Group Membership ADFS Claim rule migration on Azure AD

Amrit Lal 20 Reputation points
2024-12-19T10:09:08.16+00:00

We need to migrate below group membership ADFS claim rules on Entra ID (B2B). Please meRuleName = ""CheckGroupMembership""

c:[Type == ""http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"", Issuer == ""AD AUTHORITY""]

=> add(store = ""Active Directory"", types = (""http://schemas.xmlsoap.org/claims/Group""), query = "";memberOf;{0}"", param = c.Value);

RuleName = ""CheckCandorMembership""

c:[Type == ""http://schemas.xmlsoap.org/claims/Group"", Value =~ ""(?i)Candor""]

=> add(Type = ""CandorGroupsWithDN"", Value = c.Value);

RuleName = ""RemoveGroupDN""

c:[Type == ""CandorGroupsWithDN""]

=> add(Type = ""CandorGroupsWithoutDN"", Value = RegExReplace(c.Value, "",[^\n]*"", """"));

RuleName = ""RemoveGroupCN""

c:[Type == ""CandorGroupsWithoutDN""]

=> add(Type = ""http://abc.in/attributes/1/candorgroup"", Value = RegExReplace(c.Value, ""^CN="", """"));

@James Hamil

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,644 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.