We had Azure AD with internal users and applications and it was easy to authorize them using app roles and role assignment in enterprise applications.
Now we have another requirements: we need to authorize invited users using ADB2C. After some investigation I found custom attributes and I was hoping that it is possibly to easily assign them to any created user. And then just get this attribute's value in ID token after sign in (just specified this claim in sign in user flow).
BUT as far as I understood it is impossible to assign it manually to the user somewhere in the portal, isn't it? Can anybody suggest some way how to manage roles using custom attributes or any another approach. Thanks!
I agree with @rbrayb, you can make use of MS Graph API to assign custom attributes value to users. Just adding few more insights on achieving that.
I created one custom attribute named Hobby
in my Azure B2C tenant like below:
To assign custom attribute value to user, you need to use below PATCH request:
PATCH https://graph.microsoft.com/v1.0/users/<userID>
{
"extension_<b2cExtensionsAppIDwithouthyphen>_Hobby": "your_hobby"
}
To get the AppID
of b2c-extensions app, you can check here:
When I ran below PATCH request in Graph Explorer by signing in with B2C user account, I got response like this:
PATCH https://graph.microsoft.com/v1.0/users/<userID>
{
"extension_<b2cExtensionsAppIDwithouthyphen>_Hobby": "your_hobby"
}
Response:
To confirm that, I ran user flow by selecting Hobby
in Application Claim like below:
I got extension_Hobby
claim successfully in decoded token claims after signing in like below: