Prerequisites
To use Data Lineage for demonstration purposes, you only need access to an Cloudentity tenant with a workspace. Your authorization server should already contain pre-configured IDPs, authentication context, and initial data mappings, which should be enough to get an idea of the data flow in Cloudentity.
Map Attributes to Authentication Context
In the video below, we are adding the Login
attribute, which is a part of user data incoming from
GitHub, to the Nickname
attribute which is defined in the Authentication Context schema. As a
result, the
nickname
claim in the generated ID token has the user’s GitHub login as a value.
Map your attributes and claims in a similar fashion to make sure that you’re sending the correct data to correct applications.
Create New Claims from Authentication Context
In the video below, we are mapping the name
IDP paramter to a Custom
authentication context
attribute. Then, we are creating a new Custom
claim by dragging the attribute from the
authentication context area to the application area.
As a result, the following happens:
-
New
Custom
claim is created in the authorization server and assigned to be requested by the app. TheCustom
scope (matching the claim name) is assigned to the claim automatically. -
Upon a successful authentication via an IDP, the application receives the requested scopes, including the
Custom
claim in the tokens issued by Cloudentity.