Share via

Azure SAML not sending one of the configured group claim attribute in the response after authentication is successful

Malla Venu Gopal 0 Reputation points
2024-08-01T13:42:13.42+00:00

Does azure saml sso fails to send attributes for a specific user assigned to the enterprise application? The response is fine for all the assigned users, it’s not sending the one of the mapped attributes only for one assigned users, which is groups attribute. In short it is sending all the attributes of the user in the response except the groups attribute for a single assigned user but works fine for all the assigned users. I can see all the group memberships of the user in azure ad, but it is not even sending one in the saml response. I have verified the response of the user using saml tracer, it’s sending the groups attribute for all the users but not for that single user.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Navya 20,180 Reputation points Microsoft External Staff Moderator
    2024-08-05T01:47:01.67+00:00

    Hi @Malla Venu Gopal

    Thank you for posting this in Microsoft Q&A.

    I understand that Azure SAML is not sending one of the configured group claim attributes in the SAML response for a user, although all other users are able to receive group claims.

    It appears to be an issue with one user, not the Azure SAML. To better understand the problem, could you please share more details about the configuration of group claims? For instance, which group option have you configured in the SSO configuration? Also, could you please verify whether the user exists in the group that you have configured in SSO?

    Thanks,

    Navya

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.