Forum Discussion
Transform multiple Group Claim values into a single comma-separated string in Entra ID
We've created a new Enterprise Application in our Entra ID (cloud) for connecting to a third-party SaaS solution. Part of their requirements is that we need to supply a claim "teams", whose value consists of a comma-separated list of the teams a user is a member of.
On our side, in Entra ID, those teams are implemented using dedicated Security Groups. So a user can be a member of one or more of those security groups. We now need a way to transform this group membership into a proper SAML claim.
For this purpose we've added a new Group Claim to our Enterprise Application's Single Sign-On SAML configuration and using the "Customize the name of the group claim" feature we renamed the claim to "teams". So now our SAML token contains the following claim (abbreviated):
<AttributeStatement>
...
<Attribute Name="teams">
<AttributeValue>Group1</AttributeValue>
<AttributeValue>Group2</AttributeValue>
<AttributeValue>Group3</AttributeValue>
</Attribute>
...
</AttributeStatement>
As you can see the groups are returned in multiple separate `AttributeValue` elements. We need them to be in one `AttributeValue` element, like this:
<AttributeStatement>
...
<Attribute Name="teams">
<AttributeValue>Group1,Group2,Group3</AttributeValue>
</Attribute>
...
</AttributeStatement>
Is there a way to realize this in Entra ID?