Cannot find type [Microsoft.Open.AzureAD.Model.ClaimsMappingPolicy] Error

Question

Im trying to add additional claim mapping to an app registration, Ive created in my tenant.

$app = Get-AzureADApplication -ObjectId <obj-id>
$policy = New-Object Microsoft.Open.AzureAD.Model.ClaimsMappingPolicy

$policy.InputClaims = @(
    (New-Object Microsoft.Open.AzureAD.Model.InputClaim).Type("email")
)
$policy.OutputClaims = @(
    (New-Object Microsoft.Open.AzureAD.Model.OutputClaim).Type("t24user")
)
$policy.ClaimMappings = @(
    (New-Object Microsoft.Open.AzureAD.Model.ClaimMapping).InputClaimType("email").OutputClaimType("t24user").TransformationMethod("ExtractPrefixFromEmail")
)

Im getting the following error when I run this on line 2

$policy = New-Object Microsoft.Open.AzureAD.Model.ClaimsMappingPolicy

At line:1 char:11
+ $policy = New-Object -TypeName Microsoft.Open.AzureAD.Model.ClaimsMap ...
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidType: (:) [New-Object], PSArgumentException
    + FullyQualifiedErrorId : TypeNotFound,Microsoft.PowerShell.Commands.NewObjectCommand

I tried to re-install AzureAD module and also tried with installing AzureADPreivew Module also. But it was not helping. Appreciate help here.

Answer 1

I tried to reproduce the same in my environment and got below results:

When I ran same PowerShell script as you, I got same error like below:

$app = Get-AzureADApplication -ObjectId <obj-id>
$policy = New-Object Microsoft.Open.AzureAD.Model.ClaimsMappingPolicy

$policy.InputClaims = @(
    (New-Object Microsoft.Open.AzureAD.Model.InputClaim).Type("email")
)
$policy.OutputClaims = @(
    (New-Object Microsoft.Open.AzureAD.Model.OutputClaim).Type("t24user")
)
$policy.ClaimMappings = @(
    (New-Object Microsoft.Open.AzureAD.Model.ClaimMapping).InputClaimType("email").OutputClaimType("t24user").TransformationMethod("ExtractPrefixFromEmail")
)

Response:

Alternatively, you can make use of New-AzureADPolicy command that requires AzureADPreview module.

To install that module, you need to uninstall AzureAD module like below:

Disconnect-AzureAD
Uninstall-Module AzureAD
Install-Module AzureADPreview
Connect-AzureAD

Now run below Powershell command to create claim mapping policy:

New-AzureADPolicy -Definition @('
{
    "ClaimsMappingPolicy":
    {
        "Version":1,"IncludeBasicClaimSet":"true", 
        "ClaimsSchema": [{"Source":"user","ID":"extensionattribute1","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/t24user","JwtClaimType":"t24user"}]
    }
}') -DisplayName "t24userclaimPolicy" -Type "ClaimsMappingPolicy"

Note the ID of the policy from above response and assign it to your service principal using below command:

Add-AzureADServicePrincipalPolicy -Id serviceprincipal_ObjectID -RefObjectId policy_ID

To confirm whether the policy is assigned or not, you can run below command:

Get-AzureADServicePrincipalPolicy -Id serviceprincipal_ObjectID

Response:

I assigned value to above claim by running this Graph query:

PATCH https://graph.microsoft.com/v1.0/me
{
"onPremisesExtensionAttributes": 
    {
        "extensionAttribute1": "sri_mail"
    }
}

Make sure to set "acceptMappedClaims": true in App's Manifest like below:

Go to Azure Portal -> Azure Active Directory -> App registrations -> Your App -> Manifest

Now, I generated token for above application and got claim successfully after decoding it in jwt.ms website like below: