•  29-09-2020
  •  | 
  •  

Question

Looking through the documentation on configuring SharePoint 2013 to use ADFS or to use OneLogin. I noticed that in the documentation for defining the identity and role claim mappings with ADFS that they use UPN as a claim mapping. When looking at the documentation for OneLogin I see that they use the ROLE claim mapping. Samples below

$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" –SameAsIncoming

or

$role=New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming

My question is what is difference between UPN and ROLE, why would one be used vs the other?

Was it helpful?

Solution

In its simplest form, claims are simply statements (for example, name, identity, group), made about users, that are used primarily for authorizing access to claims-based applications located anywhere on the Internet. Each statement corresponds to a value that is stored in the claim.

It is depend, A claim type provides context for the claim value. It is usually expressed as a Uniform Resource Identifier (URI). AD FS can support any claim type, and it is configured with the claim types in the following table by default.

UPN = The user principal name (UPN) of the user

Role = A role that the user has

Read this technet about more about claims types and all available claim type.

http://technet.microsoft.com/en-us/library/ee913589.aspx

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top