Skip to main content

Mapping Authentication/Identity Provider Attributes to Authentication Context

Map attributes coming from different authentication/identity providers into a unified authentication context schema.

Map IDP Attributes to Authentication Context

Default OIDC/SAML attributes are mapped out of the box.

  1. Go to Authentication > Providers and select an IDP from the list.

  2. Open the Mappings page.

    A standard attribute mapping for this IDP appears.

  3. Select Add mapping and map any custom IDP attributes to an existing authentication context attribute.

    Note

    If you need to create new authentication context attributes, read the Managing Authentication Context.

  4. Optionally, you can enrich authentication context before issuing the token to the client. Attributes returned by the script do not need to be separately mapped to the authentication context.

  5. Save your changes. Your mapped custom attributes should now be shared in the ID token issued to your client application, given that the target application requests them (you can check this in Data Lineage).

Add Static Mapping

  1. Go to Authentication > Providers and select an IDP from the list.

  2. Open the Mappings page.

    A standard attribute mapping for this IDP appears.

  3. Select Add static mapping.

  4. Pick the target authentication context attribute.

  5. Provide the static value of the attribute.

  6. Save mappings.

    Result: From now on, all users authenticated using the configured IDP will have the conifgured authentication context attribute with the value you set.