Search Results for

    Show / Hide Table of Contents

    Claim mappings

    Per account provider it is possible to configure claim mappings.

    Claim mappings can be used to

    • pass-through incoming attributes or roles
    • add additional attributes as claim to all or specific accounts
    • map an incoming attribute to another (custom) attribute

    Claim mappings are available to all account providers, including the following:

    • Built-in Username and Password account provider
    • SAMLP account provider
    • WS-Fed account provider
    • Office 365 account provider
    • Smart card account providers : eID, UZI-pas (On premises only)
    • Social account providers: Facebook, Google, Instagram, Twitter,...
    • Trusted account providers (On premises only)
    Parameter Description
    Remove all incoming claims that are not mapped Only explicitly mapped incoming claims by type and value (when specified) are mapped. All other incoming claims are ignored.
    Source claim (optional) The type of the incoming claim to be mapped.
    Source claim value (optional) The value of the incoming claim type to be mapped or used as filter. When omitted all incoming claims of the type will be mapped.
    Destination claim The claim type to map the incoming claim to.
    Destination claim value (optional) The claim value to set for the mapped incoming claim. When omitted the value of the incoming claim is used.

    See further for Example cases.

    How to add a claim mapping

    1. Navigate to the Account Providers Admin Page (https://www.theidentityhub.com/{tenant}/Admin/AccountProvider) of your Tenant.
    2. Click the Account Provider of your choice and choose to Edit it
    3. Go to the Claim Mappings tab page
    4. On the top of the page enter the claim mapping rule you want to add and click the Add button, or pick a type of claim mapping rule from the quick add wizard menu.
    5. Click Save.

    How to edit a claim mapping

    1. Navigate to the Account Providers Admin Page (https://www.theidentityhub.com/{tenant}/Admin/AccountProvider) of your Tenant.
    2. Click the Account Provider of your choice and choose to Edit it
    3. Go to the Claim Mappings tab page
    4. In the list of existing claim mappings update the claim mapping rule
    5. Click Save.

    How to remove a claim mapping

    1. Navigate to the Account Providers Admin Page (https://www.theidentityhub.com/{tenant}/Admin/AccountProvider) of your Tenant.
    2. Click the Account Provider of your choice and choose to Edit it
    3. Go to the Claim Mappings tab page
    4. In the list of existing claim mappings click the bin button at the line of the claim mapping rule you want to delete
    5. Click Save.

    Example cases

    Source claim (optional) Source claim value (optional) Destination claim Destination claim value (optional) Example Description
    http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role Pass-through role mapping ADFS 'as is'
    http://schemas.microsoft.com/ws/2008/06/identity/claims/role Reader http://schemas.microsoft.com/ws/2008/06/identity/claims/role ReadOnly Transform role mapping ADFS
    http://schemas.microsoft.com/ws/2008/06/identity/claims/role TIH user Assign a role
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name Pass-through name attribute
    http://yourschema.yourdomain.com/ws/2019/08/identity/claims/customattribute fixed value Assign a custom attribute with a configured fixed value
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name [User's Name Claim Value] http://yourschema.yourdomain.com/ws/2019/08/identity/claims/customattribute fixed value Assign a custom attribute with a configured fixed value to a specific user
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://yourschema.yourdomain.com/ws/2019/08/identity/claims/customattribute fixed value In case the incoming claims contain an attribute of type emailaddress an additional claim of your custom type will be added with a configured fixed value

    User's Name Claim Value

    When setting a claim rule for 1 specific user, as an administrator you can get the value by :

    1. Search the identity of the user in the Users
    2. Click the user and then go to Accounts
    3. Find the tile related to the account provider on which you plan to add the claim mapping for this user.
      The value needed is indicated italic and preceded by an id badge symbol.

    Related

    Identity Information

    In This Article