home

Objectives

ReltioProductsDeveloper resourcesRolesApplicationsObjectives
ReltioProductsDeveloper resourcesRolesApplicationsObjectives

Unify and manage your data

Show Contents

thumbnailObjectives

Set up Azure IdP for OAuth/OIDC

Configure Azure AD group claims mapping using JWT

Learn how to configure Microsoft Azure Active Directory (Azure AD) to map user group claims into Reltio using OAuth/OIDC with JWT.

  • You have already configured Azure AD as an IdP using OAuth/OIDC. For more details, see Set up Azure IdP for OAuth/OIDC.
  • You have access to the Azure portal and can modify the Azure AD application registration.
  • Your Azure AD tenant is configured to emit group claims in the ID token.

By default, Microsoft Graph userinfo endpoints return only basic user attributes and do not include group membership. To map Azure AD groups into Reltio, you must configure Reltio to validate and parse group claims directly from the ID token (JWT) issued by Azure AD.

This is achieved by enabling JWT validation using the Azure AD v2.0 jwksURL and configuring group claim mapping in the SSO configuration.

To configure Azure AD group claims mapping using JWT:
  1. In the Azure portal, configure your application registration to emit group claims in the ID token.
    • Azure AD emits group claims as Object IDs by default.
    • Enable group membership claims in the app manifest using groupMembershipClaims: \"SecurityGroup\" or \"All\".
  2. Update your Reltio SSO configuration to enable JWT validation using Azure v2.0 endpoints.
    
"jwt": true,
"jwtSignatureConfig": {
  "algorithm": "RSA256",
  "issuer": "https://login.microsoftonline.com/<TENANT_ID>/v2.0",
  "jwksURL": "https://login.microsoftonline.com/<TENANT_ID>/discovery/v2.0/keys"
}
  3. Configure group claim mapping in the external provider configuration block.
    
"userGroupsMapping": "groups",
"userGroupRegExp": "([-a-zA-Z0-9_]*),*?",
"defaultGroups": []
  4. Save your configuration and test with a user who is a member of one or more Azure AD groups.
After successful authentication, Reltio assigns the user to groups based on the group claims present in the Azure AD ID token. These groups can then be used for role assignment and access control in Reltio.
Note:

If your Reltio environment doesn't allow hyphens in group names, use Azure AD claim transformation to replace hyphens with underscores using regular expressions.

Updated on May 20, 2026

Footer

You've found your way to a temporary environment. Content is not complete or final. Looking for Reltio documentation? Go to docs.reltio.com.

© 2026 The RELTIO® mark is a registered trademark of Reltio, Inc. in the United States and other countries; DataDriven, Reltio Context Intelligence Platform and Reltio Data Cloud are trademarks of Reltio, Inc. Other names or marks are trademarks of their respective owners.

Terms and Conditions, Privacy Policy, and