UPN field not present in claims during authentication with a single tenant app registration

Zak Thompson 1 Reputation point
2020-01-13T15:46:44.08+00:00

I am currently working on a C# webapp that is uses single tenant authentication via OpenIdConnect to authenticate our webapp against Azure AD. The issue that I am encountering is that after authentication, the UPN field is not populated in the HttpContext User object.

The only claims fields that are provided to the hhtp context are the authmethodreferences, emailaddress, identityprovider, objectidentifier, nameidentifier, tenantid and name.

My next thought was to use the optional claims feature, documented here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims#configuring-optional-claims

However, after following those instructions and trying id, access, and SAML to get the UPN field in, none of them ended up working.

Does anyone know what steps I will need to take in order to get the upn field to appear in a single tenant authentication request?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,620 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
4,899 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Frank Hu MSFT 81 Reputation points
    2020-01-13T23:08:30.67+00:00

    Hey, are you setting these optional claims up in the resource application object?

    Note that the resource is what defines what items will be returned not the application registration that has the client id that you're using to request and access token from. This is a common error that most people make as they make the modifications in the application registration object, not the resource object.

    You can will need to use either custom claims mapping, or optional claims.


  2. Schmidt, Roger 1 Reputation point
    2020-07-21T16:17:19.467+00:00

    Hello

    Like Role & Zak I am also missing a full documentation, how to add additional claims (especially UPN) for integrated applications. I understand that you need to give permissions etc. for Graph API, but where to do this exactly?

    It would be great, if there is a step-by-step tutorial for this use case as I guess this is not a special case but quite common!

    Cheers,
    Roger

    0 comments No comments