search
Ctrlk
DownloadsPricingRequest a trial

Add-AmsIdpClaimMapping

hashtag
SYNOPSIS

Adds a claim mapping for an identity provider

hashtag
SYNTAX

Add-AmsIdpClaimMapping -IdpType <AuthenticationMode> -ClaimName <String> -ClaimValueType <ClaimValueType>
 [-DirectoryAttributeName <String>] [<CommonParameters>]

hashtag
DESCRIPTION

Claim mappings are used to map claims provided by an identity provider to directory attributes in the Active Directory, so that users can be identified and authenticated by the system.

By default, Access Manager automatically maps the 'upn', 'sid' and 'onprem_sid' claims to their respective AD attributes. If you need to provide alternative mappings, you can use this cmdlet to add them.

Note, that adding a claim mapping overrides the default mappings.

Claim mappings are only supported for OpenID Connect and WS-Federation identity providers.

hashtag
EXAMPLES

hashtag
Example 1

PS C:\> Add-AmsIdpClaimMapping -IdpType oidc -ClaimName 'alt_upn' -ClaimValueType Upn

This example adds a claim mapping for the 'alt_upn' claim, which is a UPN claim, for an OpenID Connect identity provider

hashtag
Example 2

This example adds a claim mapping for the 'email' claim, which is a custom claim, for an OpenID Connect identity provider. The claim value will be matched against the 'mail' attribute in the directory

hashtag
Example 3

This example adds a claim mapping for the 'login_name' claim, which is a UPN claim, for a WS-Federation identity provider

hashtag
PARAMETERS

hashtag
-ClaimName

The name of the claim provided by the identity provider

hashtag
-ClaimValueType

The type of data contained within the claim. This can be 'Upn', 'SamAccountName', 'Sid' or 'Custom'. Custom is used to match the claim value against a specific directory attribute

hashtag
-DirectoryAttributeName

The name of the custom directory attribute used to match on the provided claim value. Used only when ClaimValueType is set to 'custom'

hashtag
-IdpType

The type of identity provider that this claim mapping applies to. Value can be 'oidc' or 'wsfed'

hashtag
CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParametersarrow-up-right.

hashtag
INPUTS

hashtag
None

hashtag
OUTPUTS

hashtag
Lithnet.AccessManager.PowerShell.ClaimMappingPSObject

hashtag
NOTES

hashtag
RELATED LINKS

PreviousAdd-AmsGroupMemberNextClear-AmsIdpClaimMapping

Last updated

Was this helpful?