Claims

Follow these steps to associate a Security Label with a new Claims Issuer:

1. Click New from the Security Labels view.
   
2. On the New Claim Mapping page, enter values in the fields for the new Security Label. Use the table below the image for guidance in configuring the claim mapping.
   
   

   Field	Description
   Security Label	The security label that the issuer is associated with. (For information about registering a custom label, see KB000186.) Whatever you select here for the label will prepend that value to users from this Identity Provider. You should have a single IdP mapped to a single label. You can have multiple claim type mappings using a single label, however for this to work in K2 the user manager must be able to resolve back to the IdPs
   Issuer	Select the issuer associated with the Claim Mapping. (If you don't see any issuers in here you either do not have any issuers configured, or they are already mapped to a label.)
   Claim Type Info	When you have multiple claims mappings associated with a single label, you must use the Claim Type Info setting to let K2 know which claims mappings contain SharePoint users. The Claims Type Info setting is used in this scenario for telling K2 not to use the mappings associated with the Windows claims mapping when resolving users in groups, because the other mapping (AD FS or some other IdP) contained the user information. In SharePoint 2013 this setting is used in the same capacity. Even though K2 trusts the issuers (STSs) directly, and there will typically be a single claim mapping per label, if the Claim Type Info setting is not true then users associated with that IdP will not be resolved from SharePoint groups.
   Name Identity Issuer	The name identity issuer (NII) associated with the issuer. The value is case-sensitive. For example, Windows (AD) is urn:office:idp:activedirectory.
   User Token Identifier	The identifier that SharePoint uses to identify users. For example, Windows (AD) is i:0#.w. (User Token Identifier is only used when handling claims tokens from SharePoint)
   Group Token Identifier	The identifier SharePoint uses to identify groups. For example, Windows (AD) is c:0+.w. (Group Token Identifier is only used when handling claims tokens from SharePoint)
   Identity Provider > Original Issuer	The original issuer of the claim. Corresponds to the Issuer Name column. For example, Windows (AD) by default is WindowsSTS.
   Identity Provider > Claim Type	The claim type for the identity provider. For example, Windows (AD) is http://schemas.microsoft.com/identity/claims/identityprovider.
   Identity Provider > Claim Value	The claim value for the identity provider. For example, Windows (AD) is WindowsSTS.
   Identity > Original Issuer	The original issuer for the identity claim. For example, Windows (AD) is AD AUTHORITY.
   Identity > Claim Type	The claim type for the identity claim. For example, Windows (AD) is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.
   Identity > Claim Value	The claim value for the identity claim. This is typically left blank (null) but may require a value.
   Security Label > Original Issuer	The original issuer for the security label. This is typically only required when using the FormsSTS and when the K2 Designer site is configured to use multiple authentication methods.
   Security Label > Claim Type	The claim type for the security label.
   Security Label > Claim Value	The claim value for the security label.

3. Click OK.

Follow these steps to edit a Security Label:

1. Select the Security Label you want to edit. The Edit button becomes available.
   
2. Click Edit
3. Change the values you want to edit using the table in add as a guide. Click OK.

Follow these steps to delete a Security Label:

1. Select the Security Label you want to delete. The Delete button becomes available.
   
2. Click Delete.
3. Click OK to confirm that you want to delete the Claim Type Mapping.
   

The Refresh button refreshes the Security Labels list after changes have been applied.