0

I created my Azure AD B2C custom policies to authenticate users.

I also added a custom attribute to ask the user for a unique information, something like the SSN.

I've already set the custom attribute as required and I put a restriction based on a regex, but I can't find a way, in the docs, to verify if the value already exists in the directory and give an error if that condition is true while the user signs up.

In this question, the suggestion is to call a rest api that uses Microsoft Graph Api to verify if the value set to the custom attribute already exists: Azure B2C: Querying AAD using a custom claim?

Is it the only solution or, meanwhile, has been released a way to do this check directly from Azure AD B2C custom policy?

Jumpy
  • 53
  • 5

1 Answers1

0

Add a technical policy like:

<TechnicalProfile Id="AAD-UserReadUsingEmailAddress">
    <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="extension_attribute"/>
    </OutputClaims>
</TechnicalProfile

This "merges" with the TP in the base so that when your policy reads AAD, it will also read your extension attribute.

Then in your user journey add a precondition of "ClaimsExist".

rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • Thank you for your answer, I already set the Technical profile and it works correctly. I'd like to check, while signing up, if the value that the user is writing in the form is already present in the directory db. Isn't ClaimsExist only checking if the claim has any value? – Jumpy Feb 22 '22 at 15:17
  • ClaimsExist checks that a claim is present i.e. any value. If you want to check that claims have the same value, use ClaimEquals. – rbrayb Feb 22 '22 at 18:37
  • Thanks, but I needed to validate the value provided by user against the values already present in the directory and I think that ClaimEquals requires a fixed value. I ended up using a rest call to an external api that verifies the value provided throught Microsoft Graph and, meanwhile, it double checks the formal validity. – Jumpy Mar 04 '22 at 14:10