Hi Azure AD Team,
I just deployed an application in my tenant with some crazy claim transforms but ran into an issue when attempting apply claim conditions on a required NameID claim:
In my application for some users I want to emit a static value if the user is a member of a group - this works fine if the claim is of type "Additional" - to example the following claim emits a static role if the user is a member of a specific group:
The above works great!
If i attempt to do the same for the NameID claim the value is not re-written (i know this is a strange scenario). The only work around is do create a Claim condition of type transform instead of attribute - Consider the following examples:
This will not work:
This will work:
Is this perhaps a known issue or am I doing something unsupported here?
Hopefully my description is understandable :)