You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/fundamentals/custom-security-attributes-overview.md
+9-7Lines changed: 9 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -55,13 +55,13 @@ Currently, you can add custom security attributes for the following Azure AD obj
55
55
- Azure AD enterprise applications (service principals)
56
56
- Managed identities for Azure resources
57
57
58
-
## How do custom security attributes compare with directory schema extensions?
58
+
## How do custom security attributes compare with directory extensions?
59
59
60
-
Here are some ways that custom security attributes compare with [directory schema extensions](../develop/active-directory-schema-extensions.md):
60
+
Here are some ways that custom security attributes compare with [directory extensions](../develop/active-directory-schema-extensions.md):
61
61
62
-
- Directory schema extensions cannot be used for authorization scenarios and attributes because the access control for the extension attributes is tied to the Azure AD object. Custom security attributes can be used for authorization and attributes needing access control because the custom security attributes can be managed and protected through separate permissions.
63
-
- Directory schema extensions are tied to an application and share the lifecycle of an application. Custom security attributes are tenant wide and not tied to an application.
64
-
- Directory schema extensions support assigning a single value to an attribute. Custom security attributes support assigning multiple values to an attribute.
62
+
- Directory extensions cannot be used for authorization scenarios and attributes because the access control for the extension attributes is tied to the Azure AD object. Custom security attributes can be used for authorization and attributes needing access control because the custom security attributes can be managed and protected through separate permissions.
63
+
- Directory extensions are tied to an application and share the lifecycle of an application. Custom security attributes are tenant wide and not tied to an application.
64
+
- Directory extensions support assigning a single value to an attribute. Custom security attributes support assigning multiple values to an attribute.
65
65
66
66
## Steps to use custom security attributes
67
67
@@ -168,9 +168,11 @@ Azure AD provides built-in roles to work with custom security attributes. The At
168
168
> [!IMPORTANT]
169
169
> By default, [Global Administrator](../roles/permissions-reference.md#global-administrator) and other administrator roles do not have permissions to read, define, or assign custom security attributes.
170
170
171
-
## Graph Explorer
171
+
## Microsoft Graph APIs
172
+
173
+
You can manage custom security attributes programmatically using Microsoft Graph APIs. For more information, see [Overview of custom security attributes using the Microsoft Graph API](/graph/api/resources/custom-security-attributes-overview).
172
174
173
-
If you use the Microsoft Graph API, you can use[Graph Explorer](/graph/graph-explorer/graph-explorer-overview) to more easily try the Microsoft Graph APIs for custom security attributes. For more information, see [Overview of custom security attributes using the Microsoft Graph API](/graph/api/resources/custom-security-attributes-overview).
175
+
You can use an API client such as[Graph Explorer](/graph/graph-explorer/graph-explorer-overview)or Postman to more easily try the Microsoft Graph APIs for custom security attributes.
174
176
175
177
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments