ADFS/SAML Groups in App policies

I have ADFS configured and working fine with Zero Trust.

In Firewall Policies, I can select

Selector: SAML Attributes
Operator: is

And it works fine.

But for application policies, I can’t seem to get it to work.
Selector: There is no SAML Attributes, have to use SAML Groups
Value Attribute Name: (tried just using Group)
Attribute Value: domain\\securityGroup “tried quotes, single slash, double and quad slash”

and that doesn’t work.

Here is the claim returned by ADFS:

“email”: “[email protected]”,
“name”: “LastName, FirstName”,
“givenName”: “FirstName”,
“surName”: “LastName”,
“saml_attributes”: {
“emailaddress”: “”,”: [
“domain\Domain Users”,
“department”: “UsersDepartment”,
“surname”: “”,
“givenname”: “”,”: “Max”,
“role”: “”
“headers”: {}

Any ideas?

Got it - seems that Cloudflare doesn’t like special characters anywhere here. I used ADFS to rewrite the outbound token as Groups instead of Group as it wouldn’t have an xml schema associated with it.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.