Ask Your Question

How can the onpremisessamaccountname be included as a claim in the JWT token for Azure AD?

asked 2022-02-05 11:00:00 +0000

djk gravatar image

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2021-08-30 13:00:00 +0000

devzero gravatar image

To include the onpremisessamaccountname as a claim in the JWT token for Azure AD, you need to follow these steps:

  1. Create a custom attribute in your Active Directory (AD) schema to store the onpremisessamaccountname. This can be done using the Active Directory Schema snap-in.

  2. Sync the custom attribute to Azure AD using Azure AD Connect.

  3. Create a custom application in Azure AD if you haven't already done so. This can be done using the Azure Portal.

  4. In the application manifest, add the following lines to the "appId" section:

    "optionalClaims": { "idToken": [ { "name": "onpremisessamaccountname", "source": null, "essential": false, "additionalProperties": [] } ] }

  5. Save the manifest and wait for the changes to take effect (this may take a few minutes).

  6. In your application code, use the following code to retrieve the onpremisessamaccountname claim from the JWT token:

    string onpremisessamaccountname = User.Claims.FirstOrDefault(c => c.Type == "onpremisessamaccountname")?.Value;

This code assumes that you are using the ASP.NET Core Identity framework. If you are using a different framework, you may need to modify the code accordingly.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer

Question Tools


Asked: 2022-02-05 11:00:00 +0000

Seen: 13 times

Last updated: Aug 30 '21