Creating an Identity Mapping data instance
If you register a user through OAuth 2.0 Client Registration that is authenticated through SAML, you need to specify how an operator is identified by the Pega server. Use the Identity Mapping data instance to create a profile, and configure which attributes to map from a SAML assertion to which operator record properties, so that you can specify how to identify an operator.
- In Designer Studio, click Records > Security > Identity Mapping.
- Click Create.
- In the Name field, enter the name of the identity mapping profile.
- In the Short description field, enter a short description of the identity mapping profile.
- in the Source field, select SAML 2.0 Assertion.
- Click Create and open.
- On the SAML 2.0 tab, in the section, in the Truststore field, enter the same keystore that is used by the SAML 2.0 assertion and verifies the token.
-
Enter an attribute to map the .pyUserIdentifier property to identify an existing operator.
- In the section, in the Post processing activity field, enter the name of your post-processing activity. The post-processing activity can connect to any external entity to get additional data, and the activity can enrich the OperatorID page with attributes available on the assertion page. You can use the pzSAMLBearerIdentityMappingAct activity as a reference while creating your own post-processing activity.
- Click Save.
Open topic with navigation