Claim Transformation in Azure ID Token (upn data to email claim)?

Bergmann, Alexander 1 Reputation point
2020-08-28T13:18:54.54+00:00

Hi is it possible to send the upn value as email claim per transformation in id token.

i found this doc but its not clear for me how or if it works.

https://learn.microsoft.com/de-de/azure/active-directory/develop/active-directory-claims-mapping

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,558 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,171 Reputation points
    2020-08-28T21:50:49.39+00:00

    Not possible since email is a restricted claim but you can output it as mail or other with something like this: 

       $Definition=@{  
       ClaimsMappingPolicy=@{  
           Version=1  
           ClaimsSchema=@(  
               @{Source="User"  
               ID="userprincipalname"  
               JwtClaimType="mail"}  
           )  
       }}  
     
   $Serializer=[System.Web.Script.Serialization.JavaScriptSerializer]::new()  
     
   $Policy=New-AzureADPolicy -Definition $Serializer.Serialize($Definition) -DisplayName SamplePolicy1 -Type ClaimsMappingPolicy  
   Add-AzureADServicePrincipalPolicy -Id <SP_ObjectId> -RefObjectId $Policy.Id

    ---
    Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.

    0 comments
  2. Alexander 266 Reputation points
    2020-08-31T12:34:26.613+00:00

    Hi Alfredo, thanks for your fast response when i try out your suggestion i get following error. 

    Add-AzureADServicePrincipalPolicy : Error occurred while executing AddServicePrincipalPolicy
Code: Request_ResourceNotFound
Message: Resource 'xxxxxxxxxxxxxxxxxxxxxxxx' does not exist or one of its queried reference-property objects are not present.
InnerError:
  RequestId: b182dfba-3b1c-46e5-933e-xxxxxxxxxx
  DateTimeStamp: Mon, 31 Aug 2020 10:20:50 GMT
HttpStatusCode: NotFound
HttpStatusDescription: Not Found
HttpResponseStatus: Completed
In Zeile:12 Zeichen:1
+ Add-AzureADServicePrincipalPolicy -Id xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Add-AzureADServicePrincipalPolicy], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.AddServicePrincipalPolicy

    The ObjectID i used exists