Reputation: 41
Error when Creating B2C User Attributes/Extension Attributes/Custom Claims
I'm trying to create, delete, or modify B2C extension attributes in the User Attributes tab under Azure AD B2C resource, because some of our existing ones are misnamed. But, whenever I try to add a User Attribute, I get the following error every time I try to save it:
Create user attribute Could not save user attribute: There is a problem with the service. If you created this B2C directory just now, please try again after couple of minutes. If the problem persists, please contact Support (https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-support/). If you do not have a B2C directory you can refer https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-get-started/
Initially, I thought this was a permissions issue, but now I'm starting to think that it's some sort of an error with my account or something. I spent a lot of time researching permissions, but I haven't been able to find anything clear about this particular action, at least without searching for the roles themselves. My boss is a Global Administrator and has no problem creating or modifying them as far as I can tell. I initially asked him to give me the "Attribute Definition Admin" and "Attribute Assignment Admin" roles, but I later realized that was wrong, since those are tied to the "custom security attributes", which are different. However, I later asked him to give me the "External ID User Flow Attribute Administrator" role instead, which I'm nearly certain is correct, going off of this, but it still gives me the same error.
Any idea why this may be happening? I haven't really been able to find any documentation about the roles that could grant me this permission, save for Graph API permissions, but I'd prefer to do it through the Azure Portal, if possible. Am I overlooking something, or is this an Azure bug?
Upvotes: 1
Views: 453
Answers (2)
Reputation: 1445
I just had the same issue.
I was lacking the role, and then I was assigned the Global Administrator role. After that, I had to sign out and sign back in. It asked me to update my password, and then it worked.
Upvotes: 0
Reputation: 41
For anybody trying to figure this out, it actually let me create an attribute, I guess I just didn't test that aspect specifically (I do think I needed the role though). I think the reason I couldn't delete a specific attribute is because it wasn't set to null for all users, at least going off of this article, as it let me delete a blank "test" attribute just fine.
I do wish it had a more descriptive error message though...
Upvotes: 1
Related Questions
- Add claims into token Azure B2C
- Azure B2c error 'Unable to validate the information provided.' when using custom attributes
- When changing an Azure B2C email adress, do I need to change the UPN as well
- Custom User attributes values not stored in Azure AD B2C
- How to get/set custom Azure Active Directory B2C user attributes in ASP.NET MVC?
- Azure B2C custom saml policy: Different claims per App
- B2C Custom Attributes not showing when created using Graph API directory schema API
- Azure Error when adding custom attribute to Azure B2C
- Azure B2C Claims are not coming through