问题描述
我正在尝试建立一个网站,并在其中运行用户必须使用Azure AD帐户登录的网站.用户本身通常是两个组之一的成员.在Azure AD中是否有任何方法可以获取该组ID和/或名称作为对身份令牌的声明返回?
I'm trying to get a website up and running where the user has to log in using an Azure AD account. The user themselves are usually either a member of one of two groups. Is there any way within Azure AD of getting that group ID and/or name returned as a claim on the identity token?
推荐答案
您可以编辑应用程序的清单.
You can edit the manifest of the app.
您可以通过Azure Active Directory->应用程序注册->您的应用程序->清单在新门户中找到它.
You can find it in the new portal via Azure Active Directory -> App Registrations -> Your app -> Manifest.
然后,您需要将groupMembershipClaims
属性设置为"SecurityGroup"
或"All"
.
Then you need to set the groupMembershipClaims
property to either "SecurityGroup"
or "All"
.
"groupMembershipClaims": "SecurityGroup"
然后,这些ID将以ID令牌的形式返回给您的应用. SecurityGroup仅包括AAD安全组,全部还包括Office 365组.
The ids will then be returned in id tokens for your app. SecurityGroup only includes AAD security groups, All also includes Office 365 groups.
这篇关于获取用户时获取用户组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!