Create, manage and delete federated identity providers

Create a federated identity provider

Navigate to IAM and Management > Service accounts.
Select the service account you want to create a federation for.
Navigate to Federated identity providers.
Select + Add a federated identity provider.
Provide a short, unique name for the federation.
Specify the issuer URL for the trusted identity provider. This must be the exact iss value found in tokens from this provider. It must use HTTPS and must not include a trailing slash.
Add a series of assertions that will define the behaviour or claims within the this Federated Identity Provider for it to be accepted.
- Assertions define an Item, an Operator, and a Value. Items that can be defined include, for example, subject and audience and currently only the equality operator is supported.
- An assertion for the audience (aud) is required and must be always provided. If not provided the federation cannot be created.
- Tokens are accepted only when all assertion conditions are met.
- For example, assertions might require sub (subject) to be shop-api AND aud (audience) to be clients.
Select Create.

You see an overview of federated identity providers, the issuer URL, and the creation and last update dates.

You see the name, issuer URL, and assertions.

Navigate to IAM and Management > Service accounts.
Select the service account whose federations you want to delete.
Navigate to Federated identity providers.
Select the three dots at the end of the row for the federated identity provider you want to delete.
Select Delete provider.
Select Delete to confirm.