How to add onpremisesImmutableId to Identity Platform access token?

Koltsov Maksim 1 Reputation point


We are using Azure Active Directory with Azure AD Connect and MS Identity Platform for OIDC/OAuth2 protocol. Currently we get oid claims in access token, and this id is equal to user id in Azure portal. However, it is not equal to the id in our local AD, which is synced to Azure.

It is possible to retrieve our local id by using Graph API /user endpoint — by using onpremisesImmutableId field.

Is there a way to put this field into the JWT Access Token as well?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,605 questions
Microsoft Graph Identity API
Microsoft Graph Identity API
A Microsoft API to access Azure Active Directory (Azure AD) resources to enable scenarios like managing administrator (directory) roles, inviting external users to an organization, and, if you are a Cloud Solution Provider (CSP), managing your customer's data.
272 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Deva-MSFT 2,231 Reputation points Microsoft Employee

    You may want to try the following Graph API call for the AAD user:$filter=onPremisesImmutableId+eq+'{id}'