Azure Ad: How to add a custom attribute to in a scope so that attribute can be used as basic user info to avoid user consent.
I am using Microsoft Graph in my mvc.net app. Some basic information comes with openId connect using the Azure Ad Authentication which I use on the page to show user's information. However, I need additional user info so I am using graph and I have following questions.
- Azure AD has a custom filed EmpId which I want to access so can save that in the database when that user perfrom some task. How can I get this information when accessing users.readbasic.All or any other scope that does not require Admin consent? May be I can some how include EmpId in the users.readBasic.all from some settings, not sure so looking some ways.
- question is if I want to trun off Admin consent which is 'Yes' to "users.Read.All" so any signed in user can be authorize to get the user.Read.All scope without having an admin to interfere. How can I make the user.Read.All to no?
- I was testing some scope, when came to 'User.Read", it is thwoing error and asking for admin consent. User.Read is added in permission by the app and also does not requre 'Admin consent so I am not sure why it is asking for admin consent?