Receive a User’s UPN, Email, First and Last Name via Azure Active Directory Custom Manifest

In May 2019 Microsoft has made the new and improved App Registration portal generally available. For some time this new portal has been available under the Azure Active Directory > App registration (preview) menu in the Azure Portal. The old App Registration is still available under Azure Active Directory > App registration (legacy) but most likely it will be discontinued soon.

The ID token does no longer by default contains fields such as user principal name (UPN), email, first and last name, most likely to ensure that personal data is handled with more consideration. As a result, you must manually update the app registration’s manifest to ensure that ID tokens include the UPN, email, first and last name by adding these optional claims.

  1. Go to Azure Portal > Azure Active Directory > App registrations
  2. Find your application registration (you may click on the All applications tab)
  3. Click Manifest
  4. Update the Manifest and change the optionalClaims node as shown below
"optionalClaims": {
	"idToken": [{
			"name": "family_name",
			"source": null,
			"essential": false,
			"additionalProperties": []
		}, {
			"name": "given_name",
			"source": null,
			"essential": false,
			"additionalProperties": []
		}, {
			"name": "upn",
			"source": null,
			"essential": false,
			"additionalProperties": []
		}, {
			"name": "email",
			"source": null,
			"essential": false,
			"additionalProperties": []
		}
	],
	"accessToken": [],
	"saml2Token": []
},

Leave a Reply

Your email address will not be published. Required fields are marked *