Configure OIDC in JFrog Platform

JFrog and GitHub Integration Guide

ft:sourceType
Paligo

JFrog and GitHub integration using OpenID Connect (OIDC) establishes trust between GitHub Actions and the JFrog Platform. This setup automates token management and enhances security through OIDC for verifying identities. The OIDC provides a short-lived token for use in GitHub Actions, which can also be utilized with JFrog CLI.

Using OIDC in your workflows, allow GitHub Actions CI pipelines to download and publish artifacts without generating tokens and limit access to specific repos in Artifactory.

  • Seamless Access

    Provides automatic, secure access to JFrog resources without manual token creation.

  • Enhanced Security

    Provides short-lived tokens based on identity, applying tokens based on assigned privileges.

  • User Traceability

    Identifies users performing actions on the JFrog Platform.

  • Passwordless Experience

    Eliminates the need to store secrets.

GitHub Actions automatically builds and deploys artifacts to JFrog Artifactory. OIDC integration ensures secure and efficient authentication, maintaining compliance and traceability.

  • Reduce Configuration Errors

    Use general OIDC parameters for GitHub configuration and identity mapping.

  • Configuration at Scale

    • Dynamic User Mapping

      Automatically maps GitHub user identifiers instead of individually mapping each user.

    • Wildcard Support

      Defines patterns for identity mapping, such as matching all repositories within an organization (for example, "sub": "repo:name-org/*").

OIDC Projects Support

OIDC integration establishes a trust relationship between JFrog and GitHub Actions, specifically for JFrog projects.

Project-Specific Authorization: Enables Project Admins to create identity mappings with project-specific authorizations, linking GitHub repositories to JFrog Projects.

Advantages:

  • Scalability: Delegates project admin tasks, reducing dependency on platform admins

  • Team Isolation: Enhances data protection by isolating access

  • Improved Performance: Minimizes conflicts

  • Enhanced Security: Limits access to the scope of the project only

Project Admins can create identity mappings with project-level authorizations to connect GitHub repositories with JFrog Projects.

To learn more, refer to GitHub Actions OIDC Integration Workflow and Configuring OpenID Connect in JFrog.GitHub Actions OIDC Integration Workflow

Related Information