Azure AD OIDC changing preferred_username format

Question

I've set up a Registered App for OIDC and configured it for various usages on Azure AD.

The application I integrate with uses preferred_username in the ID Token for various things. Azure AD assigns [email protected], a.k.a. UPN to this field. I'd like it to assign username which could be the good old SamAccountName or UPN transformed in some way. Is there any way to do this?

This seems to be possible for SAML (NameId is kind of equivalent to preferred_hostname on OIDC the way I see it) but I couldn't find anything relevant for OIDC. https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization#editing-nameid

I've tried changing manifest file in the app with some educated guess but did not managed to accomplish this. I could not find anything related in manifest documentation.

Answer 1

The ID token is the core extension that OpenID Connect makes to OAuth 2.0. ID tokens are issued by the authorization server and contain claims that carry information about the user.

OpenID Connect (OIDC) is an authentication protocol built on OAuth 2.0 that you can use to securely sign in a user to an application

These are list of claim for ID token you can configure before generating a token

AzureAD-ADApplication->Token Configuration-> Add an optional claim.

There you can able see list of claim including UPN as well.

Claim for samaAccount only under group claim.