Microsoft Azure: Custom attributes with SAML /Entra ID

First, make sure you have SAML login working using following guide:

Go to the application registration
Azure portal view for managing Aikido-SSO enterprise application properties and settings.
Create an app role.value here should be the value of the claim. In this example, we're setting up for aikido_role, so valid values for this are admin, default, team_only.
Creating a new app role "Aikido Admin" in Microsoft Azure for Aikido-SSO.
After saving, go back to the app settings, and add a group to 'Users and Groups'
Azure portal: Assign users or groups to the Aikido-SSO enterprise application.
Add the Entra group you'd like to give admin access (in this case) and add the role we created in step 2.
Azure Add Assignment: Select users, groups, and roles for directory permissions.
Back in the Single Sign-on settings of the app, go to the Attributes & Claims -> Edit
Azure portal SAML-based single sign-on configuration for Aikido-SSO application.
Click 'Add new claim'
Azure portal Attributes & Claims page for adding and managing SAML claims.
Fill in the attribute name & user.assignedroles as source attribute. (this is the admin value we set up in step 2)
Azure claim setup: mapping "aikido_role" to "user.assignedroles" attribute.
All done. On SAML login, these changes will take effect.

Last updated 4 months ago

Was this helpful?