Group Mappings for Azure Active Directory

Learn how to configure group mappings for SAML 2.0 when using Microsoft Entra ID (previously Azure Active Directory)

  1. Log in to the Azure AD portal.

  2. Select Azure Active Directory, then click Enterprise Applications.

  3. Select the Sysdig application to which you want to add or modify group information.

  4. On the menu, select Single sign-on.

  5. Click Attributes & Claims.

  6. Select Add a group claim from the top menu if you are adding group information for the first time, otherwise select the correct attribute from the Additional claims list.

    Specify the following:

    • Which groups associated with the user should be returned in the claim?: You must select which groups should be returned for each user that logs in.
    • Source attribute: This attribute can be configured only for groups synchronized from an on-premises Active Directory using Azure Active Directory Connect Sync 1.2.70.0 or above. The default is Group ID.
    • Expand Advanced Options:
      • Select Customize the name of the group claim
      • Enter Name: The value must match configured Group Attribute Name, for example, “groups”.

Group Claim Name

If you don’t customize the Group Claim name, Azure will default to http://schemas.microsoft.com/ws/2008/06/identity/claims/groups and this value must be entered as the Group Attribute Name on the Sysdig side.
  1. Save your settings.