Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
654 questions
How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
Muhammad Zubair
5
Reputation points
Hello,
I'm facing an issue in Azure AD B2C to authenticate only Local and Guest users. It is possible with just an application of a single tenant. But We need to add custom claims in token which is not possible at the application level.
let me explain my requirements, I need to authenticate only those users who are in the current tenant(B2C tenant) or invited as a guest from other tenants. this is possible with just application but I need to add some custom claims to the token. With only the application, I cannot add custom claims to the token.
I have done some R&D but I found that guest users are only to manage tenants, but why does it authenticate with the application level?
Is it possible to authenticate only local and guest users( invited from the other tenant)?
Is it possible to add custom claims on the application level?
Is it possible with Just User flow or do we need a custom policy?
Your help would be appreciated.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur 29,531 Reputation points Microsoft Employee2024-04-08T06:28:16.4233333+00:00 Hi @Muhammad Zubair ,
Thanks for reaching out.
Could you please confirm in which scenario you mean by application level here?
You can add custom claim in the policy and collect the information to that claim from the user while authenticate the user. You don't want to collect that claim from user?
-
Muhammad Zubair 5 Reputation points
2024-04-15T11:59:39.3766667+00:00 I register an application and use its credentials(Client ID and Secret key).. it authenticates both users(local and guest). In this scenario, I didn't create any userflow or custom policy, I just used application credentials to authenticate users. its application level. Now, I want to add custom claims to the token when a user is authenticated. but I'm not able to add custom claims in token on the application level.
To Add custom claims, I need to create user flow or custom policy and use custom attributes or API connectors.
With custom policy or user flow, I can add custom claims in the token, but It doesn't authenticate Guest users, it only authenticates local and consumer users..
In my scenario, I want to authenticate guest users and also add custom claims to token,
-
Shweta Mathur 29,531 Reputation points Microsoft Employee
2024-04-16T09:33:23.82+00:00 Refer this article - https://medium.com/microsoftazure/guest-access-using-azure-active-directory-b2c-custom-policies-1c9ed904477
The article outlines the technical aspects of implementing guest access feature, including custom claims, technical profiles, and the user journey within Azure AD B2C custom policies.
Hope this will help.
Thanks,
Shweta
Sign in to comment