Share via

Add custom attribute to AAD user, who is created in O365, "employeeType"

Ali Engen 11 Reputation points
2020-06-26T22:15:37.04+00:00

We want to create dynamic groups based on attributes and one of those is employee type. We have full-time, part-time, and contractor employees. We want an attribute that we can define during user creation and also update that field. I haven't found anything yet, but I've just started my search. I am advised by chat.azure.com to post here. Thanks for your help!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,966 Reputation points Moderator
    2020-06-27T09:51:32.1+00:00

    Hi @AliEngen-5743 Below are the 10 steps you need to follow:

    1. Create a new application in App Registration under Azure AD.
    2. Once the application is created copy the Object ID.
    3. Open Graph Explorer by using https://developer.microsoft.com/en-us/graph/graph-explorer# url.
    4. Click on Sign in with Microsoft on the left and Sign in with Global Admin account who is a member of same directory and not added as external (guest) user.
    5. Click on Modify permissions > select Directory.AccessAsUser.All > click Modify Permissions.
    6. Click on Accept at consent page.
    7. In Graph Explorer, use following query. Where the < Tenant Name > is your_tenat.onmicrosoft.com in your case and < ObjectID of the application > is the value copied in Step 2.
      POST https://graph.microsoft.com/beta/\< Tenant Name >/applications/< ObjectID of the application >/extensionProperties
    8. Use following text in the Request body. Since the targetObject is user, the attribute will be created for all Users in the tenant. Note: Please type the request body manually as with copy-paste Graph Explorer will not recognize some of the characters.
      {
      “name”: “employeeType”,
      “dataType”: “String”,
      “targetObjects”: [“User”]
      }
    9. To update the attribute with a value use following query:
      PATCH https://graph.microsoft.com/beta/users/your_globaladmin@your_tenant.onmicrosoft.com
      And use following Request Body:
      {
      "extension_e175b1fc21b144019cadxxxxxxxxxxxx_employeeType":"Value_to_be_assigned"
      }
    10. To verify if the attribute is updated successfully run following query:
      GET https://graph.microsoft.com/beta/users/\< User’s UPN or Object ID >

    Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

    2 people found this answer helpful.
  2. T. Kujala 8,806 Reputation points
    2020-06-27T03:34:30+00:00

    Hi @AliEngen-5743,

    Here is a guide for creating dynamic groups based on attributes.

    https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

    You can't directly give a custom attribute for user if it has been created in the Office 365 portal.

    Here you will find more information how to define custom attributes.

    https://learn.microsoft.com/en-us/azure/active-directory/b2b/user-flow-add-custom-attributes

    You can create custom attributes by using the Microsoft Graph API.

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/manage-user-accounts-graph-api

    1 person found this answer helpful.
    0 comments
  3. Ali Engen 11 Reputation points
    2020-06-29T16:40:56.51+00:00

    Thanks for the responses. I am working on this now and I will submit feedback soon.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.