How to get groups to appear as claims in the id_token? User signs in to SPA (oidc flow).

Mohammad Alam 1 Reputation point
2022-08-15T02:41:20.383+00:00

Hi

I am using oidc flow to get the id token. Token I get from Idp has optional claims but groups claim is missing

Here are the relevant parts of the Manifest for my app registration: 

"groupMembershipClaims": "All",  
"optionalClaims": {  
"idToken":![231070-screenshot-2022-08-15-122106.png][2]      
{  
"additionalProperties": [],  
"essential": false,  
"name": "groups",  
"source": null  
}  
],  
"accessToken": [  
{  
"additionalProperties": [],  
"essential": false,  
"name": "sid",  
"source": null  
},  
{  
"additionalProperties": [],  
"essential": false,  
"name": "groups",  
"source": null  
}  
],  
"saml2Token": [  
{  
"additionalProperties": [],  
"essential": false,  
"name": "groups",  
"source": null  
}  
]  
}

Token configuration:
230990-screenshot-2022-08-15-122106.png

API Permissions:

231035-screenshot-2022-08-15-122407.png

Request:

231101-screenshot-2022-08-15-122822.png

Token:

230967-screenshot-2022-08-15-123034.png

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,373 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Peter Ha 0 Reputation points
    2023-02-27T09:53:45.1533333+00:00

    I am facing the same issue.

    My received id_token is missing email and groups claims.

    Did you resolve this issue?

    0 comments