First published on CloudBlogs on May, 13 2016
Here's one of the most common pieces of feedback we get from customers using Azure AD:
"My users are already using the app, and their username isn't their email address or user principal name. It's a custom ID that we defined, and I need to get Azure Active Directory to send that value."
If so, I'm happy to announce that our claims editor for gallery apps has been enhanced to allow the selection of extension attributes as the unique user ID.
What is the claims editor?
The claims editor is a user interface in the
Azure classic portal
that allows you to edit all of the user information (or claims) sent in the SAML tokens to specific apps. This includes the "nameidentifier" claim, which is the one that uniquely identifies the user.
Storing the HR Employee ID in an extension attribute is a very common use case, and virtually any user ID value required by an application can be created in on-premises Active Directory and mapped to an extension attribute using AAD Connect.
I hope you'll find this new capability useful! And as always, we would love to hear any feedback or suggestions you have!
Alex Simons (Twitter:
Director of Program Management
Microsoft Identity Division