Azure REST Call to get enterprise application single sign-on information
Trying to use the Microsoft graph API to get information about my Enterprise Applications, can get a lot of it via the applications and serviceProviders calls but I don't see a way to the information for what is available on the Single sign-on tab in the Azure portal.
I assumed it was claimsMappingPolicies but that always returns an empty list, when doing a https://graph.microsoft.com/v1.0/serviceProviders/{id}/claimsMappingPolicies for a particular service provider or just calling https://graph.microsoft.com/v1.0/claimsMappingPolicies.
The result is
Body: {"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#policies/claimsMappingPolicies","value":[]}
I've tried all the other policies around the application and serviceProvider with no luck.
Is there another API that I can use to get this information?
For reference here is a screenshot of the information that I'm looking for:
We can use Microsoft Graph to configure the SAML-based SSO app.
So most SAML-based SSO information endpoints should be available on this page.
I think your concern is how to get the basic user claims.
Unfortunately the data is not exposed by Microsoft Graph. Microsoft Graph can only get the custom claims which you configured with claimsMappingPolicies. It means if you configure claimsMappingPolicies with Microsoft Graph, you can get it with Microsoft Graph.
If you update the user attributes and claims on Azure portal, you will find it's calling this endpoint:
POST https://main.iam.ad.ext.azure.com/api/ApplicationSso/{service principal object id}/FederatedSsoClaimsPolicyV2
which is different with Microsoft Graph.
So I'm afraid that MS doesn't exposed an API to do this.
- Get-RemoteDomain in powershell exchange online error : The term 'Get-RemoteDomain' is not recognized as the name of a cmdlet
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- Azure Storage accounts container public access level has dissabled
- How to get "exp" from jwt token and compare with it current time to check if token is expired
- How to refresh client assertion in ConfidentialClientApplication?
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- How to extract TLS 1.X of all app services/web app running Azure
- Why Can't I See Roles Assigned to an App Registration in Azure?
- Connect C# ASP.NET Core web app to Microsoft Graph calendar
- Is there a way to find out all users of a particular group in AzureAD?
- MSAL Redirect on Failure AADSTS50105
- Microsoft Power BI REST API PowerBINotAuthorizedException
- AzureAD SAML SSO through AWS Cognito - doesn't match requested authentication method
- How to get username after logged in?.I am trying with MSAL (@azure/msal-angular) for Azure Signin
- Display all the user's files using Microsoft Graph API not working
- Get Access Token from Microsoft Graph for ClientId with delegated permissions
- How to call Microsoft Graph API from ASP.NET Core Web API that is called by SPA
- add-kdsrootkey error the request is not supported
- AADSTS50011: The redirect URI http does not match the redirect URIs
- Access Token Issuer from Azure AD is sts.windows.net Instead Of login.microsoftonline.com
- Getting user data through an Azure AD OAuth login - React Native Expo App
- HTTP request to update Service Principal Entra
- on-behalf-of flow, getting error AADSTS50013 while acquiring obo token
- Azure AD B2C Password Reset
- ASP.NET Core 5 WebAPI - Azure AD - Call Graph API Using Azure Ad Access Token
- Programmatically Assign Exchange Roles to a Group in Azure AD using Microsoft Graph API
- "AADSTS900144: The request body must contain the following parameter: 'grant_type'.?
- Signature validation of my Azure access-token, Private-key?
- Entra ID OIDC Failed Auth Attempt Logs
- REST API service when called from azure APIM returning empty response body with Status code 200