Reputation: 1
Azure MS Graph Claim Mapping Policy Powershell
I am a little confused with the MS Graph article[Vague] related to Claim Mapping Policy. I am trying to create claims using PowerShell. used below format to create new claims map getting error New-MgPolicyClaimMappingPolicy : Property definition has an invalid value.
Help is needed Here!!!
$policymap=[ordered]@{
definition=@(
@"
{
"claimsMappingPolicy" :
{
"claimsSchema":[
{
"source":"user"
"id":"assignedrikes"
"samlclaimtype":"https://aws.amazon.com/SAML/Attributes/Role"
},
{
"source":"user"
"id":"assignedrikes"
"samlclaimtype":"https://aws.amazon.com/SAML/Attributes/RoleSessionName"
}
]
}
}
"@
)
displayname="Test"
isorganizationdefault=$false
}
New-MgPolicyClaimMappingPolicy -BodyParameter $policymap
Upvotes: 0
Views: 1769
Answers (1)
Reputation: 5540
New claims map getting error New-MgPolicyClaimMappingPolicy
This error may occur if you are using incorrect format samlclaimtype instead of using MgPolicyClaimMappingPolicy, make sure to install Azure AD Preview while running below script.
Please check below few workarounds:
I installed Azure AD Preview module and created claims using below script.
Connect-AzureAD
New-AzureADPolicy -Definition @('
{
"ClaimsMappingPolicy":
{
"Version":1,"IncludeBasicClaimSet":"true",
"ClaimsSchema": [{"Source":"user","ID":"extensionattribute1","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/vikram","JwtClaimType":"vikram"}]
}
}') -DisplayName "vikram" -Type "ClaimsMappingPolicy"
Result:
Try to add service principal and check if it is succeeded or not.
For service principal ID, Go to Azure Portal -> Enterprise Applications -> Your Web API -> object ID like below:
Add-AzureADServicePrincipalPolicy -Id <ObjectId of the Web API ServicePrincipal> -RefObjectId <ObjectId of the Policy>
Get-AzureADServicePrincipalPolicy -Id <ObjectId of the Web API ServicePrincipal>
To assign value to that claim, login to Microsoft Graph Explorer with your tenant admin account and run below script. ***This completes the development of your claims mapping successfully. ***
PATCH https://graph.microsoft.com/beta/me
{
"onPremisesExtensionAttributes":
{
"extensionAttribute1": "vedha"
}
}
Now Go to Azure Portal -> Azure Active Directory -> App registrations -> Your App -> Manifest to make your claims to accept as true like below:
Then, Go to Expose an API under manage edit your Application ID URI pattern like https://<yourTenantDomain> instead of default api://<GUID>, and save.
Generate access token and you can see that custom claim you created in the decoded token. To decode the token, you can use jwt.ms website
Upvotes: 0
Related Questions
- How to set Microsoft Graph API permissions on Azure Managed Service Identity with PowerShell 7
- Delete policy using Microsoft Graph Powershell
- Azure AD ClaimsMappingPolicy Claims Conditions
- Azure ad graph api
- Microsoft graph api access
- Microsoft Graph partial tenant consent
- Azure Active directory API permissions
- Microsoft Graph API - app in powershell - forbidden response
- Authenticate to Microsoft Graph api using powershell
- microsoft graph filter assigned role