Support Directory Extensions as SAML Token attributes for Cloud-only accounts
The use of directory extensions as SAML Token attributes for non-AD synced tenants is currently not supported. We now have to explore alternative Idp solutions because we can't pass required information to our SaaS service providers.
There’s a way you can use Microsoft Graph or PowerShell to create Directory extensions attributes.
Follow this document. If you have any feedback or question, please use the comment section in the article: https://docs.microsoft.com/en-us/powershell/azure/active-directory/using-extension-attributes-sample?view=azureadps-2.0
Maqsood Ali commented
For us this used to be work last year, but now this feature which we used with "Custom" Enterprise app (SSO|SAML) is removed without letting us know from our AzureAD tenant.
We have been told tha its possible similar functionality using "AzureAD Claim Mapping Policy"
The above link does not show any example of SAML,
We personally believe this feature from UI was much better and do not understand why its moved to powerHELL.
I have the same issue. If you create a directory extension attribute there doesn't seem to be way to include it as a claim (ie. set the value to 'user.mycustomextension') when configuring the SAML Token Attributes for an application. I have found that you can include it as an optional claim in the application manifest (https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims) however I'm unable to specify the namespace.
McKay, TreVon commented
Hi this request wasn't to create Directory Extensions in Azure AD we are well aware this is possible. This request was specifically related to exposing those extensions as SAML Token attributes. Which today I don't see a way to do this and the article doesn't shed light on this either