User Attributes and ExtensionProperties - how are they related?

Alex B 76 Reputation points
2020-01-16T19:02:34.75+00:00

I made a method that creates ExtensionProperty for User and it works - I'm able to define a property for a User and then read/write its values for the Application. But I do not see these as User Attributes in the portal.

So what are User Attributes (Portal => Azure B2C => User Attributes) ? How are they related to Extension Properties? How should ExtensionProperty be defined to show up in the Portal?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,966 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,643 questions
0 comments No comments
{count} vote

Accepted answer
  1. AmanpreetSingh-MSFT 56,701 Reputation points
    2020-01-20T07:33:08.457+00:00

    @Alex B The method you are following for schema extension (https://learn.microsoft.com/en-us/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions), creates attribute in Azure AD but the result will not show up in the portal, because B2C service itself tracks it, rather than looking at the directory. If you create the attribute again under B2C > User Attributes with the same name, then B2C will reconcile it and show it in the portal. But, as of now it is not possible to programmatically create a User Attribute that will show up in the Portal.

    To answer your second question, schema extension is done under user context and the account must have Directory.AccessAsUser.All permission. Although we use Object ID of the application during this process but the application doesn't need to be authenticated using client secret or certificate.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.


2 additional answers

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,701 Reputation points
    2020-01-18T11:06:29.347+00:00

    @Alex B Azure AD B2C shares some functionality with the standard Azure AD enterprise tenant. When you directly extend schema by adding new attribute for users, using the b2c-extensions-app, that attribute becomes available only for the standard Azure AD functionality of the Azure AD B2C tenant but not for the B2C functionality.

    On the other hand, if you extend schema by using Portal => Azure B2C => User Attributes to add new attribute, it utilizes b2c-extensions-app to extend the schema and the new attribute becomes available for both standard Azure AD as well as the B2C functionality and the attribute name will be in below format:
    extension_< AppID of b2c-extensions-app >_AttributeName

    You can use below cmdlet to see this attribute under extensionProperty of the user, if this attribute is assigned with a value:

    Get-AzureADUser -ObjectId < User's Object ID > | select -ExpandProperty ExtensionProperty  
    

    or by using below graph call at https://developer.microsoft.com/en-us/graph/graph-explorer#

    GET https://graph.microsoft.com/beta/users/username@your_tenant.onmicrosoft.com  
    

    ----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    1 person found this answer helpful.

  2. FrankHu-MSFT 976 Reputation points
    2020-01-17T01:34:15.117+00:00

    Hey @Alex B

    User Attributes are typically meant for AAD B2C custom policies and user flows but their underlying technical mechanics utilize the extension properties. Note that extension properties are the same thing as schema extensions.

    Essentially they are the same, but User Attributes are oriented around AAD B2C users. The docs on this can be found here : https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-custom-attr

    For more information on extension properties please see the follow links below: https://learn.microsoft.com/en-us/powershell/azure/active-directory/using-extension-attributes-sample?view=azureadps-2.0
    https://learn.microsoft.com/en-us/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions
    https://learn.microsoft.com/en-us/graph/api/resources/schemaextension?view=graph-rest-1.0

    There is currently no blade to display extension properties, you have to use the MSFT Graph API in order to see them. If you're interested in this feature, I suggest filing this as feedback against the AAD Uservoice feedback here : https://feedback.azure.com/forums/169401-azure-active-directory

    Please let us know if you have anymore questions in regards to this,

    Thanks,

    • Frank Hu

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.