Reputation: 11
Adding custom claim to id token based on group ownership existence on Azure AD
I have an (external to Azure) application to integrate with AzureAD through OIDC. The requirement is to add a custom claim to id_token with a list of groups where the user is an owner in AD.
For example if the user is in the owner of group with id = "123abc", I need to add the following custom claim to id_token.
"ownedGroups": ["123abc"]
If this is not possible is there at least option to add sth like this
"hasOwnedGroups": true
I could not find any relevant example for this in docs. Can you share an example for doing this? If this is not possible in the exactly same way, I 'd like to know the alternative solution for putting information about ownership in id token.
Upvotes: 0
Views: 405
Answers (1)
Reputation: 3505
Azure AD does not support Groups as source for custom claims or claims mappings. You can however create directory extensions, update them with any data you want and get them in the token as optional claims.
Upvotes: 0
Related Questions
- Adding custom claims into AAD token
- Add Azure Active Directory Groups to Claims
- AzureAD Custom Claims in token
- Struggling with optional claims in id/access token
- Azure group claim returns Object ID - Need group name
- Adding Custom Claim to AAD OpenIDConnect Authenticated User
- Azure ad group membership claims
- How to add additional claims to ID Token - Azure Government Portal
- Azure AD B2C Add Claims to id_token in custom policy
- Add Security Group Claims to SAML token for Custom Azure Active Directory Application