diff --git a/aspnetcore/security/authentication/social/additional-claims.md b/aspnetcore/security/authentication/social/additional-claims.md
index 18ad7bc81c..55f0ff9357 100644
--- a/aspnetcore/security/authentication/social/additional-claims.md
+++ b/aspnetcore/security/authentication/social/additional-claims.md
@@ -32,6 +32,8 @@ The OAuth authentication provider establishes a trust relationship with an app u
 * [Other authentication providers](xref:security/authentication/otherlogins)
 * [OpenIdConnect](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2)
 
+Optional claims sent in the ID or access token from the authenticaion provider are usually configured in the provider's online portal. For example, Microsoft Azure Active Directory (AAD) permits you to assign optional claims to the app's ID token in the app registration's **Token configuration** blade. For more information, see [How to: Provide optional claims to your app (Azure documentation)](/azure/active-directory/develop/active-directory-optional-claims). For other providers, consult their external documentation sets.
+
 The sample app configures the Google authentication provider with a client ID and client secret provided by Google:
 
 [!code-csharp[](additional-claims/samples/3.x/ClaimsSample/Startup.cs?name=snippet_AddGoogle&highlight=4,9)]