How to add onpremisesImmutableId to Identity Platform access token?

Koltsov Maksim 1 Reputation point


We are using Azure Active Directory with Azure AD Connect and MS Identity Platform for OIDC/OAuth2 protocol. Currently we get oid claims in access token, and this id is equal to user id in Azure portal. However, it is not equal to the id in our local AD, which is synced to Azure.

It is possible to retrieve our local id by using Graph API /user endpoint — by using onpremisesImmutableId field.

Is there a way to put this field into the JWT Access Token as well?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,485 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,339 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Deva-MSFT 2,256 Reputation points Microsoft Employee

    You may want to try the following Graph API call for the AAD user:$filter=onPremisesImmutableId+eq+'{id}'