How to fix configure a Claim Transformation that returns a default value if user.telephonenumber is empty

Myoung1976 1 Reputation point
2023-06-06T14:57:33.3766667+00:00

Having some trouble with SAML responses for an Azure AD Enterprise Application. The vendor is expecting a "phonenumber" field in the SAML response. I've tried to configure a Claim Transformation that returns a default value if user.telephonenumber is empty, but it does not seem to work as expected.

User's image

Azure Managed Applications
Azure Managed Applications
An Azure service that enables managed service providers, independent software vendors, and enterprise IT teams to deliver turnkey solutions through the Azure Marketplace or service catalog.
151 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,398 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Harpreet Singh Matharoo 8,136 Reputation points Microsoft Employee
    2023-06-07T09:41:13.0833333+00:00

    Hello @Myoung1976

    Thank you for reaching out. I would like to confirm that specifying a static value on Claim Transformation rule would not be possible and we always need to use alternate user attribute from the drop down list. This can be a parameter 2 or when we use else condition. This has been documented on following article: Customize claims issued in the SAML token for enterprise applications.

    User's image

    If you would like to push telephone number as "+1-111111111" then you would need to use following method:

    • If user is sync'd specify this default contact number in an extension attribute and sync that value to Azure AD.
      • To figure steps on how to sync directory extension from On-Prem AD to AAD you can refer following documentation link: Directory extensions
      • Make sure you publish value for this attribute to all users On-Prem.
    • If the user is not sync'd you can create a new extension attribute on cloud user and publish the value for user on cloud extension attribute. To figure out more details please review: Set-AzureADUserExtension

    Once these values are published you can use following transformation rules:

    User's image

    In above transformation rule the default contact/telephone number is published on 'userExtension.extension_bf39a950a3414b568f494fd764264485_homePhone'.

    I hope this helps to resolve your query. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.