Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can configure the optional and group claims for the Azure application through the EmpowerID portal. Group optional claims are only emitted in the JWT for user principals. Optional claims can be added or modified to include additional user information beyond the default claims. Group claims are included in the JWT only for user principals, not service principals, providing information about the user's group memberships. Please follow the instructions below to add the optional and group claims to the Azure application.

Tip

For more detailed information and if you are an admin user, kindly refer to the document available at this /wiki/spaces/EIDADV23/pages/3142189140.

Add Optional & Group Claims

Excerpt
nameAddOptionalGroupClaims
  1. Navigate to the portal for the Resource Admin app in your environment.

  2. Please choose Applications from the resource type dropdown menu.

    Image Modified

  3. Click on the Workflows tab and click on the Manage Azure Application Wizard link. The workflow will start once you click on the link.

  4. Please enter the name of the management role and click on the search button. Once the results appear, please select the appropriate application by selecting the checkbox next to it.

...

  1. Image Added

  2. Please select the appropriate Azure App Token Claims option. Once you have

...

  1. selected it, scroll down to the bottom of the page

...

  1. to find the Optional Token Claims and Management Group Task. Select both options.

...

  1. Image Added

  2. Select the access token claims by checking the checkbox next to itto add to the application.

...

  1. Any claims with additional configuration options

...

  1. will be displayed after selecting the claim.

...

  1. Image Added

...

  1. The image below

...

  1. shows that selecting the

...

  1. "aud" claim will display additional configuration options.

...

  1. Image Added

  2. To add claims to the application, simply go to the ID Token Claims tab and select them by checking the corresponding checkbox. If any of the claims have additional configuration options, they will be displayed after selecting the claim.

...

  1. Image Added

  2. To proceed, kindly choose which group types you want to include in the token by clicking on the checkbox beside each group type.

...

  1. Image Added

  2. Please choose the correct value from the "Access Token Group Claim Properties" dropdown. If you would like to emit the groups as role claims, please make sure to check the corresponding checkbox.

...

  1. Image Added

  2. Please choose the correct value from the "Access Token Group Claim Properties" dropdown. If you would like to emit the groups as role claims, please make sure to check the corresponding checkbox.

...

  1. Image Added

  2. Afterward, the summary screen displays the claims

...

  1. you have added and removed. Please review the summary and click Submit to assign the claims to the selected applications.

...

  1. Please click "Submit" to exit the wizard. The Azure applications have now been updated with the optional and group claims.