Open in app

Sign in

Write

Sign in

Working with user attributes using Entra External ID for Customers

Rory Braybrook
The new control plane
Published in
3 min readJun 19, 2024
Image showing user profile
User profile personal details.png from Wikimedia

I see a number of questions around this over on stackoverflow.

They are all along the lines of doing user CRUD.

There seems to be a lot of underlying B2C code in Entra External ID.

Which is good because the applications that worked for B2C still work for Entra External ID 😄

The B2C Learn article “Manage Azure AD B2C with Microsoft Graph” is here.

There is a .NET Core code sample referenced in the article.

That page now says “This sample has been archived and is no longer being maintained. You can find a more recent version of this sample here”.

But I don’t see this sample in the sample list.

Back in the day, there was a .NET sample that I updated in GitHub.

Run "B2C Help" for reference:

Get-User : Read users from your B2C directory. Optionally accepts an 
    ObjectId as a 2nd argument, and query expression as a 3rd argument.

Create-User : Create a new user in your B2C directory. Requires a path to 
    a .json file which contains required and optional information as a
    2nd argument.

Update-User : Update an existing user in your B2C directory. Requires an 
    objectId as a 2nd arguemnt & a path to a .json file as a 3rd argument.

Delete-User : Delete an existing user in your B2C directory. Requires an 
    objectId as a 2nd argument.

Get-Extension-Attribute : Lists all extension attributes in your B2C directory. Requires the b2c-extensions-app objectId as the 2nd argument.

Get-B2C-Application : Get the B2C Extensions Application in your B2C 
    directory, so you can retrieve the objectId and pass it to other commands.

Help : Prints this help menu.

Syntax : Gives syntax information for each command, along with examples.

There was also a .NET Core sample that I updated in GitHub.

Command  Description
====================
[1]      Get all users (one page)
[2]      Get user by object ID
[3]      Get user by sign-in name
[4]      Delete user by object ID
[5]      Update user password
[6]      Create users (bulk import)
[7]      Create user with custom attributes and show result
[8]      Get all users (one page) with custom attributes
[help]   Show available commands
[exit]   Exit the program

For both of these, you update the config file e.g.:

<add key="b2c:Authority" value="https://login.microsoftonline.com/tenant.onmicrosoft.com" />
<add key="b2c:Tenant" value="tenant.onmicrosoft.com" />
<add key="b2c:ClientId" value="cf9...bfc" />
<add key="b2c:ClientSecret" value="6~_...qae." />

or:

"TenantId": "tenant.onmicrosoft.com",
"AppId": "cf9...bfc",
"ClientSecret": "6~_...qae.",
"B2cExtensionAppClientId": "Find this Application (client) ID in the App 
    registrations pane in the Azure portal. The app registration is named 
    'b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.'.",
"UsersFileName": "users.json"

Don’t be confused by the B2C mention of “b2c-extensions-app”.

This is still present in Entra External ID.

Image showing “b2c-extensions-app” in App. Registrations

These apps need updating to the latest version of .NET, new libraries etc. but I have checked both against an Entra External ID tenant and they both still work!

As always, use at your own risk.

All good!

User Profile
Entra
Crud Operations
Graph Api

--

--

Rory Braybrook
The new control plane

Written by Rory Braybrook

696 Followers
Editor for

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams