Skip to Main Content

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question.

Asked: October 22, 2025 - 9:32 am UTC

Last updated: October 27, 2025 - 1:19 am UTC

Version: 24.2

Viewed 100+ times

You Asked

Dear Experts, Social Sign-in with Microsoft Azure/Office 365 in Oracle APEX applications is working well. I used this How-To: https://tm-apex.hashnode.dev/implementing-social-sign-in-with-microsoft-azureoffice-365-in-apex

When I use the substitution variable in APEX (&APP_USER.) I get the correct name. So far so good!
But we need the samAccountName for checking Authorization. I tried #samAccountName#, #sam_account_name# and #sam#. It doesn't work! :(

APEX is referencing in help the site https://openid.net/specs/openid-connect-basic-1_0.html#Scopes where I found other keys ("claims"). Not all are working, for instance #sub# and #family_name# works, #preferred_username# does not work.

With the help of Google I found other keys like #upn# ( https://promatis.com/ch/en/build-a-secure-oracle-apex-app-with-microsoft-azure-ad-login-and-delegated-calendar-access/ ) which works fine and is not mentioned in the above website.

But my question to you is how I get the samAccountName from Azure??? What is the correct name/key/claim? May I have to configure other things than "profile,email" in scope textfield maybe?

and Connor said...

Check out Tim Hall's article on this

https://oracle-base.com/articles/misc/azure-ad-authentication-for-oracle-apex-applications

Notice the post authentication routine to collect additional data, in particular, "onPremisesSamAccountName"

Rating

  (1 rating)

Comments

A reader, October 24, 2025 - 8:43 am UTC

Thanks a lot! Now it workst... The post authentication routine code was the solution
(but Tim Hall's article seems to be outdated since I don't needed to configure ACL or Wallets etc.)
Connor McDonald
October 27, 2025 - 1:19 am UTC

Glad it helped.

Lots of the ACL / Wallet stuff works out of the box on cloud environments, whereas on-prem installs might still need it.
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's channel and Chris's channel from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.