问题
How do I add a Custom Attribute, when using custom policies, that is not used in a sign-up nor edit policy?
Background
I need to define custom attributes that will be set via the AD Graph API, not the user.
I found this note:
There is a known limitation of custom attributes. It is only created the first time it is used in any policy, and not when you add it to the list of User attributes.
So I'm thinking what I'm trying to do is not achievable directly. I guess a workaround would be:
- Create an edit (or sign-up) policy
- Perform a user edit prompting for the new custom attribute(s)
- Delete the edit policy
Update
I started implementing my workaround via a sign-up policy and after uploading my custom policies, the new attribute, NewCustomAttribute, is there without creating a user.
What magic added this new attribute?
.\b2c Get-Extension-Attribute [my-ad-app-guid]
{
"odata.metadata": "https://graph.windows.net/ebenefitsdev.onmicrosoft.com/$metadata#directoryObjects/Microsoft.DirectoryServices.ExtensionProperty",
"value": [
{
"odata.type": "Microsoft.DirectoryServices.ExtensionProperty",
"objectType": "ExtensionProperty",
"objectId": "[some-guid]",
"deletionTimestamp": null,
"appDisplayName": "",
"name": "extension_[my-ad-app-guid]_NewCustomAttribute",
"dataType": "String",
"isSyncedFromOnPremises": false,
"targetObjects": [
"User"
]
}
}
回答1:
The extensions app, which is added to the Azure AD B2C directory when it is created, registers the extension property when a custom attribute is created via the Azure AD B2C blade.
The extensions app ID should match the middle part of the extension property name.
After the extension property is registered by the extensions app and before it is referenced by any built-in or custom policy, it can be read from and written to via the Azure AD Graph API.
来源:https://stackoverflow.com/questions/47479827/add-custom-attribute-not-used-in-sign-up-nor-edit-policy