Extract Azure Custom Claim from ID Token and copy it to User Metadata in Auth0

Problem statement

When using Azure AD with an SSO authentication mechanism, the Azure AD populates a custom claim field in the ID Token returned after the authentication. Is it possible to extract this custom claim from the ID Token to set it as user_metadata in Auth0?

When trying to use Actions, neither the Event Object or the API Object parameter contains the ID token returned from Azure AD.

Cause

Azure AD has been configured to store a custom claim in the Azure ID Token, with the expectation that Actions can be used to extract the custom claim and add it to user_metadata on the Auth0 side of the transaction.

Use of an Azure AD Enterprise connection will not solve this problem. Instead, it is necessary to setup either an Enterprise OIDC Connection or a SAML Connection.

Solution

Configure either an Enterprise OIDC or SAML Connection. Once an Enterprise OIDC or SAML Connection has been provisioned, the custom claim can be added to the user profile at the root level.

From there, it will be possible to access it in an Action from the 'event.user’ property and then call 'api.user.setUserMetadata ’ to enrich the user_metadata profile. See this example in the documentation.