How to obtain groups claim in the access token in Azure AD B2C?

Sebastián Cura 40 Reputation points

I'm working with Azure AD B2C and need to retrieve the groups claim in the access token for my application

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,618 questions
Azure Active Directory External Identities
{count} votes

Accepted answer
  1. Sandeep G-MSFT 7,041 Reputation points Microsoft Employee

    @Sebastián Cura

    Group Claims are not available out-of-the-box with Azure AD B2C.

    In standard Azure AD tenants, Group Claim can be returned by configuring it Token Configuration blade of the registered application but in Azure AD B2C you cannot do that because the token issuance is handled via IEF so the group claim must be added as an output claims to the user flow or custom policy.

    As of now, there is no option to get the Group claim in the token issued via standard user flows and a custom policy needs to be used for this purpose.

    In order to get the group claim, you need to use Custom Policy that makes the below Graph call via a RESTful Technical Profile to get the user's group membership and return all groups the user belongs to.$select=displayName$select=displayName

    Where the value for obj_id_of_the_user can be provided as an input claim to the RESTful technical profile and this technical profile should be configured to return the group claim as a string collection, which can then be added to the claims bag to be returned in the token issued to the relying party.

    Let me know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful