Azure AD B2C Custom Claims

1
votes

I am using Aure AD B2C to connect a .Net core application with Azure AD Enterprise application for authentication using SAML protocol. I am using custom policies to enable SAML.

I have used custom policies starter pack given in Microsoft Docs, and authentication is working properly with given name, surname, name, IDP as claims and I want so additional claims that my application is using.

I need DOB and MemberID as claims for my application and there was no option to add custom claims to the active directory where my enterprise application is.

I have another IDP setup in Okta and luckily I could add custom claims like DOB and MemberID to user profile in Okta but still I am unable to get those claims after authentication.

1
azure-active-directorysaml-2.0azure-ad-b2cokta

1 Answers

0
votes

This is an Azure AD question.

The problem is that DoB etc. is not part of the schema.

If you are using Azure AD Connect and these attributes are in AD, you can use directory extensions to synch them up.

You can synch them up to extensionAttributes that are in the SAML drop-down.

Then add them as outputs in B2C.

If not, you can add extension attributes to Azure AD and use a custom policy REST API that calls Graph API (either directly or via Azure function) to get them.

Also refer this.