Resource: azuread_application_optional_claims

Manages optional claims for an application registration.

This resource is analogous to the optional_claims block in the azuread_application resource. When using these resources together, you should use the ignore_changes lifecycle meta-argument (see example below).

API Permissions

The following API permissions are required in order to use this resource.

When authenticated with a service principal, this resource requires one of the following application roles: Application.ReadWrite.OwnedBy or Application.ReadWrite.All

When authenticated with a user principal, this resource may require one of the following directory roles: Application Administrator or Global Administrator

Example Usage

resource "azuread_application_registration" "example" {
  display_name = "example"
}

resource "azuread_application_optional_claims" "example" {
  application_id = azuread_application_registration.example.id

  access_token {
    name = "myclaim"
  }

  access_token {
    name = "otherclaim"
  }

  id_token {
    name                  = "userclaim"
    source                = "user"
    essential             = true
    additional_properties = ["emit_as_roles"]
  }

  saml2_token {
    name = "samlexample"
  }
}

Argument Reference

The following arguments are supported:


access_token, id_token and saml2_token blocks support the following:

Attributes Reference

No additional attributes are exported.

Import

Application Optional Claims can be imported using the object ID of the application, in the following format.

terraform import azuread_application_optional_claims.example /applications/00000000-0000-0000-0000-000000000000