Log in to the GCP Console using administrative privileges.
Select IAM & Admin -> Workload Identity Federation from the navigation menu.
From the selector on the top, select the project where you want to create a workload identity pool.
Click + CREATE POOL.
Enter the following values in the Workload Identity Pool details on the Create Workload Identity Pool page:
Enter the workload identity pool name and description and click CONTINUE.
To add a provider to the pool, select OpenID Connect (OIDC) from the drop-down list and add the following provider details:
Provider Name. This is the provider ID.
Britive tenant’s OAuth URL, for example: https://<TENANT_BASE_URL>/api/auth/sso/oauth2.This field can be copied from the onboarded Britive GCP WIF app→Settings→Britive Issuer URL.
Default Audience must be selected.
Click CONTINUE.
Add the following provider attributes:
google.subject → assertion.sub
click + Add Mapping
attribute.email → assertion.email
Click SAVE.
Creating a Workload Identity Pool and Provider
Was this article helpful?