Setting Attribute in "Single sign on" > "Attributes & Claim" Using Microsoft Graph PowerShell

Deepak Arora 0 Reputation points
2023-11-07T13:29:57.4533333+00:00

Hello,

I am trying to build an Automation Platform for registering Enterprise Application and assigning Custom attributes (Manipulating the existing user attributes including Extended attributes) for SAML claim token ("Enterprise Application" > "Single sign on" > "Attributes & Claim").

I have tried to take reference from different Graph PowerShell commands from Microsoft and Other online forums including one listed below but no luck:

(Configure SAML-based single sign-on for your application using the Microsoft Graph API)

https://video2.skills-academy.com/en-us/graph/application-saml-sso-configure-api?tabs=powershell%2Cpowershell-script

If anyone of you have performed similar activities or can guide me the how to achieve this using Graph PowerShell, it will be much appreciated.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,882 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,449 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Danstan Onyango 3,821 Reputation points Microsoft Employee
    2023-12-20T05:16:45.8966667+00:00

    You can Use the Graph APIs listed under Manage Enterprise Applications with Microsoft Graph PowerShell to achieve the task you are trying. Try them and let me know if they are sufficient. See example below.

    To set an attribute in "Single sign on" > "Attributes & Claim" using Microsoft Graph PowerShell, you can use the following example, (not tried yet)

    # Define variables
$clientId = "<enter your client ID here>"
$clientSecret = "<enter your client secret here>"
$tenantId = "<enter your tenant ID here>"
$applicationId = "<enter your application ID here>"
$attributeName = "<enter the name of the attribute here>"
$attributeValue = "<enter the value of the attribute here>"

# Connect to Graph API
Connect-MgGraph -ClientId $clientId -ClientSecret $clientSecret -TenantId $tenantId

# Get the Enterprise Application
$application = Get-MgServicePrincipal -Filter "appId eq '$applicationId'"

# Get the SAML token configuration
$samlTokenConfiguration = Get-MgServicePrincipalSingleSignOnConfig -ServicePrincipalId $application.Id -AuthenticationProtocolType saml

# Set the attribute value
$samlTokenConfiguration.ClaimsMappingSettings.Attributes.Add($attributeName, $attributeValue)

# Update the SAML token configuration
Update-MgServicePrincipalSingleSignOnConfig -ServicePrincipalId $application.Id -AuthenticationProtocolType saml -ClaimsMappingSettings $samlTokenConfiguration.ClaimsMappingSettings

    This example connects to the Graph API using the Connect-MgGraph cmdlet, gets the Enterprise Application using the Get-MgServicePrincipal cmdlet, gets the SAML token configuration using the Get-MgServicePrincipalSingleSignOnConfig cmdlet, sets the attribute value using the Add method of the Attributes property of the ClaimsMappingSettings property, and updates the SAML token configuration using the Update-MgServicePrincipalSingleSignOnConfig cmdlet.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.