This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 31%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
I'm working with Azure AD B2C and need to retrieve the groups claim in the access token for my application
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
I am looking into this issue and will get back to you post my research
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Group Claims are not available out-of-the-box with Azure AD B2C.
In standard Azure AD tenants, Group Claim can be returned by configuring it Token Configuration blade of the registered application but in Azure AD B2C you cannot do that because the token issuance is handled via IEF so the group claim must be added as an output claims to the user flow or custom policy.
As of now, there is no option to get the Group claim in the token issued via standard user flows and a custom policy needs to be used for this purpose.
In order to get the group claim, you need to use Custom Policy that makes the below Graph call via a RESTful Technical Profile to get the user's group membership and return all groups the user belongs to.
Where the value for obj_id_of_the_user can be provided as an input claim to the RESTful technical profile and this technical profile should be configured to return the group claim as a string collection, which can then be added to the claims bag to be returned in the token issued to the relying party.
Let me know if you have any further questions on this.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 79%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
Is it possible to add JSON claim in the token issue to the relying party?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 90%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Is there a walkthrough or documentation from Microsoft on how to setup the custom policy eluded to in the accepted answer?
Is there a walk trhough or some documentation on how to implement the accepted answer?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 54%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
Hello everybody,
@Sandeep G-MSFT thank you for the post, I was able to do that, but I'm having problem get a correct format for the StringCollection to send it as a claim in the token. I mean, with this approach I'm able to have a stringCollection in "groups" claim but the fortmat is:
So I need to have a stringCollection more simple, just like ["group1","group2",...] (and it is a dynamic list).
It's possible to do that with some ClaimsTransformation or other way?
I tried to make others API Graph request to filter more the results, but I can't.
If I have a user flow I can't call the https://graph.microsoft.com/v1.0/me/memberof passing the access token on Bearer Token? I need to use a custom policy?