Can I leverage group membership to select attribute during provisioning ?

juggernaut007 21 Reputation points

Hi Team,

I'm planning to use AAD to provision users to a SaaS app. Few of the users in AAD have a different mail domain. The SaaS app has domain restrictions and isn't allowing us to create users with a mail different domain. Hence I was thinking of using a group to identify users with a different mail domain and transform domain restricted fields in SaaS app with UPN ONLY FOR THOSE users in the group. Curious if AAD supports this use case.
I can define an expression to transform domain restricted fields in attribute mapping by regex. But I would like to use group membership in the expression logic as it gives me more control.

Any suggestions/thoughts would be really helpful.

Thanks in advance !!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,913 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 28,576 Reputation points Microsoft Employee


    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "", I'll repost your solution in case you'd like to "Accept" the answer.

    As per this QnA post above mentioned requirement is not supported.

    Let me know if you have any further questions.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. juggernaut007 21 Reputation points
    0 comments No comments