Subscription Information
This feature is supported with Enterprise X and Enterprise+ licenses.
OpenID Connect (OIDC) is an identity protocol that works on top of the OAuth 2.0 protocol. It utilizes the authorization and authentication mechanisms of the OAuth 2.0 protocol to authenticate and connect between different services. OIDC allows users to use single sign-on (SSO) to access sites using OpenID Providers (OPs) to authenticate their identities.
The integration of JFrog and trusted providers using OIDC establishes trust between the trusted provider and the JFrog Platform. This setup automates token management and enhances security through OpenID Connect (OIDC) for verifying identities.
OIDC integration in the JFrog Platform allows you to use services such as GitHub Actions with OpenID Connect to work on the JFrog Platform. With OIDC integration, you can allow the GitHub Actions CI pipelines to download and publish artifacts without storing JFrog passwords, tokens, or API keys in GitHub.
OpenID Connect Integration Support in GitHub Enterprise Cloud
OpenID Connect Integration is tested and certified to work with GitHub Enterprise Cloud.
You can create an OIDC integration in the JFrog Platform and add multiple identity mappings to the integration. An identity mapping is a configuration object that the JFrog Platform uses to match an incoming OIDC claim to a specific authorization scope.
When you configure identity mappings for GitHub OIDC integration, the identity mapping maps the identity of the GitHub Actions workflow to an identity in the JFrog Platform. JFrog Platform creates a reference token for each identity mapping so that the external service can authenticate in the JFrog Platform.
You can also use the REST APIs to configure OIDC integration. For more information, see OIDC Integration API.
The following sections provide information about OIDC integration.