Azure AD B2C user flow : Is there a way to hide custom attributes on the unified signin/signup page without removing it AND not having to Use custom page content?

Question

Azure AD B2C user flow : Is there a way to hide custom attributes on the unified signin/signup page without removing it AND not having to Use custom page content?

John Stephens 16

I am setting up an Azure AD B2C user flow. I am using the unified sign up or sign in page.
The User attributes:
User Attributes:
Built-in : Given Name, Surname
Custom: InternalUserid

I want to hide the internalUserid on the signup form. We need to keep the internalUserid because it is populated after submitting a signup.

Is there a way to hide the InternalUserId on the signup form without removing it AND not having to Use custom page content?

2 answers

Your answer

Answer 1

AmanpreetSingh-MSFT 56,871 Moderator

Hi @John Stephens • Thank you for reaching out.

As you don't want to collect InternalUserid during signup and want to populate the value later, you need to:

Uncheck the checkbox for this custom attribute under Azure AD B2C > your_user_flow > User attributes so that users don't get the text box to populate the value for this attribute.
Select the checkbox for InternalUserid attribute under Azure AD B2C > your_user_flow > Application claims so that once the attribute value is populated later, it can be returned as claim in the token.

--------------------------------------------------------------------------------------------------------------

Below are the optional steps that you can use for verification purposes.

To confirm if the value of this attribute can be configured after signup, you can use the below graph call using Graph Explorer and sign in with Global Admin of B2C tenant created by using Azure AD > Users > +New user option:

Call:

Patch https://graph.microsoft.com/beta/users/object_id_of_signed_up_user

Body:

{  
    "extension_2ad62axxxxxxxxxxxxfd85dea302d1b5_InternalUserid": "value_to_be_assigned"  
}

Where, 2ad62axxxxxxxxxxxxfd85dea302d1b5 is the application id of Azure AD> App Registrations> b2c-extensions-app (without hyphens).

Run GET https://graph.microsoft.com/beta/users/object_id_of_signed_up_user to see the value you have assigned to the InternalUserid attribute.

You can also run your user flow to confirm the value you have assigned to the custom attribute is returned in the token.

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

John Stephens 16 Reputation points

2022-01-12T17:56:52.507+00:00

amanpreetsingh-msftsolution thanks for getting back with me, I appreciate your response. Is your solution to use Graph API calls to populate the value after the user is created? If we do that, then we can get by with un-checking the InternalUserid attribute.

However, we want to use the response to the API Connector defined in our User Flow to set the value. In this case is there a way to hide the InternalUserid on the signup page?
AmanpreetSingh-MSFT 56,871 Reputation points Moderator

2022-01-13T08:12:44.507+00:00

@John Stephens · I just suggested the Graph call for a quick and easy test. You can use the API Connector as well to set the value after user creation. Just uncheck InternalUserid under User attributes and check it under the Application claims section as I mentioned above.
AmanpreetSingh-MSFT 56,871 Reputation points Moderator

2022-01-14T12:28:56.147+00:00

@John Stephens · Just checking if you have any further questions.
John Stephens 16 Reputation points

2022-01-14T19:29:54.073+00:00

Nope, I think we are good to go. Thank you for the help! Much appreciated.
John Stephens 16 Reputation points

2022-01-14T21:19:27.907+00:00

I did some more digging and found this (which I know I've seen before):

To write claims to the directory on sign-up that shouldn't be collected from the user, you should still select the claims under User attributes of the user flow, which will by default ask the user for values, but you can use custom JavaScript or CSS to hide the input fields from an end user.

Quote taken from: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-api-connector?pivots=b2c-user-flow

I think it would be worth getting some clarification on this. Do you know why we should keep the user attribute selected for the user flow. What could go wrong if we don't?
AmanpreetSingh-MSFT 56,871 Reputation points Moderator

2022-01-17T12:52:17.327+00:00

@John Stephens · Thank you for pointing it out. I did some research on it and found that in case of User Flow, only the fields added to the signup page can be written to the directory via API Connector. If you don't add user attribute to user flow, the value of the attribute can't be populated in the Directory via API Connector.

Without using JavaScript or CSS to hide the input fields, the only way around as of now is to use custom policies. As custom policies can do it without displaying the fields to the user.
AmanpreetSingh-MSFT 56,871 Reputation points Moderator

2022-01-25T06:15:35.413+00:00

@John Stephens · Have you had a chance to test it out?
Peter Weiss 50 Reputation points

2023-12-15T11:56:46.3666667+00:00

Hi @AmanpreetSingh-MSFT ,

firstly, thank you for supporting the Azure B2C online. It did help many times to find your responses.

To this topic "hiding the custom attributes from self-assertion page".

There is multiple use-cases when we or other customers just want to save new custom attribute into the directory. Even not custom attributes, also built-in, for example "Job Title" (user enters firstname, lastname and you can just in API connector to concatenate the strings and save it as displayName attribute in the directory).

Are there any news and improvements on this topic? Or still just hacking via javascript and css? This really puts the whole solution down. Azure B2C is good and configurable with external customers.

And having the workaround as "to use custom policy", is not good way to go. Even Microsoft in their docs has stated, the recommended is User flow. Not a Custom policy.

Thank you,

Peter
Max Forsman 0 Reputation points

2024-05-06T14:18:43.66+00:00

I want to echo what others have said here, and emphasize how important it is to be able to easily hide these claims from the signup forms while still allowing backend to populate them. One obvious use-case for this is populating the claim with something like our own database ID for the user, as opposed to the Microsoft AD OID.

An option to hide a claim from the form, or allowing API connectors to populate arbitrary claims and not just the ones configured on the flow, would be greatly appreciated. As it stands, the poor options available for customizing the user flows make them nearly useless for any non-trivial use case.

Answer 2

Henry Zhang 206

if your API connector is a azure function, you can keep the user attribute unchecked. Instead of return back the custom attribute value, you could make a call to the graph API endpoint and modify the value directly.

How to call graph API from Azure function here: https://learn.microsoft.com/en-us/azure/app-service/scenario-secure-app-access-microsoft-graph-as-app?tabs=azure-cli

This way, no need for custom css. But still hide your custom property

Share via

Azure AD B2C user flow : Is there a way to hide custom attributes on the unified signin/signup page without removing it AND not having to Use custom page content?

2 answers

Your answer