Thank you for posting this in Microsoft Q&A.
As I understand you want to send "Cluster Region" attribute as custom claim in your SAML token.
If you already have defined custom attribute in Entra ID for users, then you can follow below steps to configure SAML claims to give you output of "Cluster Region" in your SAML token.
In the below example we are sending custom attribute EmpoyeeID as part of SAML claim while accessing an application.
You can add custom attributes to the claims and send it within an access token.
You can follow the steps mentioned below:
- Create an AzureADPolicy.
New-AzureADPolicy -Definition @('{
"ClaimsMappingPolicy": {
"Version": 1,
"IncludeBasicClaimSet": "true",
"ClaimsSchema": [{
"Source": "user",
"ID": "employeeid",
"SamlClaimType": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid",
"JwtClaimType": "employeeid"
}
]
}
}') -DisplayName "CustomClaimsPolicy1" -Type "ClaimsMappingPolicy"
Attach the newly created AzureADPolicy to a specific AzureAD App's Serviceprincipal for which the token would be requested for.
Add-AzureADServicePrincipalPolicy -Id {object id of service principal} -RefObjectId {object id of policy}
To check if the policy is successfully added to the ServicePrincipal or not:
Get-AzureADServicePrincipalPolicy -Id "{object id of service principal}"
Attach the newly created AzureADPolicy to a specific AzureAD App's Serviceprincipal for which the token would be requested for.
Add-AzureADServicePrincipalPolicy -Id {object id of service principal} -RefObjectId {object id of policy}
To check if the policy is successfully added to the ServicePrincipal or not:
Get-AzureADServicePrincipalPolicy -Id "{object id of service principal}"
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.