Previous Topic: Virtual Attribute Mapping Examples for an LDAP DirectoryNext Topic: User Claims

Agent for SharePoint GuideFeatures to Set Up Following Basic Installation and Configuration of the Agent for SharePointClaims ProviderAgent for SharePoint Virtual Attribute MappingsVirtual Attribute Mapping Examples for a Microsoft Active Directory Server

Virtual Attribute Mapping Examples for a Microsoft Active Directory Server

To search the user directory in your CA SiteMinder environment using the SharePoint people picker, create virtual attribute mappings. The Agent for SharePoint requires at least one attribute mapping for claims that are based on the ID of a user. Create additional mappings to accommodate your needs.

Important! The Agent for SharePoint supports only one CA SiteMinder user directory.

Each additional mapping creates another association between a specific attribute in your user directory and the Agent for SharePoint. The people picker in SharePoint uses these associations to search your user directories using the values you specify. For example, you can create an attribute mapping that lets you search by user name, group name or email address.

The following table identifies the typical Microsoft Active Directory attribute mappings and describes how they are used in your CA SiteMinder and SharePoint environments:

For Active
Directories:

Create a CA SiteMinder virtual attribute to search for this claim with the people picker.

Create a CA SiteMinder virtual attribute so the friendly names appear in the people picker next to the corresponding claim values.

Enter these corresponding values in the SharePoint Connection wizard.

(Optional) Customize the display name for the people picker

Purpose

1. Use this name for your virtual attribute.

2. Enter the name of the directory attribute you want to use for the claim value.

3. Use this name for the CA SiteMinder virtual attribute.

4. Use this name for the directory attribute you want to use as a claim value.

5. To define the claim in the connection wizard:

6. To define the attribute value for the claim in the connection wizard:

7. Replace the string following the -IncomingClaimTypeDisplayName with this value:

Mandatory User claim that uniquely identifies the user.

useridentifier

sAMAccountName

smuserdisplayname

displayName

Enter the following value in the Identifier Claim Name field:

useridentifier

Enter the following value in the Directory Attribute field:

sAMAccountName

User ID

(Optional)
A group-based user-claim corresponding to a DN in the directory.

smusergroups

name

(use the friendly name of your groups).

Not required for group-based claims.

Click the Attribute drop-down list and then select the following value:

smusergroups

Not required. The connection wizard automatically configures this setting.

Group

(Optional)
Role-based user claim

userrole

countryCode

Not supported.

1. Click the Attribute drop-down list and then select the following value:

NameValue

2. Click the Claim type drop-down list and select the following value:

User Attribute

 

3. Click the Claim Name field and enter the following value:

userrole

Enter the following value in the Directory Attribute field:

countryCode

Role