Azure AD Profile Mappings

Knowledge Articles
1

Problem statement

This article provides the default Azure AD profile mappings.

Solution

The Azure AD profile mappings are as follows (Auth0 attribute on left, Azure AD attribute on right in order they are tested):

  • Microsoft Identity Platform (v2)
const profileFieldsMap = {
  // For windows live, we use the user oid, which is the same across clients.
  // However, to maintain the same IDs used previously for waad sub is a better match for the azureId used on v1
  user_id: 'sub',
  tenantid: 'tid',
  nickname: ['upn', 'userPrincipalName'],
  roles: ['roles', 'role'],
  email: ['email', 'mail'],
  upn: ['upn', 'userPrincipalName'],
  given_name: 'givenName',
  family_name: 'surname',
  oid: 'oid',
  name: 'name',
  account_enabled: 'accountEnabled',
  assigned_licenses: 'assignedLicenses',
  assigned_plans: 'assignedPlans',
  city: 'city',
  country: 'country',
  department: 'department',
  fax: 'faxNumber',
  job_title: 'jobTitle',
  dir_sync_enabled: 'onPremisesSyncEnabled',
  last_sync: 'onPremisesLastSyncDateTime',
  mobile: 'mobilePhone',
  group_ids: 'groups',
  phone: 'businessPhones',
  postal_code: 'postalCode',
  preferred_language: 'preferredLanguage',
  provisioned_plans: 'provisionedPlans',
  provisioning_errors: 'onPremisesProvisioningErrors',
  proxy_addresses: 'proxyAddresses',
  state: 'state',
  street: 'streetAddress',
  usage_location: 'usageLocation',
};
  • Azure Active Directory (v1)
const fieldsMap = {
  puid: 'http://schemas.xmlsoap.org/claims/PUID',
  upn: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', 'unique_name'],
  user_id: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', 'unique_name'],
  azure_id: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier', 'sub'],
  given_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname', 'given_name'],
  family_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname', 'family_name'],
  nickname: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', 'unique_name'],
  tenantid: ['http://schemas.microsoft.com/identity/claims/tenantid', 'tid'],
  roles: [
    'http://schemas.microsoft.com/ws/2008/06/identity/claims/roles',
    'roles',
    'http://schemas.microsoft.com/ws/2008/06/identity/claims/role',
    'role',
  ],
  account_enabled: 'accountEnabled',
  assigned_licenses: 'assignedLicenses',
  assigned_plans: 'assignedPlans',
  city: 'city',
  country: 'country',
  department: 'department',
  dir_sync_enabled: 'dirSyncEnabled',
  fax: 'facsimileTelephoneNumber',
  job_title: 'jobTitle',
  last_sync: 'lastDirSyncTime',
  mobile: 'mobile',
  group_ids: 'groups',
  //'password_policies': 'passwordPolicies',
  phone: 'phone',
  physical_delivery_office_name: 'physicalDeliveryOfficeName',
  postal_code: 'postalCode',
  preferred_language: 'preferredLanguage',
  provisioned_plans: 'provisionedPlans',
  provisioning_errors: 'provisioningErrors',
  proxy_addresses: 'proxyAddresses',
  state: 'state',
  street: 'streetAddress',
  telephoneNumber: 'telephoneNumber',
  usage_location: 'usageLocation',
  access_token: 'access_token',
  expires_in: 'expires_in',
  refresh_token: 'refresh_token',
  oid: ['http://schemas.microsoft.com/identity/claims/objectidentifier', 'oid'],
};

const emailTargetFields = [
  'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
  'email',
  'mail',
];

const emailFallbackFields = [
  'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
  'unique_name',
];
1 Like