A header identity mapping can expose one or more attribute values to the protected application in HTTP request headers.

For more information about this procedure, including optional steps that aren't included here, see Creating header identity mappings.

  1. Click Access and then go to Identity Mappings > Identity Mappings.
  2. Click + Add Identity Mapping.
  3. In the Name field, enter a name for the mapping.
  4. In the Type list, select Header Identity Mapping.
  5. In the Attribute to Header Mapping section, in the Attribute Name field, enter the name of the attribute to retrieve from the user web session, such as sub.
  6. In the Header Name field, enter the name of the header to contain the attribute value.

    The HTTP request header you specify here is the actual header name over the HTTP protocol, not an environment variable interpreted format. For example, enter the User-Agent browser type identifying header as User-Agent, not HTTP_USER_AGENT.

  7. In the Certificate to Header Mapping section, enter the header name included in a PEM-encoded client certificate.

    The row position correlates to the index in the client certificate chain. For example, the first row always maps to the leaf certificate. If you are using a certificate chain, click + Add Row to add another row.

  8. Click Save.