![]() ![]() Select source application from application picker where extension property is defined. Select Add new claim or edit an existing claim. Use the following steps to configure the single or multi-valued directory schema extension attribute as a claim: ![]() You can also configure directory schema extension attributes as non-conditional/conditional attributes in Azure AD. The constant value is displayed as shown in the following image. Select the required claim that you want to modify.Įnter the constant value without quotes in the Source attribute as per your organization and select Save. In the Azure portal, in the User Attributes & Claims section, select Edit to edit the claims. Use the following steps to assign a constant value: The on-premises extension attributes used to extend the Azure AD schema.įor more information about identifier values, see the table that lists the valid ID values per source later in this page.Īny constant (static) value can be assigned to any claim that is defined in Azure AD. The directory extensions synced from on-premises Active Directory using Azure AD Connect Sync. The SAM account name that has been synced from on-premises Azure AD. The user principal name (UPN) of the user. You can select from the options in the following table. Select the desired source for the NameIdentifier (or nameID) claim. To learn more about the NameIDPolicy attribute, see Single sign-On SAML protocol. Transient nameID is also supported, but isn't available in the dropdown and can't be configured on Azure's side. Microsoft identity platform uses the WindowsDomainQualifiedName format. Microsoft identity platform uses Unspecified as the nameID format. Microsoft identity platform uses EmailAddress as the nameID format. Microsoft identity platform uses Persistent as the nameID format. Microsoft identity platform uses the default source format. If a transformation results in a null or illegal value, Azure AD sends a persistent pairwise identifier in the nameID.įrom the Choose name identifier format dropdown, select one of the options in the following table. If no format is specified, the Microsoft identity platform uses the default source format associated with the claim source selected. If the SAML request doesn't contain an element for NameIDPolicy, then the Microsoft identity platform issues the nameID with the format you specify. If the SAML request contains the element NameIDPolicy with a specific format, then the Microsoft identity platform honors the format in the request. Optionally, you can specify the format that you want the nameID claim to have. Select the attribute or transformation that you want to apply to the attribute. ![]() ![]() To edit the nameID (name identifier value) claim:
0 Comments
Leave a Reply. |