How to add specific JSON OptionalClaims

Jesus Guzman 41 Reputation points

Hi all! I have an API that works fine, when I authenticate my users. But, I need to add specific optional claims, to allow me to direct users into the application, based in the claims of: Office, Job Title and Department. I have to edit this in the manifest, because I don't see the optional claims listed in the web portal. Unfortunately, this goes beyond my limited knowledge as I am not an experienced developer. I ventured to try adding the Claims I've found in some links, but I am not entering the right stuff. I did add one optional claim to get the last authentication time, but I am not sure if this section is the right one to enter the claims I need; Office, Job Title and Department or what to enter to make it happen:

"optionalClaims": {
"idToken": [
{ "name": "auth_time",
"source": null,
"essential": false,
"additionalProperties": [] }
"accessToken": [],
"saml2Token": []

Any guidance is appreciated.


Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,236 questions
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,738 questions
0 comments No comments
{count} votes

Accepted answer
  1. Siva-kumar-selvaraj 15,206 Reputation points

    Hello @Jesus Guzman ,

    Thanks for reaching out.

    Basic Claims (like: "department" and "jobTitle") can be configured by using "Claims mapping policies", but "officeLocation" claim is not supported, refer this article to see list of supported claims .

    Please find below detailed steps for creating AzureAD policy and then assigning them to service principal objects.

    • You must have AzureAD module installed because this can be only done through PowerShell way. If not installed already refer this article to install AzureAD Module.

    • Use this cmdlet to create New Azure AD Policy, this would define Basic Claims "department" and "jobTitle"

       New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy": {"Version": 1,"IncludeBasicClaimSet": "true","ClaimsSchema":[{"Source": "user","ID": "department","JwtClaimType": "department"},{"Source": "user","ID": "jobTitle","JwtClaimType": "jobTitle"}]}}') -DisplayName "BasicClaimDepartment-title" -Type "ClaimsMappingPolicy"  

    • Run the following command to see your newly created policy and copy the policy ObjectId,


    • Assign the policy to your service principal. You can get the ObjectId of your service principal from Enterprise applications blade as shown below screenshot.

       Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>  


    • Once policy has successfully assigned, then enable the AcceptMappedClaims to true in the App as shown in the following image:

    Now you should see Basic Claims "department" and "jobTitle" appears in ID_Token (JWT token). Please find below screenshot from my lab for your reference:

    id_token (JWT):

    Hope this helps.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Jesus Guzman 41 Reputation points

    Hello Sikumars!

    First, thank you for taking your time to suggest this walkaround. I believe it has shed light to what I need to do. The "OfficeLocation" claim is not correct, as you are stating. I need "Office" which I do believe can be used along with the other two. I am going to follow this and add the "office" claim and keep you posted.