Mapping rules

Mapping rules are JavaScript code that runs during the authentication flow for Advanced Access Control and Federation.

Mapping rules can be used for multiple purposes. For Advanced Access Control, you can modify rules for the Authentication Service, OTP, and OAuth 2.0. For Federation, you can modify mapping rules to manage identities for OIDC and SAML 2.0. Use the task topic below that applies to the type of mapping rule you want to manage.

Note: Support for the importing of a mapping rule into another mapping rule applies to all mapping rules.

Managing JavaScript mapping rules
Create or edit JavaScript mapping rules.
Managing mapping rules
The mapping rules are JavaScript code that run during the authentication flow. Use the rules to customize the authentication service and the one-time password generation, delivery, and verification.
Managing OAuth 2.0 mapping rules
Use the mapping rules to customize the methods for the OAuth 2.0 or OIDC flow.
Actions to be performed in mapping rules
For certain grant types, you must perform these actions in the pre-token mapping rule.
MMFA mapping rule methods
Customize the OAuth PreTokenGeneration and PostTokenGeneration mapping rules by using these methods.
JavaScript whitelist
Advanced Access Control JavaScript mapping rules and Federation mapping rules call Java™ code from JavaScript. The set of classes that can be called is restricted.
Managing JavaScript mapping rules
Create, edit, or delete JavaScript mapping rules.
Customizing SAML 2.0 identity mapping
Use mapping rules to map local identities to SAML tokens and to map SAML tokens to local identities.
STSRequest and STSResponse access using a JavaScript mapping rule
By using the Default Mapping STS Module and a JavaScript mapping rule, you can perform identity mapping. The mapping rule can access STSRequest and STSResponse objects.
OpenID Connect mapping rules
Mapping rules allow users to customize the information that is propagated from an OpenID Connect Provider or what is consumed by a Relying Party.
Import a mapping rule from another mapping rule
You can reuse mapping rules by importing a mapping rule from another mapping rule.
Auditing from Mapping Rules
Data that is used in JavaScript Mapping rules can be audited with IDMappingExtUtils.

Parent topic: Global settings