Azure Active Directory Labs Series – Adding Claims

Back in June I had the pleasure of delivering a training on Azure Active Directory to two customer crowds.  I say pleasure because not only do I love to share knowledge but also, the preparation of the training forces me to go deep on some aspects of what I’m going to teach.

In that training there were 8 labs and I thought it would be great to share them to the more general public.  The labs follow each other and build on each other.

You can find the exhaustive list in Cloud Identity & Azure Active Directory page.  This is the fourth lab.

In the current lab we configure Azure AD application to emit more claims in the authentication token.

Download the application manifest

  1. Go to the legacy portal @
  2. Scroll down the left menu to the bottom and select Active Directory
  3. You should see the following screen
  4. Select a tenant you created for this lab & enter it
  5. Select the Applications sub menu
  6. Select the application you’ve created in a previous lab (i.e. WebDemo)
  7. At the bottom of the screen, click the Manage Manifest button
  8. In the sub menu, click Download Manifest
  9. In the dialog box, click Download Manifest
  10. Look for the downloaded file, in your download folder, it should have the file name <application’s client ID>.json

Modify the manifest

  1. Open the manifest json file into an editor (e.g. Visual Studio)
  2. Find the property “groupMembershipClaims” (around line 7th)
  3. Replace null by “SecurityGroup
  4. Save the file

Upload the manifest

  1. Back in the portal click again on the Manage Manifest button
  2. In the sub menu, click Upload Manifest
  3. Browse for the file on your disk
  4. Click the check button

Test Web App

If you test the Web App (deployed in a previous lab), you should see that you have new claims of type “groups” with the unique identifier of the groups the user is member of as value.

Post Lab


Leave a comment