How to configure SharePoint trusted identity provider for UPN

#-- Add Certificates to SharePoint certificate store.
#-- Select Token signing Certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("D:\Certs\TokenSign\TokenSign.cer")

#-- Add Token signing Certificate to SharePoint trusted store
New-SPTrustedRootAuthority -Name "Token Sign ADFS 3.0" -Certificate $cert

#-- Creating Claim mapping
$emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming
$roleClaimMap = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming

#-- Creating Trusted Identity Provider for SharePoint
#-- Share IdP realm
$realm = "urn:sharepoint:extranet"

#-- URL for the IdP solution
$signInURL = ""

#-- Name of IdP 
$ProviderName = 'Extranet ADFS'

#-- IdP Token issuer for SharePoint
New-SPTrustedIdentityTokenIssuer -Name $ProviderName -Description 'Contoso Federated Authentication - External' -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $emailClaimMap, $UPNClaimMap, $RoleClaimMap -SignInUrl $signInURL -IdentifierClaim $UPNClaimmap.InputClaimType

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.