Managing Identity Sources

Updated
  • Updated on Dec 14, 2025
  • Published on May 17, 2023
  • 3 minute(s) read
Prev Next

Identity Sources enable you to create Authorization Policies using information from multiple Identity Sources. These Sources can be defined locally or pulled from External Identity Sources within your Organization. When creating a new Source, you define the Source Type and determine how identity information is collected or computed.

For each Identity Workspace, these Sources provide identity information during Policy evaluation and ensure the Authorization Platform can make accurate runtime decisions.

Defining a New Identity Source

Identity Sources enable the Platform to ingest or compute identity information used during Policy evaluation. Before creating a Source, ensure you understand whether the identity data will be retrieved externally or calculated within the Authorization Platform. This helps you select the appropriate Source Type and configuration.

To create a new Identity Source:

  1. In your Identity Workspace Settings, click the Sources tab.

  2. Select New Source.

  3. In the General section, complete the following fields:

    • Source Type: Select the type of Source you want to configure. Available fields and behavior depend on the Source Type. See the Understanding Source Types section for more information.
      The dropdown contains multiple source types, each of which can be selected only once, except for External Input.

    • Display Name: Enter the Source Display Name. This appears in the Source list and next to mapped Attributes.

    • Source ID: Provide a unique identifier for this Source. This ID is used when referencing the Source throughout the Workspace.

    • Description: Optionally describe the purpose or role of this Source.

    • Logo URL: Enter a URL for the logo associated with this Source. This icon appears in the Identity Workspace and next to mapped Attributes.

  4. If External Input is selected, complete the Source Metadata section:

    • PAA Group ID: Select the Policy Authorization Agent Group from which this Source retrieves identity data.

    • View Name: Select the View that represents the external data used by this Source.
      Note: Changing the View removes all existing Attribute mappings.

  5. If Calculated is selected, define calculation functions for the Attributes in the Mapper Sets. See Managing Identity Mapper Sets for more information.

  6. Select Create. The Source is added to the Source list.

Extracting the Source ID

The Source ID uniquely identifies the Source and is required when referencing it in Policies, mapping configurations, or external integrations. You can view it at any time in the Source’s General settings.

To retrieve the Source ID:

  1. In your Identity Workspace Settings, click the Sources tab.

  2. Select the relevant Source.

  3. View the Source ID displayed in the General section.

Editing a Source

You may need to update a Source when identity structures change, external systems are replaced, or new Attributes need to be evaluated. Editing lets you adjust configuration without recreating the Source.

To edit a Source:

  1. In your Identity Workspace Settings, click the Sources tab.

  2. Select the relevant Source.

  3. Select Edit.

  4. Make the required changes and save.

Note: Changing the View Name removes all existing Attribute mappings.

Deleting a Source

When a Source is no longer used, you can remove it to keep the Workspace organized. Deleting a Source does not remove the Identity Attributes it previously mapped to. These Attributes remain available in the Platform.

To delete a Source:

  1. In your Identity Workspace Settings, click the Sources tab.

  2. Hover over the relevant Source card.

  3. Select the trash icon.


Understanding Source Types

  • External Input

    • Used to retrieve identity information from an external Source via a PAA Group and View.

  • Calculated

    • Calculated Attributes allow dynamic evaluation of values derived from other Attributes or external data. They support advanced logic during runtime and enhance the completeness and precision of Policy decisions. These values are computed at runtime during Policy evaluation. For more information, see Managing Identity Mapper Sets and Working with Calculated Attributes.

  •  Request Input (PDP Request)
    • This source defines the Attributes included in the PDP request (entityAttributes parameter) and how they are returned in the response. 

  • Request Mappers

    • This source defines Attributes from request structures (e.g., Authorization JWT, headers). Each attribute must be specified using a valid JSONPath expression

  • External Output (View Only)

    • Sources that are going to be generated from the Orchestration processes. This is not a selectable field, but are generated in Orchestration.

Identity Sources form the foundation of identity-driven Policy evaluation in the Authorization Platform. By defining the appropriate Source Type, mapping only the Attributes required for evaluation, and maintaining Sources as external systems evolve, you ensure that Policies are evaluated accurately and efficiently. Proper Source configuration improves runtime performance, supports consistent identity modeling, and strengthens the overall authorization workflow.