Create an Identity Mapping

JFrog REST APIs

ft:sourceType
Paligo

Description: Creates an identity mapping for an OIDC configuration.

Since: Artifactory 7.x.x

Security: Requires a valid admin token

Usage: POST /access/api/v1/oidc/{provider_name}/identity_mappings {identity mapping configuration JSON

The JSON record must have the following fields.

  • name - Mandatory. Name of the identity mapping.

  • provider_name - Mandatory. Name of the OIDC configuration.

  • claims - Mandatory. Claims information from the OIDC provider.

    • sub

    • workflow_ref

  • token_spec - Mandatory. Specifications of the token.

    • username - Optional. User name of the OIDC user.

    • scope - Mandatory if you do not provide the user. Scope of the token. You can use applied-permissions/user, applied-permissions/admin, or applied-permissions/group.

    • audience - Optional. Sets the JFrog services to which the mapping applies. Default value is @, which applies to all services.

    • expires_in - Optional. Token expiry time in seconds. Default value is 3600.

Produces: text/plain

Sample Usage

curl -X POST -H "Content-type: application/json" \
     -H "Authorization: Bearer cOENUdUxv" \ 
     https://example.jfrog.io/access/api/v1/oidc/{provider_name}/identity_mappings -d \
     {
	"name": "github-repo-read", 
	"provider_name": "github-oidc",
        "claims": { 
                    "sub": "repo:mosheya/access-oidc-poc:ref:refs/heads/main", 
                    "workflow_ref":  "mosheya/access-oidc-poc/.github/workflows/job.yaml@refs/heads/main"
                  },
        "token_spec": {
			  "username": "moshey",
			  "scope": "applied-permissions/user"
                          "audience": ["jfrt@service_id"],
                          "expires_in": 3600
                      }
     }