Configure Identity Mappings

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

An identity mapping is a configuration object that the JFrog Platform uses to match an incoming OIDC claim to a specific authorization scope. 

When you configure OIDC integration, you need to configure the associated identity mappings as well. Each identity mapping creates a reference token to authenticate with the JFrog Platform.

You can create multiple identity mappings for an integration. Each mappings has a priority field. Prioritization ensures that the relevant token is generated by considering the configured JSON claim.

  1. You can create identity mappings when you create an OIDC integration.

    You can also create identity mappings on an existing OIDC Integration. Do the following steps to add identity mappings for an existing OIDC integration.

    1. Navigate to the Administration tab In the JFrog Platform UI.

    2. Click General | Manage Integrations.

      The Integrations page appears.

    3. Select Create Identity Mapping for an existing integration from the menu.

      EditOIDC.png

      The Identity Mappings window appears.

  2. In the Identity Mappings window, enter the name of the identity mapping.

    Mappings.png
  3. Enter the priority of the identity mapping.

    The priority should be a number. The higher priority is set for the lower number. If you do not enter a value, the identity mapping is assigned the lowest priority.

    We recommend that you assign the highest priority (1) to the strongest permission gate. Set the lowest priority to the weakest permission for a logical and effective access control setup.

  4. Enter the description of the identity mapping.

  5. Enter the claims JSON from the OpenID provider for the identity mapping.

    For more information about claims JSON in GitHub Actions, refer to the GitHub Actions Documentation.

  6. Select the scope of the token.

    The following scopes are available.

    • Admin

    • User

    • Group

  7. Enter the username.

    The username appears in the JFrog Platform logs when the external service autheticates with this identity mapping.

  8. Select the services for which the mapping applies.

    Select All to apply the mapping to all services.

  9. Set the expiration time for token in minutes.

    The default value is 1.