MicrosoftDocs
diff --git a/‎articles/api-management/TOC.yml‎
Lines changed: 0 additions & 2 deletions b/‎articles/api-management/TOC.yml‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎articles/api-management/api-management-howto-aad-b2c.md‎
Lines changed: 2 additions & 2 deletions b/‎articles/api-management/api-management-howto-aad-b2c.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/api-management/api-management-howto-aad.md‎
Lines changed: 51 additions & 22 deletions b/‎articles/api-management/api-management-howto-aad.md‎
Lines changed: 51 additions & 22 deletions
diff --git a/‎articles/api-management/api-management-howto-entra-external-id.md‎
Lines changed: 0 additions & 83 deletions b/‎articles/api-management/api-management-howto-entra-external-id.md‎
Lines changed: 0 additions & 83 deletions
@@ -465,8 +465,6 @@
       href: developer-portal-basic-authentication.md
     - name: Authenticate with Microsoft Entra ID
       href: api-management-howto-aad.md
-    - name: Authenticate with Microsoft Entra External ID
-      href: api-management-howto-entra-external-id.md
     - name: Authenticate with Azure AD B2C
       href: api-management-howto-aad-b2c.md
     - name: Delegate authentication
 
@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 09/18/2025
+ms.date: 03/12/2026
 ms.author: danlep
 ms.custom:
   - engagement-fy23
@@ -21,7 +21,7 @@ ms.custom:
 [!INCLUDE [active-directory-b2c-end-of-sale-notice-b](../../includes/active-directory-b2c-end-of-sale-notice-b.md)]
 
 > [!IMPORTANT]
-> We recommend that you use [Microsoft Entra External ID](/entra/external-id/external-identities-overview) as an identity provider instead of Azure Active Directory B2C for new deployments of the API Management developer portal. For more information, see [How to authorize developer accounts by using Microsoft Entra External ID](api-management-howto-entra-external-id.md).
+> We recommend that you [enable access by external users in your Microsoft Entra ID workforce tenant](api-management-howto-aad.md#enable-access-by-external-users-in-your-microsoft-entra-id-tenant-optional) instead of configuring Azure Active Directory B2C for new deployments of the API Management developer portal.
 
 Azure Active Directory B2C is a cloud identity management solution for consumer-facing web and mobile applications. You can use it to manage access to your API Management developer portal. 
 
 
@@ -6,7 +6,7 @@ description: Learn how to enable user sign-in to the API Management developer po
 author: dlepow
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 12/12/2025
+ms.date: 03/12/2026
 ms.author: danlep
 ms.custom:
   - engagement-fy23
@@ -22,16 +22,15 @@ ms.custom:
 In this article, you learn how to:
 > [!div class="checklist"]
 > * Enable access to the developer portal for users in your organization's Microsoft Entra ID tenant or other Microsoft Entra ID workforce tenants.
+> * Optionally, add external identity providers, such as Google or Facebook, to your Microsoft Entra ID workforce tenant to allow users to sign in with those accounts.
 > * Manage groups of Microsoft Entra users by adding external groups that contain the users.
 
 For an overview of options to secure the developer portal, see [Secure access to the API Management developer portal](secure-developer-portal-access.md).
 
 > [!IMPORTANT]
-> * This article is updated with steps to configure a Microsoft Entra app using the Microsoft Authentication Library ([MSAL](../active-directory/develop/msal-overview.md)). 
+> * This article is updated with steps to configure a Microsoft Entra app by using the Microsoft Authentication Library ([MSAL](../active-directory/develop/msal-overview.md)). 
 > * If you previously configured a Microsoft Entra app for user sign-in by using the Azure AD Authentication Library (ADAL), [migrate to MSAL](#migrate-to-msal).
 
-For scenarios involving Microsoft External ID to allow external identities to sign in to the developer portal, see [Authorize access to API Management developer portal by using Microsoft Entra External ID](api-management-howto-entra-external-id.md).
-
 [!INCLUDE [api-management-developer-portal-entra-tenants.md](../../includes/api-management-developer-portal-entra-tenants.md)]
 
 
@@ -66,26 +65,51 @@ For steps, see [Switch redirect URIs to the single-page application type](../act
 1. [Republish your developer portal](developer-portal-overview.md#publish-the-portal).
 
 
-<a name='add-an-external-azure-ad-group'></a>
+<a name='enable-access-by-external-users'></a>
+
+## Enable access by external users in your Microsoft Entra ID tenant (optional)
+
+API Management supports external identity providers when you configure them in a Microsoft Entra ID workforce tenant. For example, if you're enabling access to the developer portal by users in your workforce tenant, such as the Contoso organization, you might want to configure Google or Facebook as an external identity provider so that these external users can also sign in by using their accounts.
+
+To optionally enable access to the developer portal by external users in your Microsoft Entra ID tenant, complete the following steps:
+
+1. Add an external identity provider to your Microsoft Entra ID tenant.
+1. Enable self-service sign-up.
+
+### 1. Add an external identity provider to your Microsoft Entra ID tenant
+
+For this scenario, you must enable an external identity provider in your workforce tenant. Configuring the external identity provider depends on the specific provider and is outside the scope of this article. For example, for Google you must create a project in the Google Developers Console, then configure the project credentials in Microsoft Entra. 
+
+For options and links to steps, see [Identity providers for External ID in workforce tenants](/entra/external-id/identity-providers).
 
-## Configure access by users in more than one Microsoft Entra tenant
+### 2. Enable self-service sign-up
+
+To allow external users to register for access to the developer portal, complete the following steps:
+
+a. Enable self-service sign-up for your tenant. 
+
+b. Add your app to the self-service sign-up user flow. 
+
+For more information and detailed steps, see [Add self-service sign-up user flows for B2B collaboration](/entra/external-id/self-service-sign-up-user-flow).
+
+## Enable access by users in more than one Microsoft Entra ID tenant (optional)
 
 > [!NOTE]
 > Support for access to the developer portal by users from multiple Microsoft Entra ID tenants is currently available in the API Management Developer, Standard, and Premium tiers.
 
-You can enable access to the developer portal by users from more than one Microsoft Entra ID tenant. To do this:
+To optionally enable access to the developer portal by users from more than one Microsoft Entra ID tenant, complete the following steps:
 
-* Configure app registration for multiple tenants.
-* Update the Microsoft Entra ID identity provider configuration for the developer portal to add another tenant.
+1. Configure app registration for multiple tenants.
+1. Update the Microsoft Entra ID identity provider configuration for the developer portal to add another tenant.
 
-### Configure app registration for multiple tenants
+### 1. Configure app registration for multiple tenants
 
-The app registration you configure for the identity provider must support multiple tenants. You can do this in either of the following ways:
+The app registration must support multiple tenants. You can configure this support in either of the following ways:
 
 * When creating the app registration, set **Supported account types** to **Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)**. 
 * If you previously configured an app registration for a single tenant, update the **Supported account types** setting on the **Manage** > **Authentication** page of the app registration.
 
-### Update Microsoft Entra ID identity provider configuration for multiple tenants
+### 2. Update Microsoft Entra ID identity provider configuration for multiple tenants
 
 Update the identity provider configuration to add another tenant:
 
@@ -97,6 +121,8 @@ Update the identity provider configuration to add another tenant:
 1. Select **Update**.
 1. [Republish your developer portal](developer-portal-overview.md#publish-the-portal).
 
+<a name='add-an-external-azure-ad-group'></a>
+
 ## Add an external Microsoft Entra group
 
 After you enable access for users in a Microsoft Entra tenant, you can:
@@ -119,7 +145,7 @@ Now you can add external Microsoft Entra groups from the **Groups** tab of your
 
 1. Select the **Tenant** from the drop-down. 
 1. Search for and select the group that you want to add.
-1. Press the **Select** button.
+1. Select **Select**.
 
 After you add an external Microsoft Entra group, you can review and configure its properties: 
 1. Select the name of the group from the **Groups** tab. 
@@ -137,13 +163,13 @@ Users from the configured Microsoft Entra instance can now:
 Groups you configure in Microsoft Entra must synchronize with API Management so that you can add them to your instance. If the groups don't synchronize automatically, use one of the following steps to manually synchronize group information:
 
 * Sign out and sign in to Microsoft Entra ID. This activity usually triggers synchronization of groups.
-* Ensure that the Microsoft Entra sign-in tenant is specified the same way (using one of tenant ID or domain name) in your configuration settings in API Management. You specify the sign-in tenant in the Microsoft Entra ID identity provider for the developer portal and when you add a Microsoft Entra group to API Management.
+* Ensure that you specify the Microsoft Entra sign-in tenant the same way (by using either the tenant ID or domain name) in your configuration settings in API Management. You specify the sign-in tenant in the Microsoft Entra ID identity provider for the developer portal and when you add a Microsoft Entra group to API Management.
 
 ## <a id="log_in_to_dev_portal"></a> Developer portal: Add Microsoft Entra account authentication
 
 In the developer portal, you can enable sign in with Microsoft Entra ID by using the **Sign-in button: OAuth** widget included on the sign-in page of the default developer portal content.
 
-A user can then sign in with Microsoft Entra ID as follows:
+A user can then sign in by using Microsoft Entra ID as follows:
 
 1. Go to the developer portal. Select **Sign in**.
 
@@ -153,22 +179,25 @@ A user can then sign in with Microsoft Entra ID as follows:
     :::image type="content" source="media/api-management-howto-aad/developer-portal-azure-ad-signin.png" alt-text="Screenshot showing OAuth widget in developer portal.":::
 
     > [!TIP]
-    > If more than one tenant is configured for access, more than one Microsoft Entra ID button appears on the sign-in page. Each button is labeled with the tenant name.
+    > If you configure more than one tenant for access, more than one Microsoft Entra ID button appears on the sign-in page. Each button is labeled with the tenant name.
+
+1. In the sign-in window for the Microsoft Entra tenant, respond to the prompts.  
 
-1. In the sign-in window for your Microsoft Entra tenant, respond to the prompts. After sign-in is complete, the user is redirected back to the developer portal. 
+    > [!NOTE]
+    > If you enabled an external identity provider in your Microsoft Entra tenant and configured self-service sign-up, select the external identity provider in the sign-in window to sign in with those credentials. For example, if you configured Google as an identity provider, select **Sign in with Google**.
 
-The user is now signed in to the developer portal and added as a new API Management user identity in **Users**.
+After sign-in is complete, the user is redirected back to the developer portal. The user is now signed in to the developer portal and added as a new API Management user identity in **Users**.
 
-Although a new account is automatically created when a new user signs in with Microsoft Entra ID, consider adding the same widget to the sign-up page. The **Sign-up form: OAuth** widget represents a form used for signing up with OAuth.
+Although a new account is automatically created when a new user signs in by using Microsoft Entra ID, consider adding the same widget to the sign-up page. The **Sign-up form: OAuth** widget represents a form used for signing up by using OAuth.
 
 > [!IMPORTANT]
 > You need to [republish the portal](developer-portal-overview.md#publish-the-portal) for the Microsoft Entra ID changes to take effect.
 
 ## Related content
 
-- Learn more about [Microsoft Entra ID and OAuth2.0](../active-directory/develop/authentication-vs-authorization.md).
-- Learn more about [MSAL](../active-directory/develop/msal-overview.md) and [migrating to MSAL](../active-directory/develop/msal-migration.md).
-- [Troubleshoot network connectivity to Microsoft Graph from inside a VNet](api-management-using-with-vnet.md#troubleshoot-connection-to-microsoft-graph-from-inside-a-vnet). 
+- To learn more about Microsoft Entra ID and OAuth 2.0, see [Microsoft Entra ID and OAuth2.0](../active-directory/develop/authentication-vs-authorization.md).
+- To learn more about MSAL, see [MSAL](../active-directory/develop/msal-overview.md) and [migrating to MSAL](../active-directory/develop/msal-migration.md).
+- To troubleshoot network connectivity to Microsoft Graph from inside a virtual network, see [Troubleshoot network connectivity to Microsoft Graph from inside a VNet](api-management-using-with-vnet.md#troubleshoot-connection-to-microsoft-graph-from-inside-a-vnet). 
 
 [api-management-dev-portal-signin]: ./media/api-management-howto-aad/api-management-dev-portal-signin.png
 [api-management-aad-signin]: ./media/api-management-howto-aad/api-management-aad-signin.png