This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 12%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Hi,
We are using Azure Active Directory with Azure AD Connect and MS Identity Platform for OIDC/OAuth2 protocol. Currently we get oid claims in access token, and this id is equal to user id in Azure portal. However, it is not equal to the id in our local AD, which is synced to Azure.
It is possible to retrieve our local id by using Graph API /user endpoint — by using onpremisesImmutableId field.
Is there a way to put this field into the JWT Access Token as well?
You may want to try the following Graph API call for the AAD user: https://graph.microsoft.com/v1.0/users?$filter=onPremisesImmutableId+eq+'{id}'
Hi, thanks for the answer.
Indeed, this GraphAPI call let's me get onprem id by Azure ID and vice versa. However, I would like to have onprem id directly in the Azure OIDC Access Token. Is this possible?