We would like to have an advanced claim transformation process to simply the configuration of AWS app integrations
For the integration of AWS with AzureSSO we need to send via the claim "https://aws.amazon.com/SAML/Attributes/Role" the aws account and role information, which will be used for authentication on AWS side. For our scenario, we create for each users an own role in AWS and want to generate the role claim based on the user mail address.
The transformation of the claim should work like:
1.) Extract the mail prefix from the user with ExtractMailPrefix()
2.) Execute on the value from 1.) a tolowercase()
3.) Use the value from 2.) in a Replace transformation
The result should look like for the mail address "John.Doe@sample.org": arn:aws:iam::123456789:role/AWS_john.doe,arn:aws:iam::123456789:saml-provider/TestProvider
Thanks for the feedback.
We will review the request and I’ll update this post once we have a plan to support this transformation.