Return e-mail address - Custom Policies Azure B2C AD (Business Accounts)

0
votes

I'm using custom policies in order o integrate Azure B2C AD. I need to be able to use single sign on to Microsoft Business Accounts. I was able to make it work, nevertheless, it doesn't return the emails clain my tokens.

Here is what I did:

  1. Downloaded the Start Pack “SocialAndLocalAccountsWithMfa”
  2. I made the changes to the related files based in the articles below(step 3 and 4)
  3. https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom
  4. Return emails on custom policies

Any idea why it is not working? Thank you in advance!

2
azureazure-ad-b2c

2 Answers

1
votes

It seems that the "emails" claim is being returned by a custom OutputClaimsTransformation, the configuration of which isn't available in the samples.

You need to get the email claims dynamically created.

Please see this thread which provides a workaround to your situation.

1
votes

You must map to the email claim that is used by Azure AD B2C from the upn claim that is issued by Azure AD (which, by convention, should map to the email address for the work account) as follows:

<ClaimsProvider>
  <Domain>commonaad</Domain>
  <DisplayName>Common AAD</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="Common-AAD">
      <DisplayName>Multi-Tenant AAD</DisplayName>
      <Protocol Name="OpenIdConnect" />
      ...
      <OutputClaims>
        ...
        <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="upn" />
      </OutputClaims>
      ...
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

The AAD-UserWriteUsingAlternativeSecurityId technical profile adds this email claim to the otherMails claim by invoking the CreateOtherMailsFromEmail claims transformation and then saves otherMails claim to the user object.