Azure AD — Populating the OptionalClaims Section of an Application Manifest, using Powershell

Below is a sample for populating an Azure AD Applications Manifest OptionalClaims Section using PowerShell.

In this example, a user accessing an Application and requesting an IdToken or AccessToken or Saml2Token, will have their value set for an applications custom or optional claim that is specific to the application.

Below is an example of an abbreviated users IdToken, that contains a custom or optional claim and their specific value for that claim.

In the above case, user: “user@email.com”, has the value : “9Z123” set for this claim: CustomOptionalClaimApplicationUserCode. When the user logs into and is using the application, the above custom or optional claim (CustomOptionalClaimApplicationUserCode) and value of “9Z123”, can be available for the application to process.

Below is a Powershell Script, that will create the necessary artifacts to create the above claim for a user. The Application, Service Principal , Extension, User etc. do not exist. All artifacts are created from scratch.

This bare bones script will:
1) Create the Azure AD Application
2) Create the Azure AD Service Principal
3) Create an Extension property within the Application.
4) Populate the Azure AD Applications manifiest OptionalClaims section with the Extension property.
5) Create a user in the Application.
6) For the above user, set their own specific value for the Extension property.