Microsoft Entra ID (formerly Azure AD) now makes it easier to configure custom claims for applications to trust it for authentication and authorization.
Custom claims, or optional claims, are typically needed to provide additional information in Access Tokens to assist the receiving API in authorizing access to resource data. Custom claims in ID Tokens can be used by an application to provide custom experiences based on these claims.
Role or Group claims are typically used to provide conditional access to resource data, but third-party applications may require additional data that is not included in these claims. For example, an application may require department or division information to assist in determining what data to expose.
Using custom claims, this information can be readily obtained from existing directory information. Without the use of custom claims, this information may have to been provided by creating a claims mapping rule based on a user’s group name.
In this technical webinar, Principal Consultant Randy Robb covers Microsoft Entra’s new application configuration blade for utilizing custom attributes, and how this can be utilized to provide custom claims in SAML, ID, and access tokens. He also demos examples of custom claims in returned tokens and how to utilize them.