Claims¶
App Builder's authentication model is fundamentally claims-based. Authentication schemes, such as WS-Federation and SAML single sign-on (SSO) supply a set of claims about the user. App Builder uses those claims to identify the user and update user attributes such as the user's email address. Even authentication schemes that are not inherently claims-based are treated as such by App Builder.
Supported claims¶
App Builder recognizes the following claims:
| Name | Description |
|---|---|
| Name ID | The name identifier is an opaque, immutable value assigned to the user. It cannot be reassigned or reused. |
| Name | The unique name of the user. Common values used for the name claim include user names, such as SAM account names, and email addresses. |
| E-mail Address | The e-mail address of the user. |
| Display Name | The user's preferred display name. |
| Full Name | The user's full name. |
| Phone Number | The user's preferred phone number. E.164 is the recommended format. RFC 3966 is recommended for extensions. |
| Group | User group membership. |
Either the Name ID or Name claim must be supplied. All other claims are optional.
Note
Note that specific authentication providers may support additional claims.