Authentication Service Credential mapping rule

The Authentication Service Credential mapping rule is JavaScript code that we can use to customize the information that is contained in the user credential.

During authentication, the Authentication Service gathers information about the authenticated user, including attributes associated with the user ID. After successful authentication, the Authentication Service provides this information to the Authentication Service Credential mapping rule. The main task of the mapping rule is to modify or add attributes to the user information before it is used to generate a credential.

Customizing the mapping rule is an advanced way to customize the credential. To specify basic credential attributes, use an authentication policy and the Credentials panel in the local management interface instead of creating a custom mapping rule. See Create an authentication policy. If you write your own mapping rule and use it to replace the existing rule, be aware of the following considerations:

The sample mapping rule provides more descriptions about considerations for writing your own mapping rule. A default AuthSvcCredential mapping rule is provided. To review the rule:

  1. Log in to the local management interface.
  2. Click AAC
  3. Under Policy, click Authentication.
  4. Click Advanced.
  5. Select AuthSvcCredential.
  6. Click Export.
  7. Choose a location and save the file.
To review an example of a customized credential mapping rule:

  1. Log in to the local management interface.
  2. Click System.
  3. Click File Downloads.
  4. Click access_control > examples > mapping_rules.
  5. Select authsvc_credential.js.
  6. Click Export to download the file.

If you create your own rule, use it to replace the existing rule. See the replacement instructions in Managing mapping rules.

Parent topic: Managing mapping rules