claimMapping property

Gemini Enterprise only.

Maps SCIM attributes to Google attributes. This mapping is used to associate the attributes synced via SCIM with the Google Cloud attributes used in IAM policies for Workforce Identity Federation. SCIM-managed user and group attributes are mapped to google.subject and google.group respectively. Each key must be a string specifying the Google Cloud IAM attribute to map to. The supported keys are as follows: * google.subject: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes. * google.group: Group the authenticating user belongs to. You can grant group access to resources using an IAM principalSet binding; access applies to all members of the group. Each value must be a Common Expression Language expression that maps SCIM user or group attribute to the normalized attribute specified by the corresponding map key. Example: To map the SCIM user's externalId to google.subject and the SCIM group's externalId to google.group: { "google.subject": "user.externalId", "google.group": "group.externalId" }

Required. Immutable.

Implementation

WorkforcePoolProviderScimTenant class