Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Azure AD Custom Claims Providers Feature Let Users Customize Authentication Flows

Microsoft has announced the public preview of a new custom claims provider feature for Azure Active Directory (Azure AD). The custom extension allows organizations to call an API and map custom claims into the security token during the authentication process.

The custom extensions feature enables Azure Active Directory (Azure AD) users to interact with external systems. It provides a way to store additional data in Azure AD on user objects, groups, tenant details, service principles, and other directory objects. Custom extensions let users build custom solutions to meet their unique business requirements.

“A custom claims provider lets you call an API and map custom claims into the token during the authentication flow. The API call is made after the user has completed all their authentication challenges, and a token is about to be issued to the app. We heard from many of you that you need to return additional claims into the tokens sent to your apps so that they could function as intended,” Microsoft explained.

Microsoft explained that organizations often store user data (such as sensitive information and billing details) in external systems. It’s possible that some IT admins might want to configure custom claim providers to keep identity data in on-premises environments. The new feature eliminates the need to use legacy identity systems, including Active Directory Federation Services (AD FS) and LDAP directory.

Azure AD custom claims provider integrates with other data stores

Currently, it’s not possible to synchronize attributes to Azure AD due to data residency or regulatory requirements. The custom claims provider feature provides integration with third-party systems and other data sources that can’t be synced to the Azure AD directory. You can see how the Azure AD custom extensions and custom claims providers work in the video below:

https://youtu.be/BYOMshjlwbc

Microsoft plans to add support for more customization options for authentication flow in the future. “Custom claims providers is just the first use of a custom extension. We’ll continue to release additional custom extension events, so you can customize your authentication flows even more,” Microsoft added. You can learn more about configuring custom claims providers on this support page.

by Rabia Noureen
Mar 28, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Petri.com’s New Active Directory Outage and Disaster Recovery Survey

Feb 15, 2024
Apr 16, 2024
Essential Guide to Mastering Get-ADGroupMember (AD User Management)

Oct 12, 2023
Get-ADComputer: The PowerShell Command for Managing Active Directory Computers

Nov 15, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.