What Is Claim Mapping?
Claim mapping is the configuration that converts claims carried in an identity token into the attributes and identifiers a target system understands. For example, it can map a token claim naming the source repository to an attribute used in access conditions. The mapping is what lets fine-grained policy reference details of the calling workload.
Why it matters
Good claim mapping lets access conditions key on exactly which repository or branch is calling, not just that some trusted system is. That precision is essential to safe least-privilege federation.
Related guides
What Is a Subject Claim?A subject claim is the field in an identity token that names who or what the token represents, used by access…
What Is an Audience Restriction?An audience restriction checks that a token was issued for the intended recipient, so a token minted for one…
What Is Conditional Access?Conditional access grants permissions only when defined conditions hold, such as a specific branch, environme…