Hello @Daniel Milnes , in order to update a SAML enterprise application NameID attribute value and format using terraform and MS Graph you need:
- Terraform AzureAD Provider to v1.5.0
- Understand Claims Mapping Policies
- Define an azuread_claims_mapping_policy resource to create the policy.
- Define an azuread_service_principal_claims_mapping_policy_assignment to assign the policy to your application service principal.
Valid SamlNameIdFormats values are:
- urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Sample:
resource "azuread_claims_mapping_policy" "my_policy" {
definition = [
jsonencode(Valid
{
ClaimsMappingPolicy = {
ClaimsSchema = [
{
ID = "userprincipalname"
SamlClaimType = "https://aws.amazon.com/SAML/Attributes/nameidentifier",
SamlNameIdFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
Source = "user"
},
]
IncludeBasicClaimSet = "true"
Version = 1
}
}
),
]
display_name = "My Policy"
}
resource "azuread_service_principal_claims_mapping_policy_assignment" "app" {
claims_mapping_policy_id = azuread_claims_mapping_policy.my_policy.id
service_principal_id = azuread_service_principal.my_principal.id
}
Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.