title | description | ms.custom | ms.date | ms.reviewer | ms.suite | ms.tgt_pltfrm | ms.topic | applies_to | ms.assetid | caps.latest.revision | author | ms.author | search.audienceType | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Define custom claim mapping for SharePoint server-based integration (Developer Guide for Dynamics 365 Customer Engagement (on-premises))| MicrosoftDocs |
Learn how to define custom claim mapping for SharePoint server-based integration in Dynamics 365 Customer Engagement (on-premises). |
10/31/2017 |
pehecke |
article |
|
f926277d-6820-4ea3-9512-3643da16b94b |
15 |
KumarVivek |
kvivek |
|
For server-based integration with [!INCLUDEpn_SharePoint_short], [!INCLUDEpn_microsoftcrm] uses claims to authenticate and authorize [!INCLUDEpn_crm_shortest] users to access the documents stored in [!INCLUDEpn_SharePoint_short]. For more information about claims-based authentication, see Claims-based identity in SharePoint 2013.
By default, [!INCLUDEpn_crm_shortest] uses the following claims to integrate with [!INCLUDEpn_SharePoint_short]:
Scenario | Claims |
---|---|
[!INCLUDEpn_crm_online_shortest] and [!INCLUDEpn_sharepoint_online] | NameId (PUID) Both Dynamics 365 Customer Engagement (on-premises) and SharePoint share [!INCLUDEpn_microsoft_azure_active_directory] for user identity. |
[!INCLUDEpn_crm_online_shortest] and [!INCLUDEpn_SharePoint_short] on-premises | SMTP (email) No shared active directory infrastructure for user identity; claims sent as SMTP address. The claims is picked from WindowsLiveID field in Dynamics 365 Customer Engagement (on-premises) and mapped to work email address from [!INCLUDEpn_SharePoint_short]. |
Dynamics 365 Customer Engagement (on-premises) and [!INCLUDEpn_sharepoint_online] | SMTP (email) No shared active directory infrastructure for user identity; claims sent as SMTP address. The claims is picked from PrimaryEmailAddess field in Dynamics 365 Customer Engagement (on-premises) and mapped to work email address from SharePoint. |
Dynamics 365 Customer Engagement (on-premises) and [!INCLUDEpn_SharePoint_short] on-premises | SMTP (email) Both Dynamics 365 Customer Engagement (on-premises) and SharePoint share Microsoft Windows Server Active Directory for user identity. |
You can use the UserMapping
entity to specify custom claim mappings in [!INCLUDEpn_crm_shortest] to use a value other than the default value used by [!INCLUDEpn_crm_shortest] to authenticate and authorize [!INCLUDEpn_crm_shortest] users in [!INCLUDEpn_SharePoint_short]. For example, you can use the “last name” and “first name” of the user instead of “email” to authenticate [!INCLUDEpn_crm_shortest] users in [!INCLUDEpn_SharePoint_short]. Custom claim mappings override the default claim mappings used by [!INCLUDEpn_crm_shortest]. You can define multiple custom claim mappings in [!INCLUDEpn_crm_shortest]. By default, only users having the System Administrator role have access to the UserMapping
entity.
To define a custom claim mapping in [!INCLUDEpn_crm_shortest], create a UserMapping
entity record, and specify the attribute values listed in the following table.
Attribute | Value | Description |
---|---|---|
UserMapping.PartnerApplicationType |
- 0 : [!INCLUDEpn_SharePoint_short]- 1 : [!INCLUDEinternal] |
The partner application type for which this claim mapping is to be used. In the current release, only 0 ([!INCLUDEpn_SharePoint_short]) is supported. |
UserMapping.SystemUserAttributeName |
String value | The logical name of the attribute in the SystemUser (user) entity from where the value for the claims will be used. Note: If the attribute used for custom claim mapping doesn’t contain a value, the default claim mapping is used by [!INCLUDEpn_crm_shortest]. For example, if you want to use the first name of the user as the attribute for custom claim mapping and a user’s first name is missing, [!INCLUDEpn_crm_shortest] will use the default claim mapping (PUID or email). |
UserMapping.ClaimType |
String value | Specify the claim type to be sent to SharePoint. For a list of claim types, see ClaimTypes Members. Note: The referred claim type list is just for reference. All the claim types listed there might not be supported by [!INCLUDEpn_SharePoint_short], or might not contain all the claim types supported by [!INCLUDEpn_SharePoint_short]. |
The following sample code shows how to define a custom claim mapping using the UserMapping
entity.
UserMapping customMapping = new UserMapping
{
PartnerApplicationType = new OptionSetValue(0),
SystemUserAttributeName = "personalemailaddress",
ClaimType = "smtp"
};
_serviceProxy.Create(customMapping);
Note
Any instance of the UserMapping
entity with valid values will override the default claim mappings used by [!INCLUDEpn_crm_shortest].
By default, [!INCLUDEpn_SharePoint_short] supports the following claim types: NameId (PUID), SMTP (email), and UPN (user principal name). If you’re passing a claim of any other type, you must also create corresponding claim type mappings in [!INCLUDEpn_SharePoint_short]. [!INCLUDEproc_more_information]New-SPClaimTypeMapping
UserMapping Entity
Integrate Microsoft Dynamics 365 Customer Engagement (on-premises) with SharePoint
[!INCLUDEfooter-include]