Hi all,

Does anyone have some simple explanation video’s or guides or presentations for me on custom claims in AAD? I don’t understand the schema to be used in the configurations.. In my mind it should be something like:

  • Name of the claim to be sent
  • Value of the claim to be sent
    • Can be sourced from AAD object (user/company/device) (if null, it’s a static value)
    • If sourced: attribute map in AAD to be used
    • If not sourced: static value to be sent


I am trying to add some additional claim entries for users accessing an application.


For example the code below:

New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema": [{"Source":"user","ID":",mail","JwtClaimType":"mail"}]}}') -DisplayName "ExtraClaimsExample" -Type "ClaimsMappingPolicy"

 

But that doesn’t inject the mail address unfortunately, at least I don't see it in my claims app.

Secondly I want to inject a static value for every user without consulting a source directory. For example: ICAOCODE=USA. Where ICAOCODE is the attribute, and USA the fixed string value. But when I state "source": null, "value"; USA, 'JwtClaimType": "extension<appID>ICAOCODE -- the command does not accept it.


So I even tried it using the optionalClaims in the app manifest and while source:null is accepted here, the additionalproperties value is not sent in the claim at all. But also here, mail is empty and the ICAOCode is not sent either. <<app Manifest>>

 "acceptMappedClaims":true,

  "optionalClaims": {

    "idToken": [

      {

        "name":"extensiond9e31213-a6d5-4882-964e-dedfdfb97429mymail",

        "source":"user",

        "essential":false,

        "additionalProperties": [

          "verifiedprimaryemail"

        ]

      },

      {

        "name":"extensiond9e31213-a6d5-4882-964e-dedfdfb97429ICAOCode",

        "source":null,

        "essential":false,

        "additionalProperties": [

          "UAECODE"

        ]

      }

    ],


But even that shows nothing in my app itself ☹



Any hints?

Roelf