0

I want to store some additional user attributes in form of key and value pairs to all the AD users, for example: 'colorTheme:red', 'userLang:english' etc.

I have added these custom attributes using the Azure AD B2C > User Attributes

I am trying to Read and Write as per the below link.
https://learn.microsoft.com/en-us/graph/extensibility-open-users

I did try using the Graph API calls:

GET https://graph.microsoft.com/v1.0/users?$select=displayName&$expand=extensions
I do get the user details but don't get custom attribute  

GET https://graph.microsoft.com/v1.0/me/extensions
{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('ad-user-id')/extensions",
    "value": []
}

How do I get and set the value for the custom attribute?
Is there any other way of storing addition user properties?

User7723337
  • 11,857
  • 27
  • 101
  • 182
  • Are you using custom policies? Do you want these Claims in the user JWT? Calling graph API is always a performance bottleneck. – Juanma Feliu May 29 '22 at 06:42

1 Answers1

1

The following steps can be used for getting extension properties (custom attributes) defined for a user in Azure AD B2C

  1. Call the following endpoint to get all the existing extension properties. Replace the {{extensionappobjectidwithoutdashes}} with your extension app's object Id without dashes.
https://graph.microsoft.com/v1.0/applications/{{extensionappobjectidwithoutdashes}}/extensionProperties
  1. This will give result that looks something like this. I have removed the guids
{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications('extensionappobjectidwithoutdashes')/extensionProperties",
    "value": [
        {
            "id": "",
            "deletedDateTime": null,
            "appDisplayName": "",
            "dataType": "String",
            "isSyncedFromOnPremises": false,
            "name": "extension_<extensionappIdwithoutdashes>_extensionAttribute1",
            "targetObjects": [
                "User"
            ]
        },
        {
            "id": "",
            "deletedDateTime": null,
            "appDisplayName": "",
            "dataType": "String",
            "isSyncedFromOnPremises": false,
            "name": "extension_<extensionappIdwithoutdashes>_extensionAttribute2",
            "targetObjects": [
                "User"
            ]
        }
    ]
}
  1. While calling graph api to get user details, add the name of the extension attribute in the select query
https://graph.microsoft.com/v1.0/users?$select=displayName,extension_extension_<extensionappIdwithoutdashes>_extensionAttribute1,extension_extension_<extensionappIdwithoutdashes>_extensionAttribute2

Notes

  • Use the following docs to see how to create extension properties using ms graph apis
    extensionProperty resource type
  • The extensionappobjectidwithoutdashes and extensionappIdwithoutdashes are different guids. Find them in App Registrations > b2c-extensions-app
sabique
  • 223
  • 1
  • 7
  • I am not able to get the `extensionappIdwithoutdashes` I am not able to find the path `App Registrations > b2c-extensions-app`. Is there a Graph API to get it? – User7723337 May 25 '22 at 07:04
  • I believe your tenant is a Azure AD B2C tenant since you added the user attributes from the portal using Azure AD B2C > User Attributes. Go to `Azure AD B2C > App registrations > All applications` and search for `b2c-extensions-app`. It's full name might be something like `b2c-extensions-app. Do not modify. Used by AADB2C for storing user data`.' Open the application and go to Overview to find the Application (Client) ID and Object ID – sabique May 25 '22 at 08:15
  • @User7723337 You can use the following url to get the default extensions app using Graph API. The value in id will be the objectId and there will also be another property named appId in the results. `https://graph.microsoft.com/v1.0/applications?$filter=startsWith(displayName, 'b2c-extensions-app')` – sabique May 25 '22 at 08:43
  • I am very new to Azure AD, I did search how to add custom attributes or parameters to the AD user and I got the details related to Adding custom attribute to Azure AD B2C. But I am not sure if it is the write approach. If it is not how can I add add custom attributes to my AD user profiles. I have the customer attribute added to B2C but not sure how it is linked to my AD or even if it is possible. Please suggest approach. – User7723337 May 25 '22 at 09:24
  • 1
    @User7723337 Please take a look at this [Define custom attributes in Azure Active Directory B2C](https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-flow-custom-attributes?pivots=b2c-custom-policy#azure-ad-b2c-extensions-app) and [Azure AD vs Azure AD B2C vs Azure AD B2B](https://stackoverflow.com/questions/39271230/azure-ad-vs-azure-ad-b2c-vs-azure-ad-b2b). I'm not an expert on AD and AD B2C, but my understanding is that B2C uses the same directory. Users and applications are shared. – sabique May 26 '22 at 07:05
  • 1
    @User7723337 I'm not sure about this, if you working strictly on Azure AD, take a look at this too https://learningbydoing.cloud/blog/getting-started-with-azuread-extension-attributes/ – sabique May 26 '22 at 07:13