azurepowershellmicrosoft-graph-apimicrosoft-entra-id

Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell


I want to read 'Attribute & Claims' from SAML enterprise application configuration using PowerShell.

I have found the Graph command Get-MgBetaServicePrincipalClaimMappingPolicy: https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list-claimsmappingpolicies?view=graph-rest-beta&tabs=powershell but it always return empty value, even if I can see that attributes are configured in Azure Portal. Portal

I am using graph scope: Application.Read.All and Policy.Read.All

Any idea how I can read this configuration?

Regards


Solution

  • Currently, it's not possible to retrieve 'Attributes & Claims' from a SAML Entra application configuration via PowerShell or Graph API. The only way as of now is via Azure Portal.

    I have one Enterprise application with 'Attributes & Claims' values as below:

    enter image description here

    When I tried running same PowerShell command as you to, it will give null as below:

    Get-MgServicePrincipalClaimMappingPolicy -ServicePrincipalId <sp_id>
    

    Response:

    enter image description here

    Even Graph API queries results null response as there are no claim mapping policies assigned to service principal:

    GET https://graph.microsoft.com/v1.0/servicePrincipals/sp_Id/claimsMappingPolicies
    

    Response:

    enter image description here

    To create claim mapping policies via PowerShell, you can refer this MS Document and assign them to service principal.

    Reference:

    Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell - Microsoft Q&A by Raja Pothuraju