Azure AD claim transformation to find and replace

siva pokuri 21 Reputation points

I found another thread with same requirement and so just pasting the requirement from that thread as there is no option to reply in that thread to check on latest status-

I am trying to customize the claims issued in the SAML token by Azure AD for single sign on. I am using the following Microsoft documentation:

On one claim, I want to perform a Find and Replace transformation. For example:

I need to extract guest user email address from UPN attribute.

I don't see how to do this with the available claims transformation rules in the Azure portal.

How could I perform a Find and Replace in Azure AD for SAML token claims?

Please share any thoughts.

Siva Pokuri.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,570 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Alfredo Revilla (Personal Account)) 376 Reputation points

    Howdy, UPN won't always match the email address, less in this case since it's an external (guest) user account. The best you can do is to just output the mail attribute.


    * If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.*