AWS::VerifiedPermissions::IdentitySource OpenIdConnectGroupConfiguration

The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.

This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "GroupClaim" : String,
  "GroupEntityType" : String
}

YAML


  GroupClaim: String
  GroupEntityType: String

Properties

GroupClaim

The token claim that you want Verified Permissions to interpret as group membership. For example, groups.

Required: Yes

Type: String

Minimum: 1

Update requires: No interruption

GroupEntityType

The policy store entity type that you want to map your users' group claim to. For example, MyCorp::UserGroup. A group entity type is an entity that can have a user entity type as a member.

Required: Yes

Type: String

Pattern: ^([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*$

Minimum: 1

Maximum: 200

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

OpenIdConnectConfiguration

OpenIdConnectIdentityTokenConfiguration