Is there any way in Azure AD to map an AD group to a specific OAuth2 Scope? Same thing can be done in UAA.
If you want to know all optional claims that you can configure for an id or access token in Azure AD, see below link:
Hope this helps!
3 people are following this question.