Abbey Docs
  • 👋Welcome
  • Getting Started
    • Quickstart
    • Step-by-Step Tutorials
      • AWS: Managing Access to Identity Center Groups
      • AWS: Managing Access to Identity Center Permission Sets
      • AWS: Managing Access to IAM Groups
      • Azure AD: Managing Access to Groups
      • Confluent: Managing Access to Kafka ACLs
      • Databricks: Managing Access to Managed Tables in Unity Catalog
      • Databricks: Managing Access to Groups
      • GitHub: Managing Access to Teams
      • Google Cloud: Managing Access to Groups
      • Google Workspace: Managing Access to Google Groups
      • Kafka: Managing Access to ACLs
      • Okta: Managing Access to Groups
      • Postgres: Managing Access to Roles
      • Snowflake: Managing Access to Tables
      • Tabular: Managing Access to Apache Iceberg Roles
      • Tailscale: Managing Access to ACLs
      • Vault: Managing Access to Groups and Policies
      • Integrating Abbey with Terraform Cloud
      • Using Abbey with Atlantis
      • Using Abbey with Spacelift
    • Starter Kits
  • How Abbey Works
    • How Abbey Works
    • Key Concepts
  • Build a Grant Kit
    • Get a Starter Kit
    • Connect a Repo
    • Create a Grant Kit
    • Link Identities
    • Write Access Policies
    • Deploy Your Grant Kit
    • Request Access
    • Approve or Deny Access Requests
  • Use Cases
    • Time-Based Access
      • Expire After a Duration
      • Expire At a Specific Time
    • Approval Workflows
      • Using a Single Approval Step
      • Using Multiple Approval Steps
      • Conditionally Skip Approval Steps
  • Admin
    • User Roles
    • Sign-in and MFA
      • Sign-in Methods
      • Multifactor Authentication (MFA)
      • Enabling Single Sign-On
    • Sources
      • PagerDuty
      • Directory Sync
    • End User Notifications
    • Manage API Tokens
  • Reference
    • Grant Kits
      • Workflows
      • Policies
      • Outputs
    • Referencing Users and Groups
    • Linking Application Identities into Abbey
      • Why do I need to link application identities?
      • How do I Link Application Identities?
      • Supported Application Identity Types and Schemas
      • Application Data Object
    • Access Policies
      • Types of Access Policies
      • Policy Bundles
      • Inline Policies
      • Helper Functions
      • Policy Examples
    • Terms of Service
    • FAQ
      • Troubleshooting
  • Resources
    • Abbey Labs
    • Terraform Registry
    • GitHub
    • System Status
    • Privacy Policy
    • Logo
Powered by GitBook
On this page
  • Identity Linking JSON Shapes
  • Application Identity Types
  • Custom Identity Types
  1. Reference
  2. Linking Application Identities into Abbey

Supported Application Identity Types and Schemas

PreviousHow do I Link Application Identities?NextApplication Data Object

Last updated 1 year ago

Identity Linking JSON Shapes

Identities are linked by POSTing to the /v1/users/<userID>/apps endpoint. Payloads are of the following shape:

{"type": "<application type>", "data": { ... application data ... }}

The data payload of each application type must contain certain keys that Abbey uses to make sure that an application has had its data linked properly.

For more details on APIs used to link apps, take a look at .

Application Identity Types

Application Type
Application Name
Required Keys

aws_iam

AWS IAM Account

account_id, id

aws_identitystore

AWS Identity Center

id

github

Github

username

okta

Okta

user_id

google

Google Cloud

id

googleworkspace

Google Workspace

email

Note that aws_iam is a special application type. account_id must be unique.

Custom Identity Types

Any identity type not covered in the above table is considered a custom identity types. There is no set of required keys needed to link application identity data for a custom identity type. For example the below payload:

{"type": "my-custom-app", "data": {"foo": "bar"}}

now allows references of the form:

  • .user.my-custom-app.foo in grant kits

  • data.user.my-custom-app.foo in policy code

https://developers.abbey.io/#operation/createAppData