Bring through external user profile fields when using B2B
Currently, when you invite someone from another AzureAD, using the B2B process, only their DisplayName and EmailAddress comes through (both of which are actually provided in the B2B CSV file).
It would be very useful if more profile information could be retrieved, possibly with the user's authorisation.
In particular, details like Firstname, Lastname and Country, would be a useful start, but potentially more profile fields (address, phone numbers, title, etc) would be ideal.
Marking this as part of our backlog. The votes and comments about how you would use this are really helpful, please keep voting/commenting if this is an interesting scenario for you.
Dino Marcantonio commented
My opinion is that we should have the exact same capabilities (or more) with another AzureAD that we do when bringing in a 3rd party IdP. All user attributes should be available as well as group membership.
This lack of functionality has forced us to look at a 3rd party Cloud IdP.
Izquierdo, Diego commented
This would be extremely helpful to have. We are using identity governance for B2B integrations with dozens of regional offices so they can access corporate resources and apps and one of the challenges is that the first and last name attributes are not being populated when a guest account is provisioned and some our apps require these two fields. The workaround is for somebody to manually update those fields in AzureAD, but that's just a lot of overhead.
The functionality would be useful for dynamic groups.
Patrik Sulik commented
Is there any update on this? We are missing this a lot in our applications. We would like get more info from users as FirstName, LastName etc
Ivonne Llanos commented
is any update on this? can we use the External Identities | All API connectors ?
why this didn't come out of the box is disappointing. We are regional into global and thought this would be alternative to other products to enhance SSO to SAS application between regions .
imran makhdoom commented
wondering if there is any update on this. we are desperately looking for this feature
Taylor, Jordan commented
I'll third that EmployeeID attribute. We've split into two companies, with many shared applications. Many of those applications rely on EmployeeID as the Unique Identifier. It would be super helpful to be able to pass this attribute from a guest account.
Marc Moore commented
I second the comment on EmployeeID as our guests are actually employees of subsidiary organizations who have an internal employee identifier drawn from an enterprise-wide domain of values.
Richard Harrison commented
It would also be helpful if the usertype is member instead of guest if fields like EmployeeID would be retrieved through the process. Since these users are a part of our 'organization' not guest I would like to see more information.
Hi, We are in the process of migrating users from an external Okta system to a new Azure AD. As part of the SAML assertion, we have some additional fields that should be being issued from the Azure AD. For example "Box" would like the Mobile phone number. As we are in the middle of migration the users exist in only the remote Azure AD while the App is in the new Azure AD. We add the user through B2B but obviously, we don't get the mobile number so we can't add it to the config. Other SaaS may use Manager fields or other details. Being able to configure which attributes are brought over would be great to have
Our particular use case is to provide attributes to enterprise apps used for user provisioning. I would expect all available fields visible in the user profile to be synced, although first and last name should be considered a bare minimum. I would expect that the attributes are kept up to date, with a sync happening roughly every half hour. Personally I don't see a near real-time sync being necessary.
Hope that helps!