Skip to main content

How to Add Optional & Group Claims

This guide provides step-by-step instructions for adding optional and group claims to Azure applications using Resource Admin. Optional claims allow you to include additional user information, while group claims convey group membership details for user principals.

Prerequisites

  • Access to the Resource Admin portal.
  • Permission to manage Azure applications.

Steps to Add Optional & Group Claims

1. Log in to Resource Admin

  1. Open the Resource Admin portal.
  2. Enter your credentials and log in.

2. Navigate to Applications

  1. From the Resource Type dropdown menu, select Applications.
  2. Click on the Workflows tab.
  3. Select the Manage Azure Application Wizard to start the workflow.

3. Select the Application

  1. Enter the name of the Azure application in the search bar.
  2. Select the application by checking the box next to it.

4. Configure Claims

  1. Select Azure App Token Claims and scroll to locate the Optional Token Claims and Management Group Task options.
  2. Check the boxes for both options to proceed.

5. Add Access Token Claims

  1. Navigate to the Access Token Claims section.
  2. Select the claims to include by checking the appropriate boxes.
  3. If any claim has additional configuration options, they will appear for further customization.

6. Add ID Token Claims

  1. Navigate to the ID Token Claims section.
  2. Select the claims to include by checking the appropriate boxes.
  3. Configure additional options for claims, if applicable.

7. Configure Group Claims

  1. Choose the group types to include in the token by selecting the checkboxes for desired group types.
  2. In the Access Token Group Claim Properties dropdown, select the appropriate value.
  3. To emit groups as role claims, check the corresponding box.

8. Review and Submit

  1. Review the summary page, which displays the claims you have added or removed.
  2. Confirm the details and click Submit to apply the changes.
  3. Click Submit again to exit the wizard.

Note: Group claims are emitted in the JWT for user principals only, not service principals. Carefully verify claim configurations to ensure they meet your application’s requirements. For further assistance, refer to the related documentation or contact your system administrator.