Azure-docs: Can I define my policy in the portal and then Export?

Created on 6 Nov 2019 · 7Comments · Source: MicrosoftDocs/azure-docs

Hi, is there a way to define the required claim mapping in the portal and export it to a policy?

I need to do the following and im not clear on how to define:

Modify the Unique User Identifier (Name ID) and change the format to persistent, then Expand the Claim Conditions and add a User type of Any with a source Attribute of value "user.objectId" and add a second condition of user type "Members" scoped to a group called "MyGroup", with a transformation of ExtractMailPrefix() with the parameter set to "user.userprincipalName"

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 195c79a3-ccc5-8c6a-233e-95e344a9b4df
Version Independent ID: 401c7557-5817-bbd3-5bd8-8c97ef5a28cc
Content: Customize claims for an Azure AD tenant app (Public Preview) - Microsoft identity platform
Content Source: articles/active-directory/develop/active-directory-claims-mapping.md
Service: active-directory
Sub-service: develop
GitHub Login: @rwike77
Microsoft Alias: ryanwi

Pri1 active-directorsvc cxp develosubsvc product-feedback triaged

Source

MarkDordoy

All 7 comments

@MarkDordoy Thanks for your feedback! We will investigate and update as appropriate.

FrankHu-MSFT on 6 Nov 2019

Hey @markdordoy
There is a seperate doc on how to do this in the portal : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization

It sounds like what you're describing is possible per the doc provided above, please let us know if you have any questions in regards to the doc. If not I will be closing this git issue by end of day tomorrow.

Thanks,

Frank

FrankHu-MSFT on 7 Nov 2019

👎1

@FrankHu-MSFT thanks for getting back to me. I have seen the page you linked and its good for describing doing what i need via the gui, However i need assistance or better understanding on how i can achieve such a configuration using powershell.

Ideally I'd be able to define the policy via the GUI then export the configuration so i can use it in a pipeline.

My goal is to achieve setting up SAML based enterprise apps using code with a pipeline. Any additional help / support on this would be great.

Thanks

MarkDordoy on 7 Nov 2019

👍1

@MarkDordoy I see, you should be able to export the configuration by using the get-azureadpolicy powershell cmdlet.

Is that not sufficient for your requirements?
https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureadpolicy?view=azureadps-2.0-preview

FrankHu-MSFT on 7 Nov 2019

Afraid not. The export only works for policies you add via powershell. The UI version is different and does not have anything to do with the powershell based policies. Its states this somewhere in the docs and I can confirm it's true as I tested this.

Mark

MarkDordoy on 7 Nov 2019

👍1

I guess I kind of answered my own question, however it would be good as a feature request to build a policy via a ui based generator

MarkDordoy on 7 Nov 2019

I see, thanks for your feedback @markdordoy I apologize for the inconvenience. If you're interested in this feature please submit it against the feedback here : https://feedback.azure.com/forums/169401-azure-active-directory

And if there's enough community support this will be looked into and implemented accordingly.

We are always looking to improve the product and thank you for letting us know about this.

Please let us know if there are anymore questions within the scope of this git issue. If not, I will be closing out this git issue by end of day tomorrow. Please file a new git issue with a reference to this one if you have anymore concerns. Thanks

FrankHu-MSFT on 8 Nov 2019

Was this page helpful?

0 / 5 - 0 ratings