I'm just getting confused because I have seen examples of using alternativeSecurityIds and others using userIdentities? Are they one and the same?
Also, I want to update my azure ad multi-tenant federation using userIdentity instead of alternativeUserId, can I use any name for the issuer or does it need to take the value of PartnerClaimType="iss" like below?
<OutputClaim ClaimTypeReferenceId="issuer" PartnerClaimType="iss" />
The underlying Identity structure is the same.
Yes, I agree - very confusing.
The samples refer to userIdentities but the documentation still refers to alternativeSecurityId.
The feedback I have got is that userIdentities are the way to go.
Update
<ClaimsTransformation Id="CreateAlternativeSecurityId" TransformationMethod="CreateAlternativeSecurityId">
<InputClaims>
<InputClaim ClaimTypeReferenceId="issuerUserId" TransformationClaimType="key"/>
<InputClaim ClaimTypeReferenceId="identityProvider" TransformationClaimType="identityProvider"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="alternativeSecurityId" TransformationClaimType="alternativeSecurityId"/>
</OutputClaims>
</ClaimsTransformation>
As you can see from above, that is how the identities are stored.
The post you linked to shows:
<OutputClaim ClaimTypeReferenceId="identityProvider" PartnerClaimType="iss" />
So if you change it, it won't match an entry in the table.