Configuring and Using Custom Claims in Microsoft Entra ID

preview_player
Показать описание
Microsoft Entra ID (formerly Azure AD) now makes it easier to configure custom claims for applications to trust it for authentication and authorization.

Custom claims, or optional claims, are typically needed to provide additional information in Access Tokens to assist the receiving API in authorizing access to resource data. Custom claims in ID Tokens can be used by an application to provide custom experiences based on these claims.

Role or Group claims are typically used to provide conditional access to resource data, but third-party applications may require additional data that is not included in these claims. For example, an application may require department or division information to assist in determining what data to expose. Using custom claims, this information can be readily obtained from existing directory information. 

In this technical webinar, Principal Consultant Randy Robb covers Microsoft Entra's new application configuration blade for utilizing custom attributes, and how this can be utilized to provide custom claims in SAML, ID, and access tokens. He also demos examples of custom claims in returned tokens and how to utilize them.
  1. Oxford Computer Group US
  2. Microsoft Entra ID
  3. Entra ID Custom Claims
  4. Azure AD Custom Claims
  5. Optional claims
  6. secure authentication
Рекомендации по теме
Configuring and Using 0:40:01

Configuring and Using Custom Claims in Microsoft Entra ID

Configure Microsoft Entra 0:13:12

Configure Microsoft Entra ID Custom claims provider (part two)

Introduction to Microsoft 0:05:54

Introduction to Microsoft Entra ID Custom claims providers (part one)

Firebase Auth Tutorial 0:05:42

Firebase Auth Tutorial #17 - Intro to Custom Claims

Controlling Data Access 0:13:12

Controlling Data Access Using Firebase Auth Custom Claims (Firecasts)

Azure AD Sample 0:25:04

Azure AD Sample Application | Custom Claims with Extension Attributes

Microsoft Entra ID 0:18:40

Microsoft Entra ID | Custom Claims in Azure Active Directory | Claims Mapping Policy

Configuring Microsoft Entra 0:24:52

Configuring Microsoft Entra Custom authentication extensions

How to Add 0:15:26

How to Add Custom Claims to ID Tokens Using Auth0 Actions

Implementing Claims Best 0:08:24

Implementing Claims Best Practices I How to Add API Custom Claims to Access Tokens

How to Enrich 0:20:08

How to Enrich Azure AD B2C Token with Custom Claims using API Connector | Call DB to save data

Entra ID (Azure 0:11:34

Entra ID (Azure AD) Custom Security Attributes

Adding Custom Claims 0:02:48

Adding Custom Claims to Token for Okta default authorization server

Using Custom JWT 0:09:09

Using Custom JWT Claims For Authorization In ASP.NET Core | Permission Authorization - Part 4

Role-based Access Control 0:09:35

Role-based Access Control (RBAC) User Authorization in Next.js

Create Custom Claims 0:07:30

Create Custom Claims Management Solutions

Configuring an Enterprise 0:18:19

Configuring an Enterprise Application for Single Sign-on

Sharepoint: Configure Custom 0:01:56

Sharepoint: Configure Custom claim provider to work with Search 2013 (2 Solutions!!)

Overview of group 0:10:49

Overview of group assignment and claims in Entra ID | Microsoft

Setting Up Custom 0:09:25

Setting Up Custom Claims in Supabase Auth Hooks: A Beginners Guide

6.1 Rules for 0:01:08

6.1 Rules for Custom JWT Claims

ASP.NET Monsters #132 0:14:05

ASP.NET Monsters #132 - Adding Custom Claims in Identity

CA Single Sign-On: 0:10:38

CA Single Sign-On: Generate Custom Claims Using CA Single Sign-On OpenID Connect Provider

Claims based authorization 0:07:17

Claims based authorization in asp net core

Комментарии
Автор

After lot of googling, found this video the most helpful! Thanks

nryttv
Автор

Sheesh.. It was there all the while I spent 2 days trying to make custom claims work by adding them as Optional Claims from App Registration instead. Those claim names would appear in Manifest file but never appear in ID or Access tokens. Entra ID is really a bad implementation. Receiving Manager, Sponsor and custom non-predefined attributes in claims are still a headache.

saiwares
Автор

This video has been really helpful setting up Clients with custom claims through Entra. What I want to do next is automate this through bash scripts using the Azure Cli. I've managed to configure the majority of the client registration, i.e. app roles, consent, manifest changes etc. However I've hit a bit of a wall trying to find a way to add custom claims through the Single Sign On available in the Enterprise Application section.

Is it possible to do this from the command line, that is through Azure Cli from bash, not powershell? Tokens generated are for api to api using the client_cred flow so optional claims to support this don't seem like an option.

Any input much appreciated!

Parawata