Can ADFS store and return user profile info upon login?

Chris Darakjian 1 Reputation point

I am trying to connect my node.js application to ADFS, so that when a user logins in through ADFS it sends me the user's details (like whether he is an Admin, a regular user, or a privileged user). Can someone tell me if ADFS offers to store custom user details like that and send them back to my server when the user log's in so that I may know what level of access to grant the user?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,225 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,617 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,171 Reputation points Microsoft Employee

    When using an attribute store, the call is made in the context of the ADFS service account. The user doesn't need permission on the store.

    The store could be a SQL database, an LDAP server, or a custom DLL. But if the information is stored on the user account in AD, you can simply extract and send it at token issuance using an issuance rule.

    0 comments No comments

  2. Sander Berkouwer 166 Reputation points
    0 comments No comments