OpenID Connect Integration

JFrog Platform Administration Documentation

Content Type
Administration / Platform

Subscription Information

This feature is supported with Enterprise X and Enterprise+ licenses.

OpenID Connect (OIDC) is an identity protocol that works on top of the OAuth 2.0 protocol. It utilizes the authorization and authentication mechanisms of the OAuth 2.0 protocol to authenticate and connect between different services.

OIDC integration in the JFrog Platform allows you to use services such as GitHub Actions with OpenID Connect to work on the JFrog Platform. With OIDC integration, you can allow the GitHub Actions CI pipelines to download and publish artifacts without storing JFrog passwords, tokens, or API keys in GitHub.

OpenID Connect Integration Support in GitHub Enterprise Cloud

OpenID Connect Integration is tested and certified to work with GitHub Enterprise Cloud.

You can create an OIDC integration in the JFrog Platform and add multiple identity mappings to the integration. JFrog Platform creates a reference token for each identity mapping so that the external service can authenticate in the JFrog Platform.

An identity mapping is a configuration object that the JFrog Platform uses to match an incoming OIDC claim to a specific authorization scope. 

When you configure identity mappings for GitHub OIDC integration, the identity mapping maps the identity of the GitHub Actions workflow to an identity in the JFrog Platform.

You can also use the REST APIs to configure OIDC integration. For more information, see Create or Update OIDC Configuration.Create or Update OIDC Configuration

The following sections provide information about OIDC integration.