I am using a federated identity provider (Azure AD) to send claims to Auth0 during the authentication. One such claim is the Azure AD group(s) the user is included - I was able to set up the mapping in the enterprise connection to receive the groups from Azure AD during the login and they do indeed show up in both User Details → Identity Provider Attributes and the user’s Raw JSON. So far so good.
The problem is when I’m trying to add this particular claim to the user profile. By default, only the standard OIDC claims are included it seems. I’ve tried to use an Action trigger, to inject this claim into the user profile post-login but when I’m browsing the available claims in the Event schema, “groups” are nowhere to be found. How can I extract this claim from Identity Provider Attributes / Raw JSON and pass it to the user profile?
Hi @razvan.bigiu,
Welcome to the Auth0 Community!
Thank you for asking your question, I found this Knowledge Solution that should solve your question → Extract Azure Custom Claim from ID Token and copy it to User Metadata in Auth0
Thanks
Dawid
Hi Dawid!
Thank you for your quick response. I’ve already set up a SAML connection to Azure AD and mapped the “groups” claim. Like I mentioned, this claim is successfully retrieved from Azure AD during login and added to the user’s Raw JSON.
I’m not entirely sure if this also means that the claim is added to the user profile “at the root level”, as the article you provided puts it. If not, how can this be accomplished?
Right now, if I go to Actions and explore all the claims available in the Event schema, I can’t find “groups” anywhere, even though it is available in the Raw JSON. Trying to access it through event.user doesn’t work because it’s apparently not recognized.
Hi @razvan.bigiu,
Yes, the groups are added at your user root level. If you want to access them in the Actions you can use the event.user.groups, it’s not yet documented in the actions documentation, and will be updated soon.
Thanks
Dawid
