Skip to main content

User Identity Mappers

Note: The first column (User Property/Attribute) is just a reference title and must not be consumed for attribute mapping, instead please use the last column (Standard Realm - OIDC Payload) to use it as the claim name in your Identity Providers Mappers configuration.


IDIR

Note: The SAML payload contains <NameID>, whose value is same as that of the idir_user_guid will be mapped to username of the logging in user inside parent realm

User Property/AttributeIDP - SAML Payload(*)Parent Realm MapperCustom/Standard Realm MapperStandard Realm - OIDC Payload
First Namefirst_namegiven_namegiven_namegiven_name
Last Namelast_namefamily_namefamily_namefamily_name
Emailemailemailemailemail
Display Namedisplay_namedisplay_namedisplay_namedisplay_name
IDIR Usernameidir_usernameidir_usernameidir_usernameidir_username
IDIR User GUIDidir_user_guididir_user_guididir_user_guididir_user_guid
Keycloak Generated Preferred Usernameidir_user_guidpreferred_usernamepreferred_username={{preferred_username}}@idirpreferred_username

IDIR - MFA

User Property/AttributeIDP - SAML Payload(*)Parent Realm MapperCustom/Standard Realm MapperStandard Realm - OIDC Payload
First Namefirst_namegiven_namegiven_namegiven_name
Last Namelast_namefamily_namefamily_namefamily_name
Emailemailemailemailemail
Display Namedisplay_namedisplay_namedisplay_namedisplay_name
IDIR Usernameidir_usernameidir_usernameidir_usernameidir_username
IDIR User GUIDidir_user_guididir_user_guididir_user_guididir_user_guid
User Principal Nameuser_principal_nameuser_principal_nameuser_principal_nameuser_principal_name
Keycloak Generated Preferred Usernameidir_user_guidpreferred_usernamepreferred_username={{preferred_username}}@azureidirpreferred_username

Basic BCeID

User Property/AttributeIDP - SAML Payload(*)Parent Realm MapperCustom/Standard Realm MapperStandard Realm - OIDC Payload
Emailemailemailemailemail
Display Namedisplay_namedisplay_namedisplay_namedisplay_name
Display Namedisplay_namedisplay_namegiven_namegiven_name
BCeID Usernamebceid_usernamebceid_usernamebceid_usernamebceid_username
BCeID User GUIDbceid_user_guidbceid_user_guidbceid_user_guidbceid_user_guid
Keycloak Generated Preferred Usernamebceid_user_guidpreferred_usernamepreferred_username={{bceid_user_guid}}@bceidbasicpreferred_username

Business BCeID

User Property/AttributeIDP - SAML Payload(*)Parent Realm MapperCustom/Standard Realm MapperStandard Realm - OIDC Payload
Emailemailemailemailemail
Display Namedisplay_namedisplay_namedisplay_namedisplay_name
Display Namedisplay_namedisplay_namegiven_namegiven_name
BCeID Usernamebceid_usernamebceid_usernamebceid_usernamebceid_username
BCeID User GUIDbceid_user_guidbceid_user_guidbceid_user_guidbceid_user_guid
Keycloak Generated Preferred Usernamebceid_user_guidpreferred_usernamepreferred_username={{bceid_user_guid}}@bceidbusinesspreferred_username
BCeID Business GuidSMGOV_BUSINESSGUIDbceid_business_guidbceid_business_guidbceid_business_guid
BCeID Business NameSMGOV_BUSINESSLEGALNAMEbceid_business_namebceid_business_namebceid_business_name

BCeID Both

User Property/AttributeIDP - SAML Payload(*)Parent Realm MapperCustom/Standard Realm MapperStandard Realm - OIDC Payload
Emailemailemailemailemail
Display Namedisplay_namedisplay_namedisplay_namedisplay_name
Display Namedisplay_namedisplay_namegiven_namegiven_name
BCeID Usernamebceid_usernamebceid_usernamebceid_usernamebceid_username
BCeID User GUIDbceid_user_guidbceid_user_guidbceid_user_guidbceid_user_guid
Keycloak Generated Preferred Usernamebceid_user_guidpreferred_usernamepreferred_username={{bceid_user_guid}}@bceidbothpreferred_username
BCeID Business GuidSMGOV_BUSINESSGUIDbceid_business_guidbceid_business_guidbceid_business_guid
BCeID Business NameSMGOV_BUSINESSLEGALNAMEbceid_business_namebceid_business_namebceid_business_name

GitHub Public

User Property/AttributeIDP - SAML Payload(*)Parent Realm MapperCustom/Standard Realm MapperStandard Realm - OIDC Payload
Emailemailemailemailemail
Display Namenamedisplay_namedisplay_namedisplay_name
Display Namenamedisplay_namedisplay_namename
Display Namenamedisplay_namegiven_namegiven_name
GitHub IDidgithub_idgithub_idgithub_id
Keycloak Generated Preferred Usernameidpreferred_usernamepreferred_username={{id}}@githubpublicpreferred_username={{id}}@githubpublic
GitHub Usernamelogingithub_usernamegithub_usernamegithub_username
BCGov Github Membershiporg_verifiedorg_verifiedorg_verified
BCGov Github Orgsorgsorgsorgs

GitHub BCGov

User Property/AttributeIDP - SAML Payload(*)Parent Realm MapperCustom/Standard Realm MapperStandard Realm - OIDC Payload
Emailemailemailemailemail
Display Namenamedisplay_namedisplay_namedisplay_name
Display Namenamedisplay_namedisplay_namename
Display Namenamedisplay_namegiven_namegiven_name
GitHub IDidgithub_idgithub_idgithub_id
Keycloak Generated Preferred Usernameidpreferred_usernamepreferred_username={{id}}@githubbcgovpreferred_username={{id}}@githubbcgov
GitHub Usernamelogingithub_usernamegithub_usernamegithub_username
BCGov Github Membershiporg_verifiedorg_verifiedorg_verified
BCGov Github Orgsorgsorgsorgs

Note:

  • org_verified: true if the authenticated user has bcgov GitHub org membership, otherwise, false.
  • orgs: space-separated list of BCGov GitHub org that the authenticated user has a membership of.

BC Services Card

Clients can request additional claims when creating their client in the CSS App. See here for an up-to-date list of available claims. The BCSC sub will not be available for selection in the app, but will be automatically added to the token under the bcsc_did claim. The received token's sub and preferred_username claim can be used as an identifier which will include the @<idp-name> suffix.

The idp-name will be generated from your client name and id

User Property/AttributeIDP - Payload(*)Custom/Standard Realm MapperStandard Realm - OIDC Payload
Keycloak Generated Preferred Usernamesubpreferred_username={{sub}}@<idp-name>preferred_username={{sub}}@<idp-name>
BC Services Card Subject IDsubbcsc_didbcsc_did

Digital Credential

The requested credential information will be in JSON format under the vc_presented_attributes claim

User Property/AttributeIDP - Payload(*)Custom/Standard Realm MapperStandard Realm - OIDC Payload
Keycloak Generated Preferred Usernamesubpreferred_username={{sub}}@digitalcredentialpreferred_username={{sub}}@digitalcredential
Digital Credential Content (JSON)vc_presented_attributesvc_presented_attributesvc_presented_attributes
The Presentation Request Configuration IDpres_req_conf_idpres_req_conf_idpres_req_conf_id

One-Time Passcode

User Property/AttributeIDP Payload(*)Custom/Standard Realm MapperStandard Realm - OIDC Payload
Emailemailemailemail
Keycloak Generated Preferred Usernamesubpreferred_username={{sub@otp}}preferred_username={{ppid}}

Note: A Pairwise Pseudonymous Identifier is an unique identifier of an user in each privacy zone