Use Microsoft Entra ID groups claims

You can transfer group assignments from Microsoft Entra ID to a Neptune DXP - Open Edition system.

This procedure describes configuration aspects of the Neptune DXP - Open Edition authentication settings. As these directly affect the system security, these configuration steps must be thoroughly tested in an appropriate test environment.

Prerequisites

  1. You have created an enterprise application / app registration in Microsoft Entra ID.

  2. You have configured an authentication method of type “Microsoft Entra ID” on the Neptune DXP - Open Edition system using this app registration.

  3. You have defined the identically named security groups in the Neptune DXP - Open Edition system that you expect in the token claims.

Procedure

  1. Sign in to the Microsoft Entra admin center.

  2. To define the desired groups in Microsoft Entra ID, select ManageGroups.

  3. To assign users to groups as required, select Groups<Your group>ManageMembers.

  4. Sign in to the Microsoft Azure Portal.

  5. To assign a group to an enterprise application, select Enterprise Applications<Your Application>ManageUsers and GroupsAdd User/Group.

    groups and roles add user group

  6. To maintain the token claim groups configuration on the app registration, select App registrations<Your Application>ManageToken ConfigurationAdd groups claim.

    groups and roles add groups claim

  7. In the Edit groups claim details screen, select Groups assigned to the application (recommended for large enterprise companies to avoid exceeding the limit on the number of groups a token can emit).

  8. Select sAMAccountName for all token types.

  9. Select Add.

  10. To ensure a correct transfer of the group names, you need to edit the app registration manifest. Select App registrations<Your Application>ManageManifest.

  11. Edit the JSON manifest to include the property "cloud_displayname" in the ID token.

    groups and roles cloud displayname

  12. Save the changed manifest.

Related topics