Sep 09 2022 12:09 PM - edited Sep 09 2022 02:31 PM
Hello, I'm in the process of migrating off AD FS to Azure AD and have a vendor with a difficult claim requirement that I hope someone can help me with.
The enterprise application has three groups assigned to it, lets call them GroupA, GroupB and GroupC. Members with access this this application are only ever in one of the three groups. The vendor requires a claim to return a specific value based on group membership as follows.
If the member is in GroupA the claim should return "User"
If the member is in GroupB the claim should return "Admin"
If the member is in GroupC the claim should return "Developer"
I've created a group claim that returns only groups assigned to the application but from there I don't know what the next step is. I believe I customize the name of the group claim then Apply regex replace to groups claim content. AM I on the right track? If so, given the group names and the expected return value can anyone help me work this out?
Thank you for your consideration
Sep 15 2022 02:41 AM - edited Sep 15 2022 02:44 AM
In App Registrations, add "app roles" named/valued "User, Admin, Developer".
After that in Entrerprise Applications view assign GroupA to User role, GroupB to Admin etc.