问题描述

我正在尝试建立一个网站，并在其中运行用户必须使用Azure AD帐户登录的网站.用户本身通常是两个组之一的成员.在Azure AD中是否有任何方法可以获取该组ID和/或名称作为对身份令牌的声明返回?

I'm trying to get a website up and running where the user has to log in using an Azure AD account. The user themselves are usually either a member of one of two groups. Is there any way within Azure AD of getting that group ID and/or name returned as a claim on the identity token?

推荐答案

您可以编辑应用程序的清单.

You can edit the manifest of the app.

您可以通过Azure Active Directory->应用程序注册->您的应用程序->清单在新门户中找到它.

You can find it in the new portal via Azure Active Directory -> App Registrations -> Your app -> Manifest.

然后，您需要将groupMembershipClaims属性设置为"SecurityGroup"或"All".

Then you need to set the groupMembershipClaims property to either "SecurityGroup" or "All".

"groupMembershipClaims": "SecurityGroup"

然后，这些ID将以ID令牌的形式返回给您的应用. SecurityGroup仅包括AAD安全组，全部还包括Office 365组.

The ids will then be returned in id tokens for your app. SecurityGroup only includes AAD security groups, All also includes Office 365 groups.

这篇关于获取用户时获取用户组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！