question

RajatBakshi-7599 avatar image
0 Votes"
RajatBakshi-7599 asked sikumars commented

Is there any way to send static value claims in SAML token, based on the group membership of the user?

We have to send a static value (approved or not approved) in SAML token, based on the condition that if the user is part of a particular group or not.
But based on my research, there is no way to send conditional claims in SAML token.
Is there a alternate solution to this problem?

azure-ad-saml-sso
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RajatBakshi-7599
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

0 Votes 0 ·

1 Answer

sikumars avatar image
1 Vote"
sikumars answered sikumars edited

Hello @RajatBakshi-7599 ,

Thanks for reaching out.

Based on your question, I understand you want a static SAML claim based on the user's group membership. Please correct me if I have misread anything.

You may customize claims issued in the SAML token for enterprise applications, and you can also emit static claims based on the user's group membership, as illustrated below. For further information, see this article.

For an example, from my lab I test condition-based claims based on the user's membership in Group A with a static value of "Approved," so that when the user authenticates to this application, Azure AD emits a static claim if the user is a member of "Group A."

Steps to create condition-based claims:

196162-image.png

Condition Based calim
196152-image.png

Outcome:

196172-image.png


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (72.0 KiB)
image.png (61.4 KiB)
image.png (51.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.