question

som5656-8807 avatar image
0 Votes"
som5656-8807 asked som5656-8807 commented

customize claims issued in the SAML token for enterprise applications in Azure AD

Hi,

i wanted to know if there any option to configure claims in Azure AD enterprise application for FQDN claim.

we're syncing to Azure AD 16 subdomains, how should I identify from which domain user is coming?
the UPN claim is showing as "constoso.org.il" is it possible to have a claim with "blabla.contoso.org.il"
if it's not possible, is there any other option as FQDN?


Thanks a lot!

azure-active-directoryazure-ad-connect
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

soumi-MSFT avatar image
0 Votes"
soumi-MSFT answered som5656-8807 commented

@som5656-8807, There is no way to get FQDN as a claim in Azure AD. But once you receive the SAML response, you can fetch the UPN claim sent for the user and then parse out the domain suffix from the UPN in your code.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks soumi!

any other alternative you can think of? or it is the only way?

Thanks !

0 Votes 0 ·

@som5656-8807, This is the only way available, as there is no way to send the FQDN in a claim, also there is no possible way available to parse this value within the claims.
For now, you would have to go ahead fetching the UPN and then splitting the domain suffix and then using it.



Please do mark the response as answered, if that answered your query.

0 Votes 0 ·

Thanks for that.

0 Votes 0 ·