This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 75%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERL%3C/text%3E%3C/svg%3E)
Hello,
I'm testing the new Entra ID External tenants, but I can't find a way to get an ID token including the OID claim.
In AAD B2C tenants the OID claim is always included in ID token and it identifies the user inside the directory (i.e. doesn't depend on the app the user is logging in).
I can see only the SUB claim, but it doesn't fit my requirements.
Any hints?
Thanks in advance
Roberto
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 26%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERL%3C/text%3E%3C/svg%3E)
Hi Navya,
thanks for your reply. I found a way to get this claim.
As stated in the reference
https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference
to retrieve this claim, the app must be granted "profile" scope access.
In the Entra portal, the UI for the "run user flow" feature does not allow selecting which scopes to request, and the scope dropdown is locked to "openid".
To obtain the claim, you need to manually add the "profile" scope to the test URL.
Roberto
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
I understand that the oid claim is not included in the ID token in Microsoft Entra ID External tenants.
According to this document https://learn.microsoft.com/en-us/entra/external-id/customers/reference-oidc-claims-mapping-customers The ID token does not include the oid claim, which is why you are not getting it in the ID token. Unfortunately, there is no way to customize these claims.
I would like to request that you share your feedback on our feedback channel https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789 Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.