openid-connectaccess-tokenclaims-based-identitymicrosoft-entra-id

Is there a way to add roles to ID or Access Token as an optional claim in Entra ID / Azure Active Directory


I would like to configure the ID or Access token on an Entra ID application to have an optional claim which contains a role (ideally), or at least group.

As things stand now, I can only add pre-existing optional claims.

How can I add a role or group to the optional claims to be added?


Solution

  • Got it after a bit more googling.

    1. Assign a role to an application. App Registration, your app, App Roles, Create App Roles.
    2. Assign a user to an application. Enterprise Application, your app, Assign Users and Group, Add User, Select User, Assign
    3. Assign app role to app user, Enetrprise Application, your app, Assingn users and Groups, select Assigned User, check the user, click Edit Assignment, click "None Selected" under "Select a Role", list of roles appears on right side, select it and save. You will see the role assigned to the user showing up next to the user on the list.

    ref: https://www.youtube.com/watch?v=2VTpQi4wysE