So Now I have authorization policies working I thought I would get it hooked up to AzureAD claims however it doesn’t seem to be working.
I think this is because we have a lot of groups synced to Azure AD from AD so there are too many to fit in the token so it contains a referral instead like this.
Issuer : https://sts.windows.net/a310a7f9-f31d-4633-9b97-bcf7564b6381/
OriginalIssuer : https://sts.windows.net/a310a7f9-f31d-4633-9b97-bcf7564b6381/
Properties : {}
Subject : System.Security.Claims.ClaimsIdentity
Type : _claim_names
Value : {"groups":"src1"}
ValueType : JSON
Issuer : https://sts.windows.net/a310a7f9-f31d-4633-9b97-bcf7564b6381/
OriginalIssuer : https://sts.windows.net/a310a7f9-f31d-4633-9b97-bcf7564b6381/
Properties : {}
Subject : System.Security.Claims.ClaimsIdentity
Type : _claim_sources
Value : {"src1":{"endpoint":"https://graph.windows.net/a310a7f9-f31d-4633-9b97-bcf7564b6381/users/d6989529-91f
1-4bd5-a2c5-e5ed57616b27/getMemberObjects"}}
ValueType : JSON
Am I correct in this assumption?