question

KrzysztofKwiatkowski-3048 avatar image
0 Votes"
KrzysztofKwiatkowski-3048 asked ·

AzureAD claim transformation with ExtractMailPrefix - native app - how to?

Hi, I am working on SSO configuration for a web application that can only accept username without the @domain and the value is also stored in onpremisessamaccountname.

We authenticate the users using the UPN and I am struggling with creating Claim that can return the upn value without @domain.com.

Where for enterprise applications we can do ExtractMailPrefix in the SAML config, but for this specific requirement enterprise application is not an option.

We tried transformation but we are unable to figure out the logic..

Here is an example claim transformation from MS Docs but this example shows Join option:

New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema":[{"Source":"user","ID":"extensionattribute1"},{"Source":"transformation","ID":"DataJoin","TransformationId":"JoinTheData","JwtClaimType":"JoinedData"}],"ClaimsTransformations":[{"ID":"JoinTheData","TransformationMethod":"Join","InputClaims":[{"ClaimTypeReferenceId":"extensionattribute1","TransformationClaimType":"string1"}], "InputParameters": [{"ID":"string2","Value":"sandbox"},{"ID":"separator","Value":"."}],"OutputClaims":[{"ClaimTypeReferenceId":"DataJoin","TransformationClaimType":"outputClaim"}]}]}}') -DisplayName "TransformClaimsExample" -Type "ClaimsMappingPolicy"


Can someone let us know if what we are trying to achieve is possible with AzureAD?

azure-ad-saml-sso
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @KrzysztofKwiatkowski-3048 · Thank you for reaching out. I am checking this internally with the product team. I will post an answer once I receive an update on this.

1 Vote 1 ·

0 Answers