![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 93%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHY%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,633 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
The documentation says, "The wid claim represents the tenant-wide roles assigned to the user from the roles present in the Azure AD built-in roles."
Based on the claims validation guide, the directory role template object IDs should only populate within the wids claim for built-in/directory roles. The role to template ID mapping is documented here.
You mentioned that you created a custom role and add the templateId optional parameter. Based on my understanding and what is stated in the documentation, I do not believe that the wid claim from the custom role templateId should populate. (I did send a note though to the product team to confirm that the documentation is up-to-date, and will update this post if I hear otherwise.)
When you create a work account in Azure AD without granting any roles, the b79fbf4d-3ef9-4689-8143-76b194e85509 id will be populated into the wids claim. This exists in all non-guest accounts of the tenant.
Let me know if you have further questions.
If the information helped you, please Accept the answer. This will help us and serve as a reference for others in the community who may be researching similar questions.