Create Claims Mapping Policy
- Phillip Hanegan
With EmpowerID, the creation of new claims mapping policies for Azure apps is streamlined using the “Create Azure Claims Mapping Policy” wizard. This user-friendly interface guides you step-by-step through adding and configuring claims mapping. The instructions below detail how to navigate this process seamlessly.
A policy in this context comprises multiple claims. The wizard facilitates the inclusion of various claims within a single policy. If you need to modify a policy by adding or removing claims at a later stage, refer to the additional instructions provided for these adjustments here.
Procedure
Navigate to the portal for the Resource Admin app in your environment and select Applications as the resource type.
Select the Workflows Tab and click Create Azure Claims Mapping Policy.
This initiates the Create Azure Claims Mapping Policy workflow. Follow the step-by-step guide and provide all the necessary details in each section. Remember to click on "Next" after completing each step.
Field | Description |
|---|---|
Select a Tenant | Select the Azure Active Directory (AAD) tenant for which you would like to create the claims policy. |
Policy Name | Name of the policy. |
Policy Friendly Name | Name of the policy to be displayed in the EmpowerID UI. |
Include Basic Claim Set | Select whether to include the basic set of claims in the policy. The basic claim set typically includes standard claims like user ID, email address, display name, and roles. |
Select a Location | Select a location in EmpowerID in which to create the policy. This location is for RBAC delegation only. If there is a location selected by default and you wish to change it, click the link for the location and then search for and select the desired location from the Location tree. |
Source Claims
To add Azure claims, configure the Source Claims by inputting values for source claims from the user, application, resource, audience, and company. Simply click the Source Claim tab and provide the necessary information.
To add more claims, click the "Add New Item" button and enter the details. You can also add extension attribute claims to the mapping policy.
Field | Description |
|---|---|
Source Attribute | Specify the attribute from the Azure provider that will be used as the source for mapping claims. |
SAML Claim Type | Provide the claim type used in the SAML protocol. |
SAML Name Format | Specify the format for the name identifier in the SAML claim. |
JWT Claim Type | Select the claim type used in JSON Web Token authentication. |
Static Claims
Click the Static Claims tab to add static claims and provide the necessary information.
Field | Description |
|---|---|
Claim Value | Specify the claim value to return for the static claim. |
SAML Claim Type | Provide the claim type used in the SAML protocol. |
SAML Name Format | Specify the format for the name identifier in the SAML claim. |
JWT Claim Type | Select the claim type used in JSON Web Token authentication. |
Review the summary information and click Submit.