AADClaimsMappingPolicy¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Definition | Write | MSFT_AADClaimsMappingPolicyDefinition[] | A string collection containing a JSON string that defines the rules and settings for a policy. The syntax for the definition differs for each derived policy type. Required. | |
| IsOrganizationDefault | Write | Boolean | If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false. | |
| Description | Write | String | Description for this policy. Required. | |
| DisplayName | Key | String | Display name for this policy. Required. | |
| Id | Write | String | The unique identifier for an entity. Read-only. | |
| Ensure | Write | String | Present ensures the policy exists, absent ensures it is removed. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationInputParameter¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Value | Write | String | The value of the input parameters of the claims transformation in the claims mapping policy. | |
| Id | Write | String | The object identifier of the input parameters of the claims transformation in the claims mapping policy. | |
| DataType | Write | String | The data type of the input parameters of the claims transformation in the claims mapping policy. |
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationOutputClaims¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| ClaimTypeReferenceId | Write | String | The claim type reference ID of the output claims of the claims transformation in the claims mapping policy. | |
| TransformationClaimType | Write | String | The transformation type of the output claims of the claims transformation in the claims mapping policy. |
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformation¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Id | Write | String | The object identifier of the claims transformation in the claims mapping policy. | |
| TransformationMethod | Write | String | The transformation method of the claims transformation in the claims mapping policy. | |
| InputParameters | Write | MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationInputParameter[] | The list of input parameters of the claims transformation in the claims mapping policy. | |
| OutputClaims | Write | MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationOutputClaims[] | The list of output claims of the claims transformation in the claims mapping policy. |
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Source | Write | String | The source name of the claims schema in the claims mapping policy. | |
| Id | Write | String | The object identifier of the claims schema in the claims mapping policy. | |
| SamlClaimType | Write | String | The SAML claims type of the claims schema in the claims mapping policy. |
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicy¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Version | Write | UInt32 | Set value of 1. Required. | |
| IncludeBasicClaimSet | Write | Boolean | If set to true, all claims in the basic claim set are emitted in tokens affected by the policy. If set to false, claims in the basic claim set are not in the tokens, unless they are individually added in the ClaimsSchema property of the same policy. | |
| ClaimsSchema | Write | MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema[] | Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. | |
| ClaimsTransformation | Write | MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformation[] | Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. |
MSFT_AADClaimsMappingPolicyDefinition¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| ClaimsMappingPolicy | Write | MSFT_AADClaimsMappingPolicyDefinitionMappingPolicy | Rules and settings of the policy. |
Description¶
Azure AD Claims Mapping Policy
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- Policy.Read.All
-
Update
- Policy.ReadWrite.ApplicationConfiguration
Application permissions¶
-
Read
- Policy.Read.All
-
Update
- Policy.ReadWrite.ApplicationConfiguration
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADClaimsMappingPolicy "AADClaimsMappingPolicy-Test1234"
{
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
Definition = @(
MSFT_AADClaimsMappingPolicyDefinition{
ClaimsMappingPolicy = MSFT_AADClaimsMappingPolicyDefinitionMappingPolicy{
ClaimsSchema = @(
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema{
SamlClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'
Source = 'user'
Id = 'userprincipalname'
}
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema{
SamlClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'
Source = 'user'
Id = 'givenname'
}
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema{
SamlClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
Source = 'user'
Id = 'displayname'
}
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema{
SamlClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'
Source = 'user'
Id = 'surname'
}
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema{
SamlClaimType = 'username'
Source = 'user'
Id = 'userprincipalname'
}
)
ClaimsTransformation = @(
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformation{
OutputClaims = @(
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationOutputClaims{
ClaimTypeReferenceId = 'TOS'
TransformationClaimType = 'createdClaim'
}
)
Id = 'CreateTermsOfService'
InputParameters = @(
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationInputParameter{
DataType = 'string'
Id = 'value'
Value = 'sandbox'
}
)
TransformationMethod = 'CreateStringClaim'
}
)
IncludeBasicClaimSet = $True
Version = 1
}
}
);
DisplayName = "Test1234";
Ensure = "Present";
Id = "fd0dc3f3-cfdf-4d56-bb03-e18161a5ac93";
IsOrganizationDefault = $False;
}
}
}
Example 2¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADClaimsMappingPolicy "AADClaimsMappingPolicy-Test1234"
{
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
Definition = @(
MSFT_AADClaimsMappingPolicyDefinition{
ClaimsMappingPolicy = MSFT_AADClaimsMappingPolicyDefinitionMappingPolicy{
ClaimsSchema = @(
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema{
SamlClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'
Source = 'user'
Id = 'userprincipalname'
}
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema{
SamlClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'
Source = 'user'
Id = 'givenname'
}
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema{
SamlClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
Source = 'user'
Id = 'displayname'
}
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema{
SamlClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'
Source = 'user'
Id = 'surname'
}
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema{
SamlClaimType = 'username'
Source = 'user'
Id = 'userprincipalname'
}
)
ClaimsTransformation = @(
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformation{
OutputClaims = @(
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationOutputClaims{
ClaimTypeReferenceId = 'TOS'
TransformationClaimType = 'createdClaim'
}
)
Id = 'CreateTermsOfService'
InputParameters = @(
MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationInputParameter{
DataType = 'string'
Id = 'value'
Value = 'sandbox'
}
)
TransformationMethod = 'CreateStringClaim'
}
)
IncludeBasicClaimSet = $True
Version = 1
}
}
);
DisplayName = "Test1234";
Ensure = "Present";
Id = "fd0dc3f3-cfdf-4d56-bb03-e18161a5ac93";
IsOrganizationDefault = $False;
}
}
}
Example 3¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADClaimsMappingPolicy "AADClaimsMappingPolicy-Test1234"
{
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
DisplayName = "Test1234";
Ensure = "Absent";
Id = "fd0dc3f3-cfdf-4d56-bb03-e18161a5ac93";
}
}
}