Hi @Ivan Maria ,
SharePoint Online display identity claims with the following encoding format:
<IdentityClaim>:0<ClaimType><ClaimValueType><AuthMode>|<OriginalIssuer (optional)>|<ClaimValue>
Components explained:
<IdentityClaim>
- <IdentityClaim> indicates the type of claim and is the following:
“i” for an identity claim
“c” for any other claim
<ClaimType>
- <ClaimType> indicates the format for the claim value and is the following:
“#” for a user logon name
“.” for an anonymous user
“5” for an email address
“!” for an identity provider
“+” for a Group security identifier (SID)
“-“ for a role
“%” for a farm ID
“?” for a name identifier
"\" for a private personal identifier (PPID)
"e" for a user principal name (UPN)
""" for a user ID
"$" for a distribution list security identifier (SID)
"&" for a process identity security identifier (SID)
"'" for a process identity logon name
"(" for an authenticated user
")" for a primary security identifier (SID)
"*" for a primary group security identifier (SID)
"0" for an authorization decision
"1" for a country
"2" for a date of birth
"3" for a deny only security identifier (SID)
"4" for DNS
"6" for a gender
"7" for a given name
"8" for a hash
"9" for a home phone
"<" for a locality
"=" for a mobile phone
">" for a name
"@" for other phone
"[" for a postal code
"]" for RSA
"^" for a secure identifier (SID)
"_" for a service principal name (SPN)
"`" for a state or province
"a" for a street address
"b" for a surname
"c" for a system
"d" for a thumbprint
"f" for a uniform resource name (URI)
"g" for a web page
<ClaimValueType>
- <ClaimValueType> indicates the type of formatting for the claim value and is the following:
“.” for a string
“+” for an RFC 822-formatted name
")" for an integer
""" for a Boolean
"#" for a date
"$" for a date with time
"&" for a double
"!" for a Base64 formatted binary
"0" for a X.500 formatted name
<AuthMode>
- <AuthMode> indicates the type of authentication used to obtain the identity claim and is the following:
“w” for Windows claims (no original issuer)
“s” for the local SharePoint security token service (STS) (no original issuer)
“t” for a trusted issuer
“m” for a membership issuer
“r” for a role provider issuer
“f” for forms-based authentication
“c” for a claim provider
<OriginalIssuer>
- <OriginalIssuer> indicates the original issuer of the claim.
<ClaimValueType>
- <ClaimValueType> indicates the value of the claim in the <ClaimType> format.
Common types of login names in SharePoint online:
- Everyone -> c:0(.s|true
- Everyone except external users -> c:0-.f|rolemanager|spo-grid-all-users/<tenant_id>
- Group memebers -> c:0o.c|federateddirectoryclaimprovider|<group_guid>
- Group Owners -> c:0o.c|federateddirectoryclaimprovider|<group_guid>
- "Company Administrator" in Sharepoint Admin console -> c:0t.c|tenant|<UNKNOWN-GUID>
- An O365 user ->i:0#.f|membership|<USER-EMAIL>
Reference: SharePoint 2013 and SharePoint Online Built-In Accounts
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.