Home > Guides > Workspace administrator > Attributes > Claims

Configuring claims for ID tokens and access tokens

Instructions on configuring claims using authentication context attributes

With claims you can control which authentication context attributes are included in ID tokens and access tokens.

Steps

  1. Log in to the ACP Administrator Portal with your credentials and make sure that you are in the Consumer workspace.

  2. From the sidebar, select Settings to preview settings for the Consumer workspace.

  3. In the Cloudentity ACP Workspace Settings view, select CLAIMS from the top menu.

    Result

    Predefined lists of claims get displayed: one claims list for each token type (ID tokens or Access tokens).

  4. Select a list label to toggle the display of claims on the list.

  5. To preview claim details, select a claim from the list.

    Result

    The Edit claim dialog box opens and displays claim details: Claim name, Source, and Scopes.

    Note

    In the Edit claim dialog box, you can also edit claim details. Source values are defined in the authentication context.

  6. To create a new claim:

    1. Select ADD CLAIM from the bottom of the list.

      Result

      The Add claim dialog box gets displayed.

    2. In the Add claim dialog box, set claim details: Claim name, Source, and Scopes.

      Note

      • If you leave out the Scopes field, your claim is always added to the token.
      • If you specify one scope, your claim is added only if the user grants the client access to the specified scope.
      • If you specify more than one scope, the claim is added if the user grants the client access to one of the specified scopes.
      • Source values are defined in the authentication context.

    3. Select CREATE to save your new claim.

Example

For the access token, let’s have a new claim named groups with Source value set to List of groups that user belongs to (selected from the dropdown list of sources predefined in the authentication context).