Map IDP Attributes to Authentication Context
Default OIDC/SAML attributes are mapped out of the box.
-
Go to Authentication » Providers and select an IDP from the list.
-
Open the Mappings page.
A standard attribute mapping for this IDP appears.
-
Select Add mapping and map any custom IDP attributes to an existing authentication context attribute.
Note
If you need to create new authentication context attributes, read the Managing Authentication Context.
-
Optionally, you can enrich authentication context before issuing the token to the client. Attributes returned by the script do not need to be separately mapped to the authentication context.
-
Save your changes. Your mapped custom attributes should now be shared in the ID token issued to your client application, given that the target application requests them (you can check this in Data Lineage).
Add Static Mapping
-
Go to Authentication » Providers and select an IDP from the list.
-
Open the Mappings page.
A standard attribute mapping for this IDP appears.
-
Select Add static mapping.
-
Pick the target authentication context attribute.
-
Provide the static value of the attribute.
-
Save mappings.
Result
From now on, all users authenticated using the configured IDP will have the conifgured authentication context attribute with the value you set.