Microsoft documentation for the SharePoint Powershell only shows how to set the site owner or site collection admin to a claim.
To add a Claim to a SharePoint group you need to perform three steps:
- Create the claim.
- Create a new group using the new claim.
- Add the new user to the group.
Create the claim
Example for the default SharePoint IP/STS:
$principal = New-SPClaimsPrincipal "<contoso\jane>" -IdentityType WindowsSamAccountName
Example for an external STS (like ADFS):
$prov = Get-SPClaimProviderManager
$tti = Get-SPTrustedIdentityTokenIssuer -Identity "ADFS20"
$principal = New-SPClaimsPrincipal -ClaimValue $strippedLogin -ClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -TrustedIdentityTokenIssuer $tti
Or an Identity claim:
$principal = New-SPClaimsPrincipal -ClaimValue $theUser.Email -ClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IdentifierClaim -TrustedIdentityTokenIssuer $tti
Create the user
$newUsr = New-SPUser -UserAlias $usrEncodedClaim -Web $theGroup.ParentWeb
You can set additional properties for the user object using the -Email and -DisplayName switches.
Now you should be able to add it to a group using the -Group switch, but somehow that does not work. Ik you find out how to to this: please let me know.
Add the user to the group
$web = Get-SPWeb -Identity "http://www.test.nl"
$group = $web.SiteGroups( "Visitors")
$group.AddUser($newUsr)