Azure B2C. Edit custom attribute using Azure Portal

Question

I have created Azure B2C application in Azure Portal. I need to use only sign-in policy for this application(no sign-up). I need to create two kinds of users - Simple User and Admin. For this purpose I have created custom string attribute - Role. It is returned as a claim for sign-in policy via token.

Now I want to add new user with Role = Admin using Azure portal - but I can not find any place where I can edit Role(custom attribute) for this user.

The only way I managed to edit Role attribute is using Azure B2C Graph API Application. But I dont want to create extra UI for this purpose in my application.

So, my questions are:

1. Is it possible to add new user with custom attribute using Azure Portal without using sign-up policy?
2. Are there any other ways of adding custom attribute to user except GraphAPI and sign-up?

Answer 1

Short answer, 1. no and 2. no.

At this point in time, there are only two ways to manage a user's custom attributes:

• The user him/herself can update them via the signup, unified signup/signin and edit profile policies. This is not useful for your scenario though.

• Via the Graph API, using either a delegated non-admin user token (can only update that user's attributes), a delegated admin token (can update any user's attributes) or an app token (can update any user's attributes as well). Strictly speaking, you don't have to build a UI and can have a console application for this. Check out this sample.

I'd recommend that you create an entry in the Azure AD B2C UserVoice forum to request a way for an admin to manage custom attributes via the UI.

A completely different approach you can follow is to use Azure AD Groups which you can manage via the UI, the caveat with this is that they are not included in the claims and you'd need to add an extra call to the Graph API in your app to get the group claim and pivot off that. Here's the link to UserVoice ask to add Groups in claims for Azure AD B2C.