Ive understood how to provision an entity in Azure that can engage in websso. And Ive learned how to arm the support graph interface. Obviously, I can now populate attributes in the directory record.
I have even unlearned something - how NOT to expect to put my Azure AD managed claims in the websso assertion. Rather, we of course force the websso SP to use the graph API instead. (quite how I map an access token through ACS to my downstream SP ..that is to use the graph API ... Ive not figured though).
Now my question about my REALTY (i.e. industry specific) attributes/claims.
How should I think, right?
IS the schema of Azure AD for claims extensible, and I write additional (realty) claim type and values to the directory (as I would in the extensible X.500 world)?
Or to I use the likes of CRM to manage linked entities (where the CRM-managed "realty" entity extends the Azure AD entity record); and where a CRM directory graph API extends the Azure Directory API graph endpoint allowing an SP site's query to span entities managed in different repositories through composition/collation of 2 API ports' resultsets (again just like in X.500, in which one agent managed objectclass=AD and another managed objectclass=REALTY)
Im actually hoping its the latter.