You can configure the optional and group claims for the Azure application through the EmpowerID portal. Group optional claims are only emitted in the JWT for user principals. Optional claims can be added or modified to include additional user information beyond the default claims. Group claims are included in the JWT only for user principals, not service principals, providing information about the user's group memberships. Please follow the instructions below to add the optional and group claims to the Azure application.
Add Optional & Group Claims
Excerpt |
---|
name | AddOptionalGroupClaims |
---|
|
Navigate to the portal for the Resource Admin app in your environment. Please choose Applications from the resource type dropdown menu.
Image ModifiedClick on the Workflows tab and click on the Manage Azure Application Wizard link. The workflow will start once you click on the link. Please enter the name of the management role and click on the search button. Once the results appear, please select the appropriate application by selecting the checkbox next to it.
|
...
- Image Added
Please select the appropriate Azure App Token Claims option. Once you have
|
...
selected it, scroll down to the bottom of the page
|
...
to find the Optional Token Claims and Management Group Task. Select both options.
|
...
- Image Added
Select the access token claims by checking the checkbox next to itto add to the application.
|
...
Any claims with additional configuration options
|
...
will be displayed after selecting the claim.
|
...
- Image Added
|
...
...
...
"aud" claim will display additional configuration options.
|
...
- Image Added
To add claims to the application, simply go to the ID Token Claims tab and select them by checking the corresponding checkbox. If any of the claims have additional configuration options, they will be displayed after selecting the claim.
|
...
- Image Added
To proceed, kindly choose which group types you want to include in the token by clicking on the checkbox beside each group type.
|
...
- Image Added
Please choose the correct value from the "Access Token Group Claim Properties" dropdown. If you would like to emit the groups as role claims, please make sure to check the corresponding checkbox.
|
...
- Image Added
Please choose the correct value from the "Access Token Group Claim Properties" dropdown. If you would like to emit the groups as role claims, please make sure to check the corresponding checkbox.
|
...
- Image Added
Afterward, the summary screen displays the claims
|
...
you have added and removed. Please review the summary and click Submit to assign the claims to the selected applications.
|
...
Please click "Submit" to exit the wizard. The Azure applications have now been updated with the optional and group claims.
|