question

DhilipanR-5584 avatar image
0 Votes"
DhilipanR-5584 asked amanpreetsingh-msft answered

Export the User Attributes & Claims for Azure servicePrinciple (SAML App)

Hello, I have one SAML application with multiple claims rules that has AD groups. am trying to export the details but didnt get any command for this.
Any help would be great.

azure-ad-saml-ssoazure-ad-myapps
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hello @DhilipanR-5584 · Thank you for reaching out.

Unfortunately, as of now it is not possible to export the configured list of User Attributes & Claims for a given Azure servicePrincipal. The possible methods that can be performed via PowerShell or Graph API are listed here: servicePrincipal resource type | Methods

If you have configured User Attributes & Claims via Claim Mapping Policy and applied that to a servicePrincipal, you can view that by using below cmdlet:

Get-AzureADPolicy -Id e92c7221-xxxx-xxxx-x-5xxx34ff4a0dbe0 | fl

 Id                    : e92c7221-xxxx-xxxx-xxxx-534ff4a0dbe0
 OdataType             : 
 AlternativeIdentifier : 
 Definition            : {
  
                 {
                             "ClaimsMappingPolicy": {
                                 "Version": 1,
                                 "IncludeBasicClaimSet": "false",
                                 "ClaimsSchema": [{
                                         "Source": "user",
                                         "ID": "employeeid",
                                         "SamlClaimType": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid",
                                         "JwtClaimType": "employeeid"
                                     },
                                     {
                                         "Source": "user",
                                         "ID": "mail",
                                         "SamlClaimType": "http://schemas.microsoft.com/identity/claims/emailaddress",
                                         "JwtClaimType": "mail"
                                     },
                                     {
                                         "Source": "user",
                                         "ID": "onpremisessamaccountname",
                                         "SamlClaimType": "samaccountname",
                                         "JwtClaimType": "samAccountName"
                                     },
                                     {
                                         "Source": "user",
                                         "ID": "department",
                                         "SamlClaimType": "http://schemas.microsoft.com/identity/claims/department",
                                         "JwtClaimType": "department"
                                     }
                                 ]
                             }
                         }}
 DisplayName           : SAMLClaimsPolicy
 IsOrganizationDefault : False
 KeyCredentials        : {}
 Type                  : ClaimsMappingPolicy

Read more: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-claims-mapping#example-create-and-assign-a-policy-that-uses-a-claims-transformation-in-tokens-issued-to-a-service-principal

To request for export functionality for User Attributes & Claims configured on a ServicePrincipal, feel free to post an idea at our Feedback Portal.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.