v3.0
PricingRequest a trial or quoteDownloads

Add-AmsIdpClaimMapping

SYNOPSIS

Adds a claim mapping for an identity provider

SYNTAX

Add-AmsIdpClaimMapping -IdpType <AuthenticationMode> -ClaimName <String> -ClaimValueType <ClaimValueType>
 [-DirectoryAttributeName <String>] [<CommonParameters>]

DESCRIPTION

Claim mappings are used to map claims provided by an identity provider to directory attributes in the Active Directory, so that users can be identified and authenticated by the system.

By default, Access Manager automatically maps the 'upn', 'sid' and 'onprem_sid' claims to their respective AD attributes. If you need to provide alternative mappings, you can use this cmdlet to add them.

Note, that adding a claim mapping overrides the default mappings.

Claim mappings are only supported for OpenID Connect and WS-Federation identity providers.

EXAMPLES

Example 1

PS C:\> Add-AmsIdpClaimMapping -IdpType oidc -ClaimName 'alt_upn' -ClaimValueType Upn

This example adds a claim mapping for the 'alt_upn' claim, which is a UPN claim, for an OpenID Connect identity provider

Example 2

PS C:\> Add-AmsIdpClaimMapping -IdpType oidc -ClaimName 'email' -ClaimValueType Custom -DirectoryAttributeName 'mail'

This example adds a claim mapping for the 'email' claim, which is a custom claim, for an OpenID Connect identity provider. The claim value will be matched against the 'mail' attribute in the directory

Example 3

PS C:\> Add-AmsIdpClaimMapping -IdpType wsfed -ClaimName 'login_name' -ClaimValueType Upn

This example adds a claim mapping for the 'login_name' claim, which is a UPN claim, for a WS-Federation identity provider

PARAMETERS

-ClaimName

The name of the claim provided by the identity provider

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ClaimValueType

The type of data contained within the claim. This can be 'Upn', 'SamAccountName', 'Sid' or 'Custom'. Custom is used to match the claim value against a specific directory attribute

Type: ClaimValueType
Parameter Sets: (All)
Aliases:
Accepted values: Upn, SamAccountName, Sid, Custom

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DirectoryAttributeName

The name of the custom directory attribute used to match on the provided claim value. Used only when ClaimValueType is set to 'custom'

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IdpType

The type of identity provider that this claim mapping applies to. Value can be 'oidc' or 'wsfed'

Type: AuthenticationMode
Parameter Sets: (All)
Aliases:
Accepted values: wsfed, oidc

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

None

OUTPUTS

Lithnet.AccessManager.PowerShell.ClaimMappingPSObject

NOTES

RELATED LINKS

PreviousAdd-AmsGroupMemberNextClear-AmsIdpClaimMapping

Last updated