0

Short Version

What is the best way to return the Company value of a User in Azure AD B2C after they sign in?

A) Add Company as a custom User Attribute and include it in the Application Claims of the User Flow?

or:

B) Somehow grab the existing Company value from the User Profile?

If the answer is B, how can I grab that value, as it doesn't seem to be present in the id_token or access_token that is returned after a successful sign in.

Long Version

I was thinking to show the Company value of a User after they have logged in to a Node app via Azure AD B2C.

Initially, I was going to add Company as a Custom Attribute via:

Azure AD B2C > User Attributes

enter image description here

And then check it as an Application Claim at:

Azure AD B2C > User Flows > B2C_signin_1 > Application Claims

enter image description here

But then I thought, hang on isn't the Company field already in the user's profile at:

Azure AD B2C > Users > [ select user ] > Profile

And indeed it is:

enter image description here

However, the information in the User Profile does not seem to be in either the id_token or access_token that is returned after a successful login:

id_token: enter image description here

access_token: enter image description here

Question

What is the best way to return the Company value of a User in Azure AD B2C after they sign in?

A) Add Company as a custom User Attribute and include it in the Application Claims of the User Flow?

or:

B) Somehow grab the existing Company value from the User Profile?

If the answer is B, how can I grab that value, as it doesn't seem to be present in the id_token or access_token that is returned after a successful sign in.

user1063287
  • 10,265
  • 25
  • 122
  • 218
  • Does this answer your question? [Azure AD B2C : Not able to expose companyName as token](https://stackoverflow.com/questions/59199484/azure-ad-b2c-not-able-to-expose-companyname-as-token) – Anna Gevel Jan 25 '23 at 10:33
  • From my understanding, I could only see two possible answers to my question `What is the best way to return the Company value of a User in Azure AD B2C after they sign in?` - which I articulated as options `A` and `B` (perhaps there are other options). The linked question does not have an accepted answer and I don't think it provides a clear answer to my question. – user1063287 Jan 25 '23 at 10:54
  • Supported attributes are here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-profile-attributes. Since company is not listed, you’d be best to use an extension attribute. – Jas Suri - MSFT Jan 26 '23 at 21:15
  • Is `extension attribute` the same as a custom `User attribute` created via `Azure AD B2C` > `User attributes` > `+ Add` button? – user1063287 Jan 29 '23 at 05:52
  • I am reading article about [Extension attributes](https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-profile-attributes#extension-attributes) and it links to several complicated concepts ([custom policies](https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-user-input?pivots=b2c-custom-policy#provide-optional-claims-to-your-app), [schema extensions](https://learn.microsoft.com/en-us/graph/extensibility-overview?tabs=http#schema-extensions) and an ['extensions app'](https://learn.microsoft.com/en-us/azure/active-directory-b2c/extensions-app)). – user1063287 Jan 29 '23 at 05:52
  • [This article about custom attributes](https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-flow-custom-attributes?pivots=b2c-custom-policy) states that `'the terms extension property, custom attribute, and custom claim refer to the same thing'`. But I don't understand how that can be the case as the descriptions for working with them are all so different. – user1063287 Jan 29 '23 at 05:53
  • [This article about choosing an extension type for your application](https://learn.microsoft.com/en-us/graph/extensibility-overview?tabs=javascript#choose-an-extension-type-for-your-application) lists 4 ways to add an extension: 1) Extension attributes, 2) Directory extensions, 3) Schema extensions, 4) Open extensions. It also states `'The 15 extension attributes are already predefined in Microsoft Graph and their property names can't be changed'`. – user1063287 Jan 29 '23 at 05:53
  • If I want to create a `Company` attribute for a user, and return this in their identity token after they login, how do I follow your suggestion to 'use an extension attribute'? And, from what I am reading, it seems like the only way to update these attributes is via command line (i.e not via the Azure Portal) - can you please confirm if this is the case? – user1063287 Jan 29 '23 at 05:53

0 Answers0