Select and configure the mapping type.
Advanced Claim to Role
Maps claim (optionally regex) to one role with advanced matching options.
Setting | Value |
|---|---|
Regex Claim Values | On to treat the claim value as a regular expression pattern; Off otherwise. |
Role | The target realm or client role to assign when claim matching succeeds. This role must already exist before saving the mapper. |
Attribute importer
Copies an incoming claim value into a user attribute.
Setting | Value |
|---|---|
Claim | Any incoming OIDC claim name |
User Attribute Name | The target user attribute key: a custom attribute, |
Claim to role
Assigns a role when claim/value match is true.
Setting | Value |
|---|---|
Claim | The OIDC claim to evaluate, such as groups, roles, or departments |
Claim value | The expected value for matching |
Role | The realm or client role to grant when the match succeeds |
Hardcoded Attribute
Sets a static user attribute value.
Setting | Value |
|---|---|
User Attribute | The user attribute key to set: a custom attribute,
|
User Attribute Value | The value written on login, for example: |
Hardcoded Role
Always assigns a fixed role.
Setting | Value |
|---|---|
Role | An existing realm or client role that is always granted |
Hardcoded User Session Attribute
Sets a static session attribute.
Setting | Value |
|---|---|
User Session Attribute | Session attribute key to set, for example: |
User Session Attribute Value | Static value for the key, for example: |
User Session Note Mapper
Stores a claim into a user session note.
Setting | Value |
|---|---|
Claims | The claims to copy into a session note, such as |
Regex Claim Attributes | On to interpret the claim matching as regex; Off for exact matching. |
Username Template Importer
Builds a username from a token-claim template.
Setting | Value |
|---|---|
Template | The expression to build the imported username |
Target | The user field to populate: |