Managing Identity Mapper Sets

New
  • Published on Dec 14, 2025
  • 4 minute(s) read
Prev Next

Identity Mapper Sets connect logical Identity Attributes and act as a physical multi-source mapping profile for an Identity Template. Each set defines the Sources and Attributes to create a Mapper Set. It specifies where each Attribute comes from and how values are matched and translated, allowing the same logical model to support different data sources across Scopes.

Mapper Sets are managed in the Identity Workspace Settings. They preserve the logical structure while defining how underlying data is resolved, giving customers flexibility across contexts without duplicating templates.

When creating a new Mapper Set, the JSON Path parameter can be used to define the path from which the Platform can extract Identity Attribute values from the Authorization JWT. For more information, see Authorization APIs.

Check out a walkthrough of the Identity Mapper Sets below for more information:

Prerequisites

Ensure that you have Identity Attribute and Sources set up.

Refer to Managing Identity Attributes and Managing Identity Sources for more information.

Managing Identity Mapper Sets

The following sections describe how to create, edit, link, and manage Mapper Sets. Actionable processes are written as step-by-step sequences.

Creating a New Mapper Set

To create a new Mapper Set within an Identity Workspace:

To create a new Mapper Set:

  1. Hover over an Identity Workspace.
  2. Click the Settings icon.
  3. In Identity Workspace Settings, click Mapper Sets.
  4. Select New Mapper Set.
  5. Enter a Display Name.
  6. Enter a Mapper Set ID, or leave it blank to auto-generate an ID based on the Display Name.
  7. Add a Description (optional).
  8. Click Create.

After you create the Mapper Set, a new section appears allowing you to link data sources. A default PDP Request source is linked automatically and includes the PDP request-level mappings.

Adding a Source to a Mapper Set

Each Mapper Set can include multiple sources depending on your data architecture.

To add a source to a Mapper Set:

  1. Select a Mapper Set from the Mapper Set list. If you do not have one yet, refer to Creating a New Mapper Set.
  2. In the Mapper Set, scroll to Link Sources.
  3. Click Add Source.
  4. Choose an existing Source from the list.
  5. When linking Sources, input the Origin and Target fields to configure correlation rules and mapping definitions based on the Sources:
  • External Sources (used as Aux or Context): Ensure that you input valid JSONPath syntax in the Origin and Target fields.
    Note: External Output and Calculated Sources are used as Aux by default.
  • Calculated Sources: Define the calculation function
    • Use valid syntax: a capitalized function name, arguments in parentheses, and Attribute references enclosed in double curly braces, for example {{attributeID}}. Refer to Working with Calculated Attributes for a syntax guide.
  • PDP Request: Property name.
  • Request Mappers: JSONPath
    The PDP Request and Request Mappers are part of base evaluations, and are always prioritized in evaluation.
  • External Output: This Source is generated in Orchestration and can only be viewed.
  1. Save the Source block.

The Mapper Set now uses this Source as part of its Mapping process.

Editing a Source Within a Mapper Set

To edit a Source Mapping:

  1. In the Mapper Set page, select a Mapper Set.
  2. Click Edit next to the relevant Source Mapping.
  3. Modify or delete correlation rules, mapping definitions, or origin properties when applicable.
  4. Save your changes.

Note: In the PDP Request, you can edit Property Name, but not the UserID.

Removing a Source from a Mapper Set

To remove a source:

  1. In the Mapper Set page, select a Mapper Set.
  2. Click the Delete icon next to the relevant Source Mapping.
  3. Confirm the removal.

Removing a source deletes all associated mappings within that Mapper Set. System-required sources such as PDP Request cannot be removed.

Managing Multiple Mapper Sets

An Identity Template may include multiple Mapper Sets. You can switch between Mapper Sets from the list on the left side of the Mapper Sets screen. Selecting one displays its mappings, sources, and configuration.

Mapper Sets not assigned to a Scope may be marked as incomplete. They can still be configured, but they cannot be used for enforcement until assigned.

Deleting a Mapper Set

To delete a Mapper Set:

  1. Hover over the Mapper Set in the list.
  2. Select the Delete icon.
  3. Confirm the deletion.

A template must retain at least one Mapper Set. The UI prevents deleting the final remaining one.

Using Mapper Sets with Scopes

A Mapper Set becomes active only when associated with a Scope. This association determines which Mapper Set is used for Attribute resolution when a Policy is evaluated in that Scope.

To assign a Mapper Set to a Scope:

  1. In Environment Settings, click Scopes. If you do not have a Scope set, refer to Managing Scopes.
  2. Scroll to Identity Template Usage.
    • If editing an existing Scope, click Edit before continuing.
  3. Select the relevant Identity Mapper Set association from the dropdown.
  4. Save the Scope settings.

Only one Mapper Set may be assigned per Identity Template in a given Scope. During enforcement, the system uses this association to resolve Attributes in real time.

Using Mapper Sets with Orchestration

Identity Mapper Sets can also be used with Authorizers in the Orchestration Workspace. Refer to About the Discovery Process and Object Side Panel for more information.

Identity Mapper Sets unify logical identity structures with real-world data. By centralizing mapping behavior, supporting multiple contextual configurations, and simplifying source management, Mapper Sets deliver consistency and clarity throughout the Identity definition process.