Is it possible to return AD Groups in profile

I am using the OpenIDConnect, with the scopes of “openid”, “profile”, “email”.

 options.Scope.Add("openid");
 options.Scope.Add("profile");
 options.Scope.Add("email");


The profile that it returns, does not include AD Groups, when I checked the Raw Json, against the account, I can see Groups being available.

How do I return the Groups in the profile?

Good morning @noob, I’d like to see if I can help!

Are you assigning the user their AD groups on initial sign in through a rule?

Hi James,

I have see Groups in the User Profile, but since it’s returning a ODIC profile, it doesn’t contain Groups.

Is there any way to get the Groups, once I am in ASP Net Core.

Following up on this subject @noob :wave:

You are unable to do this by default when requesting the profile scope in an authorize request since profile is a standard claim/scope.

However you can accomplish this another way by using Rules, check if profile scope is requested, and add groups as custom claim to the token.

Please let me know if you have any questions!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.