Configuring User Claims or Permission in Scope

You can include user’s attributes or a client application’s claim in the scope.

  1. (Conditional) If you chose User attributes to create scope, perform the following steps:

    1. Select the required attribute set from the LDAP profile or create a new attribute set.

      This lists the user attributes in the attribute set.

      NOTE:You can add any configured LDAP based virtual attribute to the scope of the access token. You can add a virtual attribute by creating an attribute set that includes the virtual attributes. For information about creating an attribute set, see Configuring Attribute Sets.

    2. To add the user attribute scope to the access token, select the required attributes that should be added to the access token, then click Add > Add to Access Token.

      If you want to remove a specific attribute from the access token, click Remove > Remove from Access Token. When you remove the attribute from the access token, the attributes will not be removed from the already issued token.

    3. To add the user attribute scope to the ID token, select the required attributes that should be added to the ID token, then select Add > Add to ID Token.

      NOTE:The token size varies based on the attribute value that is included in the token. Hence, it is recommended to include only the required attribute to the token.

      If you require to remove a specific attribute from the ID token, select the attribute then click Remove > Remove from ID Token.

      NOTE:The attributes are not added to or removed from an issued ID token.

    4. (Conditional) If you require the selected attributes to be available in both ID token and access token, then after selecting the attributes click Add > Add to Both.

      If you require to remove specific attributes from both access token and ID token, then after selecting those attributes click Remove > Remove from Both.

  2. (Conditional) If you have used Custom Claims/Permissions, perform the following:

    1. Click New to create a new custom claim.

    2. In Add claim/permission, specify the permission that the client is allowed after consuming the access token.

    3. Select the required claim that to be added to the access token, then select Add > Add to Access Token.

      To remove a specific claim from an access token, click Remove > Remove from Access Token.

      NOTE:The claims are not added to or removed from an already issued access token. You can view the new Claims/Permissions in the claims set. The key name is claims and the value is a list of strings.

    4. Select the required claim to be added to the ID token, then select Add > Add to ID Token.

      To remove a specific claim from the ID token, click Remove > Remove from ID Token.

      NOTE:Claims are not added to or removed from an issued ID token. You can view the new Claims/Permissions in the claims set. The key name is claims and the value is a list of strings.

    5. (Conditional) If you require to select the claims that must be available for both access token and ID token, then after selecting the claims click Add > Add to Both.

      To remove claims from both tokens, select claims, and click Remove > Remove from Both.

      NOTE:The claims are not added to or removed from the already issued tokens. These claims are displayed as list of strings under the claims attribute in access and ID tokens.