Microsoft Graph - Creating an Azure AD Claim Mapping Policy

Creating an Azure AD Claim Mapping Policy to map on-premises attributes to a JWT or SAML issued claim using the Microsoft Graph SDK for PowerShell and the New-MgPolicyClaimMappingPolicy and Invoke-MgGraphRequest cmdlets.

An Azure AD Claim Mapping Policy allows available attributes to be surfaced through a JWT or SAML claim either directly or through a value transformation. Using the outlined method values such as the on-premise ‘sAMAccountName’ may be made available to Azure authenticated applications in your tenant.

Example Issued Claims

{
     "name": "john smith",
     "oid": "...",
     "preferred_username": "john.smith@sometenant.onmicrosoft.com",
     "onpremisessamaccountname": "john.smith" <- added claim
}

PowerShell Code

Note: This code requires the Microsoft Graph SDK for PowerShell.