fix validation errors in custom policies

Question

@Alfredo Revilla - Upwork Top Talent | IAM SWE SWA I tried to send you an email with the custom policies that are generating the validation error but i'm getting this email reply:

The group mtmvp only accepts messages from people in its organization or on its allowed senders list, and your email address isn't on the list.|

Could you please inform me how to proceed? thank you!

Answer 1

Hello @Orlando Bustamante Rincon , thanks for your question and the share information. The Azure AD B2C validations errorr are expected due to adding or mapping claims not supported by Microsoft Entra technical profiles. Eg:

• "B2C_1A_USER_MGMT_INACTIVE_SIGNUP_SIGNIN": 'oid,tid,given_name,family_name,email,emailAddress,name,upn' is not supported in Azure Active Directory Provider technical profile 'AAD-UserReadLastLogonTime'.
• B2C_1A_USER_MGMT_SIGNUP_SIGNIN": 'oid,tid,given_name,family_name,email,emailAddress,name,upn' is not supported in Azure Active Directory Provider technical profile 'AAD-UserWriteUsingAlternativeSecurityId'

For supported claims take a look to Requirements of an operation and Microsoft Entra user resource type. If you need rename output claims during token issuance you can do that in the Relying Party Technical Profile. Eg. Output objectid as oid:

  <RelyingParty>
  <!-- Content stripped for clariry purtoses -->
    <TechnicalProfile Id="PolicyProfile">
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="oid"/>
      </OutputClaims>
    </TechnicalProfile>
  </RelyingParty>

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.