We had Azure AD with internal users and applications and it was easy to authorize them using app roles and role assignment in enterprise applications.
Now we have another requirements: we need to authorize invited users using ADB2C. After some investigation I found custom attributes and I was hoping that it is possibly to easily assign them to any created user. And then just get this attribute’s value in ID token after sign in (just specified this claim in sign in user flow).
BUT as far as I understood it is impossible to assign it manually to the user somewhere in the portal, isn’t it? Can anybody suggest some way how to manage roles using custom attributes or any another approach. Thanks!
2
Answers
You have to manage extension attributes via Graph.
I created one custom attribute named
Hobbyin my Azure B2C tenant like below:To assign custom attribute value to user, you need to use below PATCH request:
To get the
AppIDof b2c-extensions app, you can check here:When I ran below PATCH request in Graph Explorer by signing in with B2C user account, I got response like this:
Response:
To confirm that, I ran user flow by selecting
Hobbyin Application Claim like below:I got
extension_Hobbyclaim successfully in decoded token claims after signing in like below: