How to replicate ADFS SAML issuance rules in Entra ID enterprise App
We are starting to look at moving our ADFS trusts into Entra and am struggling on how to replicate this type of scenario into an Entra SAML app
As an example we have
Local Ad groups (these would be synced into Entra ID)
BusStop-3456
BusStop-7890
BusSeat-21
BusSeat-55
User would be in one of each type of group
Ther is an ADFS RPT and we would then have these three SAML issuance rules in ADFS for the RPT
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("http://temp/variable"), query = ";tokenGroups;{0}", param = c.Value);
c:[Type == "http://temp/variable", Value =~ "(?i)^BusStop-"]
=> issue(Type = "https://Bus/Stop", Value = RegExReplace(c.Value,"BusStop-",""));
c:[Type == "http://temp/variable", Value =~ "(?i)^BusSeat-"]
=> issue(Type = "https://Bus/Seat", Value = RegExReplace(c.Value,"BusSeat-",""));
I can do a group claim, with a filter and then a regex based tranform to do one of the 2 items but then am unable to add a second group claim as the option is greys out.