Azure AD B2C Claims do not include mapped Custom IdP claims

0
votes

I have Azure AD B2C directory and have added our other separate Azure AD (AAD) as an Identity Provider (as Open ID Connect Provider) in Azure AD B2C. I am able to sign in just fine using the custom IdP which links to AAD.

I also have Identity provider claims mapping set as "User ID" to oid, "Display name" to name, "Given name" to given_name, "Surname" to family_name and "Email" to preferred_name (per following link). But when I get the token back and inspect it using https://jwt.ms/, it does not have those claims. When I inspected the "idp_access_token" claim and it has oid, given_name, family_name etc. returned by AAD. I'm not sure where I'm missing. I want these claims to be in the token issued by B2C.

Any help is appreciated.

https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-user-flow

I have selected all of these "Application Claims" in my user flow enter image description here

1
azure-active-directoryazure-ad-b2c
In the user flow have you selected to return those claims under “Application Claims”?Jas Suri - MSFT
Yes. I have updated the question with details.Vivek N
Thanks @Vivek and Could you please follow document - docs.microsoft.com/en-us/azure/active-directory-b2c/…Jit_MSFT
More Info... When I modify the Signup_Signin user flow to collect user attributes like Email Address, Given Name, then during user sign up, those values are prompted to by B2C to be collected from the user. In that case B2C token contains those claims but those values could be different from AAD store. I want those values to come from AAD store.Vivek N

1 Answers

1
votes

You probably missed a step: Configuring optional claims.

enter image description here

enter image description here