You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/entra/entra-id/app-integration/get-signed-in-users-groups-in-access-token.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,16 +1,16 @@
1
1
---
2
2
title: Get signed in user groups from groups overage claim
3
-
description: Provides a sample project to introduce how to to get signed in user groups when groups overage claim is displayed for access tokens.
3
+
description: Provides a sample project to introduce how to to get signed in user groups when groups overage claim is displayed in access tokens.
4
4
ms.reviewer: v-weizhu
5
5
ms.service: entra-id
6
6
ms.date: 03/07/2025
7
7
ms.custom: sap:Developing or Registering apps with Microsoft identity platform
8
8
---
9
-
# How to get signed in user groups when groups overage claim is displayed for access tokens
9
+
# How to get signed in user groups when groups overage claim is displayed in access tokens
10
10
11
11
When you configure the `groups` claim in an access token for your application, Microsoft Entra ID has a maximum number of groups that can be returned in an access token. When the limit is exceeded, Azure provides a groups overage claim which is a URL that can be used to get the full groups list for the currently signed in user. This URL uses the Microsoft Graph endpoint. For more information about the `groups` claim, see [Access tokens in the Microsoft identity platform](/entra/identity-platform/access-tokens).
12
12
13
-
This article introduces how to reproduce this scenario and get the actual user groups from the groups overage claim URL by using a sample project.
13
+
This article introduces how to reproduce this scenario and get the actual user groups from the groups overage claim by using a sample project.
14
14
15
15
> [!NOTE]
16
16
> For JSON web tokens (JWT), Azure has a limit of 200 groups that can be present in the token. When requesting an access token for the resource that has the `groups` claim configured on it, if you are a member of more than 200 groups, you will get a groups overage claim URL instead of getting the actual groups.
@@ -23,7 +23,7 @@ If the application is a first party app (Microsoft App), you can't configure the
23
23
24
24
## Download the sample project
25
25
26
-
Download the sample project [MSAL.Net_GroupOveragesClaim](https://github.com/RayGHeld/MSAL.Net_GroupOveragesClaim). It shows how to get the groups list from a groups overage claim URL.
26
+
Download the sample project [MSAL.Net_GroupOveragesClaim](https://github.com/RayGHeld/MSAL.Net_GroupOveragesClaim). It shows how to get the groups list from a groups overage claim.
27
27
28
28
## Before running the sample project
29
29
@@ -78,9 +78,9 @@ Download the sample project [MSAL.Net_GroupOveragesClaim](https://github.com/Ray
78
78
> Disconnect-AzureAD
79
79
> ```
80
80
81
-
## Get the full users groups list using groups overage claim URL
81
+
## Get the full users groups list using groups overage claim
82
82
83
-
1. Run the sample application.
83
+
1. Run the sample application.
84
84
2. Sign in to the application.
85
85
86
86
Authentication occurs in a browser because the sample application is a .NET console application.
0 commit comments