When you register your application in Azure under app registration, there is a service principal also that gets created in the Azure AD tenant.
You can configure claims on the service principal. When there is authentication that get's triggered against the application, while getting the token, there are claims that gets added to token and token is sent back to application.
You can capture the token and use it.
To configure claims on the service principal you can follow below steps,
You can follow the steps mentioned below:
- Create an AzureADPolicy. New-AzureADPolicy -Definition @('{
"ClaimsMappingPolicy": {
"Version": 1,
"IncludeBasicClaimSet": "true",
"ClaimsSchema": [{
"Source": "user",
"ID": "employeeid",
"SamlClaimType": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid",
"JwtClaimType": "employeeid"
},
{
"Source": "user",
"ID": "mail",
"SamlClaimType": "http://schemas.microsoft.com/identity/claims/emailaddress",
},
{
"Source": "user",
"ID": "onpremisessamaccountname",
"SamlClaimType": "samaccountname",
},
{
"Source": "user",
"ID": "department",
"SamlClaimType": "http://schemas.microsoft.com/identity/claims/department",
}
]
}
}') -DisplayName "CustomClaimsPolicy1" -Type "ClaimsMappingPolicy"- Attach the newly created AzureADPolicy to a specific AzureAD App's Serviceprincipal for which the token would be requested for.
1. To check if the policy is successfully added to the ServicePrincipal or not: ***Get-AzureADServicePrincipalPolicy -Id "{object id of service principal}"***
This will send additional claims in token to application
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.