Can not find where to do group filtering on group claim

Théault Florian 1 Reputation point
2022-09-14T13:39:30.13+00:00

I have created an OIDC app-registration and I add optional group claims in ID Token but I want to filter the sent groups according to their name.

According to this documentation it is possible to do it under "Advanced Option".

But I can't see this section (attached a screen of my tenant on "241101-2022-09-14-15-35-26-edit-groups-claim-microsoft-az.pngToken Configuration" section)

Can someone please help me to find where I can make the configuration?

Thank you

Sincerely

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,392 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 18,766 Reputation points Microsoft Employee
    2022-09-15T16:30:22.717+00:00

    Hi @Théault Florian

    Group filtering option is not available for applications configured with OIDC or Oauth with Azure AD. This option is available only for applications configured with SAML protocol.

    This is documented in article https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims#important-caveats-for-this-functionality.

    You can search for words "Group filtering applies to tokens emitted for apps where group claims and filtering was configured in the Enterprise apps blade in the portal."

    The group base filtering option is available for applications in enterprise apps blade. Once you open application in enterprise apps, you have to click on "single sign on " blade.
    And configuration under "single sign on" blade is done only for apps which are configured to use SAML protocol.

    For now, this option is not available for applications configured to use OIDC or Oauth.

    You can submit your feedback in Azure feedback portal https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.