Share via

How can i receive custom claims created via Attributes & Claims

Vladyslav Mursalov 20 Reputation points
2023-07-13T07:39:55.1733333+00:00

I need to implement a 'mapping' from multiple identity providers' claims to internal variables for an e-commerce solution. Need to import claims if you wish. Also, I need to implement custom claims for tokens, so I added them in Attributes & Claims. How can I get all default claims provided by AAD and my custom claims together?

I expect to receive these claims from .well-known/openid-configuration response in "claims_supported" field or something like that.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-07-19T10:39:04.94+00:00

    Hi @Vladyslav Mursalov ,

    Thanks for reaching out and apologies for the delay in response.

    You can use custom mapping policy that modifies the claims included in tokens.

    Note: This can be configured using powerShell only. We can't modify the claim by adding through "Attributes and Claims".

    Claims can be customized for a specific application so policy can only be assigned to service principal objects.

    Below are the steps to create policy and assign it to service principal.

    1.First, you need to connect to Azure AD to sign to your tenant.

    Connect-AzureAD

    2.Use below cmdlet to create New Azure AD Policy to add Basic Claims "jobTitle".

    New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy": {"Version": 1,"IncludeBasicClaimSet": "true","ClaimsSchema":[
{"Source": "user","ID": "jobTitle","JwtClaimType": "jobTitle"}]}}') -DisplayName "BasicClaimJob-title" -Type "ClaimsMappingPolicy"

    3.Run the following command to see your newly created policy and copy the policy ObjectId,

    Get-AzureADPolicy

    4.Then, assign the policy to your service principal. You can get the ObjectId of your service principal from Enterprise applications blade

    Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>

    Once policy has successfully assigned, then enable the AcceptMappedClaims to true in the Application manifest

    User's image

    Now you should see Basic Claims "jobTitle" appears in ID_Token (JWT token)

    User's image

    Similarly, you can add custom claims or other attributes as well using custom policy.

    Reference -https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-claims-mapping-policy-type

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.