Mapping rules
Self-Managed only
Mapping rules provide flexible access to Orchestration Cluster resources based on claims in a user's or client's OIDC access token.
info
To learn more, see mapping rules.
Create a mapping rule
To create a mapping rule:
- Log in to Identity in your cluster, and select the Mapping Rules tab.
- Click Create a mapping rule, and enter the following details:
- Mapping Rule ID: A unique identifier for the mapping rule.
- Mapping Rule name: A user-friendly name.
- Claim name: The name of a claim in the OIDC access token or a JSONPath expression that points to a claim in the access token.
- Claim value: The expected value of the claim so that the mapping rule matches an access token.
- Click Create mapping rule to create the role.
You can now assign the role to groups, roles, or tenants, or create and apply authorizations for it.

Update a mapping rule
To update a mapping rule:
- Log in to Identity in your cluster, and select the Mapping rules tab.
- Click the pencil icon next to the mapping rule you want to update.
- Update the mapping rule details as required.
- Click Save to update the mapping rule.

Delete a mapping rule
To delete a mapping rule:
- Log in to Identity in your cluster, and select the Mapping Rules tab.
- Click Delete next to the mapping rule you want to delete.
- Confirm the deletion by clicking on the Delete button in the confirmation dialog. The mapping rule is deleted.

Assign authorizations to a role
See authorizations to learn how to create authorizations for mapping rules.