subscriptions being allowed or not.|
-
-### Sample template data
-
-```json
-{
- "Product": {
- "Id": "56f9445ffaf7560049060001",
- "Title": "Starter",
- "Description": "Subscribers will be able to run 5 calls/minute up to a maximum of 100 calls/week.",
- "Terms": "",
- "ProductState": 1,
- "AllowMultipleSubscriptions": false,
- "MultipleSubscriptionsCount": 1
- },
- "IsDeveloperSubscribed": true,
- "SubscriptionState": 1,
- "Limits": [],
- "DelegatedSubscriptionEnabled": false,
- "DelegatedSubscriptionUrl": null,
- "IsAgreed": false,
- "Subscriptions": [
- {
- "Id": "56f9445ffaf7560049070001",
- "DisplayName": "Starter (default)"
- }
- ],
- "Apis": [
- {
- "id": "56f9445ffaf7560049040001",
- "name": "Echo API",
- "description": null,
- "serviceUrl": "http://echoapi.cloudapp.net/api",
- "path": "echo",
- "protocols": [
- 2
- ],
- "authenticationSettings": null,
- "subscriptionKeyParameterNames": null
- }
- ],
- "CannotAddBecauseSubscriptionNumberLimitReached": false,
- "CannotAddBecauseMultipleSubscriptionsNotAllowed": true
-}
-```
-
-## Next steps
-For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
api-management Api Management Template Data Model Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-template-data-model-reference.md
- Title: Azure API Management template data model reference | Microsoft Docs
-description: Learn about the entity and type representations for common items used in the data models for the developer portal templates in Azure API Management.
------- Previously updated : 11/04/2019--
-# Azure API Management template data model reference
-This topic describes the entity and type representations for common items used in the data models for the developer portal templates in Azure API Management.
-
- For more information about working with templates, see [How to customize the API Management developer portal using templates](./api-management-developer-portal-templates.md).
---
-## Reference
--- [API](#API) -- [API summary](#APISummary) -- [Application](#Application) -- [Attachment](#Attachment) -- [Code sample](#Sample) -- [Comment](#Comment) -- [Filtering](#Filtering) -- [Header](#Header) -- [HTTP Request](#HTTPRequest) -- [HTTP Response](#HTTPResponse) -- [Issue](#Issue) -- [Operation](#Operation) -- [Operation menu](#Menu) -- [Operation menu item](#MenuItem) -- [Paging](#Paging) -- [Parameter](#Parameter) -- [Product](#Product) -- [Provider](#Provider) -- [Representation](#Representation) -- [Subscription](#Subscription) -- [Subscription summary](#SubscriptionSummary) -- [User account info](#UserAccountInfo) -- [User sign-in](#UseSignIn) -- [User sign-up](#UserSignUp)
-
-## <a name="API"></a> API
- The `API` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`id`|string|Resource identifier. Uniquely identifies the API within the current API Management service instance. The value is a valid relative URL in the format of `apis/{id}` where `{id}` is an API identifier. This property is read-only.|
-|`name`|string|Name of the API. Must not be empty. Maximum length is 100 characters.|
-|`description`|string|Description of the API. Must not be empty. May include HTML formatting tags. Maximum length is 1000 characters.|
-|`serviceUrl`|string|Absolute URL of the backend service implementing this API.|
-|`path`|string|Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API.|
-|`protocols`|array of number|Describes on which protocols the operations in this API can be invoked. Allowed values are `1 - http` and `2 - https`, or both.|
-|`authenticationSettings`|[Authorization server authentication settings](/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-contract-reference#AuthenticationSettings)|Collection of authentication settings included in this API.|
-|`subscriptionKeyParameterNames`|object|Optional property that can be used to specify custom names for query and/or header parameters containing the subscription key. When this property is present, it must contain at least one of the two following properties.<br /><br /> `{ "subscriptionKeyParameterNames": { "query": ΓÇ£customQueryParameterName", "header": ΓÇ£customHeaderParameterName" } }`|
-
-## <a name="APISummary"></a> API summary
- The `API summary` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`id`|string|Resource identifier. Uniquely identifies the API within the current API Management service instance. The value is a valid relative URL in the format of `apis/{id}` where `{id}` is an API identifier. This property is read-only.|
-|`name`|string|Name of the API. Must not be empty. Maximum length is 100 characters.|
-|`description`|string|Description of the API. Must not be empty. May include HTML formatting tags. Maximum length is 1000 characters.|
-
-## <a name="Application"></a> Application
- The `application` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`Id`|string|The unique identifier of the application.|
-|`Title`|string|The title of the application.|
-|`Description`|string|The description of the application.|
-|`Url`|URI|The URI for the application.|
-|`Version`|string|Version information for the application.|
-|`Requirements`|string|A description of requirements for the application.|
-|`State`|number|The current state of the application.<br /><br /> - 0 - Registered<br /><br /> - 1 - Submitted<br /><br /> - 2 - Published<br /><br /> - 3 - Rejected<br /><br /> - 4 - Unpublished|
-|`RegistrationDate`|DateTime|The date and time the application was registered.|
-|`CategoryId`|number|The category of the application (Finance, entertainment, etc.)|
-|`DeveloperId`|string|The unique identifier of the developer that submitted the application.|
-|`Attachments`|Collection of [Attachment](#Attachment) entities.|Any attachments for the application such as screenshots or icons.|
-|`Icon`|[Attachment](#Attachment)|The icon the for the application.|
-
-## <a name="Attachment"></a> Attachment
- The `attachment` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`UniqueId`|string|The unique identifier for the attachment.|
-|`Url`|string|The URL of the resource.|
-|`Type`|string|The type of attachment.|
-|`ContentType`|string|The media type of the attachment.|
-
-## <a name="Sample"></a> Code sample
-
-|Property|Type|Description|
-|--|-|--|
-|`title`|string|The name of the operation.|
-|`snippet`|string|This property is deprecated and should not be used.|
-|`brush`|string|Which code syntax coloring template to be used when displaying the code sample. Allowed values are `plain`, `php`, `java`, `xml`, `objc`, `python`, `ruby`, and `csharp`.|
-|`template`|string|The name of this code sample template.|
-|`body`|string|A placeholder for the code sample portion of the snippet.|
-|`method`|string|The HTTP method of the operation.|
-|`scheme`|string|The protocol to use for the operation request.|
-|`path`|string|The path of the operation.|
-|`query`|string|Query string example with defined parameters.|
-|`host`|string|The URL of the API Management service gateway for the API that contains this operation.|
-|`headers`|Collection of [Header](#Header) entities.|Headers for this operation.|
-|`parameters`|Collection of [Parameter](#Parameter) entities.|Parameters that are defined for this operation.|
-
-## <a name="Comment"></a> Comment
- The `API` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`Id`|number|The ID of the comment.|
-|`CommentText`|string|The body of the comment. May include HTML.|
-|`DeveloperCompany`|string|The company name of the developer.|
-|`PostedOn`|DateTime|The date and time the comment was posted.|
-
-## <a name="Issue"></a> Issue
- The `issue` entity has the following properties.
-
-|Property|Type|Description|
-|--|-|--|
-|`Id`|string|The unique identifier for the issue.|
-|`ApiID`|string|The ID for the API for which this issue was reported.|
-|`Title`|string|Title of the issue.|
-|`Description`|string|Description of the issue.|
-|`SubscriptionDeveloperName`|string|First name of the developer that reported the issue.|
-|`IssueState`|string|The current state of the issue. Possible values are Proposed, Opened, Closed.|
-|`ReportedOn`|DateTime|The date and time the issue was reported.|
-|`Comments`|Collection of [Comment](#Comment) entities.|Comments on this issue.|
-|`Attachments`|Collection of [Attachment](api-management-template-data-model-reference.md#Attachment) entities.|Any attachments to the issue.|
-|`Services`|Collection of [API](#API) entities.|The APIs subscribed to by the user that filed the issue.|
-
-## <a name="Filtering"></a> Filtering
- The `filtering` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`Pattern`|string|The current search term; or `null` if there is no search term.|
-|`Placeholder`|string|The text to display in the search box when there is no search term specified.|
-
-## <a name="Header"></a> Header
- This section describes the `parameter` representation.
-
-|Property|Type|Description|
-|--|--|-|
-|`name`|string|Parameter name.|
-|`description`|string|Parameter description.|
-|`value`|string|Header value.|
-|`typeName`|string|Data type of header value.|
-|`options`|string|Options.|
-|`required`|boolean|Whether the header is required.|
-|`readOnly`|boolean|Whether the header is read-only.|
-
-## <a name="HTTPRequest"></a> HTTP Request
- This section describes the `request` representation.
-
-|Property|Type|Description|
-|--|-|--|
-|`description`|string|Operation request description.|
-|`headers`|array of [Header](#Header) entities.|Request headers.|
-|`parameters`|array of [Parameter](#Parameter)|Collection of operation request parameters.|
-|`representations`|array of [Representation](#Representation)|Collection of operation request representations.|
-
-## <a name="HTTPResponse"></a> HTTP Response
- This section describes the `response` representation.
-
-|Property|Type|Description|
-|--|-|--|
-|`statusCode`|positive integer|Operation response status code.|
-|`description`|string|Operation response description.|
-|`representations`|array of [Representation](#Representation)|Collection of operation response representations.|
-
-## <a name="Operation"></a> Operation
- The `operation` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`id`|string|Resource identifier. Uniquely identifies the operation within the current API Management service instance. The value is a valid relative URL in the format of `apis/{aid}/operations/{id}` where `{aid}` is an API identifier and `{id}` is an operation identifier. This property is read-only.|
-|`name`|string|Name of the operation. Must not be empty. Maximum length is 100 characters.|
-|`description`|string|Description of the operation. Must not be empty. May include HTML formatting tags. Maximum length is 1000 characters.|
-|`scheme`|string|Describes on which protocols the operations in this API can be invoked. Allowed values are `http`, `https`, or both `http` and `https`.|
-|`uriTemplate`|string|Relative URL template identifying the target resource for this operation. May include parameters. Example: `customers/{cid}/orders/{oid}/?date={date}`|
-|`host`|string|The API Management gateway URL that hosts the API.|
-|`httpMethod`|string|Operation HTTP method.|
-|`request`|[HTTP Request](#HTTPRequest)|An entity containing request details.|
-|`responses`|array of [HTTP Response](#HTTPResponse)|Array of operation [HTTP Response](#HTTPResponse) entities.|
-
-## <a name="Menu"></a> Operation menu
- The `operation menu` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`ApiId`|string|The ID of the current API.|
-|`CurrentOperationId`|string|The ID of the current operation.|
-|`Action`|string|The menu type.|
-|`MenuItems`|Collection of [Operation menu item](#MenuItem) entities.|The operations for the current API.|
-
-## <a name="MenuItem"></a> Operation menu item
- The `operation menu item` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`Id`|string|The ID of the operation.|
-|`Title`|string|The description of the operation.|
-|`HttpMethod`|string|The Http method of the operation.|
-
-## <a name="Paging"></a> Paging
- The `paging` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`Page`|number|The current page number.|
-|`PageSize`|number|The maximum results to be displayed on a single page.|
-|`TotalItemCount`|number|The number of items for display.|
-|`ShowAll`|boolean|Whether to sho all results on a single page.|
-|`PageCount`|number|The number of pages of results.|
-
-## <a name="Parameter"></a> Parameter
- This section describes the `parameter` representation.
-
-|Property|Type|Description|
-|--|--|-|
-|`name`|string|Parameter name.|
-|`description`|string|Parameter description.|
-|`value`|string|Parameter value.|
-|`options`|array of string|Values defined for query parameter values.|
-|`required`|boolean|Specifies whether parameter is required or not.|
-|`kind`|number|Whether this parameter is a path parameter (1), or a querystring parameter (2).|
-|`typeName`|string|Parameter type.|
-
-## <a name="Product"></a> Product
- The `product` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`Id`|string|Resource identifier. Uniquely identifies the product within the current API Management service instance. The value is a valid relative URL in the format of `products/{pid}` where `{pid}` is a product identifier. This property is read-only.|
-|`Title`|string|Name of the product. Must not be empty. Maximum length is 100 characters.|
-|`Description`|string|Description of the product. Must not be empty. May include HTML formatting tags. Maximum length is 1000 characters.|
-|`Terms`|string|Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process.|
-|`ProductState`|number|Specifies whether the product is published or not. Published products are discoverable by developers on the developer portal. Non-published products are visible only to administrators.<br /><br /> The allowable values for product state are:<br /><br /> - `0 - Not Published`<br /><br /> - `1 - Published`<br /><br /> - `2 - Deleted`|
-|`AllowMultipleSubscriptions`|boolean|Specifies whether a user can have multiple subscriptions to this product at the same time.|
-|`MultipleSubscriptionsCount`|number|Maximum number of subscriptions to this product a user is allowed to have at the same time.|
-
-## <a name="Provider"></a> Provider
- The `provider` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`Properties`|string dictionary|Properties for this authentication provider.|
-|`AuthenticationType`|string|The provider type. (Microsoft Entra ID, Facebook login, Google Account, Microsoft Account, Twitter).|
-|`Caption`|string|Display name of the provider.|
-
-## <a name="Representation"></a> Representation
- This section describes a `representation`.
-
-|Property|Type|Description|
-|--|-|--|
-|`contentType`|string|Specifies a registered or custom content type for this representation, for example, `application/xml`.|
-|`sample`|string|An example of the representation.|
-
-## <a name="Subscription"></a> Subscription
- The `subscription` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`Id`|string|Resource identifier. Uniquely identifies the subscription within the current API Management service instance. The value is a valid relative URL in the format of `subscriptions/{sid}` where `{sid}` is a subscription identifier. This property is read-only.|
-|`ProductId`|string|The product resource identifier of the subscribed product. The value is a valid relative URL in the format of `products/{pid}` where `{pid}` is a product identifier.|
-|`ProductTitle`|string|Name of the product. Must not be empty. Maximum length is 100 characters.|
-|`ProductDescription`|string|Description of the product. Must not be empty. May include HTML formatting tags. Maximum length is 1000 characters.|
-|`ProductDetailsUrl`|string|Relative URL to the product details.|
-|`state`|string|The state of the subscription. Possible states are:<br /><br /> - `0 - suspended` ΓÇô the subscription is blocked, and the subscriber cannot call any APIs of the product.<br /><br /> - `1 - active` ΓÇô the subscription is active.<br /><br /> - `2 - expired` ΓÇô the subscription reached its expiration date and was deactivated.<br /><br /> - `3 - submitted` ΓÇô the subscription request has been made by the developer, but has not yet been approved or rejected.<br /><br /> - `4 - rejected` ΓÇô the subscription request has been denied by an administrator.<br /><br /> - `5 - cancelled` ΓÇô the subscription has been canceled by the developer or administrator.|
-|`DisplayName`|string|Display name of the subscription.|
-|`CreatedDate`|dateTime|The date the subscription was created, in ISO 8601 format: `2014-06-24T16:25:00Z`.|
-|`CanBeCancelled`|boolean|Whether the subscription can be canceled by the current user.|
-|`IsAwaitingApproval`|boolean|Whether the subscription is awaiting approval.|
-|`StartDate`|dateTime|The start date for the subscription, in ISO 8601 format: `2014-06-24T16:25:00Z`.|
-|`ExpirationDate`|dateTime|The expiration date for the subscription, in ISO 8601 format: `2014-06-24T16:25:00Z`.|
-|`NotificationDate`|dateTime|The notification date for the subscription, in ISO 8601 format: `2014-06-24T16:25:00Z`.|
-|`primaryKey`|string|The primary subscription key. Maximum length is 256 characters.|
-|`secondaryKey`|string|The secondary subscription key. Maximum length is 256 characters.|
-|`CanBeRenewed`|boolean|Whether the subscription can be renewed by the current user.|
-|`HasExpired`|boolean|Whether the subscription has expired.|
-|`IsRejected`|boolean|Whether the subscription request was denied.|
-|`CancelUrl`|string|The relative Url to cancel the subscription.|
-|`RenewUrl`|string|The relative Url to renew the subscription.|
-
-## <a name="SubscriptionSummary"></a> Subscription summary
- The `subscription summary` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`Id`|string|Resource identifier. Uniquely identifies the subscription within the current API Management service instance. The value is a valid relative URL in the format of `subscriptions/{sid}` where `{sid}` is a subscription identifier. This property is read-only.|
-|`DisplayName`|string|The display name of the subscription|
-
-## <a name="UserAccountInfo"></a> User account info
- The `user account info` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`FirstName`|string|First name. Must not be empty. Maximum length is 100 characters.|
-|`LastName`|string|Last name. Must not be empty. Maximum length is 100 characters.|
-|`Email`|string|Email address. Must not be empty and must be unique within the service instance. Maximum length is 254 characters.|
-|`Password`|string|User account password.|
-|`NameIdentifier`|string|Account identifier, the same as the user email.|
-|`ProviderName`|string|Authentication provider name.|
-|`IsBasicAccount`|boolean|True if this account was registered using email and password; false if the account was registered using a provider.|
-
-## <a name="UseSignIn"></a> User sign in
- The `user sign in` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`Email`|string|Email address. Must not be empty and must be unique within the service instance. Maximum length is 254 characters.|
-|`Password`|string|User account password.|
-|`ReturnUrl`|string|The URL of the page where the user clicked sign in.|
-|`RememberMe`|boolean|Whether to save the current user's information.|
-|`RegistrationEnabled`|boolean|Whether registration is enabled.|
-|`DelegationEnabled`|boolean|Whether delegated sign in is enabled.|
-|`DelegationUrl`|string|The delegated sign in url, if enabled.|
-|`SsoSignUpUrl`|string|The single sign on URL for the user, if present.|
-|`AuxServiceUrl`|string|If the current user is an administrator, this is a link to the service instance in the Azure portal.|
-|`Providers`|Collection of [Provider](#Provider) entities|The authentication providers for this user.|
-|`UserRegistrationTerms`|string|Terms that a user must agree to before signing in.|
-|`UserRegistrationTermsEnabled`|boolean|Whether terms are enabled.|
-
-## <a name="UserSignUp"></a> User sign up
- The `user sign up` entity has the following properties:
-
-|Property|Type|Description|
-|--|-|--|
-|`PasswordConfirm`|boolean|Value used by the [sign-up](api-management-page-controls.md#sign-up)sign-up control.|
-|`Password`|string|User account password.|
-|`PasswordVerdictLevel`|number|Value used by the [sign-up](api-management-page-controls.md#sign-up)sign-up control.|
-|`UserRegistrationTerms`|string|Terms that a user must agree to before signing in.|
-|`UserRegistrationTermsOptions`|number|Value used by the [sign-up](api-management-page-controls.md#sign-up)sign-up control.|
-|`ConsentAccepted`|boolean|Value used by the [sign-up](api-management-page-controls.md#sign-up)sign-up control.|
-|`Email`|string|Email address. Must not be empty and must be unique within the service instance. Maximum length is 254 characters.|
-|`FirstName`|string|First name. Must not be empty. Maximum length is 100 characters.|
-|`LastName`|string|Last name. Must not be empty. Maximum length is 100 characters.|
-|`UserData`|string|Value used by the [sign-up](api-management-page-controls.md#sign-up) control.|
-|`NameIdentifier`|string|Value used by the [sign-up](api-management-page-controls.md#sign-up)sign-up control.|
-|`ProviderName`|string|Authentication provider name.|
-
-## Next steps
-For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
api-management Api Management Template Resources https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-template-resources.md
- Title: Azure API Management template resources | Microsoft Docs
-description: Learn about the types of resources available for use in developer portal templates in Azure API Management.
------- Previously updated : 11/04/2019--
-# Azure API Management template resources
-Azure API Management provides the following types of resources for use in the developer portal templates.
-
-- [String resources](#strings)
-
-- [Glyph resources](#glyphs) --
-
-## <a name="strings"></a> String resources
- API Management provides a comprehensive set of string resources for use in the developer portal. These resources are localized into all of the languages supported by API Management. The default set of templates uses these resources for page headers, labels, and any constant strings that are displayed in the developer portal. To use a string resource in your templates, provide the resource string prefix followed by the string name, as shown in the following example.
-
-```
-{% localized "Prefix|Name" %}
-
-```
-
- The following example is from the Product list template, and displays **Products** at the top of the page.
-
-```
-<h2>{% localized "ProductsStrings|PageTitleProducts" %}</h2>
-
-```
-
-The following localization options are supported:
-
-| Locale | Language |
-|--||
-| "en" | "English" |
-| "cs" | "Čeština" |
-| "de" | "Deutsch" |
-| "es" | "Espa├▒ol" |
-| "fr" | "Français" |
-| "hu" | "Magyar" |
-| "it" | "Italiano" |
-| "ja-JP" | "日本語" |
-| "ko" | "한국어" |
-| "nl" | "Nederlands" |
-| "pl" | "Polski" |
-| "pt-br" | "Português (Brasil)" |
-| "pt-pt" | "Português (Portugal)" |
-| "ru" | "Русский" |
-| "sv" | "Svenska" |
-| "tr" | "Türkçe" |
-| "zh-hans" | "中文(简体)" |
-| "zh-hant" | "中文(繁體)" |
-
- Refer to the following tables for the string resources available for use in your developer portal templates. Use the table name as the prefix for the string resources in that table.
-
-- [ApisStrings](#ApisStrings)
-
-- [ApplicationListStrings](#ApplicationListStrings)
-
-- [AppDetailsStrings](#AppDetailsStrings)
-
-- [AppStrings](#AppStrings)
-
-- [CommonResources](#CommonResources)
-
-- [CommonStrings](#CommonStrings)
-
-- [Documentation](#Documentation)
-
-- [ErrorPageStrings](#ErrorPageStrings)
-
-- [IssuesStrings](#IssuesStrings)
-
-- [NotFoundStrings](#NotFoundStrings)
-
-- [ProductDetailsStrings](#ProductDetailsStrings)
-
-- [ProductsStrings](#ProductsStrings)
-
-- [ProviderInfoStrings](#ProviderInfoStrings)
-
-- [SigninResources](#SigninResources)
-
-- [SigninStrings](#SigninStrings)
-
-- [SignupStrings](#SignupStrings)
-
-- [SubscriptionListStrings](#SubscriptionListStrings)
-
-- [SubscriptionStrings](#SubscriptionStrings)
-
-- [UpdateProfileStrings](#UpdateProfileStrings)
-
-- [UserProfile](#UserProfile)
-
-### <a name="ApisStrings"></a> ApisStrings
-
-|Name|Text|
-|-|-|
-|PageTitleApis|APIs|
-
-### <a name="AppDetailsStrings"></a> AppDetailsStrings
-
-|Name|Text|
-|-|-|
-|WebApplicationsDetailsTitle|Application preview|
-|WebApplicationsRequirementsHeader|Requirements|
-|WebApplicationsScreenshotAlt|Screenshot|
-|WebApplicationsScreenshotsHeader|Screenshots|
-
-### <a name="ApplicationListStrings"></a> ApplicationListStrings
-
-|Name|Text|
-|-|-|
-|WebDevelopersAppDeleteConfirmation|Are you sure that you want to remove application?|
-|WebDevelopersAppNotPublished|Not published|
-|WebDevelopersAppNotSubmitted|Not submitted|
-|WebDevelopersAppTableCategoryHeader|Category|
-|WebDevelopersAppTableNameHeader|Name|
-|WebDevelopersAppTableStateHeader|State|
-|WebDevelopersEditLink|Edit|
-|WebDevelopersRegisterAppLink|Register application|
-|WebDevelopersRemoveLink|Remove|
-|WebDevelopersSubmitLink|Submit|
-|WebDevelopersYourApplicationsHeader|Your applications|
-
-### <a name="AppStrings"></a> AppStrings
-
-|Name|Text|
-|-|-|
-|WebApplicationsHeader|Applications|
-
-### <a name="CommonResources"></a> CommonResources
-
-|Name|Text|
-|-|-|
-|NoItemsToDisplay|No results found.|
-|GeneralExceptionMessage|Something is not right. It could be a temporary glitch or a bug. Please, try again.|
-|GeneralJsonExceptionMessage|Something is not right. It could be a temporary glitch or a bug. Please, reload the page and try again.|
-|ConfirmationMessageUnsavedChanges|There are some unsaved changes. Are you sure you want to cancel and discard the changes?|
-|AzureActiveDirectory|Microsoft Entra ID|
-|HttpLargeRequestMessage|Http Request Body too large.|
-
-### <a name="CommonStrings"></a> CommonStrings
-
-|Name|Text|
-|-|-|
-|ButtonLabelCancel|Cancel|
-|ButtonLabelSave|Save|
-|GeneralExceptionMessage|Something is not right. It could be a temporary glitch or a bug. Please, try again.|
-|NoItemsToDisplay|There are no items to display.|
-|PagerButtonLabelFirst|First|
-|PagerButtonLabelLast|Last|
-|PagerButtonLabelNext|Next|
-|PagerButtonLabelPrevious|Prev|
-|PagerLabelPageNOfM|Page {0} of {1}|
-|PasswordTooShort|The Password is too short|
-|EmailAsPassword|Do not use your email as your password|
-|PasswordSameAsUserName|Your password cannot contain your username|
-|PasswordTwoCharacterClasses|Use different character classes|
-|PasswordTooManyRepetitions|Too many repetitions|
-|PasswordSequenceFound|Your password contains sequences|
-|PagerLabelPageSize|Page size|
-|CurtainLabelLoading|Loading...|
-|TablePlaceholderNothingToDisplay|There is no data for the selected period and scope|
-|ButtonLabelClose|Close|
-
-### <a name="Documentation"></a> Documentation
-
-|Name|Text|
-|-|-|
-|WebDocumentationInvalidHeaderErrorMessage|Invalid header '{0}'|
-|WebDocumentationInvalidRequestErrorMessage|Invalid Request URL|
-|TextboxLabelAccessToken|Access token *|
-|DropdownOptionPrimaryKeyFormat|Primary-{0}|
-|DropdownOptionSecondaryKeyFormat|Secondary-{0}|
-|WebDocumentationSubscriptionKeyText|Your subscription key|
-|WebDocumentationTemplatesAddHeaders|Add required HTTP headers|
-|WebDocumentationTemplatesBasicAuthSample|Basic Authorization Sample|
-|WebDocumentationTemplatesCurlForBasicAuth|for Basic Authorization use: --user {username}:{password}|
-|WebDocumentationTemplatesCurlValuesForPath|Specify values for path parameters (shown as {...}), your subscription key and values for query parameters|
-|WebDocumentationTemplatesDeveloperKey|Specify your subscription key|
-|WebDocumentationTemplatesJavaApache|This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)|
-|WebDocumentationTemplatesOptionalParams|Specify values for optional parameters, as needed|
-|WebDocumentationTemplatesPhpPackage|This sample uses the HTTP_Request2 package. (for more information: https://pear.php.net/package/HTTP_Request2)|
-|WebDocumentationTemplatesPythonValuesForPath|Specify values for path parameters (shown as {...}) and request body if needed|
-|WebDocumentationTemplatesRequestBody|Specify request body|
-|WebDocumentationTemplatesRequiredParams|Specify values for the following required parameters|
-|WebDocumentationTemplatesValuesForPath|Specify values for path parameters (shown as {...})|
-|OAuth2AuthorizationEndpointDescription|The authorization endpoint is used to interact with the resource owner and obtain an authorization grant.|
-|OAuth2AuthorizationEndpointName|Authorization endpoint|
-|OAuth2TokenEndpointDescription|The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token.|
-|OAuth2TokenEndpointName|Token endpoint|
-|OAuth2Flow_AuthorizationCodeGrant_Step_AuthorizationRequest_Description|<p\> The client initiates the flow by directing the resource owner's user-agent to the authorization endpoint. The client includes its client identifier, requested scope, local state, and a redirection URI to which the authorization server will send the user-agent back once access is granted (or denied). </p\> <p\> The authorization server authenticates the resource owner (via the user-agent) and establishes whether the resource owner grants or denies the client's access request. </p\> <p\> Assuming the resource owner grants access, the authorization server redirects the user-agent back to the client using the redirection URI provided earlier (in the request or during client registration). The redirection URI includes an authorization code and any local state provided by the client earlier. </p\>|
-|OAuth2Flow_AuthorizationCodeGrant_Step_AuthorizationRequest_ErrorDescription|<p\> If the user denies the access request of if the request is invalid, the client will be informed using the following parameters added on to the redirect: </p\>|
-|OAuth2Flow_AuthorizationCodeGrant_Step_AuthorizationRequest_Name|Authorization request|
-|OAuth2Flow_AuthorizationCodeGrant_Step_AuthorizationRequest_RequestDescription|<p\> The client app must send the user to the authorization endpoint in order to initiate the OAuth process. At the authorization endpoint, the user authenticates and then grants or denies access to the app. </p\>|
-|OAuth2Flow_AuthorizationCodeGrant_Step_AuthorizationRequest_ResponseDescription|<p\> Assuming the resource owner grants access, authorization server redirects the user-agent back to the client using the redirection URI provided earlier (in the request or during client registration). The redirection URI includes an authorization code and any local state provided by the client earlier. </p\>|
-|OAuth2Flow_AuthorizationCodeGrant_Step_TokenRequest_Description|<p\> The client requests an access token from the authorization server''s token endpoint by including the authorization code received in the previous step. When making the request, the client authenticates with the authorization server. The client includes the redirection URI used to obtain the authorization code for verification. </p\> <p\> The authorization server authenticates the client, validates the authorization code, and ensures that the redirection URI received matches the URI used to redirect the client in step (C). If valid, the authorization server responds back with an access token and, optionally, a refresh token. </p\>|
-|OAuth2Flow_AuthorizationCodeGrant_Step_TokenRequest_ErrorDescription|<p\> If the request client authentication failed or is invalid, the authorization server responds with an HTTP 400 (Bad Request) status code (unless specified otherwise) and includes the following parameters with the response. </p\>|
-|OAuth2Flow_AuthorizationCodeGrant_Step_TokenRequest_RequestDescription|<p\> The client makes a request to the token endpoint by sending the following parameters using the "application/x-www-form-urlencoded" format with a character encoding of UTF-8 in the HTTP request entity-body. </p\>|
-|OAuth2Flow_AuthorizationCodeGrant_Step_TokenRequest_ResponseDescription|<p\> The authorization server issues an access token and optional refresh token, and constructs the response by adding the following parameters to the entity-body of the HTTP response with a 200 (OK) status code. </p\>|
-|OAuth2Flow_ClientCredentialsGrant_Step_TokenRequest_Description|<p\> The client authenticates with the authorization server and requests an access token from the token endpoint. </p\> <p\> The authorization server authenticates the client, and if valid, issues an access token. </p\>|
-|OAuth2Flow_ClientCredentialsGrant_Step_TokenRequest_ErrorDescription|<p\> If the request failed client authentication or is invalid the authorization server responds with an HTTP 400 (Bad Request) status code (unless specified otherwise) and includes the following parameters with the response. </p\>|
-|OAuth2Flow_ClientCredentialsGrant_Step_TokenRequest_RequestDescription|<p\> The client makes a request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded" format with a character encoding of UTF-8 in the HTTP request entity-body. </p\>|
-|OAuth2Flow_ClientCredentialsGrant_Step_TokenRequest_ResponseDescription|<p\> If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token, and constructs the response by adding the following parameters to the entity-body of the HTTP response with a 200 (OK) status code. </p\>|
-|OAuth2Flow_ImplicitGrant_Step_AuthorizationRequest_Description|<p\> The client initiates the flow by directing the resource owner''s user-agent to the authorization endpoint. The client includes its client identifier, requested scope, local state, and a redirection URI to which the authorization server will send the user-agent back once access is granted (or denied). </p\> <p\> The authorization server authenticates the resource owner (via the user-agent) and establishes whether the resource owner grants or denies the client''s access request. </p\> <p\> Assuming the resource owner grants access, the authorization server redirects the user-agent back to the client using the redirection URI provided earlier. The redirection URI includes the access token in the URI fragment. </p\>|
-|OAuth2Flow_ImplicitGrant_Step_AuthorizationRequest_ErrorDescription|<p\> If the resource owner denies the access request or if the request fails for reasons other than a missing or invalid redirection URI, the authorization server informs the client by adding the following parameters to the fragment component of the redirection URI using the "application/x-www-form-urlencoded" format. </p\>|
-|OAuth2Flow_ImplicitGrant_Step_AuthorizationRequest_RequestDescription|<p\> The client app must send the user to the authorization endpoint in order to initiate the OAuth process. At the authorization endpoint, the user authenticates and then grants or denies access to the app. </p\>|
-|OAuth2Flow_ImplicitGrant_Step_AuthorizationRequest_ResponseDescription|<p\> If the resource owner grants the access request, the authorization server issues an access token and delivers it to the client by adding the following parameters to the fragment component of the redirection URI using the "application/x-www-form-urlencoded" format. </p\>|
-|OAuth2Flow_ObtainAuthorization_AuthorizationCodeGrant_Description|Authorization code flow is optimized for clients capable of maintaining the confidentiality of their credentials (e.g., web server applications implemented using PHP, Java, Python, Ruby, ASP.NET, etc.).|
-|OAuth2Flow_ObtainAuthorization_AuthorizationCodeGrant_Name|Authorization Code grant|
-|OAuth2Flow_ObtainAuthorization_ClientCredentialsGrant_Description|Client credentials flow is suitable in cases where the client (your application) is requesting access to the protected resources under its control. The client is considered as a resource owner, so no end-user interaction is required.|
-|OAuth2Flow_ObtainAuthorization_ClientCredentialsGrant_Name|Client Credentials grant|
-|OAuth2Flow_ObtainAuthorization_ImplicitGrant_Description|Implicit flow is optimized for clients incapable of maintaining the confidentiality of their credentials known to operate a particular redirection URI. These clients are typically implemented in a browser using a scripting language such as JavaScript.|
-|OAuth2Flow_ObtainAuthorization_ImplicitGrant_Name|Implicit grant|
-|OAuth2Flow_ObtainAuthorization_ResourceOwnerPasswordCredentialsGrant_Description|Resource owner password credentials flow is suitable in cases where the resource owner has a trust relationship with the client (your application), such as the device operating system or a highly privileged application. This flow is suitable for clients capable of obtaining the resource owner's credentials (username and password, typically using an interactive form).|
-|OAuth2Flow_ObtainAuthorization_ResourceOwnerPasswordCredentialsGrant_Name|Resource Owner Password Credentials grant|
-|OAuth2Flow_ResourceOwnerPasswordCredentialsGrant_Step_TokenRequest_Description|<p\> The resource owner provides the client with its username and password. </p\> <p\> The client requests an access token from the authorization server''s token endpoint by including the credentials received from the resource owner. When making the request, the client authenticates with the authorization server. </p\> <p\> The authorization server authenticates the client and validates the resource owner credentials, and if valid, issues an access token. </p\>|
-|OAuth2Flow_ResourceOwnerPasswordCredentialsGrant_Step_TokenRequest_ErrorDescription|<p\> If the request failed client authentication or is invalid the authorization server responds with an HTTP 400 (Bad Request) status code (unless specified otherwise) and includes the following parameters with the response. </p\>|
-|OAuth2Flow_ResourceOwnerPasswordCredentialsGrant_Step_TokenRequest_RequestDescription|<p\> The client makes a request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded" format with a character encoding of UTF-8 in the HTTP request entity-body. </p\>|
-|OAuth2Flow_ResourceOwnerPasswordCredentialsGrant_Step_TokenRequest_ResponseDescription|<p\> If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token, and constructs the response by adding the following parameters to the entity-body of the HTTP response with a 200 (OK) status code. </p\>|
-|OAuth2Step_AccessTokenRequest_Name|Access token request|
-|OAuth2Step_AuthorizationRequest_Name|Authorization request|
-|OAuth2AccessToken_AuthorizationCodeGrant_TokenResponse|REQUIRED. The access token issued by the authorization server.|
-|OAuth2AccessToken_ClientCredentialsGrant_TokenResponse|REQUIRED. The access token issued by the authorization server.|
-|OAuth2AccessToken_ImplicitGrant_AuthorizationResponse|REQUIRED. The access token issued by the authorization server.|
-|OAuth2AccessToken_ResourceOwnerPasswordCredentialsGrant_TokenResponse|REQUIRED. The access token issued by the authorization server.|
-|OAuth2ClientId_AuthorizationCodeGrant_AuthorizationRequest|REQUIRED. Client identifier.|
-|OAuth2ClientId_AuthorizationCodeGrant_TokenRequest|REQUIRED if the client is not authenticating with the authorization server.|
-|OAuth2ClientId_ImplicitGrant_AuthorizationRequest|REQUIRED. The client identifier.|
-|OAuth2Code_AuthorizationCodeGrant_AuthorizationResponse|REQUIRED. The authorization code generated by the authorization server.|
-|OAuth2Code_AuthorizationCodeGrant_TokenRequest|REQUIRED. The authorization code received from the authorization server.|
-|OAuth2ErrorDescription_AuthorizationCodeGrant_AuthorizationErrorResponse|OPTIONAL. Human-readable ASCII text providing additional information.|
-|OAuth2ErrorDescription_AuthorizationCodeGrant_TokenErrorResponse|OPTIONAL. Human-readable ASCII text providing additional information.|
-|OAuth2ErrorDescription_ClientCredentialsGrant_TokenErrorResponse|OPTIONAL. Human-readable ASCII text providing additional information.|
-|OAuth2ErrorDescription_ImplicitGrant_AuthorizationErrorResponse|OPTIONAL. Human-readable ASCII text providing additional information.|
-|OAuth2ErrorDescription_ResourceOwnerPasswordCredentialsGrant_TokenErrorResponse|OPTIONAL. Human-readable ASCII text providing additional information.|
-|OAuth2ErrorUri_AuthorizationCodeGrant_AuthorizationErrorResponse|OPTIONAL. A URI identifying a human-readable web page with information about the error.|
-|OAuth2ErrorUri_AuthorizationCodeGrant_TokenErrorResponse|OPTIONAL. A URI identifying a human-readable web page with information about the error.|
-|OAuth2ErrorUri_ClientCredentialsGrant_TokenErrorResponse|OPTIONAL. A URI identifying a human-readable web page with information about the error.|
-|OAuth2ErrorUri_ImplicitGrant_AuthorizationErrorResponse|OPTIONAL. A URI identifying a human-readable web page with information about the error.|
-|OAuth2ErrorUri_ResourceOwnerPasswordCredentialsGrant_TokenErrorResponse|OPTIONAL. A URI identifying a human-readable web page with information about the error.|
-|OAuth2Error_AuthorizationCodeGrant_AuthorizationErrorResponse|REQUIRED. A single ASCII error code from the following: invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable.|
-|OAuth2Error_AuthorizationCodeGrant_TokenErrorResponse|REQUIRED. A single ASCII error code from the following: invalid_request, invalid_client, invalid_grant, unauthorized_client, unsupported_grant_type, invalid_scope.|
-|OAuth2Error_ClientCredentialsGrant_TokenErrorResponse|REQUIRED. A single ASCII error code from the following: invalid_request, invalid_client, invalid_grant, unauthorized_client, unsupported_grant_type, invalid_scope.|
-|OAuth2Error_ImplicitGrant_AuthorizationErrorResponse|REQUIRED. A single ASCII error code from the following: invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable.|
-|OAuth2Error_ResourceOwnerPasswordCredentialsGrant_TokenErrorResponse|REQUIRED. A single ASCII error code from the following: invalid_request, invalid_client, invalid_grant, unauthorized_client, unsupported_grant_type, invalid_scope.|
-|OAuth2ExpiresIn_AuthorizationCodeGrant_TokenResponse|RECOMMENDED. The lifetime in seconds of the access token.|
-|OAuth2ExpiresIn_ClientCredentialsGrant_TokenResponse|RECOMMENDED. The lifetime in seconds of the access token.|
-|OAuth2ExpiresIn_ImplicitGrant_AuthorizationResponse|RECOMMENDED. The lifetime in seconds of the access token.|
-|OAuth2ExpiresIn_ResourceOwnerPasswordCredentialsGrant_TokenResponse|RECOMMENDED. The lifetime in seconds of the access token.|
-|OAuth2GrantType_AuthorizationCodeGrant_TokenRequest|REQUIRED. Value MUST be set to "authorization_code".|
-|OAuth2GrantType_ClientCredentialsGrant_TokenRequest|REQUIRED. Value MUST be set to "client_credentials".|
-|OAuth2GrantType_ResourceOwnerPasswordCredentialsGrant_TokenRequest|REQUIRED. Value MUST be set to "password".|
-|OAuth2Password_ResourceOwnerPasswordCredentialsGrant_TokenRequest|REQUIRED. The resource owner password.|
-|OAuth2RedirectUri_AuthorizationCodeGrant_AuthorizationRequest|OPTIONAL. The redirection endpoint URI must be an absolute URI.|
-|OAuth2RedirectUri_AuthorizationCodeGrant_TokenRequest|REQUIRED if the "redirect_uri" parameter was included in the authorization request, and their values MUST be identical.|
-|OAuth2RedirectUri_ImplicitGrant_AuthorizationRequest|OPTIONAL. The redirection endpoint URI must be an absolute URI.|
-|OAuth2RefreshToken_AuthorizationCodeGrant_TokenResponse|OPTIONAL. The refresh token, which can be used to obtain new access tokens.|
-|OAuth2RefreshToken_ClientCredentialsGrant_TokenResponse|OPTIONAL. The refresh token, which can be used to obtain new access tokens.|
-|OAuth2RefreshToken_ResourceOwnerPasswordCredentialsGrant_TokenResponse|OPTIONAL. The refresh token, which can be used to obtain new access tokens.|
-|OAuth2ResponseType_AuthorizationCodeGrant_AuthorizationRequest|REQUIRED. Value MUST be set to "code".|
-|OAuth2ResponseType_ImplicitGrant_AuthorizationRequest|REQUIRED. Value MUST be set to "token".|
-|OAuth2Scope_AuthorizationCodeGrant_AuthorizationRequest|OPTIONAL. The scope of the access request.|
-|OAuth2Scope_AuthorizationCodeGrant_TokenResponse|OPTIONAL if identical to the scope requested by the client; otherwise, REQUIRED.|
-|OAuth2Scope_ClientCredentialsGrant_TokenRequest|OPTIONAL. The scope of the access request.|
-|OAuth2Scope_ClientCredentialsGrant_TokenResponse|OPTIONAL, if identical to the scope requested by the client; otherwise, REQUIRED.|
-|OAuth2Scope_ImplicitGrant_AuthorizationRequest|OPTIONAL. The scope of the access request.|
-|OAuth2Scope_ImplicitGrant_AuthorizationResponse|OPTIONAL if identical to the scope requested by the client; otherwise, REQUIRED.|
-|OAuth2Scope_ResourceOwnerPasswordCredentialsGrant_TokenRequest|OPTIONAL. The scope of the access request.|
-|OAuth2Scope_ResourceOwnerPasswordCredentialsGrant_TokenResponse|OPTIONAL, if identical to the scope requested by the client; otherwise, REQUIRED.|
-|OAuth2State_AuthorizationCodeGrant_AuthorizationErrorResponse|REQUIRED if the "state" parameter was present in the client authorization request. The exact value received from the client.|
-|OAuth2State_AuthorizationCodeGrant_AuthorizationRequest|RECOMMENDED. An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter SHOULD be used for preventing cross-site request forgery.|
-|OAuth2State_AuthorizationCodeGrant_AuthorizationResponse|REQUIRED if the "state" parameter was present in the client authorization request. The exact value received from the client.|
-|OAuth2State_ImplicitGrant_AuthorizationErrorResponse|REQUIRED if the "state" parameter was present in the client authorization request. The exact value received from the client.|
-|OAuth2State_ImplicitGrant_AuthorizationRequest|RECOMMENDED. An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter SHOULD be used for preventing cross-site request forgery.|
-|OAuth2State_ImplicitGrant_AuthorizationResponse|REQUIRED if the "state" parameter was present in the client authorization request. The exact value received from the client.|
-|OAuth2TokenType_AuthorizationCodeGrant_TokenResponse|REQUIRED. The type of the token issued.|
-|OAuth2TokenType_ClientCredentialsGrant_TokenResponse|REQUIRED. The type of the token issued.|
-|OAuth2TokenType_ImplicitGrant_AuthorizationResponse|REQUIRED. The type of the token issued.|
-|OAuth2TokenType_ResourceOwnerPasswordCredentialsGrant_TokenResponse|REQUIRED. The type of the token issued.|
-|OAuth2UserName_ResourceOwnerPasswordCredentialsGrant_TokenRequest|REQUIRED. The resource owner username.|
-|OAuth2UnsupportedTokenType|Token type '{0}' is not supported.|
-|OAuth2InvalidState|Invalid response from authorization server|
-|OAuth2GrantType_AuthorizationCode|Authorization code|
-|OAuth2GrantType_Implicit|Implicit|
-|OAuth2GrantType_ClientCredentials|Client credentials|
-|OAuth2GrantType_ResourceOwnerPassword|Resource owner password|
-|WebDocumentation302Code|302 Found|
-|WebDocumentation400Code|400 (Bad request)|
-|OAuth2SendingMethod_AuthHeader|Authorization header|
-|OAuth2SendingMethod_QueryParam|Query parameter|
-|OAuth2AuthorizationServerGeneralException|An error has occurred while authorizing access via {0}|
-|OAuth2AuthorizationServerCommunicationException|An HTTP connection to authorization server could not be established or it has been unexpectedly closed.|
-|WebDocumentationOAuth2GeneralErrorMessage|Unexpected error occurred.|
-|AuthorizationServerCommunicationException|Authorization server communication exception has happened. Please contact administrator.|
-|TextblockSubscriptionKeyHeaderDescription|Subscription key which provides access to this API. Found in your <a href='/developer'\>Profile</a\>.|
-|TextblockOAuthHeaderDescription|OAuth 2.0 access token obtained from <i\>{0}</i\>. Supported grant types: <i\>{1}</i\>.|
-|TextblockContentTypeHeaderDescription|Media type of the body sent to the API.|
-|ErrorMessageApiNotAccessible|The API you are trying to call is not accessible at this time. Please contact the API publisher <a href="/issues"\>here</a\>.|
-|ErrorMessageApiTimedout|The API you are trying to call is taking longer than normal to get response back. Please contact the API publisher <a href="/issues"\>here</a\>.|
-|BadRequestParameterExpected|"'{0}' parameter is expected"|
-|TooltipTextDoubleClickToSelectAll|Double click to select all.|
-|TooltipTextHideRevealSecret|Show/Hide|
-|ButtonLinkOpenConsole|Try it|
-|SectionHeadingRequestBody|Request body|
-|SectionHeadingRequestParameters|Request parameters|
-|SectionHeadingRequestUrl|Request URL|
-|SectionHeadingResponse|Response|
-|SectionHeadingRequestHeaders|Request headers|
-|FormLabelSubtextOptional|optional|
-|SectionHeadingCodeSamples|Code samples|
-|TextblockOpenidConnectHeaderDescription|OpenID Connect ID token obtained from <i\>{0}</i\>. Supported grant types: <i\>{1}</i\>.|
-
-### <a name="ErrorPageStrings"></a> ErrorPageStrings
-
-|Name|Text|
-|-|-|
-|LinkLabelBack|back|
-|LinkLabelHomePage|home page|
-|LinkLabelSendUsEmail|Send us an e-mail|
-|PageTitleError|Sorry, there was a problem serving the requested page|
-|TextblockPotentialCauseIntermittentIssue|This may be an intermittent data access issue that is already gone.ΓÇï|
-|TextblockPotentialCauseOldLink|The link you have clicked on may be old and not point to the correct location anymore.ΓÇïΓÇï|
-|TextblockPotentialCauseTechnicalProblem|There may be a technical problem on our end.ΓÇï|
-|TextblockPotentialSolutionRefresh|Try refreshing the page.ΓÇïΓÇï|
-|TextblockPotentialSolutionStartOver|Start over from our {0}.ΓÇï|
-|TextblockPotentialSolutionTryAgain|Go {0} and try the action you performed again.|
-|TextReportProblem|{0} describing what went wrong and we will look at it as soon as we can.|
-|TitlePotentialCause|Potential cause|
-|TitlePotentialSolution|It's possibly just a temporary issue, a few things to try|
-
-### <a name="IssuesStrings"></a> IssuesStrings
-
-|Name|Text|
-|-|-|
-|WebIssuesIndexTitle|Issues|
-|WebIssuesNoActiveSubscriptions|You have no active subscriptions. You need to subscribe for a product to report an issue.|
-|WebIssuesNotSignin|You're not signed in. Please {0} to report an issue or post a comment.|
-|WebIssuesReportIssueButton|Report Issue|
-|WebIssuesSignIn|sign in|
-|WebIssuesStatusReportedBy|Status: {0} &#124; Reported by {1}|
-
-### <a name="NotFoundStrings"></a> NotFoundStrings
-
-|Name|Text|
-|-|-|
-|LinkLabelHomePage|home page|
-|LinkLabelSendUsEmail|send us an e-mail|
-|PageTitleNotFound|Sorry, we canΓÇÖt find the page you are looking forΓÇï|
-|TextblockPotentialCauseMisspelledUrl|You may have misspelled the URL if you typed it in.ΓÇï|
-|TextblockPotentialCauseOldLink|The link you have clicked on may be old and not point to the correct location anymore.|
-|TextblockPotentialSolutionRetype|Try retyping the URL.|
-|TextblockPotentialSolutionStartOver|Start over from our {0}.|
-|TextReportProblem|{0} describing what went wrong and we will look at it as soon as we can.|
-|TitlePotentialCause|Potential cause|
-|TitlePotentialSolution|Potential solution|
-
-### <a name="ProductDetailsStrings"></a> ProductDetailsStrings
-
-|Name|Text|
-|-|-|
-|WebProductsAgreement|By subscribing to {0} Product, I agree to the `<a data-toggle='modal' href='#legal-terms'\>Terms of Use</a\>`.|
-|WebProductsLegalTermsLink|Terms of Use|
-|WebProductsSubscribeButton|Subscribe|
-|WebProductsUsageLimitsHeader|Usage limits|
-|WebProductsYouAreNotSubscribed|You are subscribed to this product.|
-|WebProductsYouRequestedSubscription|You requested subscription to this product.|
-|ErrorYouNeedToAgreeWithLegalTerms|You must agree to the Terms of Use before you can proceed.|
-|ButtonLabelAddSubscription|Add subscription|
-|LinkLabelChangeSubscriptionName|change|
-|ButtonLabelConfirm|Confirm|
-|TextblockMultipleSubscriptionsCount|You have {0} subscriptions to this product:|
-|TextblockSingleSubscriptionsCount|You have {0} subscription to this product:|
-|TextblockSingleApisCount|This product contains {0} API:|
-|TextblockMultipleApisCount|This product contains {0} APIs:|
-|TextblockHeaderSubscribe|Subscribe to product|
-|TextblockSubscriptionDescription|A new subscription will be created as follows:|
-|TextblockSubscriptionLimitReached|Subscriptions limit reached.|
-
-### <a name="ProductsStrings"></a> ProductsStrings
-
-|Name|Text|
-|-|-|
-|PageTitleProducts|Products|
-
-### <a name="ProviderInfoStrings"></a> ProviderInfoStrings
-
-|Name|Text|
-|-|-|
-|TextboxExternalIdentitiesDisabled|Sign in is disabled by the administrators at the moment.|
-|TextboxExternalIdentitiesSigninInvitation|Alternatively, sign in with|
-|TextboxExternalIdentitiesSigninInvitationPrimary|Sign in with:|
-
-### <a name="SigninResources"></a> SigninResources
-
-|Name|Text|
-|-|-|
-|PrincipalNotFound|Principal is not found or signature is invalid|
-|ErrorSsoAuthenticationFailed|SSO authentication failed|
-|ErrorSsoAuthenticationFailedDetailed|Invalid token provided or signature cannot be verified.|
-|ErrorSsoTokenInvalid|SSO token is invalid|
-|ValidationErrorSpecificEmailAlreadyExists|Email '{0}' already registered|
-|ValidationErrorSpecificEmailInvalid|Email '{0}' is invalid|
-|ValidationErrorPasswordInvalid|Password is invalid. Please correct the errors and try again.|
-|PropertyTooShort|{0} is too short|
-|WebAuthenticationAddresserEmailInvalidErrorMessage|Invalid email address.|
-|ValidationMessageNewPasswordConfirmationRequired|Confirm new password|
-|ValidationErrorPasswordConfirmationRequired|Confirm password is empty|
-|WebAuthenticationEmailChangeNotice|Change confirmation email is on the way to {0}. Please follow instructions within it to confirm your new email address. If the email does not arrive to your inbox in the next few minutes, please check your junk email folder.|
-|WebAuthenticationEmailChangeNoticeHeader|Your email change request was successfully processed|
-|WebAuthenticationEmailChangeNoticeTitle|Email change requested|
-|WebAuthenticationEmailHasBeenRevertedNotice|You email already exist. Request has been reverted|
-|ValidationErrorEmailAlreadyExists|Email already exist|
-|ValidationErrorEmailInvalid|Invalid e-mail address|
-|TextboxLabelEmail|Email|
-|ValidationErrorEmailRequired|Email is required.|
-|WebAuthenticationErrorNoticeHeader|Error|
-|WebAuthenticationFieldLengthErrorMessage|{0} must be a maximum length of {1}|
-|TextboxLabelEmailFirstName|First name|
-|ValidationErrorFirstNameRequired|First name is required.|
-|ValidationErrorFirstNameInvalid|Invalid first name|
-|NoticeInvalidInvitationToken|Please note that confirmation links are valid for only 48 hours. If you are still within this timeframe, please make sure your link is correct. If your link has expired, then please repeat the action you're trying to confirm.|
-|NoticeHeaderInvalidInvitationToken|Invalid invitation token|
-|NoticeTitleInvalidInvitationToken|Confirmation error|
-|WebAuthenticationLastNameInvalidErrorMessage|Invalid last name|
-|TextboxLabelEmailLastName|Last name|
-|ValidationErrorLastNameRequired|Last name is required.|
-|WebAuthenticationLinkExpiredNotice|Confirmation link sent to you has expired. `<a href={0}?token={1}>Resend confirmation email.</a\>`|
-|NoticePasswordResetLinkInvalidOrExpired|Your password reset link is invalid or expired.|
-|WebAuthenticationLinkExpiredNoticeTitle|Link sent|
-|WebAuthenticationNewPasswordLabel|New password|
-|ValidationMessageNewPasswordRequired|New password is required.|
-|TextboxLabelNotificationsSenderEmail|Notifications sender email|
-|TextboxLabelOrganizationName|Organization name|
-|WebAuthenticationOrganizationRequiredErrorMessage|Organization name is empty|
-|WebAuthenticationPasswordChangedNotice|Your password was successfully updated|
-|WebAuthenticationPasswordChangedNoticeTitle|Password updated|
-|WebAuthenticationPasswordCompareErrorMessage|Passwords don't match|
-|WebAuthenticationPasswordConfirmLabel|Confirm password|
-|ValidationErrorPasswordInvalidDetailed|Password is too weak.|
-|WebAuthenticationPasswordLabel|Password|
-|ValidationErrorPasswordRequired|Password is required.|
-|WebAuthenticationPasswordResetSendNotice|Change password confirmation email is on the way to {0}. Please follow the instructions within the email to continue your password change process.|
-|WebAuthenticationPasswordResetSendNoticeHeader|Your password reset request was successfully processed|
-|WebAuthenticationPasswordResetSendNoticeTitle|Password reset requested|
-|WebAuthenticationRequestNotFoundNotice|Request not found|
-|WebAuthenticationSenderEmailRequiredErrorMessage|Notifications sender email is empty|
-|WebAuthenticationSigninPasswordLabel|Please confirm the change by entering a password|
-|WebAuthenticationSignupConfirmNotice|Registration confirmation email is on its way to {0}.<br /\> Please follow instructions within the email to activate your account.<br /\> If the email does not arrive in your inbox within the next few minutes, please check your junk email folder.|
-|WebAuthenticationSignupConfirmNoticeHeader|Your account was successfully created|
-|WebAuthenticationSignupConfirmNoticeRepeatHeader|Registration confirmation email was sent again|
-|WebAuthenticationSignupConfirmNoticeTitle|Account created|
-|WebAuthenticationTokenRequiredErrorMessage|Token is empty|
-|WebAuthenticationUserAlreadyRegisteredNotice|It seems a user with this email is already registered in the system. If you forgot your password, please try to restore it or contact our support team.|
-|WebAuthenticationUserAlreadyRegisteredNoticeHeader|User already registered|
-|WebAuthenticationUserAlreadyRegisteredNoticeTitle|Already registered|
-|ButtonLabelChangePassword|Change password|
-|ButtonLabelChangeAccountInfo|Change account information|
-|ButtonLabelCloseAccount|Close account|
-|WebAuthenticationInvalidCaptchaErrorMessage|Text entered doesn't match text on the picture. Please try again.|
-|ValidationErrorCredentialsInvalid|Email or password is invalid. Please correct the errors and try again.|
-|WebAuthenticationRequestIsNotValid|Request is not valid|
-|WebAuthenticationUserIsNotConfirm|Please confirm your registration before attempting to sign in.|
-|WebAuthenticationInvalidEmailFormatted|Email is invalid: {0}|
-|WebAuthenticationUserNotFound|User not found|
-|WebAuthenticationTenantNotRegistered|Your account belongs to a Microsoft Entra tenant which is not authorized to access this portal.|
-|WebAuthenticationAuthenticationFailed|Authentication has failed.|
-|WebAuthenticationGooglePlusNotEnabled|Authentication has failed. If you authorized the application then please contact the admin to make sure that Google authentication is configured correctly.|
-|ValidationErrorAllowedTenantIsRequired|Allowed Tenant is required|
-|ValidationErrorTenantIsNotValid|The Microsoft Entra tenant '{0}' is not valid.|
-|WebAuthenticationActiveDirectoryTitle|Microsoft Entra ID|
-|WebAuthenticationLoginUsingYourProvider|Log in using your {0} account|
-|WebAuthenticationUserLimitNotice|This service has reached the maximum number of allowed users. Please `<a href="mailto:{0}"\>contact the administrator</a\>` to upgrade their service and re-enable user registration.|
-|WebAuthenticationUserLimitNoticeHeader|User registration disabled|
-|WebAuthenticationUserLimitNoticeTitle|User registration disabled|
-|WebAuthenticationUserRegistrationDisabledNotice|Registration of users has been disabled by the administrator. Please login with external identity provider.|
-|WebAuthenticationUserRegistrationDisabledNoticeHeader|User registration disabled|
-|WebAuthenticationUserRegistrationDisabledNoticeTitle|User registration disabled|
-|WebAuthenticationSignupPendingConfirmationNotice|Before we can complete the creation of your account we need to verify your e-mail address. WeΓÇÖve sent an e-mail to {0}. Please follow the instructions inside the e-mail to activate your account. If the e-mail doesnΓÇÖt arrive within the next few minutes, please check your junk email folder.|
-|WebAuthenticationSignupPendingConfirmationAccountFoundNotice|We found an unconfirmed account for the e-mail address {0}. To complete the creation of your account we need to verify your e-mail address. WeΓÇÖve sent an e-mail to {0}. Please follow the instructions inside the e-mail to activate your account. If the e-mail doesnΓÇÖt arrive within the next few minutes, please check your junk email folder|
-|WebAuthenticationSignupConfirmationAlmostDone|Almost Done|
-|WebAuthenticationSignupConfirmationEmailSent|WeΓÇÖve sent an e-mail to {0}. Please follow the instructions inside the e-mail to activate your account. If the e-mail doesnΓÇÖt arrive within the next few minutes, please check your junk email folder.|
-|WebAuthenticationEmailSentNotificationMessage|Email sent successfully to {0}|
-|WebAuthenticationNoAadTenantConfigured|No Microsoft Entra tenant configured for the service.|
-|CheckboxLabelUserRegistrationTermsConsentRequired|I agree to the `<a data-toggle="modal" href="#" data-target="#terms"\>Terms of Use</a\>`.|
-|TextblockUserRegistrationTermsProvided|Please review `<a data-toggle="modal" href="#" data-target="#terms"\>Terms of Use.</a\>`|
-|DialogHeadingTermsOfUse|Terms of Use|
-|ValidationMessageConsentNotAccepted|You must agree to the Terms of Use before you can proceed.|
-
-### <a name="SigninStrings"></a> SigninStrings
-
-|Name|Text|
-|-|-|
-|WebAuthenticationForgotPassword|Forgot your password?|
-|WebAuthenticationIfAdministrator|If you are an Administrator you must sign in `<a href="{0}"\>here</a\>`.|
-|WebAuthenticationNotAMember|Not a member yet? `<a href="/signup"\>Sign up now</a\>`|
-|WebAuthenticationRemember|Remember me on this computer|
-|WebAuthenticationSigininWithPassword|Sign in with your username and password|
-|WebAuthenticationSigninTitle|Sign in|
-|WebAuthenticationSignUpNow|Sign up now|
-
-### <a name="SignupStrings"></a> SignupStrings
-
-|Name|Text|
-|-|-|
-|PageTitleSignup|Sign up|
-|WebAuthenticationAlreadyAMember|Already a member?|
-|WebAuthenticationCreateNewAccount|Create a new API Management account|
-|WebAuthenticationSigninNow|Sign in now|
-|ButtonLabelSignup|Sign up|
-
-### <a name="SubscriptionListStrings"></a> SubscriptionListStrings
-
-|Name|Text|
-|-|-|
-|SubscriptionCancelConfirmation|Are you sure that you want to cancel this subscription?|
-|SubscriptionRenewConfirmation|Are you sure that you want to renew this subscription?|
-|WebDevelopersManageSubscriptions|Manage subscriptions|
-|WebDevelopersPrimaryKey|Primary key|
-|WebDevelopersRegenerateLink|Regenerate|
-|WebDevelopersSecondaryKey|Secondary key|
-|ButtonLabelShowKey|Show|
-|ButtonLabelRenewSubscription|Renew|
-|WebDevelopersSubscriptionRequested|Requested on {0}|
-|WebDevelopersSubscriptionRequestedState|Requested|
-|WebDevelopersSubscriptionTableNameHeader|Name|
-|WebDevelopersSubscriptionTableStateHeader|State|
-|WebDevelopersUsageStatisticsLink|Analytics reports|
-|WebDevelopersYourSubscriptions|Your subscriptions|
-|SubscriptionPropertyLabelRequestedDate|Requested on|
-|SubscriptionPropertyLabelStartedDate|Started on|
-|PageTitleRenameSubscription|Rename subscription|
-|SubscriptionPropertyLabelName|Subscription name|
-
-### <a name="SubscriptionStrings"></a> SubscriptionStrings
-
-|Name|Text|
-|-|-|
-|SectionHeadingCloseAccount|Looking to close your account?|
-|PageTitleDeveloperProfile|Profile|
-|ButtonLabelHideKey|Hide|
-|ButtonLabelRegenerateKey|Regenerate|
-|InformationMessageKeyWasRegenerated|Are you sure that you want to regenerate this key?|
-|ButtonLabelShowKey|Show|
-
-### <a name="UpdateProfileStrings"></a> UpdateProfileStrings
-
-|Name|Text|
-|-|-|
-|ButtonLabelUpdateProfile|Update profile|
-|PageTitleUpdateProfile|Update account information|
-
-### <a name="UserProfile"></a> UserProfile
-
-|Name|Text|
-|-|-|
-|ButtonLabelChangeAccountInfo|Change account information|
-|ButtonLabelChangePassword|Change password|
-|ButtonLabelCloseAccount|Close account|
-|TextboxLabelEmail|Email|
-|TextboxLabelEmailFirstName|First name|
-|TextboxLabelEmailLastName|Last name|
-|TextboxLabelNotificationsSenderEmail|Notifications sender email|
-|TextboxLabelOrganizationName|Organization name|
-|SubscriptionStateActive|Active|
-|SubscriptionStateCancelled|Cancelled|
-|SubscriptionStateExpired|Expired|
-|SubscriptionStateRejected|Rejected|
-|SubscriptionStateRequested|Requested|
-|SubscriptionStateSuspended|Suspended|
-|DefaultSubscriptionNameTemplate|{0} (default)|
-|SubscriptionNameTemplate|Developer access #{0}|
-|TextboxLabelSubscriptionName|Subscription name|
-|ValidationMessageSubscriptionNameRequired|Subscription name cannot be empty.|
-|ApiManagementUserLimitReached|This service has reached the maximum number of allowed users. Please upgrade to a higher pricing tier.|
-
-## <a name="glyphs"></a> Glyph resources
- API Management developer portal templates can use the glyphs from [Glyphicons from Bootstrap](https://getbootstrap.com/components/#glyphicons). This set of glyphs includes over 250 glyphs in font format from the [Glyphicon](https://glyphicons.com/) Halflings set. To use a glyph from this set, use the following syntax.
-
-```html
-<span class="glyphicon glyphicon-user">
-```
-
- For the complete list of glyphs, see [Glyphicons from Bootstrap](https://getbootstrap.com/components/#glyphicons).
-
-## Next steps
-For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
api-management Api Management User Profile Templates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-user-profile-templates.md
- Title: "User profile templates in Azure API Management | Microsoft Docs"
-description: Learn how to customize the content of the User Profile pages in the developer portal in Azure API Management.
------- Previously updated : 11/04/2019--
-# User profile templates in Azure API Management
-Azure API Management provides you the ability to customize the content of developer portal pages using a set of templates that configure their content. Using [DotLiquid](https://github.com/dotliquid) syntax and the editor of your choice, such as [DotLiquid for Designers](https://github.com/dotliquid/dotliquid/wiki/DotLiquid-for-Designers), and a provided set of localized [String resources](api-management-template-resources.md#strings), [Glyph resources](api-management-template-resources.md#glyphs), and [Page controls](api-management-page-controls.md), you have great flexibility to configure the content of the pages as you see fit using these templates.
-
- The templates in this section allow you to customize the content of the User profile pages in the developer portal.
-
-- [Profile](#Profile)
-
-- [Subscriptions](#Subscriptions)
-
-- [Applications](#Applications)
-
-- [Update account info](#UpdateAccountInfo)
-
-> [!NOTE]
-> Sample default templates are included in the following documentation, but are subject to change due to continuous improvements. You can view the live default templates in the developer portal by navigating to the desired individual templates. For more information about working with templates, see [How to customize the API Management developer portal using templates](./api-management-developer-portal-templates.md).
--
-
-## <a name="Profile"></a> Profile
- The **profile** template allows you to customize the user profile section of the user profile page in the developer portal.
-
- ![User Profile Page](./media/api-management-user-profile-templates/APIM-User-Profile-Page.png "APIM User Profile Page")
-
-### Default template
-
-```xml
-<div class="pull-right">
- {% if canChangePassword == true %}
- <a class="btn btn-default" id="ChangePassword" role="button" href="{{changePasswordUrl}}">{% localized "UserProfile|ButtonLabelChangePassword" %}</a>
- {% endif %}
- <a id="changeAccountInfo" href="{{changeNameOrEmailUrl}}" class="btn btn-default">
- <span class="glyphicon glyphicon-user"></span>
- <span>{% localized "UserProfile|ButtonLabelChangeAccountInfo" %}</span>
- </a>
-</div>
-<h2>{% localized "SubscriptionStrings|PageTitleDeveloperProfile" %}</h2>
-<div class="container-fluid">
- <div class="row">
- <div class="col-sm-3">
- <label for="Email">{% localized "UserProfile|TextboxLabelEmail" %}</label>
- </div>
- <div class="col-sm-9" id="Email">{{email}}</div>
- </div>
-
- {% if isSystemUser != true %}
- <div class="row">
- <div class="col-sm-3">
- <label for="FirstName">{% localized "UserProfile|TextboxLabelEmailFirstName" %}</label>
- </div>
- <div class="col-sm-9" id="FirstName">{{FirstName}}</div>
- </div>
- <div class="row">
- <div class="col-sm-3">
- <label for="LastName">{% localized "UserProfile|TextboxLabelEmailLastName" %}</label>
- </div>
- <div class="col-sm-9" id="LastName">{{LastName}}</div>
- </div>
- {% else %}
- <div class="row">
- <div class="col-sm-3">
- <label for="CompanyName">{% localized "UserProfile|TextboxLabelOrganizationName" %}</label>
- </div>
- <div class="col-sm-9" id="CompanyName">{{CompanyName}}</div>
- </div>
- <div class="row">
- <div class="col-sm-3">
- <label for="AddresserEmail">{% localized "UserProfile|TextboxLabelNotificationsSenderEmail" %}</label>
- </div>
- <div class="col-sm-9" id="AddresserEmail">{{AddresserEmail}}</div>
- </div>
- {% endif %}
-
-</div>
-```
-
-### Controls
- This template may not use any [page controls](api-management-page-controls.md).
-
-### Data model
-
-> [!NOTE]
-> The [Profile](#Profile), [Applications](#Applications), and [Subscriptions](#Subscriptions) templates share the same data model and receive the same template data.
-
-|Property|Type|Description|
-|--|-|--|
-|`firstName`|string|First name of the current user.|
-|`lastName`|string|Last name of the current user.|
-|`companyName`|string|The company name of the current user.|
-|`addresserEmail`|string|Email address of the current user.|
-|`developersUsageStatisticsLink`|string|Relative URL to view analytics for the current user.|
-|`subscriptions`|Collection of [Subscription](api-management-template-data-model-reference.md#Subscription) entities.|The subscriptions for the current user.|
-|`applications`|Collection of [Application](api-management-template-data-model-reference.md#Application) entities.|The applications of the current user.|
-|`changePasswordUrl`|string|The relative URL to change the current user's password.|
-|`changeNameOrEmailUrl`|string|The relative URL to change the name and email for the current user.|
-|`canChangePassword`|boolean|Whether the current user can change their password.|
-|`isSystemUser`|boolean|Whether the current user is a member of one of the built-in [groups](api-management-key-concepts.md#groups).|
-
-### Sample template data
-
-```json
-{
- "firstName": "Administrator",
- "lastName": "",
- "companyName": "Contoso",
- "addresserEmail": "apimgmt-noreply@mail.windowsazure.com",
- "email": "admin@live.com",
- "developersUsageStatisticsLink": "/Developer/Analytics",
- "subscriptions": [
- {
- "Id": "57026e30de15d80041070001",
- "ProductId": "57026e30de15d80041060001",
- "ProductTitle": "Starter",
- "ProductDescription": "Subscribers will be able to run 5 calls/minute up to a maximum of 100 calls/week.",
- "ProductDetailsUrl": "/Products/57026e30de15d80041060001",
- "State": "Active",
- "DisplayName": "Starter (default)",
- "CreatedDate": "2016-04-04T13:37:52.847",
- "CanBeCancelled": true,
- "IsAwaitingApproval": false,
- "StartDate": null,
- "ExpirationDate": null,
- "NotificationDate": null,
- "PrimaryKey": "b6b2870953d04420a4e02c58f2c08e74",
- "SecondaryKey": "cfe28d5a1cd04d8abc93f48352076ea5",
- "UserId": 1,
- "CanBeRenewed": false,
- "HasExpired": false,
- "IsRejected": false,
- "CancelUrl": "/Subscriptions/57026e30de15d80041070001/Cancel",
- "RenewUrl": "/Subscriptions/57026e30de15d80041070001/Renew"
- },
- {
- "Id": "57026e30de15d80041070002",
- "ProductId": "57026e30de15d80041060002",
- "ProductTitle": "Unlimited",
- "ProductDescription": "Subscribers have completely unlimited access to the API. Administrator approval is required.",
- "ProductDetailsUrl": "/Products/57026e30de15d80041060002",
- "State": "Active",
- "DisplayName": "Unlimited (default)",
- "CreatedDate": "2016-04-04T13:37:52.923",
- "CanBeCancelled": true,
- "IsAwaitingApproval": false,
- "StartDate": null,
- "ExpirationDate": null,
- "NotificationDate": null,
- "PrimaryKey": "8fe7843c36de4cceb4728e6cae297336",
- "SecondaryKey": "96c850d217e74acf9b514ff8a5b38551",
- "UserId": 1,
- "CanBeRenewed": false,
- "HasExpired": false,
- "IsRejected": false,
- "CancelUrl": "/Subscriptions/57026e30de15d80041070002/Cancel",
- "RenewUrl": "/Subscriptions/57026e30de15d80041070002/Renew"
- }
- ],
- "applications": [],
- "changePasswordUrl": "/account/password/change",
- "changeNameOrEmailUrl": "/account/update",
- "canChangePassword": false,
- "isSystemUser": true
-}
-```
-
-## <a name="Subscriptions"></a> Subscriptions
- The **Subscriptions** template allows you to customize the subscriptions section of the user profile page in the developer portal.
-
- ![User Subscription Page](./media/api-management-user-profile-templates/APIM-User-Subscription-Page.png "APIM User Subscription Page")
-
-### Default template
-
-```xml
-<div class="ap-account-subscriptions">
- <a href="{{developersUsageStatisticsLink}}" id="UsageStatistics" class="btn btn-default pull-right">
- <span class="glyphicon glyphicon-stats"></span>
- <span>{% localized "SubscriptionListStrings|WebDevelopersUsageStatisticsLink" %}</span>
- </a>
-
- <h2>{% localized "SubscriptionListStrings|WebDevelopersYourSubscriptions" %}</h2>
-
- <table class="table">
- <thead>
- <tr>
- <th>Subscription details</th>
- <th>Product</th>
- <th>{% localized "SubscriptionListStrings|WebDevelopersSubscriptionTableStateHeader" %}</th>
- <th>Action</th>
- </tr>
- </thead>
- <tbody>
- {% if subscriptions.size == 0 %}
- <tr>
- <td class="text-center" colspan="4">
- {% localized "CommonResources|NoItemsToDisplay" %}
- </td>
- </tr>
- {% else %}
- {% for subscription in subscriptions %}
- <tr id="{{subscription.id}}" {% if subscription.hasExpired %} class="expired" {% endif %}>
- <td>
- <div class="row">
- <label class="col-lg-3">{% localized "SubscriptionListStrings|SubscriptionPropertyLabelName" %}</label>
- <div class="col-lg-6">
- {{ subscription.displayName }}
- </div>
- <div class="col-lg-2">
- <a class="btn-link" href="/Subscriptions/{{subscription.id}}/Rename">Rename</a>
- </div>
- <div class="clearfix"></div>
- </div>
- {% if subscription.isAwaitingApproval %}
- <div class="row">
- <label class="col-lg-3">{% localized "SubscriptionListStrings|SubscriptionPropertyLabelRequestedDate" %}</label>
- <div class="col-lg-6">
- {{ subscription.createdDate | date:"MM/dd/yyyy" }}
- </div>
- </div>
- {% else %}
- {% if subscription.isRejected == false %}
- {% if subscription.startDate %}
- <div class="row">
- <label class="col-lg-3">{% localized "SubscriptionListStrings|SubscriptionPropertyLabelStartedDate" %}</label>
- <div class="col-lg-6">
- {{ subscription.startDate | date:"MM/dd/yyyy" }}
- </div>
- </div>
- {% endif %}
-
- <!-- ko with: Developers.Account.Root.account.key('{{subscription.primaryKey}}', '{{subscription.id}}', true) -->
- <div class="row">
- <label class="col-lg-3">{% localized "SubscriptionListStrings|WebDevelopersPrimaryKey" %}</label>
- <div class="col-lg-6">
- <code data-bind="text: $data.displayKey()" id="primary_{{subscription.id}}"></code>
- </div>
- <div class="col-lg-2">
- <!-- ko if: !requestInProgress() -->
- <div class="nowrap">
- <a href="#" class="btn-link" id="togglePrimary_{{subscription.id}}" data-bind="click: toggleKeyDisplay, text: toggleKeyLabel"></a>
- |
- <a href="#" class="btn-link" id="regeneratePrimary_{{subscription.id}}" data-bind="click: regenerateKey, text: regenerateKeyLabel"></a>
- </div>
- <!-- /ko -->
- <!-- ko if: requestInProgress() -->
- <div class="progress progress-striped active">
- <div class="progress-bar" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100" style="width: 100%">
- <span class="sr-only"></span>
- </div>
- </div>
- <!-- /ko -->
- </div>
- <div class="clearfix"></div>
- </div>
- <!-- /ko -->
- <!-- ko with: Developers.Account.Root.account.key('{{subscription.secondaryKey}}', '{{subscription.id}}', false) -->
- <div class="row">
- <label class="col-lg-3">{% localized "SubscriptionListStrings|WebDevelopersSecondaryKey" %}</label>
- <div class="col-lg-6">
- <code data-bind="text: $data.displayKey()" id="secondary_{{subscription.id}}"></code>
- </div>
- <div class="col-lg-2">
- <div class="nowrap">
- <a href="#" class="btn-link" id="toggleSecondary_{{subscription.id}}" data-bind="click: toggleKeyDisplay, text: toggleKeyLabel">{% localized "SubscriptionListStrings|ButtonLabelShowKey" %}</a>
- |
- <a href="#" class="btn-link" id="regenerateSecondary_{{subscription.id}}" data-bind="click: regenerateKey, text: regenerateKeyLabel">{% localized "SubscriptionListStrings|WebDevelopersRegenerateLink" %}</a>
- </div>
- </div>
- <div class="clearfix"> </div>
- </div>
- <!-- /ko -->
- {% endif %}
- {% endif %}
- </td>
- <td>
- <a href="{{subscription.productDetailsUrl}}">{{subscription.productTitle}}</a>
- </td>
- <td>
- <strong>
- {{subscription.state}}
- </strong>
- </td>
- <td>
- <div class="nowrap">
- {% if subscription.canBeCancelled %}
- <subscription-cancel params="{ subscriptionId: '{{subscription.id}}', cancelUrl: '{{subscription.cancelUrl}}' }"></subscription-cancel>
- {% endif %}
- </div>
- </td>
- </tr>
- {% endfor %}
- {% endif %}
- </tbody>
- </table>
-</div>
-```
-
-### Controls
- This template may use the following [page controls](api-management-page-controls.md).
-
-- [subscription-cancel](api-management-page-controls.md#subscription-cancel)
-
-### Data model
-
-> [!NOTE]
-> The [Profile](#Profile), [Applications](#Applications), and [Subscriptions](#Subscriptions) templates share the same data model and receive the same template data.
-
-|Property|Type|Description|
-|--|-|--|
-|`firstName`|string|First name of the current user.|
-|`lastName`|string|Last name of the current user.|
-|`companyName`|string|The company name of the current user.|
-|`addresserEmail`|string|Email address of the current user.|
-|`developersUsageStatisticsLink`|string|Relative URL to view analytics for the current user.|
-|`subscriptions`|Collection of [Subscription](api-management-template-data-model-reference.md#Subscription) entities.|The subscriptions for the current user.|
-|`applications`|Collection of [Application](api-management-template-data-model-reference.md#Application) entities.|The applications of the current user.|
-|`changePasswordUrl`|string|The relative URL to change the current user's password.|
-|`changeNameOrEmailUrl`|string|The relative URL to change the name and email for the current user.|
-|`canChangePassword`|boolean|Whether the current user can change their password.|
-|`isSystemUser`|boolean|Whether the current user is a member of one of the built-in [groups](api-management-key-concepts.md#groups).|
-
-### Sample template data
-
-```json
-{
- "firstName": "Administrator",
- "lastName": "",
- "companyName": "Contoso",
- "addresserEmail": "apimgmt-noreply@mail.windowsazure.com",
- "email": "admin@live.com",
- "developersUsageStatisticsLink": "/Developer/Analytics",
- "subscriptions": [
- {
- "Id": "57026e30de15d80041070001",
- "ProductId": "57026e30de15d80041060001",
- "ProductTitle": "Starter",
- "ProductDescription": "Subscribers will be able to run 5 calls/minute up to a maximum of 100 calls/week.",
- "ProductDetailsUrl": "/Products/57026e30de15d80041060001",
- "State": "Active",
- "DisplayName": "Starter (default)",
- "CreatedDate": "2016-04-04T13:37:52.847",
- "CanBeCancelled": true,
- "IsAwaitingApproval": false,
- "StartDate": null,
- "ExpirationDate": null,
- "NotificationDate": null,
- "PrimaryKey": "b6b2870953d04420a4e02c58f2c08e74",
- "SecondaryKey": "cfe28d5a1cd04d8abc93f48352076ea5",
- "UserId": 1,
- "CanBeRenewed": false,
- "HasExpired": false,
- "IsRejected": false,
- "CancelUrl": "/Subscriptions/57026e30de15d80041070001/Cancel",
- "RenewUrl": "/Subscriptions/57026e30de15d80041070001/Renew"
- },
- {
- "Id": "57026e30de15d80041070002",
- "ProductId": "57026e30de15d80041060002",
- "ProductTitle": "Unlimited",
- "ProductDescription": "Subscribers have completely unlimited access to the API. Administrator approval is required.",
- "ProductDetailsUrl": "/Products/57026e30de15d80041060002",
- "State": "Active",
- "DisplayName": "Unlimited (default)",
- "CreatedDate": "2016-04-04T13:37:52.923",
- "CanBeCancelled": true,
- "IsAwaitingApproval": false,
- "StartDate": null,
- "ExpirationDate": null,
- "NotificationDate": null,
- "PrimaryKey": "8fe7843c36de4cceb4728e6cae297336",
- "SecondaryKey": "96c850d217e74acf9b514ff8a5b38551",
- "UserId": 1,
- "CanBeRenewed": false,
- "HasExpired": false,
- "IsRejected": false,
- "CancelUrl": "/Subscriptions/57026e30de15d80041070002/Cancel",
- "RenewUrl": "/Subscriptions/57026e30de15d80041070002/Renew"
- }
- ],
- "applications": [],
- "changePasswordUrl": "/account/password/change",
- "changeNameOrEmailUrl": "/account/update",
- "canChangePassword": false,
- "isSystemUser": true
-}
-```
-
-## <a name="Applications"></a> Applications
- The **Applications** template allows you to customize the subscriptions section of the user profile page in the developer portal.
-
- ![User Account Applications Page](./media/api-management-user-profile-templates/APIM-User-Account-Applications-Page.png "APIM User Account Applications Page")
-
-### Default template
-
-```xml
-<div class="ap-account-applications">
- <a id="RegisterApplication" href="/Developer/Applications/Register" class="btn btn-success pull-right">
- <span class="glyphicon glyphicon-plus"></span>
- <span>{% localized "ApplicationListStrings|WebDevelopersRegisterAppLink" %}</span>
- </a>
- <h2>{% localized "ApplicationListStrings|WebDevelopersYourApplicationsHeader" %}</h2>
-
- <table class="table">
- <thead>
- <tr>
- <th class="col-md-8">{% localized "ApplicationListStrings|WebDevelopersAppTableNameHeader" %}</th>
- <th class="col-md-2">{% localized "ApplicationListStrings|WebDevelopersAppTableCategoryHeader" %}</th>
- <th class="col-md-2" colspan="2">{% localized "ApplicationListStrings|WebDevelopersAppTableStateHeader" %}</th>
- </tr>
- </thead>
- <tbody>
-
- {% if applications.size == 0 %}
-
- <tr>
- <td class="col-md-12 text-center" colspan="4">
- {% localized "CommonResources|NoItemsToDisplay" %}
- </td>
- </tr>
-
- {% else %}
-
- {% for app in applications %}
- <tr>
- <td class="col-md-8">
- {{app.title}}
- </td>
- <td class="col-md-2">
- {{app.categoryName}}
- </td>
- <td class="col-md-2">
- <strong>
- {% case app.state %}
- {% when ApplicationStateModel.Registered %}
- {% localized "ApplicationListStrings|WebDevelopersAppNotSubmitted" %}
-
- {% when ApplicationStateModel.Unpublished %}
- {% localized "ApplicationListStrings|WebDevelopersAppNotPublished" %}
-
- {% else %}
- {{ app.state }}
- {% endcase %}
- </strong>
- </td>
- <td class="col-md-1">
- <div class="nowrap">
- {% if app.state != ApplicationStateModel.Submitted and app.state != ApplicationStateModel.Published %}
- <app-actions params="{ appId: '{{app.id}}' }"></app-actions>
- {% endif %}
- </div>
- </td>
- </tr>
- {% endfor %}
-
- {% endif %}
- </tbody>
- </table>
-</div>
-```
-
-### Controls
- This template may use the following [page controls](api-management-page-controls.md).
-
-- [app-actions](api-management-page-controls.md#app-actions)
-
-### Data model
-
-> [!NOTE]
-> The [Profile](#Profile), [Applications](#Applications), and [Subscriptions](#Subscriptions) templates share the same data model and receive the same template data.
-
-|Property|Type|Description|
-|--|-|--|
-|`firstName`|string|First name of the current user.|
-|`lastName`|string|Last name of the current user.|
-|`companyName`|string|The company name of the current user.|
-|`addresserEmail`|string|Email address of the current user.|
-|`developersUsageStatisticsLink`|string|Relative URL to view analytics for the current user.|
-|`subscriptions`|Collection of [Subscription](api-management-template-data-model-reference.md#Subscription) entities.|The subscriptions for the current user.|
-|`applications`|Collection of [Application](api-management-template-data-model-reference.md#Application) entities.|The applications of the current user.|
-|`changePasswordUrl`|string|The relative URL to change the current user's password.|
-|`changeNameOrEmailUrl`|string|The relative URL to change the name and email for the current user.|
-|`canChangePassword`|boolean|Whether the current user can change their password.|
-|`isSystemUser`|boolean|Whether the current user is a member of one of the built-in [groups](api-management-key-concepts.md#groups).|
-
-### Sample template data
-
-```json
-{
- "firstName": "Administrator",
- "lastName": "",
- "companyName": "Contoso",
- "addresserEmail": "apimgmt-noreply@mail.windowsazure.com",
- "email": "admin@live.com",
- "developersUsageStatisticsLink": "/Developer/Analytics",
- "subscriptions": [
- {
- "Id": "57026e30de15d80041070001",
- "ProductId": "57026e30de15d80041060001",
- "ProductTitle": "Starter",
- "ProductDescription": "Subscribers will be able to run 5 calls/minute up to a maximum of 100 calls/week.",
- "ProductDetailsUrl": "/Products/57026e30de15d80041060001",
- "State": "Active",
- "DisplayName": "Starter (default)",
- "CreatedDate": "2016-04-04T13:37:52.847",
- "CanBeCancelled": true,
- "IsAwaitingApproval": false,
- "StartDate": null,
- "ExpirationDate": null,
- "NotificationDate": null,
- "PrimaryKey": "b6b2870953d04420a4e02c58f2c08e74",
- "SecondaryKey": "cfe28d5a1cd04d8abc93f48352076ea5",
- "UserId": 1,
- "CanBeRenewed": false,
- "HasExpired": false,
- "IsRejected": false,
- "CancelUrl": "/Subscriptions/57026e30de15d80041070001/Cancel",
- "RenewUrl": "/Subscriptions/57026e30de15d80041070001/Renew"
- },
- {
- "Id": "57026e30de15d80041070002",
- "ProductId": "57026e30de15d80041060002",
- "ProductTitle": "Unlimited",
- "ProductDescription": "Subscribers have completely unlimited access to the API. Administrator approval is required.",
- "ProductDetailsUrl": "/Products/57026e30de15d80041060002",
- "State": "Active",
- "DisplayName": "Unlimited (default)",
- "CreatedDate": "2016-04-04T13:37:52.923",
- "CanBeCancelled": true,
- "IsAwaitingApproval": false,
- "StartDate": null,
- "ExpirationDate": null,
- "NotificationDate": null,
- "PrimaryKey": "8fe7843c36de4cceb4728e6cae297336",
- "SecondaryKey": "96c850d217e74acf9b514ff8a5b38551",
- "UserId": 1,
- "CanBeRenewed": false,
- "HasExpired": false,
- "IsRejected": false,
- "CancelUrl": "/Subscriptions/57026e30de15d80041070002/Cancel",
- "RenewUrl": "/Subscriptions/57026e30de15d80041070002/Renew"
- }
- ],
- "applications": [],
- "changePasswordUrl": "/account/password/change",
- "changeNameOrEmailUrl": "/account/update",
- "canChangePassword": false,
- "isSystemUser": true
-}
-```
-
-## <a name="UpdateAccountInfo"></a> Update account info
- The **Update account info** template allows you to customize the **Update account information** page in the developer portal.
-
- ![User Account Info Page Developer Portal Templates](./media/api-management-user-profile-templates/APIM-User-Account-Info-Page-Developer-Portal-Templates.png "APIM User Account Info Page Developer Portal Templates")
-
-### Default template
-
-```xml
-<div class="row">
- <div class="col-sm-6 col-md-6">
- <div class="form-group">
- <label for="Email">{% localized "SigninResources|TextboxLabelEmail" %}</label>
- <input autofocus="autofocus" class="form-control" id="Email" name="Email" type="text" value="{{email}}">
- </div>
- <div class="form-group">
- <label for="FirstName">{% localized "SigninResources|TextboxLabelEmailFirstName" %}</label>
- <input class="form-control" id="FirstName" name="FirstName" type="text" value="{{firstName}}">
- </div>
- <div class="form-group">
- <label for="LastName">{% localized "SigninResources|TextboxLabelEmailLastName" %}</label>
- <input class="form-control" id="LastName" name="LastName" type="text" value="{{lastName}}">
- </div>
- <div class="form-group">
- <label for="Password">{% localized "SigninResources|WebAuthenticationSigninPasswordLabel" %}</label>
- <input class="form-control" id="Password" name="Password" type="password">
- </div>
- </div>
-</div>
-
-<button type="submit" class="btn btn-primary" id="UpdateProfile">
- {% localized "UpdateProfileStrings|ButtonLabelUpdateProfile" %}
-</button>
-<a class="btn btn-default" href="/developer" role="button">
- {% localized "CommonStrings|ButtonLabelCancel" %}
-</a>
-```
-
-### Controls
- This template may not use any [page controls](api-management-page-controls.md).
-
-### Data model
- [User account info](api-management-template-data-model-reference.md#UserAccountInfo) entity.
-
-### Sample template data
-
-```json
-{
- "FirstName": "Administrator",
- "LastName": "",
- "Email": "admin@live.com",
- "Password": null,
- "NameIdentifier": null,
- "ProviderName": null,
- "IsBasicAccount": false
-}
-```
-
-## Next steps
-For more information about working with templates, see [How to customize the API Management developer portal using templates](api-management-developer-portal-templates.md).
api-management Developer Portal Deprecated Migration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/developer-portal-deprecated-migration.md
- Title: Migrate to the new developer portal from the legacy developer portal-
-description: Learn how to migrate from the legacy developer portal to the new developer portal in API Management.
----- Previously updated : 04/15/2021---
-# Migrate to the new developer portal
-
-This article describes the steps you need to take to migrate from the deprecated legacy portal to the new developer portal in API Management.
-
-> [!IMPORTANT]
-> The legacy developer portal is now deprecated and it will receive security updates only. You can continue to use it, as per usual, until its retirement in October 2023, when it will be removed from all API Management services.
-
-![API Management developer portal](media/api-management-howto-developer-portal/cover.png)
--
-## Improvements in new developer portal
-
-The new developer portal addresses many limitations of the deprecated portal. It features a [visual drag-and-drop editor for editing content](api-management-howto-developer-portal-customize.md) and a dedicated panel for designers to style the website. Pages, customizations, and configuration are saved as Azure Resource Manager resources in your API Management service, which lets you [automate portal deployments](automate-portal-deployments.md). Lastly, the portal's codebase is open-source, so [you can extend it with custom functionality](api-management-howto-developer-portal.md#managed-vs-self-hosted).
-
-## How to migrate to new developer portal
-
-The new developer portal is incompatible with the deprecated portal and automated migration isn't possible. You need to manually recreate the content (pages, text, media files) and customize the look of the new portal. Precise steps will vary depending on the customizations and complexity of your portal. Refer to [the developer portal tutorial](api-management-howto-developer-portal-customize.md) for guidance. Remaining configuration, like the list of APIs, products, users, identity providers, is automatically shared across both portals.
-
-> [!IMPORTANT]
-> If you've launched the new developer portal before, but you haven't made any changes, reset the default content to update it to the latest version.
-
-When you migrate from the deprecated portal, keep in mind the following changes:
--- If you expose your developer portal via a custom domain, [assign a domain](configure-custom-domain.md) to the new developer portal. Use the **Developer portal** option from the dropdown in the Azure portal.-- [Apply a CORS policy](developer-portal-faq.md#cors) on your APIs to enable the interactive test console.-- If you inject custom CSS to style the portal, you need to [replicate the styling using the built-in design panel](api-management-howto-developer-portal-customize.md). CSS injection isn't allowed in the new portal.-- You can inject custom JavaScript only in the [self-hosted version of the new portal](api-management-howto-developer-portal.md#managed-vs-self-hosted).-- If your API Management is in a virtual network and is exposed to the Internet via Application Gateway, [refer to this documentation article](api-management-howto-integrate-internal-vnet-appgateway.md) for precise configuration steps. You need to:-
- - Enable connectivity to the API Management's management endpoint.
- - Enable connectivity to the new portal endpoint.
- - Disable selected Web Application Firewall rules.
--- If you changed the default e-mail notification templates to include an explicitly defined deprecated portal URL, change them to either use the portal URL parameter or point to the new portal URL. If the templates use the built-in portal URL parameter instead, no changes are required.-- *Issues* and *Applications* aren't supported in the new developer portal.-- Direct integration with Facebook, Microsoft, Twitter, and Google as identity providers isn't supported in the new developer portal. You can integrate with those providers via Azure AD B2C.-- If you use delegation, change the return URL in your applications and use the [*Get Shared Access Token* API endpoint](/rest/api/apimanagement/current-ga/user/get-shared-access-token) instead of the *Generate SSO URL* endpoint.-- If you use Microsoft Entra ID as an identity provider:-
- - Change the return URL in your application to point to the new developer portal domain.
- - Modify the suffix of the return URL in your application from `/signin-aad` to `/signin`.
--- If you use Azure AD B2C as an identity provider:-
- - Change the return URL in your application to point to the new developer portal domain.
- - Modify the suffix of the return URL in your application from `/signin-aad` to `/signin`.
- - Include *Given Name*, *Surname*, and *User's Object ID* in the application claims.
--- If you use OAuth 2.0 in the interactive test console, change the return URL in your application to point to the new developer portal domain and modify the suffix:-
- - From `/docs/services/[serverName]/console/oauth2/authorizationcode/callback` to `/signin-oauth/code/callback/[serverName]` for the authorization code grant flow.
- - From `/docs/services/[serverName]/console/oauth2/implicit/callback` to `/signin-oauth/implicit/callback` for the implicit grant flow.
-- If you use OpenID Connect in the interactive test console, change the return URL in your application to point to the new developer portal domain and modify the suffix:-
- - From `/docs/services/[serverName]/console/openidconnect/authorizationcode/callback` to `/signin-oauth/code/callback/[serverName]` for the authorization code grant flow.
- - From `/docs/services/[serverName]/console/openidconnect/implicit/callback` to `/signin-oauth/implicit/callback` for the implicit grant flow.
-
-## Next steps
-
-Learn more about the developer portal:
--- [Azure API Management developer portal overview](api-management-howto-developer-portal.md)-- [Access and customize the developer portal](api-management-howto-developer-portal-customize.md)
api-management Graphql Apis Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/graphql-apis-overview.md
Previously updated : 05/31/2023 Last updated : 09/18/2023
API Management helps you import, manage, protect, test, publish, and monitor Gra
## Availability * GraphQL APIs are supported in all API Management service tiers
-* Pass-through and synthetic GraphQL APIs currently aren't supported in a self-hosted gateway
* Synthetic GraphQL APIs currently aren't supported in API Management [workspaces](workspaces-overview.md) * Support for GraphQL subscriptions in synthetic GraphQL APIs is currently in preview and isn't available in the Consumption tier
api-management Grpc Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/grpc-api.md
+
+ Title: Import a gRPC API to Azure API Management (preview) | Microsoft Docs
+description: Learn how to import a gRPC service definition as an API to an API Management instance using the Azure portal, ARM template, or bicep template.
+++++ Last updated : 10/04/2023+++
+# Import a gRPC API (preview)
+
+This article shows how to import a gRPC service definition as an API in API Management. You can then manage the API in API Management, secure access and apply other polices, and pass gRPC API requests through the gateway to the gRPC backend.
+
+To add a gRPC API to API Management, you need to:
+
+* Upload the API's Protobuf (protocol buffer) definition file to API Management
+* Specify the location of your gRPC service
+* Configure the API in API Management
+
+API Management supports pass-through with the following types of gRPC service methods: unary, server streaming, client streaming, and bidirectional streaming. For background about gRPC, see [Introduction to gRPC](https://grpc.io/docs/what-is-grpc/introduction/).
++
+> [!NOTE]
+> * Importing a gRPC API is in preview. Currently, gRPC APIs are only supported in the self-hosted gateway, not the managed gateway for your API Management instance.
+> * Currently, testing gRPC APIs isn't supported in the test console of the Azure portal or in the API Management developer portal.
++
+## Prerequisites
+
+* An API Management instance. If you don't already have one, complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md).
+
+* A gateway resource provisioned in your instance. If you don't already have one, see [Provision a self-hosted gateway in Azure API Management](api-management-howto-provision-self-hosted-gateway.md).
+
+* A gRPC Protobuff (.proto) file available locally and gRPC service that's accessible over HTTPS.
+
+## Add a gRPC API
+
+#### [Portal](#tab/portal)
+
+1. In the [Azure portal](https://portal.azure.com), navigate to your API Management instance.
+
+1. In the left menu, select **APIs** > **+ Add API**.
+
+1. Under **Define a new API**, select **gRPC**.
+
+ :::image type="content" source="./media/grpc-api/grpc-api.png" alt-text="Screenshot of creating a gRPC API in the portal." :::
+
+1. In the **Create a gRPC API window**, select **Full**.
+
+1. For a gRPC API, you must specify the following settings:
+
+ 1. In **Upload schema**, select a local .proto file associated with the API to import.
+
+ 1. In **gRPC server URL**, enter the address of the gRPC service. The address must be accessible over HTTPS.
+
+ 1. In **Gateways**, select the gateway resource that you want to use to expose the API.
+
+ > [!IMPORTANT]
+ > In public preview, you can only select a self-hosted gateway. The **Managed** gateway isn't supported.
+
+1. Enter remaining settings to configure your API. These settings are explained in the [Import and publish your first API](import-and-publish.md#import-and-publish-a-backend-api) tutorial.
+
+1. Select **Create**.
+
+ The API is added to the **APIs** list. You can view update your settings by going to the **Settings** tab of the API.
+++++
api-management Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure API Management description: Lists Azure Policy Regulatory Compliance controls available for Azure API Management. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 10/23/2023 Last updated : 11/06/2023
app-service Identity Scenarios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/identity-scenarios.md
Title: 'App Service authentication recommendations'
-description: There are several different authentication solutions available for web apps or web APIs hosted on App Service. This article provides recommendations on which auth solution(s) can be used for specific scenarios such as quickly and simply limiting access to your web app, custom authorization, and incremental consent.
+description: Learn about the different authentication options available for web apps or web APIs hosted on App Service. This article provides recommendations on which auth solution(s) can be used for specific scenarios such as quickly and simply limiting access to your web app, custom authorization, and incremental consent. Learn about the benefits and drawbacks of using built-in authentication versus code implementation of authentication.
Previously updated : 08/10/2023 Last updated : 10/31/2023 # Authentication scenarios and recommendations
-If you have a web app or an API running in Azure App Service, you can restrict access to it based on the identity of the users or applications that request it. App Service offers several authentication solutions to help you achieve this goal. In this article, you will learn about the different authentication solutions, their benefits and drawbacks, and which authentication solution to use for specific scenarios.
+If you have a web app or an API running in Azure App Service, you can restrict access to it based on the identity of the users or applications that request it. App Service offers several authentication solutions to help you achieve this goal. In this article, you will learn about the different authentication options, their benefits and drawbacks, and which authentication solution to use for specific scenarios.
## Authentication solutions
app-service Overview Tls https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/overview-tls.md
+
+ Title: Transport Layer Security (TLS) overview
+description: Learn about Transport Layer Security (TLS) on App Service.
+keywords: app service, azure app service, tls, transport layer security, support, web app, troubleshooting,
+ Last updated : 11/06/2023++++
+# Azure App Service TLS overview
+
+## What does TLS do in App Service?
+
+Transport Layer Security (TLS) is a widely adopted security protocol designed to secure connections and communications between servers and clients. App Service allows customers to use TLS/SSL certificates to secure incoming requests to their web apps. App Service currently supports different set of TLS features for customers to secure their web apps.
+
+## What TLS options are available in App Service?
+
+For incoming requests to your web app, App Service supports TLS versions 1.0, 1.1, and 1.2. [In the next few months, App Service will begin supporting TLS version 1.3](https://techcommunity.microsoft.com/t5/apps-on-azure-blog/upcoming-tls-1-3-on-azure-app-service-for-web-apps-functions-and/ba-p/3974138).
+
+### Minimum TLS Version and SCM Minimum TLS Version
+
+App Service also allows you to set minimum TLS version for incoming requests to your web app and to SCM site. By default, the minimum TLS version for incoming requests to your web app and to SCM would be set to 1.2 on both portal and API.
+
+## TLS 1.0 and 1.1
+
+TLS 1.0 and 1.1 are considered legacy protocols and are no longer considered secure. It's generally recommended for customers to use TLS 1.2 as the minimum TLS version, which is also the default.
+
+To ensure backward compatibility for TLS 1.0 and TLS 1.1, App Service will continue to support TLS 1.0 and 1.1 for incoming requests to your web app. However, since the default minimum TLS version is set to TLS 1.2, you need to update the minimum TLS version configurations on your web app to either TLS 1.0 or 1.1 so the requests won't be rejected.
+
+> [!IMPORTANT]
+> Incoming requests to web apps and incoming requests to Azure are treated differently. App Service will continue to support TLS 1.0 and 1.1 for incoming requests to the web apps. For incoming requests directly to Azure, for example through ARM or API, it's not recommended to use TLS 1.0 or 1.1.
+>
+
+## Next steps
+* [Secure a custom DNS name with a TLS/SSL binding](configure-ssl-bindings.md)
app-service Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure App Service description: Lists Azure Policy Regulatory Compliance controls available for Azure App Service. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 10/23/2023 Last updated : 11/06/2023
application-gateway Alb Controller Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/alb-controller-release-notes.md
Previously updated : 10/23/2023 Last updated : 11/07/2023
Instructions for new or existing deployments of ALB Controller are found in the
- [Upgrade existing ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md#for-existing-deployments) ## Latest Release (Recommended)
-September 25, 2023 - 0.5.024542 - Custom Health Probes, Controller HA, Multi-site support for Ingress, [helm_release via Terraform fix](https://github.com/Azure/AKS/issues/3857), Path rewrite for Gateway API, status for Ingress resources, quality improvements
+November 6, 2023 - 0.6.1 - Gateway / Ingress API - Header rewrite support, Ingress API - URL rewrite support, Ingress multiple-TLS listener bug fix,
+two certificates maximum per host, adopting [semantic versioning (semver)](https://semver.org/), quality improvements
## Release history
-July 25, 2023 - 0.4.023971 - Ingress + Gateway co-existence improvements
+September 25, 2023 - 0.5.024542 - Custom Health Probes, Controller HA, Multi-site support for Ingress, [helm_release via Terraform fix](https://github.com/Azure/AKS/issues/3857), Path rewrite for Gateway API, status for Ingress resources, quality improvements
+
+July 25, 2023 - 0.4.023971 - Ingress + Gateway coexistence improvements
July 24, 2023 - 0.4.023961 - Improved Ingress support
application-gateway Api Specification Kubernetes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/api-specification-kubernetes.md
Previously updated : 9/25/2023 Last updated : 11/6/2023
has been accepted by the controller.</p>
<em>(Optional)</em> <p>Known condition types are:</p> <ul>
-<li>&ldquo;Accepted&rdquo;</li>
-<li>&ldquo;Ready&rdquo;</li>
+<li>"Accepted"</li>
+<li>"Ready"</li>
</ul> </td> </tr>
particular BackendTLSPolicy condition type has been raised.</p>
When the given BackendTLSPolicy is correctly configured</p> </td> </tr><tr><td><p>&#34;InvalidBackendTLSPolicy&#34;</p></td>
-<td><p>BackendTLSPolicyReasonInvalid is the reason when the BackendTLSPolicy isn't Accepted</p>
+<td><p>BackendTLSPolicyReasonInvalid is the reason when the BackendTLSPolicy isn&rsquo;t Accepted</p>
+</td>
+</tr><tr><td><p>&#34;InvalidGroup&#34;</p></td>
+<td><p>BackendTLSPolicyReasonInvalidGroup is used when the group is invalid</p>
</td> </tr><tr><td><p>&#34;InvalidKind&#34;</p></td> <td><p>BackendTLSPolicyReasonInvalidKind is used when the kind/group is invalid</p> </td>
+</tr><tr><td><p>&#34;InvalidName&#34;</p></td>
+<td><p>BackendTLSPolicyReasonInvalidName is used when the name is invalid</p>
+</td>
+</tr><tr><td><p>&#34;InvalidSecret&#34;</p></td>
+<td><p>BackendTLSPolicyReasonInvalidSecret is used when the Secret is invalid</p>
+</td>
+</tr><tr><td><p>&#34;InvalidService&#34;</p></td>
+<td><p>BackendTLSPolicyReasonInvalidService is used when the Service is invalid</p>
+</td>
</tr><tr><td><p>&#34;NoTargetReference&#34;</p></td> <td><p>BackendTLSPolicyReasonNoTargetReference is used when there is no target reference</p> </td> </tr><tr><td><p>&#34;RefNotPermitted&#34;</p></td>
-<td><p>BackendTLSPolicyReasonRefNotPermitted is used when the ref isn't permitted</p>
-</td>
-</tr><tr><td><p>&#34;ServiceNotFound&#34;</p></td>
-<td><p>BackendTLSPolicyReasonServiceNotFound is used when the ref service isn't found</p>
-</td>
-</tr><tr><td><p>&#34;Degraded&#34;</p></td>
-<td><p>ReasonDegraded is the backendTLSPolicyConditionReason when the backendTLSPolicy has been incorrectly programmed</p>
+<td><p>BackendTLSPolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p>
</td> </tr></tbody> </table>
field.</p>
</tr> </thead> <tbody><tr><td><p>&#34;Accepted&#34;</p></td>
-<td><p>BackendTLSPolicyConditionAccepted is used to set the BackendTLSPolicyCondition to Accepted</p>
-</td>
-</tr><tr><td><p>&#34;Ready&#34;</p></td>
-<td><p>BackendTLSPolicyConditionReady is used to set the condition to Ready</p>
+<td><p>BackendTLSPolicyConditionAccepted is used to set the BackendTLSPolicyConditionType to Accepted</p>
</td> </tr><tr><td><p>&#34;ResolvedRefs&#34;</p></td>
-<td><p>BackendTLSPolicyConditionResolvedRefs is used to set the BackendTLSPolicyCondition to ResolvedRefs
-This is used with the following Reasons :
-*BackendTLSPolicyReasonRefNotPermitted
-*BackendTLSPolicyReasonInvalidKind
-*BackendTLSPolicyReasonServiceNotFound
-*BackendTLSPolicyInvalidCertificateRef
-*ReasonDegraded</p>
+<td><p>BackendTLSPolicyConditionResolvedRefs is used to set the BackendTLSPolicyCondition to ResolvedRefs</p>
</td> </tr></tbody> </table>
string
<td> <code>clientCertificateRef</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.SecretObjectReference">
+<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference">
Gateway API .SecretObjectReference </a> </em>
constants so that operators and tools can converge on a common
vocabulary to describe BackendTLSPolicy state.</p> <p>Known condition types are:</p> <ul>
-<li>&ldquo;Accepted&rdquo;</li>
+<li>"Accepted"</li>
</ul> </td> </tr>
CommonTLSPolicyVerify
<td> <code>caCertificateRef</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.SecretObjectReference">
+<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference">
Gateway API .SecretObjectReference </a> </em>
certificate of the backend.</p>
(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.FrontendTLSPolicySpec">FrontendTLSPolicySpec</a>) </p> <div>
-<p>CustomTargetRef is a reference to a custom resource that isn't part of the
+<p>CustomTargetRef is a reference to a custom resource that isn&rsquo;t part of the
Kubernetes core API.</p> </div> <table>
Kubernetes core API.</p>
<td> <code>name</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.ObjectName">
+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.ObjectName">
Gateway API .ObjectName </a> </em>
Gateway API .ObjectName
<td> <code>kind</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.Kind">
+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Kind">
Gateway API .Kind </a> </em>
Gateway API .Kind
<td> <code>namespace</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.Namespace">
+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Namespace">
Gateway API .Namespace </a> </em>
Gateway API .Namespace
<td> <code>group</code><br/> <em>
-<a href="https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.Group">
+<a href="https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Group">
Gateway API .Group </a> </em>
FrontendTLSPolicyStatus
(<code>string</code> alias)</h3> <div> <p>FrontendTLSPolicyConditionReason defines the set of reasons that explain why a
-particular FrontTLSPolicy condition type has been raised.</p>
+particular FrontendTLSPolicy condition type has been raised.</p>
</div> <table> <thead>
particular FrontTLSPolicy condition type has been raised.</p>
<th>Description</th> </tr> </thead>
-<tbody><tr><td><p>&#34;InvalidGroup&#34;</p></td>
-<td><p>FrontTLSPolicyReasonInvalidGroup is used when the group is invalid</p>
+<tbody><tr><td><p>&#34;Accepted&#34;</p></td>
+<td><p>FrontendTLSPolicyReasonAccepted is used to set the FrontendTLSPolicyConditionReason to Accepted
+When the given FrontendTLSPolicy is correctly configured</p>
+</td>
+</tr><tr><td><p>&#34;InvalidFrontendTLSPolicy&#34;</p></td>
+<td><p>FrontendTLSPolicyReasonInvalid is the reason when the FrontendTLSPolicy isn&rsquo;t Accepted</p>
+</td>
+</tr><tr><td><p>&#34;InvalidGateway&#34;</p></td>
+<td><p>FrontendTLSPolicyReasonInvalidGateway is used when the gateway is invalid</p>
+</td>
+</tr><tr><td><p>&#34;InvalidGroup&#34;</p></td>
+<td><p>FrontendTLSPolicyReasonInvalidGroup is used when the group is invalid</p>
</td> </tr><tr><td><p>&#34;InvalidKind&#34;</p></td>
-<td><p>FrontTLSPolicyReasonInvalidKind is used when the kind/group is invalid</p>
+<td><p>FrontendTLSPolicyReasonInvalidKind is used when the kind/group is invalid</p>
</td> </tr><tr><td><p>&#34;InvalidName&#34;</p></td>
-<td><p>FrontTLSPolicyReasonInvalidName is used when the name is invalid</p>
+<td><p>FrontendTLSPolicyReasonInvalidName is used when the name is invalid</p>
</td> </tr><tr><td><p>&#34;InvalidPolicyName&#34;</p></td>
-<td><p>FrontTLSPolicyReasonInvalidPolicyName is used when the name is invalid</p>
+<td><p>FrontendTLSPolicyReasonInvalidPolicyName is used when the policy name is invalid</p>
</td> </tr><tr><td><p>&#34;InvalidPolicyType&#34;</p></td>
-<td><p>FrontTLSPolicyReasonInvalidPolicyType is used when the type is invalid</p>
+<td><p>FrontendTLSPolicyReasonInvalidPolicyType is used when the policy type is invalid</p>
</td> </tr><tr><td><p>&#34;NoTargetReference&#34;</p></td>
-<td><p>FrontTLSPolicyReasonNoTargetReference is used when there is no target reference</p>
+<td><p>FrontendTLSPolicyReasonNoTargetReference is used when there is no target reference</p>
</td> </tr><tr><td><p>&#34;RefNotPermitted&#34;</p></td>
-<td><p>FrontTLSPolicyReasonRefNotPermitted is used when the ref isn't permitted</p>
-</td>
-</tr><tr><td><p>&#34;Accepted&#34;</p></td>
-<td><p>FrontendTLSPolicyReasonAccepted is used to set the FrontTLSPolicyConditionReason to Accepted
-When the given FrontTLSPolicy is correctly configured</p>
-</td>
-</tr><tr><td><p>&#34;InvalidFrontendTLSPolicy&#34;</p></td>
-<td><p>FrontendTLSPolicyReasonInvalid is the reason when the FrontendTLSPolicy isn't Accepted</p>
-</td>
-</tr><tr><td><p>&#34;InvalidGateway&#34;</p></td>
-<td><p>FrontendTLSPolicyReasonInvalidGateway is used when the gateway is invalid</p>
+<td><p>FrontendTLSPolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p>
</td> </tr></tbody> </table>
constants so that operators and tools can converge on a common
vocabulary to describe FrontendTLSPolicy state.</p> <p>Known condition types are:</p> <ul>
-<li>&ldquo;Accepted&rdquo;</li>
+<li>"Accepted"</li>
</ul> </td> </tr>
vocabulary to describe FrontendTLSPolicy state.</p>
</td> </tr></tbody> </table>
+<h3 id="alb.networking.azure.io/v1.HTTPHeader">HTTPHeader
+</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.HeaderFilter">HeaderFilter</a>)
+</p>
+<div>
+<p>HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.</p>
+</div>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>name</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.HTTPHeaderName">
+HTTPHeaderName
+</a>
+</em>
+</td>
+<td>
+<p>Name is the name of the HTTP Header to be matched. Name matching MUST be
+case insensitive. (See <a href="https://tools.ietf.org/html/rfc7230#section-3.2">https://tools.ietf.org/html/rfc7230#section-3.2</a>).</p>
+<p>If multiple entries specify equivalent header names, the first entry with
+an equivalent name MUST be considered for a match. Subsequent entries
+with an equivalent header name MUST be ignored. Due to the
+case-insensitivity of header names, "foo" and "Foo" are considered
+equivalent.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>value</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Value is the value of HTTP Header to be matched.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="alb.networking.azure.io/v1.HTTPHeaderName">HTTPHeaderName
+(<code>string</code> alias)</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.HTTPHeader">HTTPHeader</a>)
+</p>
+<div>
+<p>HTTPHeaderName is the name of an HTTP header.</p>
+<p>Valid values include:</p>
+<ul>
+<li>"Authorization"</li>
+<li>"Set-Cookie"</li>
+</ul>
+<p>Invalid values include:</p>
+<ul>
+<li>":method" - ":" is an invalid character. This means that HTTP/2 pseudo
+headers are not currently supported by this type.</li>
+<li>"/invalid" - "/ " is an invalid character</li>
+</ul>
+</div>
<h3 id="alb.networking.azure.io/v1.HTTPMatch">HTTPMatch </h3> <p>
string
</tr> </tbody> </table>
+<h3 id="alb.networking.azure.io/v1.HTTPPathModifier">HTTPPathModifier
+</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.Redirect">Redirect</a>, <a href="#alb.networking.azure.io/v1.URLRewriteFilter">URLRewriteFilter</a>)
+</p>
+<div>
+<p>HTTPPathModifier defines configuration for path modifiers.</p>
+</div>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>type</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.HTTPPathModifierType">
+HTTPPathModifierType
+</a>
+</em>
+</td>
+<td>
+<p>Type defines the type of path modifier. Additional types may be
+added in a future release of the API.</p>
+<p>Note that values may be added to this enum, implementations
+must ensure that unknown values will not cause a crash.</p>
+<p>Unknown values here must result in the implementation setting the
+Accepted Condition for the rule to be false</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>replaceFullPath</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ReplaceFullPath specifies the value with which to replace the full path
+of a request during a rewrite or redirect.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>replacePrefixMatch</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ReplacePrefixMatch specifies the value with which to replace the prefix
+match of a request during a rewrite or redirect. For example, a request
+to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch
+of "/xyz" would be modified to "/xyz/bar".</p>
+<p>Note that this matches the behavior of the PathPrefix match type. This
+matches full path elements. A path element refers to the list of labels
+in the path split by the <code>/</code> separator. When specified, a trailing <code>/</code> is
+ignored. For example, the paths <code>/abc</code>, <code>/abc/</code>, and <code>/abc/def</code> would all
+match the prefix <code>/abc</code>, but the path <code>/abcd</code> would not.</p>
+<p>ReplacePrefixMatch is only compatible with a <code>PathPrefix</code> HTTPRouteMatch.
+Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in
+the implementation setting the Accepted Condition for the Route to <code>status: False</code>.</p>
+<table>
+<thead>
+<tr>
+<th>Request Path</th>
+<th>Prefix Match</th>
+<th>Replace Prefix</th>
+<th>Modified Path</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>/foo/bar</td>
+<td>/foo</td>
+<td>/xyz</td>
+<td>/xyz/bar</td>
+</tr>
+<tr>
+<td>/foo/bar</td>
+<td>/foo</td>
+<td>/xyz/</td>
+<td>/xyz/bar</td>
+</tr>
+<tr>
+<td>/foo/bar</td>
+<td>/foo/</td>
+<td>/xyz</td>
+<td>/xyz/bar</td>
+</tr>
+<tr>
+<td>/foo/bar</td>
+<td>/foo/</td>
+<td>/xyz/</td>
+<td>/xyz/bar</td>
+</tr>
+<tr>
+<td>/foo</td>
+<td>/foo</td>
+<td>/xyz</td>
+<td>/xyz</td>
+</tr>
+<tr>
+<td>/foo/</td>
+<td>/foo</td>
+<td>/xyz</td>
+<td>/xyz/</td>
+</tr>
+<tr>
+<td>/foo/bar</td>
+<td>/foo</td>
+<td></td>
+<td>/bar</td>
+</tr>
+<tr>
+<td>/foo/</td>
+<td>/foo</td>
+<td></td>
+<td>/</td>
+</tr>
+<tr>
+<td>/foo</td>
+<td>/foo</td>
+<td></td>
+<td>/</td>
+</tr>
+<tr>
+<td>/foo/</td>
+<td>/foo</td>
+<td>/</td>
+<td>/</td>
+</tr>
+<tr>
+<td>/foo</td>
+<td>/foo</td>
+<td>/</td>
+<td>/</td>
+</tr>
+</tbody>
+</table>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="alb.networking.azure.io/v1.HTTPPathModifierType">HTTPPathModifierType
+(<code>string</code> alias)</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.HTTPPathModifier">HTTPPathModifier</a>)
+</p>
+<div>
+<p>HTTPPathModifierType defines the type of path redirect or rewrite.</p>
+</div>
+<table>
+<thead>
+<tr>
+<th>Value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody><tr><td><p>&#34;ReplaceFullPath&#34;</p></td>
+<td><p>FullPathHTTPPathModifier indicates that the full path will be replaced
+by the specified value.</p>
+</td>
+</tr><tr><td><p>&#34;ReplacePrefixMatch&#34;</p></td>
+<td><p>PrefixMatchHTTPPathModifier indicates that any prefix path matches will be
+replaced by the substitution value. For example, a path with a prefix
+match of "/foo" and a ReplacePrefixMatch substitution of "/bar" will have
+the "/foo" prefix replaced with "/bar" in matching requests.</p>
+<p>Note that this matches the behavior of the PathPrefix match type. This
+matches full path elements. A path element refers to the list of labels
+in the path split by the <code>/</code> separator. When specified, a trailing <code>/</code> is
+ignored. For example, the paths <code>/abc</code>, <code>/abc/</code>, and <code>/abc/def</code> would all
+match the prefix <code>/abc</code>, but the path <code>/abcd</code> would not.</p>
+</td>
+</tr></tbody>
+</table>
<h3 id="alb.networking.azure.io/v1.HTTPSpecifiers">HTTPSpecifiers </h3> <p>
HTTPMatch
</tr> </tbody> </table>
+<h3 id="alb.networking.azure.io/v1.HeaderFilter">HeaderFilter
+</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRewrites">IngressRewrites</a>)
+</p>
+<div>
+<p>HeaderFilter defines a filter that modifies the headers of an HTTP
+request or response. Only one action for a given header name is permitted.
+Filters specifying multiple actions of the same or different type for any one
+header name are invalid and will be rejected.
+Configuration to set or add multiple values for a header must use RFC 7230
+header value formatting, separating each value with a comma.</p>
+</div>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>set</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.HTTPHeader">
+[]HTTPHeader
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Set overwrites the request with the given header (name, value)
+before the action.</p>
+<p>Input:
+GET /foo HTTP/1.1
+my-header: foo</p>
+<p>Config:
+set:
+- name: "my-header"
+value: "bar"</p>
+<p>Output:
+GET /foo HTTP/1.1
+my-header: bar</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>add</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.HTTPHeader">
+[]HTTPHeader
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Add adds the given header(s) (name, value) to the request
+before the action. It appends to any existing values associated
+with the header name.</p>
+<p>Input:
+GET /foo HTTP/1.1
+my-header: foo</p>
+<p>Config:
+add:
+- name: "my-header"
+value: "bar,baz"</p>
+<p>Output:
+GET /foo HTTP/1.1
+my-header: foo,bar,baz</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>remove</code><br/>
+<em>
+[]string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Remove the given header(s) from the HTTP request before the action. The
+value of Remove is a list of HTTP header names. Note that the header
+names are case-insensitive (see
+<a href="https://datatracker.ietf.org/doc/html/rfc2616#section-4.2)">https://datatracker.ietf.org/doc/html/rfc2616#section-4.2)</a>.</p>
+<p>Input:
+GET /foo HTTP/1.1
+my-header1: foo
+my-header2: bar
+my-header3: baz</p>
+<p>Config:
+remove: ["my-header1", "my-header3"]</p>
+<p>Output:
+GET /foo HTTP/1.1
+my-header2: bar</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="alb.networking.azure.io/v1.HeaderName">HeaderName
+(<code>string</code> alias)</h3>
+<div>
+<p>HeaderName is the name of a header or query parameter.</p>
+</div>
<h3 id="alb.networking.azure.io/v1.HealthCheckPolicy">HealthCheckPolicy </h3> <div>
particular HealthCheckPolicy condition type has been raised.</p>
<th>Description</th> </tr> </thead>
-<tbody><tr><td><p>&#34;InvalidReference&#34;</p></td>
-<td><p>HealthCheckPolicyInvalidReference is used when the reference is invalid</p>
-</td>
-</tr><tr><td><p>&#34;Accepted&#34;</p></td>
+<tbody><tr><td><p>&#34;Accepted&#34;</p></td>
<td><p>HealthCheckPolicyReasonAccepted is used to set the HealthCheckPolicyConditionReason to Accepted When the given HealthCheckPolicy is correctly configured</p> </td> </tr><tr><td><p>&#34;InvalidHealthCheckPolicy&#34;</p></td>
-<td><p>HealthCheckPolicyReasonInvalid is the reason when the HealthCheckPolicy isn't Accepted</p>
+<td><p>HealthCheckPolicyReasonInvalid is the reason when the HealthCheckPolicy isn&rsquo;t Accepted</p>
+</td>
+</tr><tr><td><p>&#34;InvalidGroup&#34;</p></td>
+<td><p>HealthCheckPolicyReasonInvalidGroup is used when the group is invalid</p>
+</td>
+</tr><tr><td><p>&#34;InvalidKind&#34;</p></td>
+<td><p>HealthCheckPolicyReasonInvalidKind is used when the kind/group is invalid</p>
+</td>
+</tr><tr><td><p>&#34;InvalidName&#34;</p></td>
+<td><p>HealthCheckPolicyReasonInvalidName is used when the name is invalid</p>
</td> </tr><tr><td><p>&#34;InvalidPort&#34;</p></td> <td><p>HealthCheckPolicyReasonInvalidPort is used when the port is invalid</p> </td>
-</tr><tr><td><p>&#34;InvalidServiceReference&#34;</p></td>
-<td><p>HealthCheckPolicyReasonInvalidServiceReference is used when the service is invalid</p>
-</td>
-</tr><tr><td><p>&#34;InvalidTargetReference&#34;</p></td>
-<td><p>HealthCheckPolicyReasonInvalidTargetReference is used when the target is invalid</p>
+</tr><tr><td><p>&#34;InvalidService&#34;</p></td>
+<td><p>HealthCheckPolicyReasonInvalidService is used when the Service is invalid</p>
</td> </tr><tr><td><p>&#34;NoTargetReference&#34;</p></td>
-<td><p>HealthCheckPolicyReasonNoTargetReference is used when the target isn't found</p>
+<td><p>HealthCheckPolicyReasonNoTargetReference is used when there is no target reference</p>
+</td>
+</tr><tr><td><p>&#34;RefNotPermitted&#34;</p></td>
+<td><p>HealthCheckPolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p>
</td> </tr></tbody> </table>
constants so that operators and tools can converge on a common
vocabulary to describe HealthCheckPolicy state.</p> <p>Known condition types are:</p> <ul>
-<li>&ldquo;Accepted&rdquo;</li>
+<li>"Accepted"</li>
</ul> </td> </tr> </tbody> </table>
-<h3 id="alb.networking.azure.io/v1.IngressBackendOverride">IngressBackendOverride
-</h3>
-<p>
-(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressListenerSetting">IngressListenerSetting</a>)
-</p>
-<div>
-<p>IngressBackendOverride allows a user to change the hostname on a request before it is sent to a backend service</p>
-</div>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>service</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Service is the name of a backend service that this override refers to.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>backendHost</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<p>BackendHost is the hostname that an incoming request will be mutated to use before being forwarded to the backend</p>
-</td>
-</tr>
-</tbody>
-</table>
<h3 id="alb.networking.azure.io/v1.IngressBackendPort">IngressBackendPort </h3> <p>
Only one of Name/Number should be defined.</p>
<tbody> <tr> <td>
-<code>number</code><br/>
+<code>port</code><br/>
<em> int32 </em> </td> <td> <em>(Optional)</em>
-<p>Number indicates the TCP port number being referred to</p>
+<p>Port indicates the port on the backend service</p>
</td> </tr> <tr>
Protocol
</em> </td> <td>
-<p>Protocol should be one of &ldquo;HTTP&rdquo;, &ldquo;HTTPS&rdquo;</p>
+<p>Protocol should be one of "HTTP", "HTTPS"</p>
</td> </tr> </tbody>
backend on a port specified as https</p>
</tr> <tr> <td>
-<code>pathPrefixOverride</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>PathPrefixOverride will mutate requests going to the backend to be prefixed with this value</p>
-</td>
-</tr>
-<tr>
-<td>
<code>sessionAffinity</code><br/> <em> <a href="#alb.networking.azure.io/v1.SessionAffinity">
IngressTimeouts
<h3 id="alb.networking.azure.io/v1.IngressCertificate">IngressCertificate </h3> <p>
-(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressListenerTLS">IngressListenerTLS</a>)
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRuleTLS">IngressRuleTLS</a>)
</p> <div> <p>IngressCertificate defines a certificate and private key to be used with TLS.</p>
IngressExtensionSpec
<table> <tr> <td>
-<code>listenerSettings</code><br/>
+<code>rules</code><br/>
<em>
-<a href="#alb.networking.azure.io/v1.IngressListenerSetting">
-[]IngressListenerSetting
+<a href="#alb.networking.azure.io/v1.IngressRuleSetting">
+[]IngressRuleSetting
</a> </em> </td> <td>
-<p>Listeners defines a list of listeners to configure</p>
+<em>(Optional)</em>
+<p>Rules defines the rules per host</p>
</td> </tr> <tr>
IngressExtensionStatus
</em> </td> <td>
-<em>(Optional)</em>
-<p>Status describes the current state of the IngressExtension as enacted by the ALB controller</p>
</td> </tr> </tbody>
field.</p>
<tbody> <tr> <td>
-<code>listenerSettings</code><br/>
+<code>rules</code><br/>
<em>
-<a href="#alb.networking.azure.io/v1.IngressListenerSetting">
-[]IngressListenerSetting
+<a href="#alb.networking.azure.io/v1.IngressRuleSetting">
+[]IngressRuleSetting
</a> </em> </td> <td>
-<p>Listeners defines a list of listeners to configure</p>
+<em>(Optional)</em>
+<p>Rules defines the rules per host</p>
</td> </tr> <tr>
field.</p>
<tbody> <tr> <td>
-<code>listenerSettings</code><br/>
+<code>rules</code><br/>
<em>
-<a href="#alb.networking.azure.io/v1.IngressListenerSettingStatus">
-[]IngressListenerSettingStatus
+<a href="#alb.networking.azure.io/v1.IngressRuleStatus">
+[]IngressRuleStatus
</a> </em> </td> <td> <em>(Optional)</em>
-<p>ListenerSettings has detailed status information regarding each ListenerSetting</p>
+<p>Rules has detailed status information regarding each Rule</p>
</td> </tr> <tr>
field.</p>
<p>Conditions describe the current conditions of the IngressExtension. Known condition types are:</p> <ul>
-<li>&ldquo;Accepted&rdquo;</li>
-<li>&ldquo;Errors&rdquo;</li>
+<li>"Accepted"</li>
+<li>"Errors"</li>
</ul> </td> </tr> </tbody> </table>
-<h3 id="alb.networking.azure.io/v1.IngressListenerPort">IngressListenerPort
+<h3 id="alb.networking.azure.io/v1.IngressRewrites">IngressRewrites
</h3> <p>
-(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressListenerSetting">IngressListenerSetting</a>)
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRuleSetting">IngressRuleSetting</a>)
</p> <div>
-<p>IngressListenerPort describes a port a listener will listen on.</p>
+<p>IngressRewrites provides the various rewrites supported on a rule</p>
</div> <table> <thead>
Known condition types are:</p>
<tbody> <tr> <td>
-<code>port</code><br/>
+<code>type</code><br/>
<em>
-int32
+<a href="#alb.networking.azure.io/v1.RewriteType">
+RewriteType
+</a>
</em> </td> <td>
-<p>Port defines what TCP port the listener will listen on</p>
+<p>Type identifies the type of rewrite</p>
</td> </tr> <tr> <td>
-<code>protocol</code><br/>
+<code>requestHeaderModifier</code><br/>
<em>
-<a href="#alb.networking.azure.io/v1.Protocol">
-Protocol
+<a href="#alb.networking.azure.io/v1.HeaderFilter">
+HeaderFilter
</a> </em> </td> <td> <em>(Optional)</em>
-<p>Protocol indicates if the port will be used for HTTP or HTTPS traffic.</p>
+<p>RequestHeaderModifier defines a schema that modifies request headers.</p>
</td> </tr> <tr> <td>
-<code>sslRedirectTo</code><br/>
+<code>responseHeaderModifier</code><br/>
<em>
-int32
+<a href="#alb.networking.azure.io/v1.HeaderFilter">
+HeaderFilter
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>RequestHeaderModifier defines a schema that modifies response headers.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>urlRewrite</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.URLRewriteFilter">
+URLRewriteFilter
+</a>
</em> </td> <td> <em>(Optional)</em>
-<p>SSLRedirectTo can be used to redirect HTTP traffic to HTTPS on the indicated port</p>
+<p>URLRewrite defines a schema that modifies a request during forwarding.</p>
</td> </tr> </tbody> </table>
-<h3 id="alb.networking.azure.io/v1.IngressListenerSetting">IngressListenerSetting
+<h3 id="alb.networking.azure.io/v1.IngressRuleSetting">IngressRuleSetting
</h3> <p> (<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressExtensionSpec">IngressExtensionSpec</a>) </p> <div>
-<p>IngressListenerSetting provides configuration options for listeners</p>
+<p>IngressRuleSetting provides configuration options for rules</p>
</div> <table> <thead>
string
<td> <code>tls</code><br/> <em>
-<a href="#alb.networking.azure.io/v1.IngressListenerTLS">
-IngressListenerTLS
+<a href="#alb.networking.azure.io/v1.IngressRuleTLS">
+IngressRuleTLS
</a> </em> </td> <td> <em>(Optional)</em>
-<p>TLS defines TLS settings for the Listener</p>
+<p>TLS defines TLS settings for the rule</p>
</td> </tr> <tr>
IngressListenerTLS
</tr> <tr> <td>
-<code>ports</code><br/>
+<code>rewrites</code><br/>
<em>
-<a href="#alb.networking.azure.io/v1.IngressListenerPort">
-[]IngressListenerPort
+<a href="#alb.networking.azure.io/v1.IngressRewrites">
+[]IngressRewrites
</a> </em> </td> <td> <em>(Optional)</em>
-<p>Defines what ports and protocols a listener should listen on</p>
+<p>Rewrites defines the rewrites for the rule</p>
</td> </tr> <tr> <td>
-<code>overrideBackendHostnames</code><br/>
+<code>requestRedirect</code><br/>
<em>
-<a href="#alb.networking.azure.io/v1.IngressBackendOverride">
-[]IngressBackendOverride
+<a href="#alb.networking.azure.io/v1.Redirect">
+Redirect
</a> </em> </td> <td> <em>(Optional)</em>
-<p>OverrideBackendHostnames is a list of services on which incoming requests will have the value of the host header changed</p>
+<p>RequestRedirect defines the redirect behavior for the rule</p>
</td> </tr> </tbody> </table>
-<h3 id="alb.networking.azure.io/v1.IngressListenerSettingStatus">IngressListenerSettingStatus
+<h3 id="alb.networking.azure.io/v1.IngressRuleStatus">IngressRuleStatus
</h3> <p> (<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressExtensionStatus">IngressExtensionStatus</a>) </p> <div>
-<p>IngressListenerSettingStatus describes the state of a listener setting</p>
+<p>IngressRuleStatus describes the state of a rule</p>
</div> <table> <thead>
string
</em> </td> <td>
-<p>Host identifies the listenerSetting this status describes</p>
+<p>Host identifies the rule this status describes</p>
</td> </tr> <tr>
bool
</td> <td> <em>(Optional)</em>
-<p>Valid indicates that there are no validation errors present on this listenerSetting</p>
+<p>Valid indicates that there are no validation errors present on this rule</p>
</td> </tr> </tbody> </table>
-<h3 id="alb.networking.azure.io/v1.IngressListenerTLS">IngressListenerTLS
+<h3 id="alb.networking.azure.io/v1.IngressRuleTLS">IngressRuleTLS
</h3> <p>
-(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressListenerSetting">IngressListenerSetting</a>)
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRuleSetting">IngressRuleSetting</a>)
</p> <div>
-<p>IngressListenerTLS provides options for configuring TLS settings on a listener</p>
+<p>IngressRuleTLS provides options for configuring TLS settings on a rule</p>
</div> <table> <thead>
IngressCertificate
</td> <td> <em>(Optional)</em>
-<p>Certificate specifies a TLS Certificate to configure a Listener with</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>policy</code><br/>
-<em>
-<a href="#alb.networking.azure.io/v1.IngressTLSPolicy">
-IngressTLSPolicy
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Policy configures a particular TLS Policy</p>
+<p>Certificate specifies a TLS Certificate to configure a rule with</p>
</td> </tr> </tbody> </table>
-<h3 id="alb.networking.azure.io/v1.IngressTLSPolicy">IngressTLSPolicy
-</h3>
-<p>
-(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressListenerTLS">IngressListenerTLS</a>)
-</p>
-<div>
-<p>IngressTLSPolicy describes cipher suites and related TLS configuration options</p>
-</div>
<h3 id="alb.networking.azure.io/v1.IngressTimeouts">IngressTimeouts </h3> <p>
FrontendTLSPolicyType
</tr> </tbody> </table>
+<h3 id="alb.networking.azure.io/v1.PortNumber">PortNumber
+(<code>int32</code> alias)</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.Redirect">Redirect</a>)
+</p>
+<div>
+<p>PortNumber defines a network port.</p>
+</div>
+<h3 id="alb.networking.azure.io/v1.PreciseHostname">PreciseHostname
+(<code>string</code> alias)</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.Redirect">Redirect</a>, <a href="#alb.networking.azure.io/v1.URLRewriteFilter">URLRewriteFilter</a>)
+</p>
+<div>
+<p>PreciseHostname is the fully qualified domain name of a network host. This
+matches the RFC 1123 definition of a hostname with 1 notable exception that
+numeric IP addresses are not allowed.</p>
+<p>Note that as per RFC1035 and RFC1123, a <em>label</em> must consist of lower case
+alphanumeric characters or &lsquo;-&rsquo;, and must start and end with an alphanumeric
+character. No other punctuation is allowed.</p>
+</div>
<h3 id="alb.networking.azure.io/v1.Protocol">Protocol (<code>string</code> alias)</h3> <p>
-(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.HealthCheckPolicyConfig">HealthCheckPolicyConfig</a>, <a href="#alb.networking.azure.io/v1.IngressBackendPort">IngressBackendPort</a>, <a href="#alb.networking.azure.io/v1.IngressListenerPort">IngressListenerPort</a>)
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.HealthCheckPolicyConfig">HealthCheckPolicyConfig</a>, <a href="#alb.networking.azure.io/v1.IngressBackendPort">IngressBackendPort</a>)
</p> <div> <p>Protocol defines the protocol used for certain properties.
Valid Protocol values are:</p>
</td> </tr></tbody> </table>
+<h3 id="alb.networking.azure.io/v1.Redirect">Redirect
+</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRuleSetting">IngressRuleSetting</a>)
+</p>
+<div>
+<p>Redirect defines a filter that redirects a request. This
+MUST NOT be used on the same rule that also has a URLRewriteFilter.</p>
+</div>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>scheme</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Scheme is the scheme to be used in the value of the <code>Location</code> header in
+the response. When empty, the scheme of the request is used.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>hostname</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.PreciseHostname">
+PreciseHostname
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Hostname is the hostname to be used in the value of the <code>Location</code>
+header in the response.
+When empty, the hostname in the <code>Host</code> header of the request is used.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>path</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.HTTPPathModifier">
+HTTPPathModifier
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Path defines parameters used to modify the path of the incoming request.
+The modified path is then used to construct the <code>Location</code> header. When
+empty, the request path is used as-is.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>port</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.PortNumber">
+PortNumber
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Port is the port to be used in the value of the <code>Location</code>
+header in the response.</p>
+<p>If no port is specified, the redirect port MUST be derived using the
+following rules:</p>
+<ul>
+<li>If redirect scheme is not-empty, the redirect port MUST be the well-known
+port associated with the redirect scheme. Specifically "http" to port 80
+and "https" to port 443. If the redirect scheme does not have a
+well-known port, the listener port of the Gateway SHOULD be used.</li>
+<li>If redirect scheme is empty, the redirect port MUST be the Gateway
+Listener port.</li>
+</ul>
+<p>Implementations SHOULD NOT add the port number in the &lsquo;Location&rsquo;
+header in the following cases:</p>
+<ul>
+<li>A Location header that will use HTTP (whether that is determined via
+the Listener protocol or the Scheme field) <em>and</em> use port 80.</li>
+<li>A Location header that will use HTTPS (whether that is determined via
+the Listener protocol or the Scheme field) <em>and</em> use port 443.</li>
+</ul>
+</td>
+</tr>
+<tr>
+<td>
+<code>statusCode</code><br/>
+<em>
+int
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>StatusCode is the HTTP status code to be used in response.</p>
+<p>Note that values may be added to this enum, implementations
+must ensure that unknown values will not cause a crash.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="alb.networking.azure.io/v1.RewriteType">RewriteType
+(<code>string</code> alias)</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRewrites">IngressRewrites</a>)
+</p>
+<div>
+<p>RewriteType identifies the rewrite type</p>
+</div>
+<table>
+<thead>
+<tr>
+<th>Value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody><tr><td><p>&#34;RequestHeaderModifier&#34;</p></td>
+<td><p>RequestHeaderModifier can be used to add or remove an HTTP
+header from an HTTP request before it is sent to the upstream target.</p>
+</td>
+</tr><tr><td><p>&#34;ResponseHeaderModifier&#34;</p></td>
+<td><p>ResponseHeaderModifier can be used to add or remove an HTTP
+header from an HTTP response before it is sent to the client.</p>
+</td>
+</tr><tr><td><p>&#34;URLRewrite&#34;</p></td>
+<td><p>URLRewrite can be used to modify a request during forwarding.</p>
+</td>
+</tr></tbody>
+</table>
<h3 id="alb.networking.azure.io/v1.RoutePolicy">RoutePolicy </h3> <div>
particular RoutePolicy condition type has been raised.</p>
When the given RoutePolicy is correctly configured</p> </td> </tr><tr><td><p>&#34;InvalidRoutePolicy&#34;</p></td>
-<td><p>RoutePolicyReasonInvalid is the reason when the RoutePolicy isn't Accepted</p>
+<td><p>RoutePolicyReasonInvalid is the reason when the RoutePolicy isn&rsquo;t Accepted</p>
+</td>
+</tr><tr><td><p>&#34;InvalidGroup&#34;</p></td>
+<td><p>RoutePolicyReasonInvalidGroup is used when the group is invalid</p>
</td> </tr><tr><td><p>&#34;InvalidHTTPRoute&#34;</p></td> <td><p>RoutePolicyReasonInvalidHTTPRoute is used when the HTTPRoute is invalid</p> </td>
-</tr><tr><td><p>&#34;InvalidTargetReference&#34;</p></td>
-<td><p>RoutePolicyReasonInvalidTargetReference is used when there is no target reference</p>
+</tr><tr><td><p>&#34;InvalidKind&#34;</p></td>
+<td><p>RoutePolicyReasonInvalidKind is used when the kind/group is invalid</p>
+</td>
+</tr><tr><td><p>&#34;InvalidName&#34;</p></td>
+<td><p>RoutePolicyReasonInvalidName is used when the name is invalid</p>
+</td>
+</tr><tr><td><p>&#34;NoTargetReference&#34;</p></td>
+<td><p>RoutePolicyReasonNoTargetReference is used when there is no target reference</p>
+</td>
+</tr><tr><td><p>&#34;RefNotPermitted&#34;</p></td>
+<td><p>RoutePolicyReasonRefNotPermitted is used when the ref isn&rsquo;t permitted</p>
</td> </tr></tbody> </table>
field.</p>
(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.RoutePolicySpec">RoutePolicySpec</a>) </p> <div>
-<p>RoutePolicyConfig defines the schema for RoutePolicy specification.
+<p>RoutePolicyConfig defines the schema for RoutePolicy specification.
This allows the specification of the following attributes: * Timeouts * Session Affinity</p>
constants so that operators and tools can converge on a common
vocabulary to describe RoutePolicy state.</p> <p>Known condition types are:</p> <ul>
-<li>&ldquo;Accepted&rdquo;</li>
+<li>"Accepted"</li>
</ul> </td> </tr>
This is inclusive.</p>
</tr> </tbody> </table>
+<h3 id="alb.networking.azure.io/v1.URLRewriteFilter">URLRewriteFilter
+</h3>
+<p>
+(<em>Appears on:</em><a href="#alb.networking.azure.io/v1.IngressRewrites">IngressRewrites</a>)
+</p>
+<div>
+<p>URLRewriteFilter defines a filter that modifies a request during
+forwarding. At most one of these filters may be used on a rule. This
+MUST NOT be used on the same rule having an sslRedirect.</p>
+</div>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>hostname</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.PreciseHostname">
+PreciseHostname
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Hostname is the value to be used to replace the Host header value during
+forwarding.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>path</code><br/>
+<em>
+<a href="#alb.networking.azure.io/v1.HTTPPathModifier">
+HTTPPathModifier
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Path defines a path rewrite.</p>
+</td>
+</tr>
+</tbody>
+</table>
application-gateway Custom Health Probe https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/custom-health-probe.md
Previously updated : 09/25/2023 Last updated : 11/07/2023
The following properties make up custom health probes:
| -- | - | | port | the port number to initiate health probes to. Valid port values are 1-65535. | | interval | how often in seconds health probes should be sent to the backend target. The minimum interval must be > 0 seconds. |
-| timeout | how long in seconds the request should wait until it's deemed a failure The minimum interval must be > 0 seconds. |
+| timeout | how long in seconds the request should wait until it's marked as a failure The minimum interval must be > 0 seconds. |
| healthyThreshold | number of health probes before marking the target endpoint healthy. The minimum interval must be > 0. | | unhealthyTreshold | number of health probes to fail before the backend target should be labeled unhealthy. The minimum interval must be > 0. |
-| protocol| specifies either non-encrypted `HTTP` traffic or encrypted traffic via TLS as `HTTPS` |
+| protocol| specifies either nonencrypted `HTTP` traffic or encrypted traffic via TLS as `HTTPS` |
| (http) host | the hostname specified in the request to the backend target. |
-| (http) path | the specific path of the request. If a single file should be loaded, the path may be /https://docsupdatetracker.net/index.html as an example. |
+| (http) path | the specific path of the request. If a single file should be loaded, the path might be /https://docsupdatetracker.net/index.html. |
| (http -> match) statusCodes | Contains two properties, `start` and `end`, that define the range of valid HTTP status codes returned from the backend. |
+[ ![A diagram showing the Application Gateway for Containers using custom health probes to determine backend health.](./media/custom-health-probe/custom-health-probe.png) ](./media/custom-health-probe/custom-health-probe.png#lightbox)
+ ## Default health probe Application Gateway for Containers automatically configures a default health probe when you don't define a custom probe configuration or configure a readiness probe. The monitoring behavior works by making an HTTP GET request to the IP addresses of configured backend targets. For default probes, if the backend target is configured for HTTPS, the probe uses HTTPS to test health of the backend targets.
When the default health probe is used, the following values for each health prob
## Custom health probe
-In both Gateway API and Ingress API, a custom health probe can be defined by defining a [_HealthCheckPolicyPolicy_ resource](api-specification-kubernetes.md#alb.networking.azure.io/v1.HealthCheckPolicy) and referencing a service the health probes should check against. As the service is referenced by an HTTPRoute or Ingress resource with a class reference to Application Gateway for Containers, the custom health probe will be used for each reference.
+In both Gateway API and Ingress API, a custom health probe can be defined by defining a [_HealthCheckPolicyPolicy_ resource](api-specification-kubernetes.md#alb.networking.azure.io/v1.HealthCheckPolicy) and referencing a service the health probes should check against. As the service is referenced by an HTTPRoute or Ingress resource with a class reference to Application Gateway for Containers, the custom health probe is used for each reference.
-In this example, the health probe emitted by Application Gateway for Containers will send the hostname contoso.com to the pods that make up _test-service_. The request path will be `/`, a probe will be emitted every 5 seconds and wait 3 seconds before determining the connection has timed out. If a response is received, an HTTP response code between 200 and 299 (inclusive of 200 and 299) will be considered healthy, all other responses will be considered unhealthy.
+In this example, the health probe emitted by Application Gateway for Containers sends the hostname contoso.com to the pods that make up _test-service_. The request path is `/`, a probe is emitted every 5 seconds and wait 3 seconds before determining the connection has timed out. If a response is received, an HTTP response code between 200 and 299 (inclusive of 200 and 299) is considered healthy, all other responses are considered unhealthy.
```bash kubectl apply -f - <<EOF
application-gateway How To Backend Mtls Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-backend-mtls-gateway-api.md
See the following figure:
This command creates the following on your cluster: - a namespace called `test-infra`
- - 1 service called `mtls-app` in the `test-infra` namespace
- - 1 deployment called `mtls-app` in the `test-infra` namespace
- - 1 config map called `mtls-app-nginx-cm` in the `test-infra` namespace
- - 4 secrets called `backend.com`, `frontend.com`, `gateway-client-cert`, and `ca.bundle` in the `test-infra` namespace
+ - one service called `mtls-app` in the `test-infra` namespace
+ - one deployment called `mtls-app` in the `test-infra` namespace
+ - one config map called `mtls-app-nginx-cm` in the `test-infra` namespace
+ - four secrets called `backend.com`, `frontend.com`, `gateway-client-cert`, and `ca.bundle` in the `test-infra` namespace
## Deploy the required Gateway API resources
spec:
EOF ```
-Once the BackendTLSPolicy object has been create check the status on the object to ensure that the policy is valid.
+Once the BackendTLSPolicy object has been created check the status on the object to ensure that the policy is valid.
```bash kubectl get backendtlspolicy -n test-infra mtls-app-tls-policy -o yaml
application-gateway How To Header Rewrite Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-header-rewrite-gateway-api.md
+
+ Title: Header rewrite for Azure Application Gateway for Containers - Gateway API
+description: Learn how to rewrite headers in Gateway API for Application Gateway for Containers.
+++++ Last updated : 11/07/2023+++
+# Header rewrite for Azure Application Gateway for Containers - Gateway API (preview)
+
+Application Gateway for Containers allows you to rewrite HTTP headers of client requests and responses from backend targets.
+
+## Usage details
+
+Header rewrites take advantage of [filters](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.HTTPURLRewriteFilter) as defined by Kubernetes Gateway API.
+
+## Background
+Header rewrites enable you to modify the request and response headers to and from your backend targets.
+
+The following figure illustrates a request with a specific user agent being rewritten to a simplified value called SearchEngine-BingBot when the request is initiated to the backend target by Application Gateway for Containers:
+
+[ ![A diagram showing the Application Gateway for Containers rewriting a request header to the backend.](./media/how-to-header-rewrite-gateway-api/header-rewrite.png) ](./media/how-to-header-rewrite-gateway-api/header-rewrite.png#lightbox)
+
+## Prerequisites
+
+> [!IMPORTANT]
+> Application Gateway for Containers is currently in PREVIEW.<br>
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+1. If following the BYO deployment strategy, ensure that you set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
+2. If you're following the ALB managed deployment strategy, ensure provisioning of the [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
+3. Deploy sample HTTP application
+ Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate the header rewrite.
+ ```bash
+ kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/traffic-split-scenario/deployment.yaml
+ ```
+
+ This command creates the following on your cluster:
+ - a namespace called `test-infra`
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+
+## Deploy the required Gateway API resources
+
+# [ALB managed deployment](#tab/alb-managed)
+
+Create a gateway:
+
+```bash
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+ name: gateway-01
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-namespace: alb-test-infra
+ alb.networking.azure.io/alb-name: alb-test
+spec:
+ gatewayClassName: azure-alb-external
+ listeners:
+ - name: http-listener
+ port: 80
+ protocol: HTTP
+ allowedRoutes:
+ namespaces:
+ from: Same
+EOF
+```
++
+# [Bring your own (BYO) deployment](#tab/byo)
+1. Set the following environment variables
+
+```bash
+RESOURCE_GROUP='<resource group name of the Application Gateway For Containers resource>'
+RESOURCE_NAME='alb-test'
+
+RESOURCE_ID=$(az network alb show --resource-group $RESOURCE_GROUP --name $RESOURCE_NAME --query id -o tsv)
+FRONTEND_NAME='frontend'
+```
+
+2. Create a Gateway
+```bash
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+ name: gateway-01
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-id: $RESOURCE_ID
+spec:
+ gatewayClassName: azure-alb-external
+ listeners:
+ - name: http-listener
+ port: 80
+ protocol: HTTP
+ allowedRoutes:
+ namespaces:
+ from: Same
+ addresses:
+ - type: alb.networking.azure.io/alb-frontend
+ value: $FRONTEND_NAME
+EOF
+```
+++
+Once the gateway resource is created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.
+```bash
+kubectl get gateway gateway-01 -n test-infra -o yaml
+```
+
+Example output of successful gateway creation.
+```yaml
+status:
+ addresses:
+ - type: IPAddress
+ value: xxxx.yyyy.alb.azure.com
+ conditions:
+ - lastTransitionTime: "2023-06-19T21:04:55Z"
+ message: Valid Gateway
+ observedGeneration: 1
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: "2023-06-19T21:04:55Z"
+ message: Application Gateway For Containers resource has been successfully updated.
+ observedGeneration: 1
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ listeners:
+ - attachedRoutes: 0
+ conditions:
+ - lastTransitionTime: "2023-06-19T21:04:55Z"
+ message: ""
+ observedGeneration: 1
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ - lastTransitionTime: "2023-06-19T21:04:55Z"
+ message: Listener is accepted
+ observedGeneration: 1
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: "2023-06-19T21:04:55Z"
+ message: Application Gateway For Containers resource has been successfully updated.
+ observedGeneration: 1
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ name: https-listener
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+```
+
+Once the gateway is created, create an HTTPRoute that listens for hostname contoso.com and overrides the user-agent value to SearchEngine-BingBot.
+
+In this example, we look for the user agent used by the Bing search engine and simplify the header to SearchEngine-BingBot for easier backend parsing.
+
+This example also demonstrates addition of a new header called `AGC-Header-Add` with a value of `agc-value` and removes a request header called `client-custom-header`.
+
+> [!TIP]
+> For this example, while we can use the HTTPHeaderMatch of "Exact" for a string match, a demonstration is used in regular expression for illistration of further capabilities.
+
+```bash
+kubectl apply -f - <<EOF
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: header-rewrite-route
+ namespace: test-infra
+spec:
+ parentRefs:
+ - name: gateway-01
+ namespace: test-infra
+ hostnames:
+ - "contoso.com"
+ rules:
+ - matches:
+ - headers:
+ - name: user-agent
+ value: Mozilla/5\.0 AppleWebKit/537\.36 \(KHTML, like Gecko; compatible; bingbot/2\.0; \+http://www\.bing\.com/bingbot\.htm\) Chrome/
+ type: RegularExpression
+ filters:
+ - type: RequestHeaderModifier
+ requestHeaderModifier:
+ set:
+ - name: user-agent
+ value: SearchEngine-BingBot
+ add:
+ - name: AGC-Header-Add
+ value: agc-value
+ remove: ["client-custom-header"]
+ backendRefs:
+ - name: backend-v2
+ port: 8080
+ - backendRefs:
+ - name: backend-v1
+ port: 8080
+EOF
+```
+
+Once the HTTPRoute resource is created, ensure the route is _Accepted_ and the Application Gateway for Containers resource is _Programmed_.
+```bash
+kubectl get httproute http-route -n test-infra -o yaml
+```
+
+Verify the status of the Application Gateway for Containers resource has been successfully updated.
+
+```yaml
+status:
+ parents:
+ - conditions:
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: ""
+ observedGeneration: 1
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: Route is Accepted
+ observedGeneration: 1
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: "2023-06-19T22:18:23Z"
+ message: Application Gateway For Containers resource has been successfully updated.
+ observedGeneration: 1
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ controllerName: alb.networking.azure.io/alb-controller
+ parentRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-01
+ namespace: test-infra
+ ```
+
+## Test access to the application
+
+Now we're ready to send some traffic to our sample application, via the FQDN assigned to the frontend. Use the following command to get the FQDN:
+
+```bash
+fqdn=$(kubectl get gateway gateway-01 -n test-infra -o jsonpath='{.status.addresses[0].value}')
+```
+
+If you specify the server name indicator using the curl command, `contoso.com` for the frontend FQDN, the output should return a response from the backend-v1 service.
+
+```bash
+fqdnIp=$(dig +short $fqdn)
+curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com
+```
+
+Via the response we should see:
+```json
+{
+ "path": "/",
+ "host": "contoso.com",
+ "method": "GET",
+ "proto": "HTTP/1.1",
+ "headers": {
+ "Accept": [
+ "*/*"
+ ],
+ "User-Agent": [
+ "curl/7.81.0"
+ ],
+ "X-Forwarded-For": [
+ "xxx.xxx.xxx.xxx"
+ ],
+ "X-Forwarded-Proto": [
+ "http"
+ ],
+ "X-Request-Id": [
+ "dcd4bcad-ea43-4fb6-948e-a906380dcd6d"
+ ]
+ },
+ "namespace": "test-infra",
+ "ingress": "",
+ "service": "",
+ "pod": "backend-v1-5b8fd96959-f59mm"
+}
+```
+
+Specifying a user-agent header with the value `` should return a response from the backend service of SearchEngine-BingBot:
+
+```bash
+fqdnIp=$(dig +short $fqdn)
+curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com -H "user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/"
+```
+
+Via the response we should see:
+```json
+{
+ "path": "/",
+ "host": "fabrikam.com",
+ "method": "GET",
+ "proto": "HTTP/1.1",
+ "headers": {
+ "Accept": [
+ "*/*"
+ ],
+ "User-Agent": [
+ "curl/7.81.0"
+ ],
+ "X-Forwarded-For": [
+ "xxx.xxx.xxx.xxx"
+ ],
+ "X-Forwarded-Proto": [
+ "http"
+ ],
+ "X-Request-Id": [
+ "adae8cc1-8030-4d95-9e05-237dd4e3941b"
+ ]
+ },
+ "namespace": "test-infra",
+ "ingress": "",
+ "service": "",
+ "pod": "backend-v2-5b8fd96959-f59mm"
+}
+```
+
+Specifying a `client-custom-header` header with the value `moo` should be stripped from the request when AGC initiates the connection to the backend service:
+
+```bash
+fqdnIp=$(dig +short $fqdn)
+curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com -H "client-custom-header: moo"
+```
+
+Via the response we should see:
+```json
+{
+ "path": "/",
+ "host": "fabrikam.com",
+ "method": "GET",
+ "proto": "HTTP/1.1",
+ "headers": {
+ "Accept": [
+ "*/*"
+ ],
+ "User-Agent": [
+ "curl/7.81.0"
+ ],
+ "X-Forwarded-For": [
+ "xxx.xxx.xxx.xxx"
+ ],
+ "X-Forwarded-Proto": [
+ "http"
+ ],
+ "X-Request-Id": [
+ "kd83nc84-4325-5d22-3d23-237dd4e3941b"
+ ]
+ },
+ "namespace": "test-infra",
+ "ingress": "",
+ "service": "",
+ "pod": "backend-v2-5b8fd96959-f59mm"
+}
+```
+
+Congratulations, you have installed ALB Controller, deployed a backend application and modified header values via Gateway API on Application Gateway for Containers.
application-gateway How To Header Rewrite Ingress Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-header-rewrite-ingress-api.md
+
+ Title: Header rewrite for Azure Application Gateway for Containers - Ingress API
+description: Learn how to rewrite headers in Ingress API for Application Gateway for Containers.
+++++ Last updated : 11/6/2023+++
+# Header rewrite for Azure Application Gateway for Containers - Ingress API (preview)
+
+Application Gateway for Containers allows you to rewrite HTTP headers of client requests and responses from backend targets.
+
+## Usage details
+
+Header rewrites take advantage of Application Gateway for Container's IngressExtension custom resource.
+
+## Background
+Header rewrites enable you to modify the request and response headers to and from your backend targets.
+
+The following figure illustrates an example of a request with a specific user agent being rewritten to a simplified value called `rewritten-user-agent` when the request is initiated to the backend target by Application Gateway for Containers:
+
+[ ![A diagram showing the Application Gateway for Containers rewriting a request header to the backend.](./media/how-to-header-rewrite-ingress-api/header-rewrite.png) ](./media/how-to-header-rewrite-ingress-api/header-rewrite.png#lightbox)
+
+## Prerequisites
+
+> [!IMPORTANT]
+> Application Gateway for Containers is currently in PREVIEW.<br>
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
+2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
+3. Deploy sample HTTP application
+ Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate the header rewrite.
+ ```bash
+ kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/traffic-split-scenario/deployment.yaml
+ ```
+
+ This command creates the following on your cluster:
+ - a namespace called `test-infra`
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+
+## Deploy the required Gateway API resources
+
+# [ALB managed deployment](#tab/alb-managed)
+
+Create an Ingress resource to listen for requests to `contoso.com`:
+
+```bash
+kubectl apply -f - <<EOF
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: ingress-01
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-name: alb-test
+ alb.networking.azure.io/alb-namespace: alb-test-infra
+ alb.networking.azure.io/alb-ingress-extension: header-rewrite
+spec:
+ ingressClassName: azure-alb-external
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: backend-v1
+ port:
+ number: 8080
+EOF
+```
++
+# [Bring your own (BYO) deployment](#tab/byo)
+1. Set the following environment variables
+
+```bash
+RESOURCE_GROUP='<resource group name of the Application Gateway For Containers resource>'
+RESOURCE_NAME='alb-test'
+
+RESOURCE_ID=$(az network alb show --resource-group $RESOURCE_GROUP --name $RESOURCE_NAME --query id -o tsv)
+FRONTEND_NAME='frontend'
+```
+
+2. Create an Ingress resource to listen for requests to `contoso.com`
+```bash
+kubectl apply -f - <<EOF
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: ingress-01
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-id: $RESOURCE_ID
+ alb.networking.azure.io/alb-frontend: $FRONTEND_NAME
+ alb.networking.azure.io/alb-ingress-extension: header-rewrite
+spec:
+ ingressClassName: azure-alb-external
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: backend-v1
+ port:
+ number: 8080
+EOF
+```
+++
+Once the ingress resource is created, ensure the status shows the hostname of your load balancer and that both ports are listening for requests.
+
+```bash
+kubectl get ingress ingress-01 -n test-infra -o yaml
+```
+
+Example output of successful Ingress creation.
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ annotations:
+ alb.networking.azure.io/alb-frontend: FRONTEND_NAME
+ alb.networking.azure.io/alb-id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/yyyyyyyy/providers/Microsoft.ServiceNetworking/trafficControllers/zzzzzz
+ kubectl.kubernetes.io/last-applied-configuration: |
+ {"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"alb.networking.azure.io/alb-frontend":"FRONTEND_NAME","alb.networking.azure.io/alb-id":"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/yyyyyyyy/providers/Microsoft.ServiceNetworking/trafficControllers/zzzzzz", "alb.networking.azure.io/alb-ingress-extension":"header-rewrite"},"name"
+:"ingress-01","namespace":"test-infra"},"spec":{"ingressClassName":"azure-alb-external","rules":[{"host":"contoso.com","http":{"paths":[{"backend":{"service":{"name":"backend-v1","port":{"number":8080}}},"path":"/","pathType":"Prefix"}]}}]}}
+ creationTimestamp: "2023-07-22T18:02:13Z"
+ generation: 2
+ name: ingress-01
+ namespace: test-infra
+ resourceVersion: "278238"
+ uid: 17c34774-1d92-413e-85ec-c5a8da45989d
+spec:
+ ingressClassName: azure-alb-external
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: backend-v1
+ port:
+ number: 8080
+status:
+ loadBalancer:
+ ingress:
+ - hostname: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.fzyy.alb.azure.com
+ ports:
+ - port: 80
+ protocol: TCP
+```
++
+Once the Ingress is created, next we need to define an IngressExtension with the header rewrite rules.
+
+In this example, we set a static user-agent with a value of `rewritten-user-agent`.
+
+This example also demonstrates addition of a new header called `AGC-Header-Add` with a value of `agc-value` and removes a request header called `client-custom-header`.
+
+> [!TIP]
+> For this example, while we can use the HTTPHeaderMatch of "Exact" for a string match, a demonstration is used in regular expression for illistration of further capabilities.
+
+```bash
+kubectl apply -f - <<EOF
+apiVersion: alb.networking.azure.io/v1
+kind: IngressExtension
+metadata:
+ name: header-rewrite
+ namespace: test-infra
+spec:
+ rules:
+ - host: contoso.com
+ httpPort: 80
+ rewrites:
+ - type: RequestHeaderModifier
+ requestHeaderModifier:
+ set:
+ - name: "user-agent"
+ value: "rewritten-user-agent"
+ add:
+ - name: "AGC-Header-Add"
+ value: "agc-value"
+ remove:
+ - "client-custom-header"
+EOF
+```
+
+Once the HTTPRoute resource is created, ensure the route has been _Accepted_ and the Application Gateway for Containers resource has been _Programmed_.
+```bash
+kubectl get IngressExtension header-rewrite -n test-infra -o yaml
+```
+
+Verify the status of the Application Gateway for Containers resource has been successfully updated.
+
+## Test access to the application
+
+Now we're ready to send some traffic to our sample application, via the FQDN assigned to the frontend. Use the following command to get the FQDN.
+
+```bash
+fqdn=$(kubectl get ingress ingress-01 -n test-infra -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+```
+
+If you specify the server name indicator using the curl command, `contoso.com` for the frontend FQDN, a response from the backend-v1 service is returned.
+
+```bash
+fqdnIp=$(dig +short $fqdn)
+curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com
+```
+
+Via the response we should see:
+```json
+{
+ "path": "/",
+ "host": "contoso.com",
+ "method": "GET",
+ "proto": "HTTP/1.1",
+ "headers": {
+ "Accept": [
+ "*/*"
+ ],
+ "User-Agent": [
+ "curl/7.81.0"
+ ],
+ "X-Forwarded-For": [
+ "xxx.xxx.xxx.xxx"
+ ],
+ "X-Forwarded-Proto": [
+ "http"
+ ],
+ "X-Request-Id": [
+ "dcd4bcad-ea43-4fb6-948e-a906380dcd6d"
+ ]
+ },
+ "namespace": "test-infra",
+ "ingress": "",
+ "service": "",
+ "pod": "backend-v1-5b8fd96959-f59mm"
+}
+```
+
+Specifying a user-agent header with the value `my-user-agent` should return a response from the backend service of `rewritten-user-agent`:
+
+```bash
+fqdnIp=$(dig +short $fqdn)
+curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com -H "user-agent: my-user-agent"
+```
+
+Via the response we should see:
+```json
+{
+ "path": "/",
+ "host": "fabrikam.com",
+ "method": "GET",
+ "proto": "HTTP/1.1",
+ "headers": {
+ "Accept": [
+ "*/*"
+ ],
+ "User-Agent": [
+ "curl/7.81.0"
+ ],
+ "X-Forwarded-For": [
+ "xxx.xxx.xxx.xxx"
+ ],
+ "X-Forwarded-Proto": [
+ "http"
+ ],
+ "X-Request-Id": [
+ "adae8cc1-8030-4d95-9e05-237dd4e3941b"
+ ]
+ },
+ "namespace": "test-infra",
+ "ingress": "",
+ "service": "",
+ "pod": "backend-v1-5b8fd96959-f59mm"
+}
+```
+
+Specifying a `client-custom-header` header with the value `moo` should be stripped from the request when AGC initiates the connection to the backend service:
+
+```bash
+fqdnIp=$(dig +short $fqdn)
+curl -k --resolve contoso.com:80:$fqdnIp http://contoso.com -H "client-custom-header: moo"
+```
+
+Via the response we should see:
+```json
+{
+ "path": "/",
+ "host": "fabrikam.com",
+ "method": "GET",
+ "proto": "HTTP/1.1",
+ "headers": {
+ "Accept": [
+ "*/*"
+ ],
+ "User-Agent": [
+ "curl/7.81.0"
+ ],
+ "X-Forwarded-For": [
+ "xxx.xxx.xxx.xxx"
+ ],
+ "X-Forwarded-Proto": [
+ "http"
+ ],
+ "X-Request-Id": [
+ "kd83nc84-4325-5d22-3d23-237dd4e3941b"
+ ]
+ },
+ "namespace": "test-infra",
+ "ingress": "",
+ "service": "",
+ "pod": "backend-v1-5b8fd96959-f59mm"
+}
+```
+
+Congratulations, you have installed ALB Controller, deployed a backend application and modified header values via Gateway API on Application Gateway for Containers.
application-gateway How To Multiple Site Hosting Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-multiple-site-hosting-gateway-api.md
Previously updated : 09/20/2023 Last updated : 11/07/2023
Application Gateway for Containers enables multi-site hosting by allowing you to
> Application Gateway for Containers is currently in PREVIEW.<br> > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-1. If you follow the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
-2. If you follow the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
+1. If you follow the BYO deployment strategy, ensure you set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
+2. If you follow the ALB managed deployment strategy, ensure provisioning of your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
3. Deploy sample HTTP application Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate path, query, and header based routing. ```bash
Application Gateway for Containers enables multi-site hosting by allowing you to
This command creates the following on your cluster: - a namespace called `test-infra`
- - 2 services called `backend-v1` and `backend-v2` in the `test-infra` namespace
- - 2 deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
## Deploy the required Gateway API resources
EOF
-Once the gateway resource has been created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.
+Once the gateway resource is created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.
```bash kubectl get gateway gateway-01 -n test-infra -o yaml ```
status:
kind: HTTPRoute ```
-Once the gateway has been created, create two HTTPRoute resources for `contoso.com` and `fabrikam.com` domain names. Each domain forwards traffic to a different backend service.
+Once the gateway is created, create two HTTPRoute resources for `contoso.com` and `fabrikam.com` domain names. Each domain forwards traffic to a different backend service.
```bash kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1beta1
spec:
EOF ```
-Once the HTTPRoute resource has been created, ensure both HTTPRoute resources show _Accepted_ and the Application Gateway for Containers resource has been _Programmed_.
+Once the HTTPRoute resource is created, ensure both HTTPRoute resources show _Accepted_ and the Application Gateway for Containers resource is _Programmed_.
```bash kubectl get httproute contoso-route -n test-infra -o yaml kubectl get httproute fabrikam-route -n test-infra -o yaml ```
-Verify the status of the Application Gateway for Containers resource has been successfully updated for each HTTPRoute.
+Verify the status of the Application Gateway for Containers resource is successfully updated for each HTTPRoute.
```yaml status:
Now we're ready to send some traffic to our sample application, via the FQDN ass
fqdn=$(kubectl get gateway gateway-01 -n test-infra -o jsonpath='{.status.addresses[0].value}') ```
-Specifying server name indicator using the curl command, `contoso.com` for the frontend FQDN should return a response from the backend-v1 service.
+If you specify the server name indicator using the curl command, `contoso.com` for the frontend FQDN, it returns a response from the backend-v1 service.
```bash fqdnIp=$(dig +short $fqdn)
Via the response we should see:
} ```
-Specifying server name indicator using the curl command, `contoso.com` for the frontend FQDN should return a response from the backend-v1 service.
+If you specify the server name indicator using the curl command, `fabrikam.com` for the frontend FQDN, it returns a response from the backend-v1 service.
```bash fqdnIp=$(dig +short $fqdn)
application-gateway How To Multiple Site Hosting Ingress Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-multiple-site-hosting-ingress-api.md
Previously updated : 09/25/2023 Last updated : 11/07/2023
Application Gateway for Containers enables multi-site hosting by allowing you to
> Application Gateway for Containers is currently in PREVIEW.<br> > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-1. If you follow the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
-2. If you follow the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
+1. If you follow the BYO deployment strategy, ensure that you set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
+2. If you follow the ALB managed deployment strategy, ensure provisioning of your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
3. Deploy sample HTTP application Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate path, query, and header based routing. ```bash
Application Gateway for Containers enables multi-site hosting by allowing you to
This command creates the following on your cluster: - a namespace called `test-infra`
- - 2 services called `backend-v1` and `backend-v2` in the `test-infra` namespace
- - 2 deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
## Deploy the required Ingress resource
EOF
-Once the ingress resource has been created, ensure the status shows the hostname of your load balancer and that both ports are listening for requests.
+Once the ingress resource is created, ensure the status shows the hostname of your load balancer and that both ports are listening for requests.
```bash kubectl get ingress ingress-01 -n test-infra -o yaml ```
-Example output of successful gateway creation.
+Example output of successful Ingress creation.
```yaml apiVersion: networking.k8s.io/v1 kind: Ingress
Via the response we should see:
} ```
-Next, specify server name indicator using the curl command, `contoso.com` for the frontend FQDN should return a response from the backend-v1 service.
+Next, specify server name indicator using the curl command, `fabrikam.com` for the frontend FQDN should return a response from the backend-v1 service.
```bash fqdnIp=$(dig +short $fqdn)
application-gateway How To Path Header Query String Routing Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-path-header-query-string-routing-gateway-api.md
Application Gateway for Containers enables traffic routing based on URL path, qu
This command creates the following on your cluster: - a namespace called `test-infra`
- - 2 services called `backend-v1` and `backend-v2` in the `test-infra` namespace
- - 2 deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
## Deploy the required Gateway API resources
application-gateway How To Ssl Offloading Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-ssl-offloading-gateway-api.md
Previously updated : 09/20/2023 Last updated : 11/07/2023
Application Gateway for Containers enables SSL [offloading](/azure/architecture/
> Application Gateway for Containers is currently in PREVIEW.<br> > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
-2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
+1. If following the BYO deployment strategy, ensure that you set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
+2. If following the ALB managed deployment strategy, ensure that you provision your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
3. Deploy sample HTTPS application Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate TLS/SSL offloading.
Application Gateway for Containers enables SSL [offloading](/azure/architecture/
This command creates the following on your cluster: - a namespace called `test-infra`
- - 1 service called `echo` in the `test-infra` namespace
- - 1 deployment called `echo` in the `test-infra` namespace
- - 1 secret called `listener-tls-secret` in the `test-infra` namespace
+ - one service called `echo` in the `test-infra` namespace
+ - one deployment called `echo` in the `test-infra` namespace
+ - one secret called `listener-tls-secret` in the `test-infra` namespace
## Deploy the required Gateway API resources
EOF
-Once the gateway resource has been created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.
+When the gateway resource is created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.
```bash kubectl get gateway gateway-01 -n test-infra -o yaml ```
status:
kind: HTTPRoute ```
-Once the gateway has been created, create an HTTPRoute
+Once the gateway is created, create an HTTPRoute
```bash kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1beta1
spec:
EOF ```
-Once the HTTPRoute resource has been created, ensure the route has been _Accepted_ and the Application Gateway for Containers resource has been _Programmed_.
+Once the HTTPRoute resource is created, ensure the route is _Accepted_ and the Application Gateway for Containers resource is _Programmed_.
```bash kubectl get httproute https-route -n test-infra -o yaml ```
-Verify the status of the Application Gateway for Containers resource has been successfully updated.
+Verify the Application Gateway for Containers resource is successfully updated.
```yaml status:
application-gateway How To Ssl Offloading Ingress Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-ssl-offloading-ingress-api.md
Previously updated : 09/20/2023 Last updated : 11/07/2023
Application Gateway for Containers enables SSL [offloading](/azure/architecture/
> Application Gateway for Containers is currently in PREVIEW.<br> > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-1. If you follow the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
-2. If you follow the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
+1. If you follow the BYO deployment strategy, ensure that you set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
+2. If you follow the ALB managed deployment strategy, ensure that you provision your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
3. Deploy a sample HTTPS application: Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate TLS/SSL offloading.
Application Gateway for Containers enables SSL [offloading](/azure/architecture/
This command creates the following on your cluster: - a namespace called `test-infra`
- - 1 service called `echo` in the `test-infra` namespace
- - 1 deployment called `echo` in the `test-infra` namespace
- - 1 secret called `listener-tls-secret` in the `test-infra` namespace
+ - one service called `echo` in the `test-infra` namespace
+ - one deployment called `echo` in the `test-infra` namespace
+ - one secret called `listener-tls-secret` in the `test-infra` namespace
## Deploy the required Ingress API resources
EOF
-Once the ingress resource has been created, ensure the status shows the hostname of your load balancer and that both ports are listening for requests.
+When the ingress resource is created, ensure the status shows the hostname of your load balancer and that both ports are listening for requests.
```bash kubectl get ingress ingress-01 -n test-infra -o yaml ```
-Example output of successful gateway creation.
+Example output of successful Ingress creation.
```yaml apiVersion: networking.k8s.io/v1 kind: Ingress
application-gateway How To Traffic Splitting Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-traffic-splitting-gateway-api.md
Application Gateway for Containers enables you to set weights and shift traffic
This command creates the following on your cluster: - a namespace called `test-infra`
- - 2 services called `backend-v1` and `backend-v2` in the `test-infra` namespace
- - 2 deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
## Deploy the required Gateway API resources
application-gateway How To Url Rewrite Gateway Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-url-rewrite-gateway-api.md
Previously updated : 10/13/2023 Last updated : 11/07/2023
URL Rewrites take advantage of [filters](https://gateway-api.sigs.k8s.io/referen
## Background URL rewrite enables you to translate an incoming request to a different URL when initiated to a backend target.
-See the following figure, which illustrates an example of a request destined for _contoso.com/shop_ being rewritten to _contoso.com/ecommerce_ when the request is initiated to the backend target by Application Gateway for Containers:
+The following figure illustrates an example of a request destined for _contoso.com/shop_ being rewritten to _contoso.com/ecommerce_. The request is initiated to the backend target by Application Gateway for Containers:
[ ![A diagram showing the Application Gateway for Containers rewriting a URL to the backend.](./media/how-to-url-rewrite-gateway-api/url-rewrite.png) ](./media/how-to-url-rewrite-gateway-api/url-rewrite.png#lightbox)
See the following figure, which illustrates an example of a request destined for
This command creates the following on your cluster: - a namespace called `test-infra`
- - 2 services called `backend-v1` and `backend-v2` in the `test-infra` namespace
- - 2 deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
## Deploy the required Gateway API resources
EOF
-Once the gateway resource has been created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.
+Once the gateway resource is created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.
```bash kubectl get gateway gateway-01 -n test-infra -o yaml ```
status:
kind: HTTPRoute ```
-Once the gateway has been created, create an HTTPRoute resources for `contoso.com`. This example ensures traffic sent to `contoso.com/shop` is initiated as `contoso.com/ecommerce` to the backend target.
+Once the gateway is created, create an HTTPRoute resource for `contoso.com`. This example ensures traffic sent to `contoso.com/shop` is initiated as `contoso.com/ecommerce` to the backend target.
```bash kubectl apply -f - <<EOF
spec:
EOF ```
-Once the HTTPRoute resource has been created, ensure the HTTPRoute resource shows _Accepted_ and the Application Gateway for Containers resource has been _Programmed_.
+When the HTTPRoute resource is created, ensure the HTTPRoute resource shows _Accepted_ and the Application Gateway for Containers resource is _Programmed_.
```bash kubectl get httproute rewrite-example -n test-infra -o yaml ```
-Verify the status of the Application Gateway for Containers resource has been successfully updated for each HTTPRoute.
+Verify the Application Gateway for Containers resource is successfully updated for each HTTPRoute.
```yaml status:
Now we're ready to send some traffic to our sample application, via the FQDN ass
fqdn=$(kubectl get gateway gateway-01 -n test-infra -o jsonpath='{.status.addresses[0].value}') ```
-Specifying server name indicator using the curl command, `contoso.com/shop` should return a response from the backend-v1 service with the requested path to the backend target showing `contoso.com/ecommerce`.
+When you specify the server name indicator using the curl command, `contoso.com/shop` should return a response from the backend-v1 service with the requested path to the backend target showing `contoso.com/ecommerce`.
```bash fqdnIp=$(dig +short $fqdn)
Via the response we should see:
} ```
-Specifying server name indicator using the curl command, `contoso.com` should return a response from the backend-v2 service.
+When you specify the server name indicator using the curl command, `contoso.com` should return a response from the backend-v2 service.
```bash fqdnIp=$(dig +short $fqdn)
application-gateway How To Url Rewrite Ingress Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/how-to-url-rewrite-ingress-api.md
+
+ Title: URL Rewrite for Azure Application Gateway for Containers - Ingress API
+description: Learn how to rewrite URLs in Ingress API for Application Gateway for Containers.
+++++ Last updated : 11/07/2023+++
+# URL Rewrite for Azure Application Gateway for Containers - Ingress API (preview)
+
+Application Gateway for Containers allows you to rewrite the URL of a client request, including the requests' hostname and/or path. When Application Gateway for Containers initiates the request to the backend target, the request contains the newly rewritten URL to initiate the request.
++
+## Usage details
+
+URL Rewrites take advantage of Application Gateway for Containers' IngressExtension custom resource.
+
+## Background
+URL rewrite enables you to translate an incoming request to a different URL when initiated to a backend target.
+
+The following figure illustrates a request destined for _contoso.com/shop_ being rewritten to _contoso.com/ecommerce_ when the request is initiated to the backend target by Application Gateway for Containers:
+
+[ ![A diagram showing the Application Gateway for Containers rewriting a URL to the backend.](./media/how-to-url-rewrite-gateway-api/url-rewrite.png) ](./media/how-to-url-rewrite-gateway-api/url-rewrite.png#lightbox)
++
+## Prerequisites
+
+> [!IMPORTANT]
+> Application Gateway for Containers is currently in PREVIEW.<br>
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+1. If following the BYO deployment strategy, ensure you have set up your Application Gateway for Containers resources and [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md)
+2. If following the ALB managed deployment strategy, ensure you have provisioned your [ALB Controller](quickstart-deploy-application-gateway-for-containers-alb-controller.md) and provisioned the Application Gateway for Containers resources via the [ApplicationLoadBalancer custom resource](quickstart-create-application-gateway-for-containers-managed-by-alb-controller.md).
+3. Deploy sample HTTP application
+ Apply the following deployment.yaml file on your cluster to create a sample web application to demonstrate path, query, and header based routing.
+ ```bash
+ kubectl apply -f https://trafficcontrollerdocs.blob.core.windows.net/examples/traffic-split-scenario/deployment.yaml
+ ```
+
+ This command creates the following on your cluster:
+ - a namespace called `test-infra`
+ - two services called `backend-v1` and `backend-v2` in the `test-infra` namespace
+ - two deployments called `backend-v1` and `backend-v2` in the `test-infra` namespace
+
+## Deploy the required Ingress API resources
+
+# [ALB managed deployment](#tab/alb-managed)
+
+1. Create an Ingress that catches all traffic and routes to backend-v2
+```bash
+kubectl apply -f - <<EOF
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: ingress-01
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-name: alb-test
+ alb.networking.azure.io/alb-namespace: alb-test-infra
+spec:
+ ingressClassName: azure-alb-external
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: backend-v2
+ port:
+ number: 8080
+EOF
+```
+
+2. Create an Ingress that matches the /shop prefix that routes to backend-v1
+```bash
+kubectl apply -f - <<EOF
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: ingress-02
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-name: alb-test
+ alb.networking.azure.io/alb-namespace: alb-test-infra
+ alb.networking.azure.io/alb-ingress-extension: url-rewrite
+spec:
+ ingressClassName: azure-alb-external
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /shop
+ pathType: Prefix
+ backend:
+ service:
+ name: backend-v1
+ port:
+ number: 8080
+EOF
+```
++
+# [Bring your own (BYO) deployment](#tab/byo)
+
+1. Set the following environment variables
+
+```bash
+RESOURCE_GROUP='<resource group name of the Application Gateway For Containers resource>'
+RESOURCE_NAME='alb-test'
+
+RESOURCE_ID=$(az network alb show --resource-group $RESOURCE_GROUP --name $RESOURCE_NAME --query id -o tsv)
+FRONTEND_NAME='frontend'
+```
+
+2. Create an Ingress that catches all traffic and routes to backend-v2
+```bash
+kubectl apply -f - <<EOF
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: ingress-01
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-id: $RESOURCE_ID
+ alb.networking.azure.io/alb-frontend: $FRONTEND_NAME
+spec:
+ ingressClassName: azure-alb-external
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: backend-v2
+ port:
+ number: 8080
+EOF
+```
+
+3. Create an Ingress that matches the /shop prefix and routes to backend-v1
+```bash
+kubectl apply -f - <<EOF
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: ingress-02
+ namespace: test-infra
+ annotations:
+ alb.networking.azure.io/alb-id: $RESOURCE_ID
+ alb.networking.azure.io/alb-frontend: $FRONTEND_NAME
+ alb.networking.azure.io/alb-ingress-extension: url-rewrite
+spec:
+ ingressClassName: azure-alb-external
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - path: /shop
+ pathType: Prefix
+ backend:
+ service:
+ name: backend-v1
+ port:
+ number: 8080
+EOF
+```
+++
+When each Ingress resource is created, ensure the status is valid, the listener is _Programmed_, and an address is assigned to the gateway.
+```bash
+kubectl get ingress ingress-01 -n test-infra -o yaml
+kubectl get ingress ingress-02 -n test-infra -o yaml
+```
+
+Example output of one of the Ingress resources.
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ annotations:
+ alb.networking.azure.io/alb-frontend: FRONTEND_NAME
+ alb.networking.azure.io/alb-id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/yyyyyyyy/providers/Microsoft.ServiceNetworking/trafficControllers/zzzzzz
+ kubectl.kubernetes.io/last-applied-configuration: |
+ {"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"alb.networking.azure.io/alb-frontend":"FRONTEND_NAME","alb.networking.azure.io/alb-id":"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/yyyyyyyy/providers/Microsoft.ServiceNetworking/trafficControllers/zzzzzz"},"name"
+:"ingress-01","namespace":"test-infra"},"spec":{"ingressClassName":"azure-alb-external","rules":[{"host":"contoso.com","http":{"paths":[{"backend":{"service":{"name":"backend-v2","port":{"number":8080}}},"path":"/","pathType":"Prefix"}]}}]}}
+ creationTimestamp: "2023-07-22T18:02:13Z"
+ generation: 2
+ name: ingress-01
+ namespace: test-infra
+ resourceVersion: "278238"
+ uid: 17c34774-1d92-413e-85ec-c5a8da45989d
+spec:
+ ingressClassName: azure-alb-external
+ rules:
+ - host: contoso.com
+ http:
+ paths:
+ - backend:
+ service:
+ name: backend-v2
+ port:
+ number: 8080
+ path: /
+ pathType: Prefix
+status:
+ loadBalancer:
+ ingress:
+ - hostname: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.fzyy.alb.azure.com
+ ports:
+ - port: 80
+ p