แก้ไข

แชร์ผ่าน


Add user attributes to token claims

Applies to: White circle with a gray X symbol. Workforce tenants Green circle with a white check mark symbol. External tenants (learn more)

User attributes are values collected from the user during self-service sign-up. In addition to built-in user attributes, you can create custom attributes when you need to collect additional information. Because your application might rely on certain user attributes to function as designed, you can add any of these attributes to the token that is sent from Microsoft Entra ID to your application.

You can specify which built-in or custom attributes you want to include as claims in the token that Microsoft Entra ID sends to your application.

Tip

Try it now

To try out this feature, go to the Woodgrove Groceries demo and start the “Add claims to security tokens from a REST API” use case.

Prerequisites

Add built-in or custom attributes to the token

  1. Sign in to the Microsoft Entra admin center.

  2. Browse to Identity > Applications > App registrations.

  3. Select your application in the list to open the application's Overview page.

    Screenshot of the overview page of the app registration.

  4. In the Essentials section, under Managed application in local directory, select the link showing the name of your application.

    Screenshot of the managed application in local directory link.

  5. Under Manage, select Single Sign-on.

  6. In the Attributes & Claims section, select the Edit icon.

    Screenshot of the attributes and claims section and the edit icon.

To add a built-in attribute to the token as a claim

  1. On the Attributes & Claims page, select Add new claim.

  2. Enter a Name.

  3. Next to Source, select Attribute. Then use the drop down list to select the built-in attribute.

    Screenshot of the drop down list of built-in attributes.

  4. Select Save. Repeat for all built-in attributes you want to add.

To add a custom attribute to the token as a claim

  1. On the Attributes & Claims page, select Add new claim.

  2. Enter a Name.

  3. Next to Source, select Directory schema extension.

    Screenshot of the Directory schema extension option.

  4. In the Select Application pane, select b2c-extensions-app (the app that contains all extension attributes for your external tenant), and then choose Select.

    Screenshot of the Select Application pane.

  5. In the Add Extension Attributes pane, find the custom attribute you want to add as a claim to the token, and then select it.

  6. Select Add.

  7. Select Save. Repeat for each custom attribute you want to add.

Update the application manifest to accept mapped claims

  1. Sign in to the Microsoft Entra admin center.
  2. Browse to Identity > Applications > App registrations.
  3. Select your application in the list to open the application's Overview page.
  4. In the left menu, under Manage, select Manifest to open the application manifest.
  5. Find the acceptMappedClaims key and set its value to true.
  6. Find the allowPublicClient key and set its value to true.
  7. Select Save.

See also