Forum Discussion

lzandman's avatar
lzandman
Copper Contributor
Jan 18, 2024

Transform multiple Group Claim values into a single comma-separated string in Entra ID

We've created a new Enterprise Application in our Entra ID (cloud) for connecting to a third-party SaaS solution. Part of their requirements is that we need to supply a claim "teams", whose value consists of a comma-separated list of the teams a user is a member of.

 

On our side, in Entra ID, those teams are implemented using dedicated Security Groups. So a user can be a member of one or more of those security groups. We now need a way to transform this group membership into a proper SAML claim.

 

For this purpose we've added a new Group Claim to our Enterprise Application's Single Sign-On SAML configuration and using the "Customize the name of the group claim" feature we renamed the claim to "teams". So now our SAML token contains the following claim (abbreviated):

 

<AttributeStatement>
    ...
    <Attribute Name="teams">
        <AttributeValue>Group1</AttributeValue>
        <AttributeValue>Group2</AttributeValue>
        <AttributeValue>Group3</AttributeValue>
    </Attribute>
    ...
</AttributeStatement>

 

As you can see the groups are returned in multiple separate `AttributeValue` elements. We need them to be in one `AttributeValue` element, like this:

 

<AttributeStatement>
    ...
    <Attribute Name="teams">
        <AttributeValue>Group1,Group2,Group3</AttributeValue>
    </Attribute>
    ...
</AttributeStatement>

 

Is there a way to realize this in Entra ID?

Resources