@Richard Scannell , Thank you for reaching out. For the group claims, the following points need to be checked:
- The group must be synced from On-Prem AD to Azure AD.
- When the group is synced, its sAMAccountName must be synced to Azure AD.
- If the group is created on Azure AD itself, for that Group, you would only get the GUID (object ID of the Group)
- Once the group's sAMAccountName is synced to Azure AD, make sure in the Token Configuration section you have selected the appropriate option for eg: sAMAccountName or NetbiosDomain\sAMAccountName
You can find the description of the available options here:
- Azure Active Directory Group ObjectId (Available for all groups)
- sAMAccountName (Available for groups synchronized from Active Directory)
- NetbiosDomain\sAMAccountName (Available for groups synchronized from Active Directory)
- DNSDomainName\sAMAccountName (Available for groups synchronized from Active Directory)
- On Premises Group Security Identifier (Available for groups synchronized from Active Directory)
More details can be found here: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims#group-claims-for-applications-migrating-from-ad-fs-and-other-identity-providers
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query