Editing the value of a custom attribute via Azure blades or programmatically in Azure AD B2C

Question

Security Groups (Application Roles) are not currently supported in Azure AD B2C and it is the highest requested feature on the Azure AD B2C Feedback: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/10123836-get-user-membership-groups-in-the-claims-with-ad-b

Other threads are recommending Custom Attributes to simulate this: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31997947-support-application-specific-roles-in-b2c

I added, via Azure blades UI, a Custom Attribute of type String and named it RoleAttr and assigned it against the B2C_1_SignUpSignIn User Flow (Policies) and added it to the Application claims.

For testing purposes, all done via UI, if I add this attribute to User attributes, when a user is signing up, he/she is getting a new field called RoleAttr, which means it is working (I guess?!). But this is not my intention as this value should be assigned by an admin and not by the user, my intention is to get it as part of the claims.

1 - How can I edit this value from Azure blades UI (I can only see the Built-In attributes, not the custom ones)?

2- Can I do this programmatically (PowerShell, C#, GraphAPI, etc...)? Say by creating a tool that will act on behalf of an admin and manipulate a user object using his/her Object Id?

Answer 1

1) Currently, you can't edit the custom attributes (a.k.a. the extension properties) for a user object via the Azure portal.

2) You can manage the extension properties for a user object using the Azure AD Graph API with the Azure AD B2C tenant.