Can ADFS store and return user profile info upon login?

Chris Darakjian 1 Reputation point
2020-06-23T16:54:42.463+00:00

I am trying to connect my node.js application to ADFS, so that when a user logins in through ADFS it sends me the user's details (like whether he is an Admin, a regular user, or a privileged user). Can someone tell me if ADFS offers to store custom user details like that and send them back to my server when the user log's in so that I may know what level of access to grant the user?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,225 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,617 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,171 Reputation points Microsoft Employee
    2020-06-26T11:55:19.853+00:00

    When using an attribute store, the call is made in the context of the ADFS service account. The user doesn't need permission on the store.

    The store could be a SQL database, an LDAP server, or a custom DLL. But if the information is stored on the user account in AD, you can simply extract and send it at token issuance using an issuance rule.

    0 comments No comments

  2. Sander Berkouwer 166 Reputation points
    2020-06-26T19:34:22.14+00:00
    0 comments No comments