Thx for your quick answer, but with the version of the SAML app I mentioned, there is no such custom attribute mapping option any more (maybe in an effort to simplify things?). The screenshot I’m attaching is from a version that is much older where this was still possible (it’s in German, but I think the point should be clear):
Anyways, I might give OIDC a shot.
EDIT: at least at the time of writing this, there are some guides on how to do this with various IdPs such as authentik, keycloak, but none for Entra ID…I guess not being an expert in authentication / authorization protocols, and having Entra ID as central IdP, it might make sense to stick to SAML for a while…