Alternative claim names¶
Generally, you will want to configure your IdP to include custom claims in JWTs issued for Workload Identity Manager API clients. In that case, you can leave the Alternative Claim Names fields blank in the configuration.
If you can't issue custom claims, you may be able to use claims that are already defined by your IdP. In the Issuer Configurations settings you can specify the names of those claims, which Workload Identity Manager will use for authorizing API clients using JWKS or OIDC Discovery.
The alias names can be specified for the following claims:
venafi-firefly.configuration
venafi-firefly.allowedPolicies
venafi-firefly.allowAllPolicies
When you specify an alias (on the Issuer Configurations page), Workload Identity Manager looks for the alternative claim name value in JWTs for authorizing gRPC and REST API clients.
You can specify custom values for any (or all) these claims.
If an alternative name is not specified for the claim, Workload Identity Manager looks for the default venafi-firefly
claim value in JWTs for authorizing gRPC and REST API clients.