Hi @adam
Thank you very much for your help and this very detailed and comprehensive example!
Indeed, this is exactly what I was trying to figure out and this example clarifies everything.
As already mentioned in this other thread I would also advice to include this example in this documentation section here:
I’m sure that this will help others that may need to build something similar.
Just a clarififcation for others that may are unsure.
This peace of code here has to go into the “authentication.ps1” part:
param(
[PSCredential]$Credential
)
# Check the cache to see if this email + passcode combination is valid
$Passcode = Get-PSUCache -Key $Credential.UserName
if ($Passcode -eq $Credential.GetNetworkCredential().Password) {
New-PSUAuthenticationResult -Claims {
New-PSUAuthorizationClaim -Type ([System.Security.Claims.ClaimTypes]::Role) -Value 'Administrator'
} -UserName $Credential.UserName -Success
}
# Do standard form login here
New-PSUAuthenticationResult -ErrorMessage 'Bad username or password'
Here to be more precise… 
Thanks a lot again and take care,
Don