We have a need to access the Azure-AD attribute onPremisesSamAccountName from auth0, but the value is not available from auth0. Is there a way to get this information included in the user profile when they login? I cannot se it in the RAW Json for the users?
Our configuration for the enterprise connection against Azure-AD look like:
I’m afraid the Enterprise Azure AD connection type is designed to work with a specific set of claims, and everything that is not recognized (including
onPremisesSamAccountName) is discarded.
As of this writing, these are the values that Auth0 will take and store (on the left is the Auth0 user profile property name, on the right is the claim name returned by Azure AD):
roles: [roles, role]
email: [email, mail]
upn: [upn, userPrincipalName]
There are two alternatives that you might want to consider:
- Connecting to an Azure AD domain using a SAML connection
- Connecting to an Azure AD domain using a generic OIDC connection
Both the SAML connection and the Enterprise OIDC connection will accept and store any claim/attribute sent by Azure AD. These connections don’t have any Azure AD-specific knowledge, however, so they can’t use Azure AD’s API endpoints to get the “extended profile” or user groups. Only information sent by Azure AD in the response will be used (you can always configure Azure AD to include additional claims in the ID token). Not sure these alternatives would be able to provide all the information you need, but it might be worth a try.
I’d also suggest leaving a note at https://auth0.com/feedback requesting getting the
onPremisesSamAccountName claim from the Azure AD response if available.
Thanks Nico for helping on this one!
For future user that might stumble upon this.
My solution was to create a custom action the did a query against Azure Graph api and then add the information to the users meta data.
Perfect! Thanks for sharing it with the rest of community!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.