I was hoping to find an example where i could add a particular custom claim value to a SP group using PnP PowerShell. Basically do what is done below using PnP PowerShell
$ClaimValue = $_.ClaimValue
if ($_.ClaimType -eq $ClaimTypeSchema.GroupSID)
{
$objUserAccount = New-Object System.Security.Principal.NTAccount($EnvUserDomain, $_.ClaimValue)
$objUserSID = $null
Write-Output ("Generating Security Identifier for account: '" + $_.ClaimValue + "' ...")
$objUserSID = $objUserAccount.Translate([System.Security.Principal.SecurityIdentifier])
if ($objUserSID -eq $null)
{
continue
}
$ClaimValue = $objUserSID.Value
}
Write-Output (" Adding Claim: '" + $_.ClaimType + "' with Value: '" + $ClaimValue + "' ...")
$Claim = New-SPClaimsPrincipal -ClaimType $_.ClaimType -ClaimValue $ClaimValue -TrustedIdentityTokenIssuer $AuthenticationProvider
$SPUserClaim = New-SPUser -UserAlias $Claim.ToEncodedString() -Web $RootWeb.Url
$SecurityGroup.AddUser($SPUserClaim)}
Write-Output "Completed"
looks like I can get away with hardcoding the expected formats using something like below
i:0ǵ.t|custom-adfs|First.Last
for more encodings refer to the article below https://social.technet.microsoft.com/wiki/contents/articles/13921.sharepoint-20102013-claims-encoding.aspx
Still I think it would be good to have a equivalent in PnP.
$Claim = New-SPClaimsPrincipal -ClaimType $_.ClaimType -ClaimValue $ClaimValue -TrustedIdentityTokenIssuer $AuthenticationProvider
$SPUserClaim = New-SPUser -UserAlias $Claim.ToEncodedString() -Web $RootWeb.Url