Share via

Azure claims provision to a Cloud App

Mike 0 Reputation points
2024-12-08T00:06:40.5433333+00:00

Hello Experts,

I don't understand how attributes/claims are provisioned from the Azure Enterprise Application to the Cloud App.

For example, I have defined a claim in Azure: "name" = user.principalname. In the transformation, I entered the following: ExtractMailPrefix(user.userprincipalname).

I want to transfer only the username (without @domain.com) to my Cloud App. However, when I try to use the claim "name" in the JSON transformation in my app, this attribute is not recognized, so it doesn't work.

Example:

"sourcePath": "$.name", ----->

"targetPath": "$.userName"

How can I transfer this attribute (Name=ExtractMailPrefix(user.userprincipalname)) to my app in such a way that the claim is recognized in the JSON transformation in my app? Or are these claim names predefined?

Many Thanks

Best Regards

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,347 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,160 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,216 questions
Microsoft Entra
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinodh247 27,281 Reputation points MVP
    2024-12-08T13:37:25.4033333+00:00

    Hi,

    Thanks for reaching out to Microsoft Q&A.

    To ensure that your Azure Enterprise Application correctly provisions and recognizes custom claims in your cloud application, follow these steps:

    1. Configure the Claim in Azure AD:
      • Navigate to the Azure portal and select your Enterprise Application.
      • Under the "Single sign-on" section, go to "Attributes & Claims."
      • Add a new claim named name and set its source attribute to user.userprincipalname.
      • Apply the transformation ExtractMailPrefix(user.userprincipalname) to remove the domain portion, ensuring only the username is sent.
    2. Verify the Claim in the Token:
      • Use a tool like jwt.ms to decode the token issued to your application.
      • Confirm that the name claim is present and contains the expected value (i.e., the username without the domain).
    3. Update Your Application's JSON Transformation:
      • Ensure that your application's JSON transformation logic correctly references the name claim.
      • If the claim is present in the token as name, your transformation should map it appropriately: "sourcePath": "$.name", "targetPath": "$.userName"
      • If the claim appears under a different key or within a nested structure, adjust the sourcePath accordingly.
    4. Check for Predefined Claim Names:
      • Some applications expect specific claim names.
      • If your application doesn't recognize the name claim, consider mapping it to a claim name that your application expects, such as userName or preferred_username.

    By following these steps, you can ensure that the name claim, transformed to exclude the domain, is correctly provisioned and recognized by your cloud application.

    Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.