Share via

Attribute Configuration between Azure AD for OpenID

Mike 0 Reputation points
2025-01-22T16:40:38.6433333+00:00

Hello Experts,

I need your support with the configuration of attributes between Azure AD and SAP IAS. I have configured the OpenID Connect protocol between Azure and SAP IAS. An app has been configured in SAP IAS, and the user should be able to log in to this app.

However, I don’t understand how the attributes are transferred in this context. I tested by deleting all attributes in SAP IAS, but attributes are still being transmitted to the cloud app. In Azure, under App Registration > Token Configuration, I defined the attributes email, family_name, and given_name, and these are exactly the attributes being transmitted to the app. It doesn’t matter which attributes I have defined in IAS.

Now, my question is: How can I define in Azure that additional attributes, such as Employee Number, Department, etc., should also be transmitted?

When configuring SAML between apps, I can define Claims in Azure.

Is this also possible for OIDC?

I look forward to your response.

Thank you in advance

Best Regards

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
3,001 questions
Microsoft Entra Internet Access
Microsoft Entra Internet Access
A Microsoft Entra service that provides an identity-centric Secure Web Gateway that protects access to internet, software as a service (SaaS), and Microsoft 365 apps and resources.
34 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,020 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 9,700 Reputation points
    2025-01-22T17:25:01.6966667+00:00

    Hello Mike,

    Thanks for posting your question in the Microsoft Q&A forum.

    You can follow these steps:

    • In Azure AD, navigate to your App Registration for SAP IAS, go to Token configuration and select Add optional claim then choose the token type (ID token or Access token) and add the desired claims and then go to App registrations > Your app > Manifest
    • In the manifest, add your custom attributes under the optionalClaims section
    • Save the changes to the manifest.
    • In SAP IAS, go to the Applications section and select your application
    • Navigate to Subject Name Identifier and Assertion Attributes
    • Configure the attribute mapping to match the claims sent from Azure AD

    Remember that the attributes must exist in Azure AD and be associated with the user accounts. For custom attributes, you may need to configure them in Azure AD first and populate them with data.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.