Forum Discussion
Azure AD SAML - Is it possible to apply filtering on group claims?
Hi,
I know it's possible to send security group names in SAML response using the group claim in Azure AD.
But is it possible to filter groups based on some criteria? Suppose there's a requirement to send only those groups in SAML response that contain "Office365", can that be accomplished using RegEx, AAD PowerShell or Graph API?
Thanks in advance.
- Yes, there are a few advanced options described in this support article for reducing the number of groups emitted https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims#advanced-options
I came here looking for an answer to the same question, and I'm not following your suggestion. I don't see any way to filter the group membership. The documentation provides three "advanced" options:- Customize the groups claim name
- Provide a namespace url
- Send the groups as a role
I don't see anything about filtering... can you elaborate?
- Hello Joe
I have a similar question:
Is it possible to apply filtering on group claims using Regex in Azure AD for SAML app?
As far as I know, regex option in Azure AD for Groups is not there at the moment. Could you please confirm.
Thanks&Regards
AbhishekIn the Azure AD Application "Users and Groups" you can require a group named O365_Users.
Then in the Group Claims, you can select the option to only send the groups that are associated with the application.
So the filtering is basically done by adding the groups to the application, then only those groups would be sent. Make sense?
