An identity mapping is a configuration object that the JFrog Platform uses to match an incoming OIDC claim to a specific authorization scope. An identity mapping enables users to validate access requests based on the claim JSON. This ensures that tokens are granted based on specific criteria, such as user roles or project requirements.
When you configure OIDC integration, you need to configure the associated identity mappings as well. Each identity mapping creates a reference token to authenticate with the JFrog Platform.
You can create identity mappings when you create an OIDC integration. You can also create identity mappings for an existing OIDC Integration.
You can create multiple identity mappings for any integration. Each mapping has a priority field. Prioritization ensures that the relevant token is generated. A token is defined by considering the configured JSON claim. We strongly encourage you to define JSON claims in the identity mapping for security purposes If you don't add claims anyone that knows the service account to target can get access.
Note
From Artifactory version 7.94 you can create identity mappings associated with a specific project.
A Project Admin can now create identity mappings.
When you are working in the scope of All Projects, a Platform Admin can create identity mappings. If you are working in the scope of a specific project, a Project Admin can create identity mappings for that project. There are both global level identity mappings and project level identity mappings. Global identity mappings can apply to all projects. A Project identity mapping applies only to a selected project. Each identity mapping is assigned a priority rating. Project identity mappings take precedence in priority over global identity mappings.