Previous Topic: Create Attribute Mappings for Group-based Claims in Active DirectoryNext Topic: Create an Attribute Mapping for a Role-based Claims in LDAP Directories

Agent for SharePoint GuideFeatures to Set Up Following Basic Installation and Configuration of the Agent for SharePointClaims ProviderAgent for SharePoint Virtual Attribute MappingsRole Claims

Role Claims

You can also configure any number of claims in Name=Value format. These name/value pairs are often named role claims.

Role claims are found by reading a configurable attribute on the user record in your user directory. You can then assign any name you want for the claim. For example, you can name a claim “userrole” and configure it to point to the “employeeType” attribute in your LDAP directory.

After authentication the Agent for SharePoint creates a name/value pair such as “userrole=manager” for the claim. If the "employeeType" attribute for the authenticated user contains the value named manager, SharePoint allows the user access to the resource.