25,081 questions
To issue your custom claims in an access token you need to use your app registration as the OAuth2 resource. Eg. /authorize? client_id=APP_ID&scope=APP_ID/.default
How to add custom claims to the Access Token using custom user Attributes.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 99%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Malvaro
145
Reputation points
Good afternoon MS team,
I am writing you because I am looking for information on how to add custom claims when the application is generating JWT token, but I can't add them to the AccessToken, but I can see them in the IDToken, .
Questions:
Can I configure custom claims in my AccessToken by adding test2, mytest, t2020, etc? Is this option possible? if so, how?
I have been reading these links but to no success:
- https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-add-attributes-to-token (the properties are added only in the IDToken)
- https://learn.microsoft.com/en-us/entra/identity-platform/custom-extension-tokenissuancestart-configuration?tabs=azure-portal%2Cworkforce-tenant
Thoughts?, insights?,
Thanks a lot
Cheers,
Moisés.
Microsoft Security Microsoft Entra Microsoft Entra ID
Accepted answer
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator2024-04-25T08:19:41.3633333+00:00
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator2024-04-25T08:55:58.65+00:00 Thank you for posting this in Microsoft Q&A.
You can add custom attributes to the claims and send it within an access token.
You can follow the steps mentioned below:
- Create an AzureADPolicy.
New-AzureADPolicy -Definition @('{
"ClaimsMappingPolicy": {
"Version": 1,
"IncludeBasicClaimSet": "true",
"ClaimsSchema": [{
"Source": "user",
"ID": "test2",
"JwtClaimType": "test2"
},
{
"Source": "user",
"ID": "mytest",
"JwtClaimType": "mytest"
},
{
"Source": "user",
"ID": "t2020",
"JwtClaimType": " t2020"
},
{
"Source": "user",
"ID": "tetttteeesss",
"JwtClaimType": " tetttteeesss"
}
]
}
}') -DisplayName "CustomClaimsPolicy1" -Type "ClaimsMappingPolicy"
Attach the newly created AzureADPolicy to a specific AzureAD App's Serviceprincipal for which the token would be requested for.
Add-AzureADServicePrincipalPolicy -Id {object id of service principal} -RefObjectId {object id of policy}
To check if the policy is successfully added to the ServicePrincipal or not:
Get-AzureADServicePrincipalPolicy -Id "{object id of service principal}"
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
-
Malvaro 145 Reputation points
2024-05-02T07:35:16.5166667+00:00 Apologies for getting back to you late, I will try it and I will keep you posted with the result.
Thank you!
Sign in to comment