Hi,
we currently use SharePoint Online with AD dir sync and an on premisses AD FS as identity provider. The only claim returned by ADFS ishttp://schemas.xmlsoap.org/claims/UPN containing the login name. I am trying to figure out if it is possible to use more claimtypes like role and group. I am able to augment the SAML token in AD FS with these values, but I am wondering what steps I need to take to make these claims avaliable in SharePoint online, and if I can somehow couple these the roles to SharePoint groups. Currently the people picker does not allow unvalided input (only emailaddresses so it seems)...
I solved the same problem with an on premisses install with this script (example), but am unsure if this actually works with SPSOnline
1. $issuer = Get-SPTrustedIdentityTokenIssuer
2. $issuer.ClaimTypes.Add("http://schemas.microsoft.com/ws/2008/06/identity/claims/role")
3. $map=New-SPClaimTypeMapping "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" –SameAsIncoming
4. $issuer.AddClaimTypeInformation($map)
5. $issuer.Update()
Kind regards,
Sander