Adding Groups to Claims with OpenID Connect

Question

How can I add group claims when configuring OpenID Connect? Is it possible to add Groups assigned to the application as a claim with OpenID Connect? Please provide any relevant resources or examples.

Answer 1

Hi @Martin Thomas Duffy

Thank you for posting this in Microsoft Q&A.

Yes, it is possible to add group claims when configuring OpenID Connect. You can configure group claims in the optional claims section of the application manifest.

1. In the portal, select Identity > Applications > App registrations > Select Application > Manifest.
2. Enable group membership claims by changing groupMembershipClaims
3. Add the following JSON code to add group claims

"optionalClaims": {
    "idToken": [
        {
            "name": "groups",
            "source": null,
            "essential": false,
            "additionalProperties": []
        }
    ],
    "accessToken": [
        {
            "name": "groups",
            "source": null,
            "essential": false,
            "additionalProperties": []
        }
    ]
}

4. Save the changes to the application manifest.

For more information you can find it here: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-fed-group-claims#configure-the-microsoft-entra-application-registration-for-group-attributes

5.Obtain an ID token via an HTTP request, you will receive the group ID within the tokens.

https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.