MODIFIED docs/identity-platform/tokens-overview.md

Modified by Gearoid O'Donnell on Feb 6, 2026 4:02 PM
📖 View on learn.microsoft.com

+123 / -123 lines changed

Commit: docs: Consolidate token documentation into single comprehensive guide

Changes:

Before

After

 
Microsoft Entra ID supports two tenant configurations: A workforce configuration that's intended for internal use and manages employees and business guests, and a [customer configuration](/entra/external-id/customers/concept-supported-features-customers) which is optimized for isolating consumers and partners in a restricted external-facing directory. While the underlying identity service is identical for both tenant configurations, the sign in domains and token issuing authority for external tenants is different. This allows applications to keep workforce and external ID workflows separated if needed.
 
Microsoft Entra workforce tenants authenticate at login.microsoftonline.com with tokens issued by *sts.windows.net*. Workforce tenant tokens are interchangeable across tenants and multitenant applications so long as underlying trust relationships permit this interoperability. Microsoft Entra external tenants use endpoints of the form `{tenantname}.ciamlogin.com`. Applications registered to external tenants must be aware of this separation to receive and validate tokens correctly.
 
Every Microsoft Entra tenant publishes a standards-compliant well-known metadata document. This document contains information about the issuer name, the authentication and authorization endpoints, supported scopes and claims. For external tenants, the document is publicly available at: `https://{tenantname}.ciamlogin.com/{tenantid}/v2.0/.well-known/openid-configuration`. This endpoint returns an issuer value `https://{tenantid}.ciamlogin.com/{tenantid}/v2.0`.
 
Both access tokens and ID tokens contain header claims that provide information for token validation.
 
| Claim | Format | Description |
|-------|--------|-------------|
| `typ` | String - always `JWT` | Indicates that the token is a JWT. |
| `alg` | String | Indicates the algorithm used to sign the token, for example, `RS256`. |
| `kid` | String | Specifies the thumbprint for the public key used for validating the signature of the token. Emitted in both v1.0 and v2.0 tokens. |
| `x5t` | String | Functions the same (in use and value) as `kid`. `x5t` is a legacy claim emitted only in v1.0 tokens for compatibility purposes. |
 
### Access token claims

 
Microsoft Entra ID supports two tenant configurations: A workforce configuration that's intended for internal use and manages employees and business guests, and a [customer configuration](/entra/external-id/customers/concept-supported-features-customers) which is optimized for isolating consumers and partners in a restricted external-facing directory. While the underlying identity service is identical for both tenant configurations, the sign in domains and token issuing authority for external tenants is different. This allows applications to keep workforce and external ID workflows separated if needed.
 
Microsoft Entra workforce tenants authenticate at login.microsoftonline.com with tokens issued by *sts.windows.NET*. Workforce tenant tokens are interchangeable across tenants and multitenant applications so long as underlying trust relationships permit this interoperability. Microsoft Entra external tenants use endpoints of the form `{tenantname}.ciamlogin.com`. Applications registered to external tenants must be aware of this separation to receive and validate tokens correctly.
 
Every Microsoft Entra tenant publishes a standards-compliant well-known metadata document. This document contains information about the issuer name, the authentication and authorization endpoints, supported scopes and claims. For external tenants, the document is publicly available at: `https://{tenantname}.ciamlogin.com/{tenantid}/v2.0/.well-known/openid-configuration`. This endpoint returns an issuer value `https://{tenantid}.ciamlogin.com/{tenantid}/v2.0`.
 
Both access tokens and ID tokens contain header claims that provide information for token validation.
 
| Claim| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | Format| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | Description| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | |
| -------| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | --------| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | -------------| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | |
| `typ`| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | String - always `JWT`| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | Indicates that the token is a JWT.| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | |
| `alg`| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | String| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | Indicates the algorithm used to sign the token, for example, `RS256`.| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | |
| `kid`| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | String| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | Specifies the thumbprint for the public key used for validating the signature of the token. Emitted in both v1.0 and v2.0 tokens.| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | |
| `x5t`| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | String| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | | Functions the same (in use and value) as `kid`. `x5t` is a legacy claim emitted only in v1.0 tokens for compatibility purposes.| [Hybrid OIDC flow](v2-protocols-oidc.md#protocol-diagram-access-token-acquisition) | |
 
### Access token claims

MODIFIED docs/external-id/allow-deny-list.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Allow or Block Invitations
description: Learn how an administrator creates a list to allow or block B2B collaboration with specific domains by using the Microsoft Entra admin center.
 
 
ms.service: entra-external-id
ms.topic: how-to
ms.date: 04/16/2025
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
ms.custom: it-pro, seo-july-2024
ms.collection: M365-identity-device-management
#customer intent: As an IT admin managing B2B collaboration, I want to configure an allowlist or blocklist for specific organizations, so that I can control  where B2B invitations can be sent by users in my organization.

---
title: Allow or Block Invitations
description: Learn how an administrator creates a list to allow or block B2B collaboration with specific domains by using the Microsoft Entra admin center.
ms.topic: how-to
ms.date: 04/16/2025
ms.custom: it-pro, seo-july-2024
ms.collection: M365-identity-device-management
#customer intent: As an IT admin managing B2B collaboration, I want to configure an allowlist or blocklist for specific organizations, so that I can control  where B2B invitations can be sent by users in my organization.

MODIFIED docs/external-id/code-samples.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: B2B collaboration code and PowerShell samples
description: Code and PowerShell samples for Microsoft Entra B2B collaboration
 
 
ms.service: entra-external-id
ms.topic: sample
ms.date: 04/15/2025
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
ms.custom: it-pro, has-adal-ref, devx-track-linux, has-azure-ad-ps-ref, azure-ad-ref-level-one-done
ms.collection: M365-identity-device-management
#customer intent: As an IT admin managing B2B collaboration, I want to bulk-invite external users to my organization by using PowerShell or by uploading a .csv file to the admin center or portal, so that I can streamline the onboarding process and save time.

---
title: B2B collaboration code and PowerShell samples
description: Code and PowerShell samples for Microsoft Entra B2B collaboration
ms.topic: sample
ms.date: 04/15/2025
ms.custom: it-pro, has-adal-ref, devx-track-linux, has-azure-ad-ps-ref, azure-ad-ref-level-one-done
ms.collection: M365-identity-device-management
#customer intent: As an IT admin managing B2B collaboration, I want to bulk-invite external users to my organization by using PowerShell or by uploading a .csv file to the admin center or portal, so that I can streamline the onboarding process and save time.

MODIFIED docs/external-id/current-limitations.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Limitations of B2B collaboration
description: Current limitations for Microsoft Entra B2B collaboration
 
 
ms.service: entra-external-id
ms.topic: concept-article
ms.date: 04/15/2025
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
 
ms.collection: content-health, M365-identity-device-management
 
#Customer intent: As a user of Microsoft Entra B2B collaboration, I want to understand the limitations and potential issues with the platform, so that I can effectively manage and troubleshoot any authentication or replication problems that may arise.

---
title: Limitations of B2B collaboration
description: Current limitations for Microsoft Entra B2B collaboration
ms.topic: concept-article
ms.date: 04/15/2025
 
ms.collection: content-health, M365-identity-device-management
 
#Customer intent: As a user of Microsoft Entra B2B collaboration, I want to understand the limitations and potential issues with the platform, so that I can effectively manage and troubleshoot any authentication or replication problems that may arise.

MODIFIED docs/external-id/customers/concept-custom-extensions.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Custom authentication extensions
description: Learn how to use custom authentication extensions in Microsoft Entra External ID. Integrate with external systems, add custom logic to authentication flows, and enhance user experiences.
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
ms.topic: concept-article
ms.date: 04/10/2025
ms.custom: it-pro

---
title: Custom authentication extensions
description: Learn how to use custom authentication extensions in Microsoft Entra External ID. Integrate with external systems, add custom logic to authentication flows, and enhance user experiences.
ms.topic: concept-article
ms.date: 04/10/2025
ms.custom: it-pro

MODIFIED docs/external-id/customers/concept-guide-explained.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Get started guide features
description: Learn about the features you set up with the get started guide. 
 
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
ms.topic: concept-article
ms.date:  02/06/2025
ms.author: cmulligan
ms.custom: it-pro
 
#Customer intent: As an it admin, I want to know about the functions I set up with the get started guide so that I can understand the value of the features and how to use them.

---
title: Get started guide features
description: Learn about the features you set up with the get started guide. 
ms.topic: concept-article
ms.date:  02/06/2025
ms.custom: it-pro
 
#Customer intent: As an it admin, I want to know about the functions I set up with the get started guide so that I can understand the value of the features and how to use them.

MODIFIED docs/external-id/customers/concept-multifactor-authentication-customers.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: MFA in external tenants
description: Learn about using MFA to secure apps in your external tenant and enabling email one-time passcodes (EOTP) or SMS as a second verification method for sign-up and sign-in.
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
 
ms.topic: concept-article
ms.date: 11/20/2024

---
title: MFA in external tenants
description: Learn about using MFA to secure apps in your external tenant and enabling email one-time passcodes (EOTP) or SMS as a second verification method for sign-up and sign-in.
 
ms.topic: concept-article
ms.date: 11/20/2024

MODIFIED docs/external-id/customers/concept-planning-your-solution.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Plan a CIAM Deployment
description: Discover the steps for setting up a customer identity and access management (CIAM) solution in an external tenant, including creating a tenant, registering apps, and setting up user flows for sign-in.
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
ms.topic: concept-article
ms.date: 10/02/2025
 

---
title: Plan a CIAM Deployment
description: Discover the steps for setting up a customer identity and access management (CIAM) solution in an external tenant, including creating a tenant, registering apps, and setting up user flows for sign-in.
ms.topic: concept-article
ms.date: 10/02/2025

MODIFIED docs/external-id/customers/concept-security-customers.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Security Features in External Tenants
description: Learn about security features and fundamentals for Microsoft Entra External ID customer identity and access management (CIAM) in external tenant configurations. 
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
ms.topic: concept-article
ms.date: 01/28/2026
ms.custom: it-pro

---
title: Security Features in External Tenants
description: Learn about security features and fundamentals for Microsoft Entra External ID customer identity and access management (CIAM) in external tenant configurations. 
ms.topic: concept-article
ms.date: 01/28/2026
ms.custom: it-pro

MODIFIED docs/external-id/customers/faq-customers.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Frequently asked questions
description: Find answers to frequently asked questions about Microsoft Entra External ID. Learn about pricing, features, and the future of Azure AD B2C and External Identities. 
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
ms.topic: faq
ms.date: 01/06/2026
ms.custom: it-pro

---
title: Frequently asked questions
description: Find answers to frequently asked questions about Microsoft Entra External ID. Learn about pricing, features, and the future of Azure AD B2C and External Identities. 
ms.topic: faq
ms.date: 01/06/2026
ms.custom: it-pro

MODIFIED docs/external-id/customers/how-to-b2c-federation-customers.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Add Azure AD B2C for customer sign-in
description: Learn how to configure an Azure AD B2C tenant as an external identity provider in Microsoft Entra External ID, enabling users to sign in using their existing accounts. 
 
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
ms.topic: how-to
ms.date: 05/20/2025
ms.author: cmulligan
ms.reviewer: brozbab
ms.custom: it-pro
 

---
title: Add Azure AD B2C for customer sign-in
description: Learn how to configure an Azure AD B2C tenant as an external identity provider in Microsoft Entra External ID, enabling users to sign in using their existing accounts. 
ms.topic: how-to
ms.date: 05/20/2025
ms.reviewer: brozbab
ms.custom: it-pro

MODIFIED docs/external-id/customers/how-to-custom-oidc-federation-customers.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Add OIDC for customer sign-in
description: Learn how to set up OpenID Connect as an external identity provider in Microsoft Entra External ID, enabling users to sign in using their existing accounts. 
 
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
ms.topic: how-to
ms.date: 09/15/2025
ms.author: cmulligan
ms.reviewer: brozbab
ms.custom: it-pro
 

---
title: Add OIDC for customer sign-in
description: Learn how to set up OpenID Connect as an external identity provider in Microsoft Entra External ID, enabling users to sign in using their existing accounts. 
ms.topic: how-to
ms.date: 09/15/2025
ms.reviewer: brozbab
ms.custom: it-pro

MODIFIED docs/external-id/customers/how-to-manage-admin-accounts.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Add and manage admin accounts
description: Learn how to add and manage admin accounts in your external tenant with Microsoft Entra External ID.
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
ms.topic: how-to
ms.date: 03/10/2025
ms.custom: it-pro

---
title: Add and manage admin accounts
description: Learn how to add and manage admin accounts in your external tenant with Microsoft Entra External ID.
ms.topic: how-to
ms.date: 03/10/2025
ms.custom: it-pro

MODIFIED docs/external-id/customers/how-to-manage-customer-accounts.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Add and manage customer accounts
description: Learn how to add and manage customer accounts in Microsoft Entra External ID.
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
ms.topic: how-to
ms.date: 03/10/2025
ms.custom: it-pro

---
title: Add and manage customer accounts
description: Learn how to add and manage customer accounts in Microsoft Entra External ID.
ms.topic: how-to
ms.date: 03/10/2025
ms.custom: it-pro

MODIFIED docs/external-id/customers/how-to-user-flow-add-application.md

Modified by Ken Withee on Feb 6, 2026 8:29 PM
📖 View on learn.microsoft.com

+0 / -7 lines changed

Commit: [BULK UPDATE] Updates metadata and moves from individual files to folder level in docfx.json.

Changes:

Before

After

---
title: Add an application to a user flow
description: Learn how to add an application to a user flow to associate the application with a sign-up and sign-in user experience. Get guidance for updating the application configuration with application registration and tenant information.
 
ms.author: cmulligan
author: csmulligan
manager: dougeby
ms.service: entra-external-id
 
ms.subservice: external
ms.topic: how-to
ms.date: 04/14/2025
ms.custom: it-pro

---
title: Add an application to a user flow
description: Learn how to add an application to a user flow to associate the application with a sign-up and sign-in user experience. Get guidance for updating the application configuration with application registration and tenant information.
ms.topic: how-to
ms.date: 04/14/2025
ms.custom: it-pro

📋 Microsoft Entra Documentation Changes

📊 Summary

🆕 New Documentation Files

📝 Modified Documentation Files

🗑️ Deleted Documentation Files