Reputation: 58863

Azure ad group membership claims

I've set the groupMembershipClaims property in an app's manifest in Azure AD to "All", which should result in a user's security group memberships to be returned in the id token.

However, they are not being returned. Have tried to re-login multiple times. Is there something I am doing obviously wrong?

Upvotes: 8

Answers (3)

Vince V.

Reputation: 3143

Maybe another note for future reference.

As JWT tokens are used in Authorization headers, you hit a limit of maximum 6 groups in the token.

If the user has more groups they will not be returned and you will have to implement the Azure AD graph API to fetch the groups of the user.

Upvotes: 1

Narayana Erukulla

Reputation: 104

Can you be more specific in terms of what exactly you are trying to achieve and how'd you want to do it.

Apparently, if the thing mentioned in your question is what exactly you are looking for and since the groupMembershipsClaims property is set to "All", you'll get the group claims in the JWT token.

You may want to read this article https://www.simple-talk.com/cloud/security-and-compliance/azure-active-directory-part-4-group-claims/ . This should help you resolve your issues.

Let me know in case you face this issue after you follow the procedure mentioned by the author.

Upvotes: 3

juunas

Reputation: 58863

Sorry for wasting people's time here. I was asking this question for a friend, and turns out they were looking at the access token, not the id token.

So as future reference, make sure you are requesting an id token from AAD, and use that to figure out things like group memberships.

Upvotes: 2

Azure ad group membership claims

Answers (3)

Related Questions