Working with user attributes using Entra External ID for Customers
I see a number of questions around this over on stackoverflow.
They are all along the lines of doing user CRUD.
There seems to be a lot of underlying B2C code in Entra External ID.
Which is good because the applications that worked for B2C still work for Entra External ID 😄
The B2C Learn article “Manage Azure AD B2C with Microsoft Graph” is here.
There is a .NET Core code sample referenced in the article.
That page now says “This sample has been archived and is no longer being maintained. You can find a more recent version of this sample here”.
But I don’t see this sample in the sample list.
Back in the day, there was a .NET sample that I updated in GitHub.
Run "B2C Help" for reference:
Get-User : Read users from your B2C directory. Optionally accepts an
ObjectId as a 2nd argument, and query expression as a 3rd argument.
Create-User : Create a new user in your B2C directory. Requires a path to
a .json file which contains required and optional information as a
2nd argument.
Update-User : Update an existing user in your B2C directory. Requires an
objectId as a 2nd arguemnt & a path to a .json file as a 3rd argument.
Delete-User : Delete an existing user in your B2C directory. Requires an
objectId as a 2nd argument.
Get-Extension-Attribute : Lists all extension attributes in your B2C directory. Requires the b2c-extensions-app objectId as the 2nd argument.
Get-B2C-Application : Get the B2C Extensions Application in your B2C
directory, so you can retrieve the objectId and pass it to other commands.
Help : Prints this help menu.
Syntax : Gives syntax information for each command, along with examples.
There was also a .NET Core sample that I updated in GitHub.
Command Description
====================
[1] Get all users (one page)
[2] Get user by object ID
[3] Get user by sign-in name
[4] Delete user by object ID
[5] Update user password
[6] Create users (bulk import)
[7] Create user with custom attributes and show result
[8] Get all users (one page) with custom attributes
[help] Show available commands
[exit] Exit the program
For both of these, you update the config file e.g.:
<add key="b2c:Authority" value="https://login.microsoftonline.com/tenant.onmicrosoft.com" />
<add key="b2c:Tenant" value="tenant.onmicrosoft.com" />
<add key="b2c:ClientId" value="cf9...bfc" />
<add key="b2c:ClientSecret" value="6~_...qae." />
or:
"TenantId": "tenant.onmicrosoft.com",
"AppId": "cf9...bfc",
"ClientSecret": "6~_...qae.",
"B2cExtensionAppClientId": "Find this Application (client) ID in the App
registrations pane in the Azure portal. The app registration is named
'b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.'.",
"UsersFileName": "users.json"
Don’t be confused by the B2C mention of “b2c-extensions-app”.
This is still present in Entra External ID.
These apps need updating to the latest version of .NET, new libraries etc. but I have checked both against an Entra External ID tenant and they both still work!
As always, use at your own risk.
All good!