Using Graph API, how to set the Unique User Identifier (Name ID) required claim for a SAML application

Question

I want to use the Graph API to set the source attribute and name identifier format of the required User Identifier (Name ID) claim. I would like it to be the object ID.

How can I achieve it?

I came across this page, but it explains how to do it via the UI, while I want to use the Graph API.

I was able to set custom claims using this manual, but I would like to configure the nameID claim instead of creating a new one.I also saw this question and tried the following, but it didn't work.

{
    "definition": [
        "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\", \"ClaimsSchema\": [{\"Source\":\"user\",\"ID\":\"objectid\",\"SamlClaimType\": \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier\"}]}}"
    ],
    "displayName": "Test Claims Policy",
    "isOrganizationDefault": false
}

Answer 1

Hi @Liza Sklyaruk

Based on your query, here is my understanding: you would like to update NameID claim using Microsoft graph API instead of creating claim using claim policy.

Microsoft Entra applications claims are currently managed from UI or if you would like to edit the values using graph API, you need to create claims mapping policy only. There is no possibility to manage the available NameID from Microsoft graph API without claims mapping policy. Please note that once you configure claims mapping policy via Graph API, you will not be allowed to edit the claims in Azure portal any longer, which is by design.

I believe you have the required document, in performing claims mapping policy but would like to share for confirmation: Configure claims mapping.

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment".