Can ADFS store and return user profile info upon login?

Chris Darakjian 1 Reputation point
2020-06-23T16:54:42.463+00:00

I am trying to connect my node.js application to ADFS, so that when a user logins in through ADFS it sends me the user's details (like whether he is an Admin, a regular user, or a privileged user). Can someone tell me if ADFS offers to store custom user details like that and send them back to my server when the user log's in so that I may know what level of access to grant the user?

Microsoft Security | Active Directory Federation Services
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,191 Reputation points Microsoft Employee
    2020-06-26T11:55:19.853+00:00

    When using an attribute store, the call is made in the context of the ADFS service account. The user doesn't need permission on the store.

    The store could be a SQL database, an LDAP server, or a custom DLL. But if the information is stored on the user account in AD, you can simply extract and send it at token issuance using an issuance rule.

    0 comments No comments

  2. Sander Berkouwer 166 Reputation points
    2020-06-26T19:34:22.14+00:00
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.