A single header identity mapping can expose a number of attribute values or a certificate chain up to three levels deep. Header identity mappings are assigned to applications.

  1. Click Access and then go to Identity Mappings > Identity Mappings.
  2. Click + Add Identity Mapping.
  3. In the Name field, enter a name for the mapping.
  4. From the Type list, select Header Identity Mapping.
  5. In the Attributes section, select a list type.
    • Inclusion List – Includes the specified attributes as headers.
    • Exclusion List – Includes all attributes as headers, with the exception of those specified.
  6. If you selected Inclusion List, specify the Inclusion List parameters.
    1. In the Header Name Prefix field, enter a prefix.
      This prefix is prepended onto all header names.
    2. In the Attribute Name field, enter or select the name of the attribute to retrieve from the user web session in the Attribute Name field.
      For example, sub.
    3. In the Header Name field, enter the name of the HTTP requests header to contain the attribute value.
      The HTTP header you specify here is the actual header name over the HTTP protocol, not an environment variable interpreted format. For example, enter the User-Agent browser type identifying header as User-Agent, not HTTP_USER_AGENT.
    4. Optional: Click + Add Row to add additional sets of attributes and headers.
    5. Optional: Click Subject to select which attribute is used as the subject.
  7. If you selected Exclusion List, specify the Exclusion List parameters.
    1. In the Header Name Prefix field, enter a prefix.
      This prefix is prepended onto all header names.
    2. Optional: In the Excluded Attributes field, enter one or more attributes to exclude.
      All attributes not specified are included as headers.
    3. In the Subject Attribute Name list, select an attribute to use as the subject.
  8. In the Certificate to Header Mapping section, enter the header name to contain a PEM-encoded client certificate.

    The row position correlates to the index in the client certificate chain. For example, the first row always maps to the leaf certificate.

    1. If you are using a certificate chain, click + Add Row to add another row.
  9. Click Save.