Configure plugins that perform particular functions for the selected token provider type.
In order to configure these options, you must first perform the steps detailed in Creating Azure AD Graph API applications.
In the case of the PingAccess for Azure AD solution, the plugin addresses the following problems:
- Data Transformation— The format of data returned from the OpenID Connect (OIDC) UserInfo endpoint results in some unexpected JSON formatting. This data transforms into a format that PingAccess can easily process.
- Azure AD Graph application programming interface (API) usage— If the groups attribute contains more than 200 groups, the id_token contains a level of indirection that points to a URL in the Azure AD Graph API. Through the creation of a simple purpose-driven application, you can communicate with the Azure ID Graph API to retrieve the complete list of groups.
- Retrieving group display names— The groups attribute is a list of GUIDs. The groups for a user are only provided as GUIDs since user-friendly names for Azure AD groups are not globally unique. Configure the Graph API call to include the group names along with the GUID for creation of more robust policies.