Example: Setting up custom mapping for Entra ID
Last updated
Last updated
More information
Snyk privacy policy© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.
The following information shows how to configure the custom mapping of roles for Entra ID (formerly Azure AD).
See the Entra ID Enterprise Application example for guidance setting up the initial Enterprise application.
Any step on the Snyk side in setting up the Enterprise application must be performed by your Snyk contact, as self-serve SSO does not accommodate custom mapping.
The following are the prerequisites for configuring App roles:
Snyk support must configure your Snyk SSO as Microsoft Entra ID (WAAD or SAML).
If you select SAML, there is a requirement to add a custom claim; the step to do that is in these instructions.
You must have an existing Azure Enterprise application and app registration connected to that SSO configuration.
The steps in configuring App roles follow.
In your App registration menu, select the name of your Enterprise Application.
Select App roles, then Create app role.
Create an app role with details as needed. Select the Allowed member types: Users/Groups, Applications, or Both. Enter the Value and Description for the selected type. Enable the app role. When you are finished, select Apply.\
In Entra ID, select your Enterprise Application.
Select Users and groups; then Add user/group. Search and select the users and groups to add.
Select Users and groups; from the dropdown, select a role and select Assign.\
Repeat for all required groups and roles that should be assigned. Then verify that the list looks similar to this.\
Note that it is also possible to add multiple Snyk roles to one App role, as the payload can be interpreted as a comma-separated string. However, this can not be used in conjunction with multiple App roles, as only one syntax will be respected (string or array).
If you have configured a SAML connection, add a custom claim to pass the roles array in the SAML payload to Snyk. Select Single sign-on in the left-hand menu.
Select Edit next to Attributes and Claims.
Select Add new claim add the following details, and Save. Name: roles Source: Attribute Source attribute: user.assignedroles
When you have completed these steps, reach out to your Snyk point of contact to have the configuration completed.