# SCA Configuration - SecContacts.AADGroups

### **SecContacts.AADGroups** <a href="#seccontacts.aadgroups" id="seccontacts.aadgroups"></a>

This setting defines Azure AD groups to filter which AAD accounts are used as contacts in SCA.

* Name: `SecContacts.AADGroups`
* Value: `[{"name":"<AAD group name>", "value":"<AAD group ID>"}]`

The Value property is a JSON array of `name`/`value` pairs. You can add one or more AAD groups to the array.

* If there is only a single entry, SCA treats it as the default `AAD` data source and it replaces the default AAD datasource, which normally includes all AAD contacts.
* If you want to include all users plus specific groups, add a group containing all AAD users (e.g., `All Users`) along with the additional groups.

SCA treats each group as an individual data source and assigns it a sequential ID automatically, such as AAD1, AAD2, and so on.

Replace `<AAD group name>` with the name of the group (e.g., AppMemberGroup) and `<AAD group ID>` with its Object ID (e.g., `15e3a3d2-50a6-43e3-137e-a44316d0b448`).

### **Optional properties**

<table><thead><tr><th width="210.1429443359375">Property</th><th width="103.4285888671875">Type</th><th>Description</th></tr></thead><tbody><tr><td><code>transitive</code></td><td>string</td><td>If <code>true</code>, includes all members of nested groups recursively.</td></tr><tr><td><code>epHomePhone</code></td><td>string</td><td>Maps to an <strong>extension property</strong> in Azure AD for Home Phone.</td></tr><tr><td><code>epPrivateMobilePhone</code></td><td>string</td><td>Maps to an <strong>extension property</strong> in Azure AD for Private Mobile Phone.</td></tr></tbody></table>

### Examples

**Minimal configuration (single entry)**

```json
[
  {
    "name": "AppMemberGroup",
    "value": "15e3a3d2-50a6-43e3-137e-a44316d0b448"
  }
]
```

With a single entry, SCA treats this group as the default `AAD` data source, replacing the normal default that includes all AAD contacts.

**Single group with optional properties**

```json
[
  {
    "name": "AppMemberGroup",
    "value": "15e3a3d2-50a6-43e3-137e-a44316d0b448",
    "transitive": "true",
    "epHomePhone": "HomePhoneCustom",
    "epPrivateMobilePhone": "PrivateMobileCustom"
  }
]
```

Replace placeholders like `<HomePhoneCustom>` with the actual name of the corresponding extension property in Azure AD.

### Multiple groups (3 groups example)

```json
[
  {
    "name": "AppMemberGroup",
    "value": "15e3a3d2-50a6-43e3-137e-a44316d0b448",
    "transitive": "true"
  },
  {
    "name": "HRGroup",
    "value": "d1a2b3c4-5678-90ab-cdef-1234567890ab"
  },
  {
    "name": "AllUsers",
    "value": "0f1e2d3c-4567-89ab-cdef-9876543210fe"
  }
]
```

In this example:

* `AppMemberGroup` becomes `AAD1`
* `HRGroup` becomes `AAD2`
* `AllUsers` becomes `AAD3`

Including the `AllUsers` group ensures that all AAD users remain part of the contacts, in addition to the specific groups.

**Optional properties allow SCA to:**

* Include nested group members (`transitive: true`)
* Map Azure AD extension properties for Home or Private Mobile numbers (`epHomePhone`, `epPrivateMobilePhone`)

This gives full control over which accounts appear as contacts and how their phone numbers are sourced.

{% hint style="success" %}
[Rename SCA data sources](https://docs.secure-contacts.com/documentation/app-configuration-policy-name-values-for-sca/sca-configuration-seccontacts.customdatasourcenames) to make them clear and understandable for end users
{% endhint %}