To create a new claims mapping policy for the Azure app in the system, EmpowerID offers a user-friendly wizard interface, “Create Azure Claims Mapping Policy. “ This wizard takes you through the steps of adding the claims mapping and configuring it. Simply follow the instructions provided below to complete the process.
In order to create an Azure claims mapping policy, it is required that the user be either a resource admin or the owner of the resource. Therefore, this workflow will only be available to those who meet this criteria.
A policy is a bundle of claims thus it might include multiple claims, and this wizard enables you to add multiple claims. However, if you need to add or remove claims to a policy later on, please refer to the instructions provided here.
Create Claims Mapping Policies
Navigate to the portal for the Resource Admin app in your environment.
Please choose Applications from the dropdown menu and then select Claims Mapping Polices.
To access the Create Azure Claims Mapping Policy workflow, simply click on the Workflows tab and select the appropriate link. The workflow will begin once you click on the link.
You will now see the Create Azure Claims Mapping Policy wizard workflow. Simply follow the step-by-step guide and provide all the necessary details for the Management Role in each section. Remember to click on "Next" after completing each step.
Select a Tenant- Please select the Azure Active Directory (AAD) tenant for which you would like to create the claims policy.
Policy Name- Name - Provide a unique and descriptive identifier for the claims.
Policy Friendly Name- Please provide a user-friendly label or "Display Name" that appears in the application's user interface representing the policy claim.
Include Basic Claim Set- Select whether to include the basic set of claims in the policy. The basic claim set typically includes standard claims like user ID, email address, display name, and roles.
Select a Location- Select a location in EmpowerID for the application. This location is for RBAC delegation only. If there is a location selected by default and you wish to change it, click the link for the location and then search for and select the desired location from the Location tree.
To add Azure claims, we need to configure the Source Claims by inputting values for source claims from the user, application, resource, audience, and company. Simply click on the Source Claim tab and provide the necessary information.
Source Attribute - Specify the attribute from the Azure provider that will be used as the source for mapping claims.
SAML Claim Type- Provide the claim type used in the SAML (Security Assertion Markup Language) protocol.
SAML Name Format- Specify the format for the name identifier in the SAML (Security Assertion Markup Language) claim.
JWT Claim Type- Select the claim type used in JSON Web Tokens (JWT) authentication.
To add more claims, simply click on the "Add New Item" button and enter the details. You can also add extension attribute claims to the mapping policy.
Additionally, we need to configure the static claims for the mapping policy by inputting the static claim values as data. Click on the Static Claims tab and provide the necessary information.
Claim Value: Specify the claim value to return for the static claim.
SAML Claim Type- Provide the claim type used in the SAML (Security Assertion Markup Language) protocol.
SAML Name Format- Specify the format for the name identifier in the SAML (Security Assertion Markup Language) claim.
JWT Claim Type- Select the claim type used in JSON Web Tokens (JWT) authentication.
To add more claims, simply click on the "Add New Item" button and enter the details.
Before proceeding, it is recommended that you review the summary information. For your convenience, the summary will show the basic information and claims, allowing you to verify that the correct inputs have been provided to create the claims mapping policies.
Please click on the "Submit" button to create the Azure claims policy role and exit the wizard.