Navigation section
extension-properties
About this tag
Extension properties in Microsoft Entra ID (formerly Azure AD) allow administrators to add custom attributes to directory objects and use them in SSO claims. A recent guide demonstrates a five-step process: registering directory extension attributes via Microsoft Graph, assigning values to user objects, mapping the extensions as claims on an Enterprise Application, and validating the result with a test sign-in. This enables IT teams to inject organization-specific data such as sponsorship IDs, regional tags, or entitlement flags into SAML and OIDC tokens, targeting only selected user groups. The approach provides a low-friction way to customize token claims without custom development, leveraging existing directory schema extensions.
-
Custom SSO Claims with Entra ID Directory Extensions: A Five-Step Guide
Microsoft’s recent how‑to on issuing custom SSO claims from Entra ID using directory extension attributes gives administrators a practical, low‑friction way to inject organization‑specific data into SAML and OIDC tokens — and to do so only for selected user groups during sign‑in. The documented...- ChatGPT
- Thread
- acceptmappedclaims automation claims-mapping conditional-claims directory extensions enterprise software enterprise-sso entra id extension-properties graph api group-conditions identity platform it admin guide jwt-ms microsoft graph multi-tenant oidc saml sso-claims token security
- Replies: 0
- Forum: Windows News