Retrieve custom user attributes from Entra External ID

Question

In Entra External ID I have added a custom user attribute "Salutation".

Now I need to read (and in the next step modify) the data of that attribute using the Microsoft Graph API.

// Query User
        const user = await graphClient
            .api(`/users/${userId}`)
            .select(sel)
            .get();

I have tried a lot of alternative values for the sel :

• *, result: basic attributes
• Salutation, result: "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(Salutation)/$entity"
• extension_Salutation, result: "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(extension_Salutation)/$entity"
• extension_{b2c-extensions-app-appId-without-hyphens}_Salutation, result: "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(extension_{b2c-extensions-app-appId-without-hyphens}_Salutation)/$entity"
• onPremisesExtensionAttributes, result: "onPremisesExtensionAttributes": {"extensionAttribute1": null, ... "extensionAttribute15": null}
• Leaving out the select() line completely, result: same as with * selector

When I go to Enterprise Application -> {any registered application} -> Single sign-on -> Attributes & Claims -> Edit -> Add New Claim and select as Source Directory schema extension, I can see the custom attribute in the b2c-extensions-app.

As you can see the attribute is saved in the b2c-extensions-app, so how can I query and update it?

P.S.: For updating the the attribute I would use:

// Update custom user attribute
await graphClient
        .api(`/users/${userId}`)
        .update({extension_Salutation: newValue});

where I would of course change extension_Salutation to whatever the correct key name should be.

Thanks!

Answer 1

Hello Georg Pavlovic,

Please consult the document user-flow-add-custom-attributes which clearly outlines, when you add a custom attribute to the list of user attributes, it becomes available for use in your user flows. However, the attribute is only created the first time it’s used in any user flow. Once you’ve created a new user through a user flow that includes the newly added custom attribute, the object can be queried in Microsoft Graph Explorer. You should now see the custom attribute (e.g. in your case, Salutation) in the list of attributes collected during the sign-up journey on the user object. You can call the Graph API from your application to get the data from this attribute after it’s added to the user object.

You can also read and write these attributes by using the Microsoft Graph API. Microsoft Graph API supports creating and updating a user with extension attributes. Extension attributes in the Graph API are named by using the convention extension_<extensions-app-id>_attributename. For example:

JSON

"extension_831374b3bd5041bfaa5426xxxxxxxxx_Salutation":

The <extensions-app-id> is specific to your tenant. To find this identifier, navigate to Identity > Applications > App registrations > All applications. Search for the app that starts with “aad-extensions-app” and select it. On the app’s Overview page, note the Application (client) ID.

Please refer below doc:
https://learn.microsoft.com/en-us/entra/external-id/user-flow-add-custom-attributes

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".