Auth0 Home Blog Docs

Get Azure AD Group Ids

azure-ad
groups

#1

I’m trying to get lists of security groups that users belong to in my azure ad, but they never seem to show up in the claims. If I go look at my user’s raw json I see the list there so I’m doing something right. But I’m not sure how to get those to be included into the token so I can set up authorization on my web api.

I’ve tried setting up the authorization extension as follows:

I’m missing something here.


#2

:wave: @matthew.tabor have you tried using a Rule to add the group_ids to the token? An example of adding claims to the token:

function (user, context, callback) {
  const namespace = 'https://myapp.example.com/';
  context.idToken[namespace + 'favorite_color'] = user.favorite_color;
  context.idToken[namespace + 'preferred_contact'] = user.user_metadata.preferred_contact;
  callback(null, user, context);
}

For group_ids I believe it should look something like context.idToken[namespace + “group_ids”] = user.group_ids;.


#3

Kim, this seems to be the part I was missing. After adding the rule I now am seeing the group ids in the access token as expected and my authorization seems to work now.


#4

That is awesome! Glad to hear :slight_smile: let me know if you have any other questions.