Add-AmsIdpClaimMapping
SYNOPSIS
Adds a claim mapping for an identity provider
SYNTAX
DESCRIPTION
Claim mappings are used to map claims provided by an identity provider to directory attributes in the Active Directory, so that users can be identified and authenticated by the system.
By default, Access Manager automatically maps the 'upn', 'sid' and 'onprem_sid' claims to their respective AD attributes. If you need to provide alternative mappings, you can use this cmdlet to add them.
Note, that adding a claim mapping overrides the default mappings.
Claim mappings are only supported for OpenID Connect and WS-Federation identity providers.
EXAMPLES
Example 1
This example adds a claim mapping for the 'alt_upn' claim, which is a UPN claim, for an OpenID Connect identity provider
Example 2
This example adds a claim mapping for the 'email' claim, which is a custom claim, for an OpenID Connect identity provider. The claim value will be matched against the 'mail' attribute in the directory
Example 3
This example adds a claim mapping for the 'login_name' claim, which is a UPN claim, for a WS-Federation identity provider
PARAMETERS
-ClaimName
The name of the claim provided by the identity provider
-ClaimValueType
The type of data contained within the claim. This can be 'Upn', 'SamAccountName', 'Sid' or 'Custom'. Custom is used to match the claim value against a specific directory attribute
-DirectoryAttributeName
The name of the custom directory attribute used to match on the provided claim value. Used only when ClaimValueType is set to 'custom'
-IdpType
The type of identity provider that this claim mapping applies to. Value can be 'oidc' or 'wsfed'
CommonParameters
INPUTS
None
OUTPUTS
Lithnet.AccessManager.PowerShell.ClaimMappingPSObject
NOTES
RELATED LINKS
Last updated
Was this helpful?