This is a follow-up to this question. I need to query Azure AD B2C to lookup a user using an employeeID which, for reasons related to what fields our account provisioning solution can deal with, is currently stored in the telephoneNumber field.
I have created an Azure Active Directory TechnicalProfile which specifies the telephone number as the InputClaim:
<TechnicalProfile Id="AAD-UserReadUsingEmployeeId">
<Metadata>
<Item Key="Operation">Read</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">An account could not be found for the provided ID.</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="telephoneNumber" PartnerClaimType="employeeId" Required="true" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
<OutputClaim ClaimTypeReferenceId="otherMails" />
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
<OutputClaim ClaimTypeReferenceId="signInNames.phoneNumber" />
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surname" />
<OutputClaim ClaimTypeReferenceId="telephoneNumber" />
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>
However, when compiling this policy I get the error:
Input Claim 'telephoneNumber' is not supported in Azure Active Directory Provider technical profile 'AAD-UserReadUsingEmployeeId'
I understand from the documentation here that telephoneNumber can only be used as persistentClaim or OutputClaim... so I suppose I may be hitting that limitation. I thought I could wiggle out of this by querying Azure AD B2C using an extension attribute instead, but there I get confused:
So, would I be correct in understanding that
Or is there something obvious I'm overlooking in the way I've configured the TechnicalProfile?
These are correct: