Custom Claims added for enterprise app is not showing up in SAML response

Gaurav Kumar 1 Reputation point
2023-10-11T10:28:18.3766667+00:00

I have added the custom claims for my AAD Enterprise application in AAD as below.

ClientRoles - user.groups

Departments - user.department

EmailAddress - user.mail

FirstName - user.givenname

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name - user.userprincipalname

LastName - user.surname

UUID - user.onpremisesuserprincipalname

How ever when I try to access the app and check the SAML response I did not get all custom claim in SAML response for the signing user. See below the SAML response.

<samlp:Response ID="_ea44274f-2b0f-4bbc-a5df-3f0f13b0b8dd" Version="2.0" IssueInstant="2023-10-10T19:08:16.047Z" Destination="https://altruistahealth.okta.com/sso/saml2/0oa1fo3357CnWkjJC4h7" InResponseTo="id18966006856701641567198720" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
208 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,549 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh 4,775 Reputation points Microsoft Vendor
    2023-10-13T07:19:43.1933333+00:00

    Hi @Gaurav Kumar

    Thank you for reaching us!

    I understand your concern about custom Attributes and claims for the Enterprise application in Microsoft Entra ID.
    Within our lab environment, I have performed tests using Custom Claims, and the resulting response accurately reflects the values I have specified, and the result is expected which is shown below image.

    Screenshot 2023-10-13 115444

    To check the expected response of yours could you please share the steps that you followed, so that can check and help with your ask.

    0 comments