Azure Active Directory Labs Series – Adding Claims

Solution · 07 Sep 2016

Back in June I had the pleasure of delivering a training on Azure Active Directory to two customer crowds. I say pleasure because not only do I love to share knowledge but also, the preparation of the training forces me to go deep on some aspects of what I’m going to teach.

In that training there were 8 labs and I thought it would be great to share them to the more general public. The labs follow each other and build on each other.

You can find the exhaustive list in Cloud Identity & Azure Active Directory page. This is the fourth lab.

In the current lab we configure Azure AD application to emit more claims in the authentication token.

Download the application manifest

Go to the legacy portal @ https://manage.windowsazure.com
Scroll down the left menu to the bottom and select Active Directory
You should see the following screen
Select a tenant you created for this lab & enter it
Select the Applications sub menu
Select the application you’ve created in a previous lab (i.e. WebDemo)
At the bottom of the screen, click the Manage Manifest button
In the sub menu, click Download Manifest
In the dialog box, click Download Manifest
Look for the downloaded file, in your download folder, it should have the file name <application’s client ID>.json

Modify the manifest

Open the manifest json file into an editor (e.g. Visual Studio)
Find the property “groupMembershipClaims” (around line 7^th)
Replace null by “SecurityGroup”
Save the file

Upload the manifest

Back in the portal click again on the Manage Manifest button
In the sub menu, click Upload Manifest
Browse for the file on your disk
Click the check button

Test Web App

If you test the Web App (deployed in a previous lab), you should see that you have new claims of type “groups” with the unique identifier of the groups the user is member of as value.

Post Lab

None