Allow the use of all user attributes for SAML token attributes
We are developing a POC to have Cisco WebEx and Jabber integrate directly with Azure AD. Authentication works just fine. However, when there is a change to a user's profile in Active Directory, say title or phone number, in order for that change to update in WebEx or Jabber the "whenChanged" attribute needs to be sent as "updateTimeStamp" in the SAML token. "whenChanged" cannot be extended as a Directory Extension so maybe use of the "LastDirSyncTime" attribute in Azure would be a suitable replacement. Also, it would be beneficial to also allow the use of the "mobilePhone" Azure attribute in Custom SAML attributes of an application.
What would really help is to allow the use of all Azure attributes when configuring the custom SAML attributes of an application.
We don’t have an ETA yet but this feature is in our backlog. Keep the voting to help us prioritize.
Jonathan Martin commented
We are also trying to migrate an on-premise Webex/ADFS solution to Azure AD and would like to have the whenChanged attribute available. Looking into possible alternatives including http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant which would cause the user to update every login (not ideal).
Henrik Hallebrad commented
also missing the mobile attribute. Would make sense to be able to use all attributes that exist on a user in azure. Just like ADFS.