Mask your user ID in SAML login Azure AD

Mask your Azure AD SSO claim name

Recently I was requested by a GDPR compliant company that we have a SAML authentication via Azure Active Directory to their site, to mask the userID in a way they won’t see in their backend database who is the user that logged in.

After several back and forth tests, we’ve finally came to the conclusion of a proper setup to deliver their request.

1. In Azure portal, in the app menus found under the Enterprise Application menu, choose the Single sign-on section.
2. Under Attributes & Claims click on Edit
3. In the Required claim, we’ve edited the claim name so it show as follows:

4. Within the claim we’ve configured it this way:

5. The Transformation was edited as follows:

As described, the vendor approved it now sees a string of 8 letters and number and not the actual user name.