custom SAML claims for a App registration (not enterprise application)

Question

For Enterprise Applications I can use Single sign-on > SAML > User attributes > claims to create custom mapping / renaming of claims.

When I try to do the same for a app created via App Registrations. I get "The single sign-on configuration is not available in the Enterprise applications experience. Test2 was created using the Apps registrations experience". I can't find any way to do custom mapping of attributes in the App registrations blade.

I've tried to add my own custom claims via the Manifest > optionalClaims > saml2Token

 {
 "name": "myCountry",
 "source": "user.country",
 "essential": false,
 "additionalProperties": []
 },
 {
 "name": "country2",
 "source": "country",
 "essential": false,
 "additionalProperties": []
 }

But they appear in "Token configuration" as "This claim is not supported and will not be returned in the token";

Is there any way to create custom mappings like for examples SAML claim myempid -> user.myemployeeid ?

Answer 1

Hello @Ruben Laguna , thank you for reaching out. Usually, Apps that are registered using the App Registration blade are considered to be apps that would use either OAuth or OpenIDConnect. Hence the Saml SSO configuration option is not present there. (Though now you can also create an app that supports OAuth2.0 or OpenIDConnect using the Enterprise Application blade)

In case you have created a custom SAML app, that you want to integrate with Azure AD, you need to select the following option under Enterprise Registration: "Integrate any other application you don't find in the gallery"

Try this option out as mentioned above in the screenshot, it would surely help in setting up the SSO for a custom SAML application.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.