0

How do I add a Custom Attribute, when using custom policies, that is not used in a sign-up nor edit policy?

Background

I need to define custom attributes that will be set via the AD Graph API, not the user.

I found this note:

There is a known limitation of custom attributes. It is only created the first time it is used in any policy, and not when you add it to the list of User attributes.

So I'm thinking what I'm trying to do is not achievable directly. I guess a workaround would be:

  1. Create an edit (or sign-up) policy
  2. Perform a user edit prompting for the new custom attribute(s)
  3. Delete the edit policy

Update

I started implementing my workaround via a sign-up policy and after uploading my custom policies, the new attribute, NewCustomAttribute, is there without creating a user.

What magic added this new attribute?

.\b2c Get-Extension-Attribute [my-ad-app-guid]

{
  "odata.metadata": "https://graph.windows.net/ebenefitsdev.onmicrosoft.com/$metadata#directoryObjects/Microsoft.DirectoryServices.ExtensionProperty",
  "value": [
    {
      "odata.type": "Microsoft.DirectoryServices.ExtensionProperty",
      "objectType": "ExtensionProperty",
      "objectId": "[some-guid]",
      "deletionTimestamp": null,
      "appDisplayName": "",
      "name": "extension_[my-ad-app-guid]_NewCustomAttribute",
      "dataType": "String",
      "isSyncedFromOnPremises": false,
      "targetObjects": [
        "User"
      ]
    }
}
spottedmahn
  • 14,823
  • 13
  • 108
  • 178

1 Answers1

1

The extensions app, which is added to the Azure AD B2C directory when it is created, registers the extension property when a custom attribute is created via the Azure AD B2C blade.

The extensions app ID should match the middle part of the extension property name.

After the extension property is registered by the extensions app and before it is referenced by any built-in or custom policy, it can be read from and written to via the Azure AD Graph API.

Chris Padgett
  • 14,186
  • 1
  • 15
  • 28
  • So adding the claim type should be enough? i.e. what is the minimum? And what’s the delay until it shows up via a ad graph api call? – spottedmahn Nov 27 '17 at 01:08
  • The extension app is manually created for custom policies... perhaps ur answer should reflect that? And thanks for ur reply!! – spottedmahn Nov 27 '17 at 01:14
  • Hi @spottedmahn. I've updated the above answer. The extensions app is added when the Azure AD B2C directory is created. The extension property is added when a custom attribute is created after which the extension property can be read from and written to. – Chris Padgett Nov 27 '17 at 08:40
  • Hey @Chris - true for built-in policies but not custom policies: [Creating a new application to store the extension properties](https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-create-custom-attributes-profile-edit-custom#creating-a-new-application-to-store-the-extension-properties). – spottedmahn Nov 27 '17 at 15:17
  • Hi @spottedmahn. You don't have to create a new app. You can re-use the existing app. The main advantage of re-using the existing app is that the custom attributes are common across built-in and custom policies. – Chris Padgett Nov 28 '17 at 21:40
  • Hi Chris- that’s brilliant, I really like that idea. Thanks! – spottedmahn Nov 28 '17 at 21:45