ClaimsProviders
Note
In Azure Active Directory B2C, custom policies are designed primarily to address complex scenarios. For most scenarios, we recommend that you use built-in user flows. If you've not done so, learn about custom policy starter pack in Get started with custom policies in Active Directory B2C.
A claims provider is an interface to communicate with different types of parties via its technical profiles. Every claims provider must have one or more technical profiles that determine the endpoints and the protocols needed to communicate with the claims provider. A claims provider can have multiple technical profiles. For example, multiple technical profiles may be defined because the claims provider supports multiple protocols, various endpoints with different capabilities, or releases different claims at different assurance levels. It may be acceptable to release sensitive claims in one user journey, but not in another.
A user journey combines calling technical profiles via orchestration steps to define your business logic.
<ClaimsProviders>
<ClaimsProvider>
<Domain>Domain name</Domain>
<DisplayName>Display name</DisplayName>
<TechnicalProfiles>
</TechnicalProfile>
...
</TechnicalProfile>
...
</TechnicalProfiles>
</ClaimsProvider>
...
</ClaimsProviders>
The ClaimsProviders element contains the following element:
| Element | Occurrences | Description |
|---|---|---|
| ClaimsProvider | 1:n | An accredited claims provider that can be leveraged in various user journeys. |
ClaimsProvider
The ClaimsProvider element contains the following child elements:
| Element | Occurrences | Description |
|---|---|---|
| Domain | 0:1 | A string that contains the domain name for the claim provider. For example, if your claims provider includes the Facebook technical profile, the domain name is Facebook.com. This domain name is used for all technical profiles defined in the claims provider unless overridden by the technical profile. The domain name can also be referenced in a domain_hint. For more information, see the Redirect sign-in to a social provider section of Set up direct sign-in using Azure Active Directory B2C. |
| DisplayName | 1:1 | A string that contains the name of the claims provider. |
| TechnicalProfiles | 0:1 | A set of technical profiles supported by the claim provider |
ClaimsProvider organizes how your technical profiles relate to the claims provider. The following example shows the Microsoft Entra claims provider with the Microsoft Entra technical profiles:
<ClaimsProvider>
<DisplayName>Azure Active Directory</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="AAD-Common">
...
</TechnicalProfile>
<TechnicalProfile Id="AAD-UserWriteUsingAlternativeSecurityId">
...
</TechnicalProfile>
<TechnicalProfile Id="AAD-UserReadUsingAlternativeSecurityId">
...
</TechnicalProfile>
<TechnicalProfile Id="AAD-UserReadUsingAlternativeSecurityId-NoError">
...
</TechnicalProfile>
<TechnicalProfile Id="AAD-UserReadUsingEmailAddress">
...
</TechnicalProfile>
...
<TechnicalProfile Id="AAD-UserWritePasswordUsingObjectId">
...
</TechnicalProfile>
<TechnicalProfile Id="AAD-UserWriteProfileUsingObjectId">
...
</TechnicalProfile>
<TechnicalProfile Id="AAD-UserReadUsingObjectId">
...
</TechnicalProfile>
<TechnicalProfile Id="AAD-UserWritePhoneNumberUsingObjectId">
...
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
The following example shows the Facebook claims provider with the Facebook-OAUTH technical profile.
<ClaimsProvider>
<Domain>facebook.com</Domain>
<DisplayName>Facebook</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="Facebook-OAUTH">
<DisplayName>Facebook</DisplayName>
<Protocol Name="OAuth2" />
...
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for