How to Add Custom Attributes of User Profile as Claims in Tokens
Nov 17, 2025
API Access Management
Okta Classic Engine
Overview
This article describes how to add custom attributes to a user profile as claims in tokens.
Applies To
- OpenID Connect (OIDC) applications
- Custom claims
- Tokens
- Okta Classic Engine
Solution
Follow these steps to add custom attributes that are part of the user's profile in the id_token/access token:
- Ensure the custom attribute is created in the Okta user profile (Directory > Profile Editor) and app user profile.
- Make sure a mapping is created in the Profile Editor > Mappings for this attribute (from Okta to App).
- Verify this attribute is populated with a value for the user.
- [Skip this step if using the Org Authorization Server] If using a Custom Authorization Server to mint the token (Security > API > Authorization Servers), create a custom claim, provide an expression such as
appuser.{$customAttribute}in the Value field, and choose a token type (ID Token/ access token) in which this custom attribute should be.
- In the
/authorizeand/or/tokenrequests, make sure to include the profile scope.
NOTE:
-
When both the ID token and Access token are requested:
- The returned ID token will be "thin". (For more details, refer to Okta Groups or Attribute Missing from ID Token.)
- To retrieve the full list of claims, send the Access token to the Userinfo endpoint.
-
Custom attributes of a user profile:
- Available in the Userinfo endpoint only when using the Org Authorization Server.
- Not available when using a Custom Authorization Server. If using a Custom Authorization Server, include them as custom claims to access the user profile attributes.
