Nexeed

Multitenant Access Control
    • Developer documentation
      • Concepts
        • Authentication
        • Authorization
        • Resources
        • Roles
        • Sharing
      • Getting started
        • Registration
        • Authentication
        • Authorization
        • Multitenancy
      • How-to
        • Get & handle tokens
        • OAuth 2.0 for Mobile and Native Apps
        • Evolve authorization in your application lifecycle
        • Use Web Core for user login
        • Handle our integration events
        • Do automated testing
        • Advertise things to colleagues
      • Deep dives
        • OAuth2 and its flows
        • OpenID Connect endpoints
      • Troubleshooting
Multitenant Access Control
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Reporting Management
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator
Nexeed Learning Portal
  • Multitenant Access Control
  • Mapper Overview
✎

Mapper Overview

Mappers enable attributes from the identity of a user to be transferred from the identity provider to Nexeed Industrial Application System (transport via ID token). The following options are available for transferring attributes:

  • Transfer identity attributes to the user profile in Nexeed Industrial Application System using the "Attributes Importer" mapper (e.g. first name or last name)

  • Set identity attribute as user name (e.g. claim "preferred_username" using the "Username Template Importer" mapper).

    This definition takes place once during the initial login of the user and cannot be changed again.

  • Use identity attributes using the "Advanced claim to group mapper" mapper to add users to a group of the Multitenant Access Control and authorize them with predefined roles.

Add Mapper

Prerequisite

Group Mapper Manager or Identity Provider Manager role

Procedure

  1. Call up the Access management > Identity provider menu.

  2. Click on an entry in the list of identity providers.

    The details area of the selected identity provider appears.

  3. In the header of the details area, add a new mapper with add_border.

    The Add Mapper dialog appears.

    Fields marked with an asterisk (*) are mandatory and must be completed.
    mac_identity provider overview_add mapper

  4. In the Name text field, enter a freely selectable (user-friendly) name for the mapper.

  5. In the Synchronization Mode drop-down list, specify how the mapper is to be synchronized:

    • Inherit

      Applies the synchronization mode that has been set for this identity provider.

    • Import

      The user information is synchronized with Nexeed Industrial Application System once when the user logs in for the first time.

    • Legacy

      Current settings in Nexeed Industrial Application System are retained.

    • Force

      The user information is synchronized upon every login.

  6. Select the group assignment from the Type drop-down list.

    • Extended Claim to Groups

      Adds the user to a Multitenant Access Control group and authorizes the user with predefined roles.

      This group assignment can only be made by the Group Mapper Manager.

    • Attribute Import

      Transfers attributes of externally defined users to attributes or properties of the imported Nexeed Industrial Application System user.

    • Name Template for Users

      Maps externally defined OIDC claims or SAML attributes with a template to the user name of the imported Keycloak user.

      Depending on the selected Type , different input fields are displayed below.

  7. Mapper selection Extended Claim to Groups :

    • Enter Claim Name.

      A claim is an attribute in the user’s ID token.

    • Enter Claim Value.

      The claim value must be included in the claim’s value list in order to add the user to a Nexeed Industrial Application System group.

    • In the Group list, select the Nexeed Industrial Application System group to which the new mapper is to be linked.

  8. Mapper selection Attribute Import :

    • Enter Claim Name.

    • Enter Name of the User Attribute.

      A user attribute provides information about the user, such as email address, first name or last name. The name of the user attribute is defined by the identity provider and can be different for each identity provider. Only one attribute can be entered.

  9. Mapper selection Name Template for User :

    • Enter Template.

      Entering the name template "${ALIAS}.$\{CLAIM.preferred_username}" results in "idp.johndoe" for the identity provider with the alias "idp" and the preferred_username claim value "johndoe".

      It is possible to convert to lowercase or uppercase letters with "$\{CLAIM.sub | lowercase}" or "$\{CLAIM.sub | uppercase}" respectively.

    • Enter the storage location for the user name in the Target input field.

      LOCAL (default) for saving in the local database during user import or BROKER_ID and BROKER_USERNAME for saving in the ID or in the user name used during the federated user lookup.

  10. Click Save.

The mapper is added.

Edit mapper

Prerequisite

Group Mapper Manager or Identity Provider Manager role

Procedure

  1. Call up the Access management > Identity provider menu.

  2. Click on an entry in the list of identity providers.

    The details area of the selected identity provider appears.

  3. Select a mapper and open it for editing with mdm_edit_icon.

    The Edit Mapper dialog appears.

    Only the Group Mapper Manager can make changes to mappers of the Claim to Group type.

  4. Make changes to the mapper Add Mapper.

  5. To save the changes, click Save.

The mapper is changed.

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses