Claim Mappings

You can to map the OAuth 2.0 claims retrieved from tokens (and the userinfo endpoint), either as transformations (changing existing claims) or additions (generating new claims from existing claims). This is typically used in two ways.

To transform one of the claims, such as name or sub, into a unique identifier in a format suitable to be the Username of a user added in User Manager;
To generate new role claims based on existing claims.

The options in Add-MIAuthClaimMapping are as follows:


Option	Explanation
`ClaimType`	The name of the claim type to be mapped.
`TargetClaimType`	The target claim type. If this is different to `ClaimType`, and the RegEx engine finds a match using Pattern, the mapping operation will create an additional claim of type `TargetClaimType`. The original matched claim will not be altered or removed. Rules with this option set are applied in a separate group from other rules – this grouping occurs before considering the Index order that rules are applied in, and the `ContinueIfMatched` option. It is not recommended to map ClaimType `name`.
`Index`	The index of this rule in the list. Once the rules that might apply to a claim have been identified, they are tried in order of increasing index. The index also acts as an identifier for editing or deleting existing rules.
`Pattern`	A regular expression pattern for all or part of the claim value. See Regular Expression Language - Quick Reference
`Replacement`	A replacement string for the pattern if matched. See Substitutions in Regular Expressions
`ContinueIfMatched`	If this flag is set to `true`, after this rule has matched a claim value string and a replacement has been performed, we will continue trying other applicable rules (with higher index values) and make further replacements (in the case of rules where `TargetClaimType` is not set differently to `ClaimType`) or additions (n the case of rules where `TargetClaimType` is set differently to `ClaimType`).