Allow Directory Extensions as claim in SAML Token
This idea is essentially a re-post of https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/32988082-support-directory-extensions-as-saml-token-attribu which was incorrectly marked as completed as the response given didn't address the issue whatsoever.
If you create a directory extension attribute there doesn't seem to be way to include it as a claim (ie. set the value to 'user.mycustomextension') when configuring the SAML Token Attributes for an application. I have tried specifying the full extension attribute name however it becomes wrapped in quotation marks and is sent as a string literal instead (see screenshot).
I have found that you can include a directory extension attribute as an optional claim in the application manifest (https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims) however I'm unable to specify the namespace.
We have work in progress to enable directory extension attributes from the Enterprise apps UI. You can use PowerShell to get unblocked: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-claims-mapping
In the comments, Ross has shared a link to a forum where you can find the exact policy.
Maqsood Ali commented
Now this is quite funny, This feature was available through Azure Portal for Easy Admnistration, Now it moved back to powerHELL
I believe I have found the answer to this which is to use the new Claims Mapping feature in Azure AD. Refer to my response in this thread for details: