Share via

How to get groups claim in Azure AD B2C access_token in postman and java

Shelly Goel 36 Reputation points
2021-12-27T16:55:07.19+00:00
  1. I've generated the access_token following the below documentation:

https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow

  1. Added group claim in application registration manifest by enabling the groupMembershipClaims property

And tried many other ways but group names for a user are not returned in the access_token. Please suggest.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,672 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 28,021 Reputation points Microsoft Employee
    2022-01-04T11:55:25.557+00:00

    Hi @Shelly Goel ,

    To add custom claims in the token, custom attributes need to add in the user flow.

    Azure AD B2C provide you the flexibility to add custom attributes as per scenario along with pre-defined built attributes.

    To add custom attributes, In your Azure AD B2C directory,

    1. Select User attributes, and then select Add.
    2. Provide a Name for the custom attribute (for example, "Groups")
    3. Choose a Data Type. Only String, Boolean, and Int are available.
    4. Optionally, enter a Description for informational purposes.
    5. Select Create.

    162235-image1.png

    This custom attribute (which is now User Attributes) need to add in User Attributes and Application Claims of your User Flow.
    User Attributes:

    162213-image1.png

    Application Claims:
    162180-image3.png

    Now Groups is added in the list of attributes which need to collect during the sign-up journey, and the value of that can be seen in token sent back to your application.

    162204-image4.png

    I have provide "Azure B2C" value in groups during Sign Up process which is populated in the token below.

    162261-image5.png

    Reference Docs : https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-flow-custom-attributes?pivots=b2c-user-flow

    Hope this helps to give better understanding.

    Thanks,
    Shweta

    -----------------------------------------------------------

    Please remember to "Accept Answer" and Up-Vote if answer helped you.

    3 people found this answer helpful.
    0 comments
  2. Shelly Goel 36 Reputation points
    2022-01-05T08:52:12.617+00:00

    Thanks for the response Shweta. However, we would not provide Group during signup (signup process is offline) but the groups will be created in AD and users will be assigned membership to those groups. These are the groups that we want in the access token.

    1 person found this answer helpful.
  3. Shweta Mathur 28,021 Reputation points Microsoft Employee
    2021-12-30T06:19:05.223+00:00

    Hi @Shelly Goel ,

    Thanks for reaching out.

    Claims configured by “Token configuration” or through “Manifest” is supported by Azure AD only as of now and not by Azure AD B2C.

    In order to get these claims, you need to configure user flow and custom policies to send certain sets of data in claims that are required for your application. You can also include custom attributes in your claims according to your requirement.

    This will only display those claims that user added while guest user’s sign up. Once user signed-up with a new user account and provided values to those attributes, only those attributes user will able to get the claims in token.

    Reference Docs - https://learn.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview#claims

    Thanks,
    Shweta

    ------------------------------------------------

    Please remember to "Accept Answer" if answer helped you.