Custom attributes/claims in JWT token for Azure AD identity provider

The documentation states that custom SAML attributes and OIDC claims can be added to the JWT if the identity provider supports this.

The Azure AD integration supports to fetch group data, so it should be relatively easy to allow to add some group data to the JWT token as well - however, I couldn’t find any options there.

I know I could fetch the whole user identity by sending the CF_Authorization cookie to the Cloudflare API (see documentation), however it would be much easier to directly add a few selected attributes to the JWT. This would also be more secure, since the application would not need to be allowed to make outbound connections.

Are there any plans to support this or am I missing something?

If you use the Generic SAML connector for AzureAd then you can pass custom Attributes. We are planning to add this to the AzureAD connector in the next couple months. Otherwise the only selector in the AzureAD integration are Groups.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.