Get Job info (Job title, Department and Manager ID) from Azure AD in Claims

Question

I have been reading the Azure Active Directory application manifest but I have not seen anything regarding job info.

https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-application-manifest

I was able to add groups to claims like the answer below but I have not been able to get job info. Is this possible?

https://stackoverflow.com/a/50836460/3850405

If I log into https://portal.azure.com and look at my user in Azure Active Directory I can see the information.

I can also get the information from Azure Active Directory Graph API

https://developer.microsoft.com/en-us/graph/graph-explorer#

https://graph.microsoft.com/v1.0/me/

https://graph.microsoft.com/v1.0/me/manager

Answer 1

So why the question about getting this info into the claims when you can get it via graph API. You have to do this only once - when the user signs-in and your middleware have verified the token. Then you can call the graph API and extract additional info to pack it as claims. Or even, only when you really need that info. I am elaborating over this, because the more claims we put into a token, the bigger the token. The bigger the token, the bigger the cookies that keep that info. At the end of the day - bloated info overall.

Having said all of the above, there is a solution to your job title and department question. There is however no solution for the manager question.

You can include the job title and department info using custom claims mapping policies in Azure AD. Both properties - job title and department are there and available to use.

Even when using the claims mapping policy, you will only have a partial solution, as it does not support the manager link. You may really want to review the option of just calling the graph API upon sign-in and extract any additional info you need.