Forum Discussion
Azure B2B External Identity Provider Claims Mapping
Take this:
1. Configure Custom Claims in the External IdP
First, you'll need to configure the external IdP to send the custom attribute values in the SAML token. Ensure that the attribute names match what your application expects (e.g., "AcctNumber" or "CustomNum").
2. Set Up Single Sign-On (SSO) in Azure
In your Azure tenant, go to the Enterprise App and configure the Single Sign-On (SSO) settings. Here, you'll need to add the custom claims. Unfortunately, Azure doesn't currently support free-form attribute names directly in the UI. You'll need to use a custom claims provider to achieve this.
3. Create a Custom Claims Provider
You'll need to create a custom claims provider to transform the incoming SAML token attributes into the desired claims for your access token. This involves setting up a REST API endpoint that will receive the SAML token, extract the necessary attributes, and return the transformed claims.
4. Configure the Custom Claims Provider in Azure
In Azure, configure the custom claims provider to connect to your REST API endpoint. This will allow Azure to call your API during the authentication flow and include the transformed claims in the access token.
5. Test the Configuration
Once everything is set up, test the configuration to ensure the custom claims are correctly mapped and accessible in your application code.
- External IdP Configuration: Ensure the IdP sends the required attributes in the SAML token.
- Azure SSO Configuration: Set up SSO in Azure and add the custom claims.
- Custom Claims Provider: Create a REST API to transform the attributes.
- Azure Custom Claims Configuration: Connect Azure to your custom claims provider.
- Testing: Verify that the claims are correctly mapped and accessible.