Azure Active Directory Labs Series – Adding Claims


Back in June I had the pleasure of delivering a training on Azure Active Directory to two customer crowds.  I say pleasure because not only do I love to share knowledge but also, the preparation of the training forces me to go deep on some aspects of what I’m going to teach.

In that training there were 8 labs and I thought it would be great to share them to the more general public.  The labs follow each other and build on each other.

You can find the exhaustive list in Cloud Identity & Azure Active Directory page.  This is the fourth lab.

In the current lab we configure Azure AD application to emit more claims in the authentication token.

Download the application manifest

  1. Go to the legacy portal @ https://manage.windowsazure.com
  2. Scroll down the left menu to the bottom and select Active Directory
    clip_image002
  3. You should see the following screen
    clip_image004
  4. Select a tenant you created for this lab & enter it
    clip_image006
  5. Select the Applications sub menu
    clip_image008
  6. Select the application you’ve created in a previous lab (i.e. WebDemo)
  7. At the bottom of the screen, click the Manage Manifest button
    clip_image009
  8. In the sub menu, click Download Manifest
  9. In the dialog box, click Download Manifest
  10. Look for the downloaded file, in your download folder, it should have the file name <application’s client ID>.json

Modify the manifest

  1. Open the manifest json file into an editor (e.g. Visual Studio)
  2. Find the property “groupMembershipClaims” (around line 7th)
  3. Replace null by “SecurityGroup
  4. Save the file

Upload the manifest

  1. Back in the portal click again on the Manage Manifest button
    clip_image009[1]
  2. In the sub menu, click Upload Manifest
  3. Browse for the file on your disk
  4. Click the check button

Test Web App

If you test the Web App (deployed in a previous lab), you should see that you have new claims of type “groups” with the unique identifier of the groups the user is member of as value.

Post Lab

None

One thought on “Azure Active Directory Labs Series – Adding Claims

  1. Pingback: Azure Weekly: Sept. 12, 2016 – Build Azure

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s