Problem statement
This article provides the default Azure AD profile mappings.
Solution
The Azure AD profile mappings are as follows (Auth0 attribute on left, Azure AD attribute on right in order they are tested):
- Microsoft Identity Platform (v2)
const profileFieldsMap = {
// For windows live, we use the user oid, which is the same across clients.
// However, to maintain the same IDs used previously for waad sub is a better match for the azureId used on v1
user_id: 'sub',
tenantid: 'tid',
nickname: ['upn', 'userPrincipalName'],
roles: ['roles', 'role'],
email: ['email', 'mail'],
upn: ['upn', 'userPrincipalName'],
given_name: 'givenName',
family_name: 'surname',
oid: 'oid',
name: 'name',
account_enabled: 'accountEnabled',
assigned_licenses: 'assignedLicenses',
assigned_plans: 'assignedPlans',
city: 'city',
country: 'country',
department: 'department',
fax: 'faxNumber',
job_title: 'jobTitle',
dir_sync_enabled: 'onPremisesSyncEnabled',
last_sync: 'onPremisesLastSyncDateTime',
mobile: 'mobilePhone',
group_ids: 'groups',
phone: 'businessPhones',
postal_code: 'postalCode',
preferred_language: 'preferredLanguage',
provisioned_plans: 'provisionedPlans',
provisioning_errors: 'onPremisesProvisioningErrors',
proxy_addresses: 'proxyAddresses',
state: 'state',
street: 'streetAddress',
usage_location: 'usageLocation',
};
- Azure Active Directory (v1)
const fieldsMap = {
puid: 'http://schemas.xmlsoap.org/claims/PUID',
upn: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', 'unique_name'],
user_id: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', 'unique_name'],
azure_id: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier', 'sub'],
given_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname', 'given_name'],
family_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname', 'family_name'],
nickname: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', 'unique_name'],
tenantid: ['http://schemas.microsoft.com/identity/claims/tenantid', 'tid'],
roles: [
'http://schemas.microsoft.com/ws/2008/06/identity/claims/roles',
'roles',
'http://schemas.microsoft.com/ws/2008/06/identity/claims/role',
'role',
],
account_enabled: 'accountEnabled',
assigned_licenses: 'assignedLicenses',
assigned_plans: 'assignedPlans',
city: 'city',
country: 'country',
department: 'department',
dir_sync_enabled: 'dirSyncEnabled',
fax: 'facsimileTelephoneNumber',
job_title: 'jobTitle',
last_sync: 'lastDirSyncTime',
mobile: 'mobile',
group_ids: 'groups',
//'password_policies': 'passwordPolicies',
phone: 'phone',
physical_delivery_office_name: 'physicalDeliveryOfficeName',
postal_code: 'postalCode',
preferred_language: 'preferredLanguage',
provisioned_plans: 'provisionedPlans',
provisioning_errors: 'provisioningErrors',
proxy_addresses: 'proxyAddresses',
state: 'state',
street: 'streetAddress',
telephoneNumber: 'telephoneNumber',
usage_location: 'usageLocation',
access_token: 'access_token',
expires_in: 'expires_in',
refresh_token: 'refresh_token',
oid: ['http://schemas.microsoft.com/identity/claims/objectidentifier', 'oid'],
};
const emailTargetFields = [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
'email',
'mail',
];
const emailFallbackFields = [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
'unique_name',
];