Share via

How can I get Email as a claim in Azure AD B2C custom policy with SAML2.0 authentication?

Aditya Gour (NAV India) 80 Reputation points
2024-07-22T11:32:46.6366667+00:00

I am using Azure AD B2C custom policy to connect to SAML2.0 IDP for authentication but I am not receiving Email as an output claim in response. I have tried the solutions mentioned in this Stack Overflow post, but I am still not getting the desired output. Could you please guide me on how to get Email as output in my policy?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Answer accepted by question author
  1. Anonymous
    2024-07-23T19:06:21.8066667+00:00

    Hi @Aditya Gour (NAV India) , if the answers you referenced aren't working for you, please try the following and let me know if it helps you:

    1. In your SAML2.0 identity provider, add the Email attribute to the SAML2.0 token that is sent to Azure AD B2C.
    2. In your custom policy, add the Email claim to the list of output claims in the TechnicalProfile that is responsible for receiving the SAML2.0 token.

    The TechnicalProfile for example:

    <TechnicalProfile Id="Saml2AssertionConsumer">
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="email" />
    <!-- Other output claims -->
  </OutputClaims>
  <!-- Other technical profile settings -->
</TechnicalProfile>

    Make sure that the ClaimTypeReferenceId matches the name of the Email claim that is sent by your SAML2.0 identity provider.

    Please let me know if you have any questions and I can help you further.

    If this doesn't work please post your custom policy so I can review it.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.