Add Azure Active Directory Claims

Follow these instructions to add claims for other Azure Active Directory types:

1. Go to the Microsoft Azure Website.

2. Click Sign in on the upper-right corner of the page.

   If you are currently logged in to your Microsoft account, it will use that account to authenticate.

   

   Microsoft Azure Website

   
   

   This will redirect to the Microsoft Azure Portal.

3. Search for then go to the Microsoft Entra ID page. This will show the default tenant configured.

   

   Microsoft Entra ID

   
   

4. In the Manage pane, click App registrations.

5. Click the Owned Applications tab.

6. Click the Analysis Server you have registered.

   

   Owned Applications

   
   

7. In the Manage pane, click Token configuration.

8. Click Add group claims. The Edit groups claim panel will appear.

9. Select All groups (includes 3 group types: security groups, directory roles, and distribution lists).

10. Click Save.

Add Group Claims

11. Click Add optional claim. The Add optional claim panel will appear.

12. Select ID as token type.

13. Select the email claim.

14. Click Add.

    

    Add Email Claim

    
    
    note

    When adding the email optional claim, Azure requires Microsoft Graph permissions to be enabled. Check the box for “Turn on the Microsoft Graph email permission (required for claims to appear in token)” in the dialog, then click Add when prompted.

    

    Microsoft Graph Email Permission Prompt