Diff between Extension Attribute and custom security Attribute?

Ajithkumar M 41 Reputation points
2022-09-16T10:20:16.007+00:00

Diff between Extension Attribute ,custom security Attribute

if I want to add new field, which one i should use?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,775 questions
{count} votes

Accepted answer
  1. Harpreet Singh Matharoo 8,111 Reputation points Microsoft Employee
    2022-09-19T04:19:44.81+00:00

    Hello @Ajithkumar M

    I would like to share following details with you with regards to your ask and updated the hyperlinks so that your review the documentation reference as well.

    What is Azure AD extension attributes or Directory Extension attributes?

    • Directory extension attributes, also called Azure AD extensions, provide a way to store additional data in Azure Active Directory on user objects and other directory objects such as groups, tenant details, service principals.
    • Only extension attributes on user objects can be used for emitting claims to applications. These so called Directory extension attributes are always associated with an application in the tenant and are referenced by the application's appId in their name.

    What are Custom Security Attributes?

    • Custom security attributes in Azure Active Directory (Azure AD) are business-specific attributes (key-value pairs) that you can define and assign to Azure AD objects.
    • These attributes can be used to store information, categorize objects, or enforce fine-grained access control over specific Azure resources.
    • Custom security attributes can be used with Azure attribute-based access control (Azure ABAC).

    How do custom security attributes compare with directory schema extensions?

    Here are some ways that custom security attributes compare with directory schema extensions:

    • Directory schema extensions cannot be used for authorization scenarios and attributes because the access control for the extension attributes is tied to the Azure AD object. Custom security attributes can be used for authorization and attributes needing access control because the custom security attributes can be managed and protected through separate permissions.
    • Directory schema extensions are tied to an application and share the lifecycle of an application. Custom security attributes are tenant wide and not tied to an application.
    • Directory schema extensions support assigning a single value to an attribute. Custom security attributes support assigning multiple values to an attribute.

    I hope this helps you to understand more about Azure AD Extension attribute and Custom Security Attributes.

    ----------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well

    4 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.