Azure AD B2C custom claim

Frank 6 Reputation points
2022-10-21T15:35:54.007+00:00

I'm trying to add a custom claim that will be the users sign in email. I can get the built in emails claim which is a collection of emails. Struggling to see how this is done. Complete newbie. Thanks

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
40,233 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2022-10-24T21:32:25.817+00:00

    Hello @Frank and thanks for reaching out. You can output the sign-in mail address outputting the signInNames.emailAddress claim in both the AAD-UserReadUsing* and OpenIdConnect within the RelyingParty technical profiles. Optionallu, you can customize the issued claim name using the PartnerClaimType attribute. E.g.

       <TechnicalProfile Id="AAD-UserReadUsingObjectId">  
         <Metadata>  
           <Item Key="Operation">Read</Item>  
           <Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>  
         </Metadata>  
         <IncludeInSso>false</IncludeInSso>  
         <InputClaims>  
           <InputClaim ClaimTypeReferenceId="objectId" Required="true" />  
         </InputClaims>  
         <OutputClaims>  
         
           <!-- Required claims -->  
           <OutputClaim ClaimTypeReferenceId="strongAuthenticationPhoneNumber" />  
         
           <!-- Optional claims -->  
           <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />  
           <OutputClaim ClaimTypeReferenceId="displayName" />  
           <OutputClaim ClaimTypeReferenceId="otherMails" />  
           <OutputClaim ClaimTypeReferenceId="givenName" />  
           <OutputClaim ClaimTypeReferenceId="surname" />  
         </OutputClaims>  
         <IncludeTechnicalProfile ReferenceId="AAD-Common" />  
       </TechnicalProfile>  
    
    
    
       <RelyingParty>  
           <DefaultUserJourney ReferenceId="SignUpOrSignIn" />  
           <Endpoints>  
             <!--points to refresh token journey when app makes refresh token request-->  
             <Endpoint Id="Token" UserJourneyReferenceId="RedeemRefreshToken" />  
           </Endpoints>  
           <TechnicalProfile Id="PolicyProfile">  
             <DisplayName>PolicyProfile</DisplayName>  
             <Protocol Name="OpenIdConnect" />  
             <OutputClaims>  
               <OutputClaim ClaimTypeReferenceId="displayName" />  
               <OutputClaim ClaimTypeReferenceId="givenName" />  
               <OutputClaim ClaimTypeReferenceId="surname" />  
               <OutputClaim ClaimTypeReferenceId="email" />  
               <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>  
               <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />  
               <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" PartnerClaimType="customClaimType" />  
             </OutputClaims>  
             <SubjectNamingInfo ClaimType="sub" />  
           </TechnicalProfile>  
         </RelyingParty>  
       </TrustFrameworkPolicy>  
    

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.