Reputation: 238
Adding a Custom Attribute (Extension) in B2C using Azure AD Graph API doesn't show up in Azure Portal User Attributes blade
The same question was asked here and remains unanswered. I can add a custom attribute as follows:
{
"name": "new_secure_claim",
"dataType": "Boolean",
"targetObjects": ["User"]
}
I post this data to the Azure AD Graph API end point with needed headers:
https://graph.windows.net/{tenant}.onmicrosoft.com/applications/{objectId of b2c-extensions-app}/extensionProperties?api-version=1.6. I get a response with the extension just created. I can even see the extension when I query the graph to get all extensions for the b2c-extensions-app (notice the top one below):
{
"odata.metadata": "https://graph.windows.net/melangeauth.onmicrosoft.com/$metadata#directoryObjects/Microsoft.DirectoryServices.ExtensionProperty",
"value": [{
"odata.type": "Microsoft.DirectoryServices.ExtensionProperty",
"objectType": "ExtensionProperty",
"objectId": "b7a36f93-8d7a-463f-8d3e-88f449243ea6",
"deletionTimestamp": null,
"appDisplayName": "",
"name": "extension_8588c037999f4d058cc08e2e5f99de30_new_secure_claim",
"dataType": "Boolean",
"isSyncedFromOnPremises": false,
"targetObjects": ["User"]
}, {
"odata.type": "Microsoft.DirectoryServices.ExtensionProperty",
"objectType": "ExtensionProperty",
"objectId": "b6c6d55f-21a8-4403-a68f-f858966077bf",
"deletionTimestamp": null,
"appDisplayName": "",
"name": "extension_8588c037999f4d058cc08e2e5f99de30_manager_admin_authorization",
"dataType": "Boolean",
"isSyncedFromOnPremises": false,
"targetObjects": ["User"]
}, {
"odata.type": "Microsoft.DirectoryServices.ExtensionProperty",
"objectType": "ExtensionProperty",
"objectId": "2642596f-5706-47fb-abdb-6d0d012a3006",
"deletionTimestamp": null,
"appDisplayName": "",
"name": "extension_8588c037999f4d058cc08e2e5f99de30_manager_admin",
"dataType": "Boolean",
"isSyncedFromOnPremises": false,
"targetObjects": ["User"]
}, {
"odata.type": "Microsoft.DirectoryServices.ExtensionProperty",
"objectType": "ExtensionProperty",
"objectId": "ee2c66e3-ced4-4bc8-90d5-e2b18690a56b",
"deletionTimestamp": null,
"appDisplayName": "",
"name": "extension_8588c037999f4d058cc08e2e5f99de30_manager_ads_admin",
"dataType": "Boolean",
"isSyncedFromOnPremises": false,
"targetObjects": ["User"]
}
]
}
But, when I go to the "Azure AD B2C/User attributes" blade in my B2C directory in the Azure portal (https://portal.azure.com/#blade/Microsoft_AAD_B2CAdmin/TenantManagementMenuBlade/manageUserAttributes), I cannot see that extension attribute. I also cannot see it when I go to add claims to return for a policy.
What do I need to do differently in the adding of a custom extension to the b2c-extensions-app application in order for me to see if in the Azure portal User attributes blade?
Upvotes: 2
Views: 1015
Answers (1)
Reputation: 30903
Well, hmm.
It gets complicated when people things in an undocumented way. For sake of simplicity I would encourage you to stay with defining your extensions with the portal. If you just want to do that (and seems you want). Because there is much more than just registering an extension with the Graph.
To understand why is that, you have to more deeply understand how B2C ticks from the inside. You get overview when you dive into custom policies. However custom policies are, as it stays in the docs, for identity pros who know what are they doing. Straight to the point, the claims schema is defined in so called base policy. It is not just defined in the Graph, but also backed in the base policy. There is XML schema which dictates what a B2C must do and how it should do it. And all the claims (and custom attributes) are also defined in that schema. So when you change something regarding this schema in the portal (adding new attribute), it is registered with the Graph API, but it is also updated in the claims definition schema, which is kept separately.
That's why when you manually register an extension with the Graph it just does not show up in the portal.
I do not expect that you jump and begin learning Custom policies, because for your case you just do not need them. But I hope that having to define your custom attributes in the portal is not a big of an issue for you.
Upvotes: 1
Related Questions
- Exception Azure AD B2C Setting Custom Attribute With GraphServiceClient
- How to populate Azure Active Directory B2C user custom user attributes?
- How to read Azure B2C Custom Attributes with Graph API (works OK with Azure AD Graph)
- Azure AD B2C - get Custom attributes sets by Graph API in the token
- Microsoft Graph SDK not returning Custom attributes values of Azure AD B2C Users
- Using custom attributes to store additional information about a user in Azure AD B2C
- B2C Custom Attributes not showing when created using Graph API directory schema API
- Azure AD B2C Custom User Attributes
- Azure AD B2C - how to add custom attribute programmatically (extension property)
- Custom attributes not shown in user profile in Azure AD B2C