Skip to main content
SAML Login Microsoft Azure: Custom attributes with SAML / Entra ID

Microsoft Azure: Custom attributes with SAML / Entra ID

First, make sure you have SAML login working using following guide:

Setting up Azure Group based SAML custom attributes

  1. Go to the application registration

  2. Create an app role.
    value here should be the value of the claim. In this example, we're setting up for aikido_role, so valid values for this are admin, default, team_only.

  3. After saving, go back to the app settings, and add a group to 'Users and Groups'

  4. Add the Entra group you'd like to give admin access (in this case) and add the role we created in step 2.

  5. Back in the Single Sign-on settings of the app, go to the Attributes & Claims -> Edit

  6. Click 'Add new claim'

  7. Fill in the attribute name & user.assignedroles as source attribute. (this is the admin value we set up in step 2)

  8. All done. On SAML login, these changes will take effect.