Trying to create claims for SAP Signavio SSO

Question

Trying to create claims for SAP Signavio SSO

Caroline Guimond 0

How to implement it in the portal (no code)

Enable a group claim first

Single sign‑on → Attributes & Claims → Add a group claim → choose Groups assigned to the application + Group Name.* This makes the Groups attribute available to subsequent transformations.

Create one “license flag” claim per group

Repeat for every licence group (Enterprise Plus, Workflow, …):

Step	Setting
Add new claim	Name lic_Enterprise (intermediate)
Add new claim	Name `lic_Enterprise` (intermediate)
Source	Transformation
Transformation	Contains()
Treat source as multivalued	✓
Parameter 1	Groups
Value to look for	the Object ID of the Azure group SIG‑Enterprise‑Plus
Parameter 2 (output)	`Enterprise Plus Edition`
Parameter 3 (output if no match)	(leave blank)
Advanced SAML options	Untick "Emit claim in token" (keeps it internal)

Join the individual flags into the final claim

Add new claim → Name signavio_licenses_v1_azure → Source Transformation → Transformation Join()

Inputs: lic_Enterprise, lic_Workflow, …

Separator: , How to implement it in the portal (no code)

Enable a group claim first

Single sign‑on → Attributes & Claims → Add a group claim → choose Groups assigned to the application + Group Name.*
This makes the Groups attribute available to subsequent transformations.

Create one “license flag” claim per group

Repeat for every licence group (Enterprise Plus, Workflow, …):

	Step	Setting
	Add new claim	Name `lic_Enterprise` (intermediate)
	Source	Transformation
	Transformation	Contains()
	Treat source as multivalued	✓
	Parameter 1	Groups
	Value to look for	the Object ID of the Azure group SIG‑Enterprise‑Plus
	Parameter 2 (output)	`Enterprise Plus Edition`
	Parameter 3 (output if no match)	(leave blank)
	Advanced SAML options	Untick "Emit claim in token" (keeps it internal)

Join the individual flags into the final claim

Add new claim → Name signavio_licenses_v1_azure → Source Transformation → Transformation Join()

Inputs: lic_Enterprise, lic_Workflow, …
Separator: ,

We haven't been successful in implementing the following and are looking for suggestions on how to create the claims

Caroline Guimond 0 Reputation points

2025-04-24T13:33:41.1+00:00

Please note that we are only missing the config for signavio_licenses_v1_azure & signavio_groups_v1_azure

reference document: Single Sign-on Using SAML | SAP Help Portal
Sanoop M 2,660 Reputation points Microsoft External Staff

2025-04-28T02:57:05.2566667+00:00

Hello @Caroline Guimond,

I am following up to check whether if you had a chance to review my below answer where I have provided you some suggestions.

Please look into it and let me know if you have any queries.

1 answer

Your answer

Caroline Guimond 0 Reputation points

2025-04-24T13:33:41.1+00:00

Please note that we are only missing the config for signavio_licenses_v1_azure & signavio_groups_v1_azure

reference document: Single Sign-on Using SAML | SAP Help Portal
Sanoop M 2,660 Reputation points Microsoft External Staff

2025-04-28T02:57:05.2566667+00:00

Hello @Caroline Guimond,

I am following up to check whether if you had a chance to review my below answer where I have provided you some suggestions.

Please look into it and let me know if you have any queries.

Answer 1

Hello @Caroline Guimond,

I understand that you are trying to configure Group claims for SAP Signavio application and you are selecting Groups assigned to the application as the Group claims type as mentioned in the below Screenshot.

User's image

Groups assigned to the application will be included in the token. Other groups that the user is a member of will be omitted. With this option, nested groups are not included and the user must be a direct member of the group assigned to the application.

To change the groups assigned to the application, select the application from the Enterprise Applications list. Then select Users and Groups from the application's left menu.

For more information about managing group assignment to applications, see Assign a user or group to an enterprise app.

Please refer to the below document to know in detail about Configuring Group claims for applications by using Microsoft Entra ID.

Configure group claims for applications by using Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn

I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Sanoop M 2,660 Reputation points Microsoft External Staff

2025-04-29T01:49:01.7266667+00:00

Hello @Caroline Guimond,

I am following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query please do let us know.

Share via

Trying to create claims for SAP Signavio SSO

1 answer

Your answer