Example: Setting up custom mapping for Azure AD

The following information shows how to configure the custom mapping of roles for Azure AD using the Custom Mapping Option.

Configure App roles

The following are the prerequisites for configuring App roles:

• Snyk support must configure your Snyk SSO as Microsoft Azure AD (WAAD or SAML).

• If you select SAML, there is a requirement to add a custom claim; the step to do that is in these instructions.

• You must have an existing Azure Enterprise application and app registration connected to that SSO configuration.

1. In your App registration menu, select the name of your Enterprise Application.

   
2. Select App roles, then Create app role.

   
3. Create an app role with details as needed. Select the Allowed member types: Users/Groups, Applications, or Both. Enter the Value and Description for the selected type. Enable the app role. When you are finished, select Apply.

   
4. In Azure AD, select your Enterprise Application.

   
5. Select Users and groups; then Add user/group. Search and select the users and groups to add.

   
6. Select Users and groups; from the dropdown, select a role; and select Assign.

   
7. Repeat for all required groups and roles that should be assigned. Then verify that the list looks similar to this.

   

   Note that it is also possible add multiple Snyk roles to one App role, as the payload can be interpreted as a comma-separated string. However, this can not be used in conjunction with multiple App roles, as only one syntax will be respected (string or array).

8. If you have configured a SAML connection, add a custom claim to pass the roles array in the SAML payload to Snyk. Select Single sign-on in the left hand menu.

9. Select Edit next to Attributes and Claims.

   
10. Select Add new claim, **** add the following details, and Save. Name: roles Source: Attribute Source attribute: user.assignedroles\