question

TetopaKundeti-4071 avatar image
0 Votes"
TetopaKundeti-4071 asked amanpreetsingh-msft commented

how to get group information as part of claims in JWT token?

how to get group information as part of claims in JWT token?

azure-active-directoryazure-ad-tenantazure-ad-app-development
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft commented

Hi @TetopaKundeti-4071 · Thank you for reaching out.

For this purpose, you need to navigate to Azure AD > App Registration > Open the app that you want to configure the token for and use below option:

74742-image.png

If you configure group information to be passed in Access token, below parameters gets added in the application manifest:

 "optionalClaims": {
     "accessToken": [{
         "name": "groups",
         "additionalProperties": ["dns_domain_and_sam_account_name"]
     }]
 }

If you configure Group information to be passed in ID token, below parameters are added:

 "optionalClaims": {
     "idToken": [{
         "name": "groups",
         "additionalProperties": ["netbios_domain_and_sam_account_name", "emit_as_roles"]
     }]
  }

You can directly add these parameters in the Manifest as well.

Read more: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (22.9 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your reply Aman.

I will implement the same and try to fetch group name as part of claims in input token



0 Votes 0 ·

Hi @TetopaKundeti-4071 · Have you had a chance to test it out?

0 Votes 0 ·

@amanpreetsingh-msft - just an FYI, the correct property name in the second sample is actually netbios_domain_and_sam_account_name and not netbios_name_and_sam_account_name

0 Votes 0 ·

@NickLudwig-2074 · Thank you for pointing that out. I have updated my answer.

0 Votes 0 ·