<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y000091j0LkSAIOkta Classic EngineUniversal DirectoryAnswered2024-04-15T12:40:30.000Z2020-08-19T17:52:58.000Z2020-08-20T17:33:23.000Z

t823e (t823e) asked a question.

August 19, 2020 at 5:52 PM
Custom attributes in OIDC per-app

I am hoping to figure out how to send custom attributes on a per-app basis for OIDC style apps. I know I can make my own claims and these claims are added to the token but the problem is then ANY app who uses that auth server would also get that claim attribute - which is not desired. I read somewhere that adding a custom attribute to the app profile would automatically show up in the token - but that does not seem to work for me. Any suggestions?

 

  • 3 answers
  • 690 views

  • t823e (t823e)

    yeah basically the options are:

     

    1. set custom auth servers, custom scopes per-app, add claims to relevant scopes, add access policy per app/scope.
      1. Wondering how messy this will get - I have no idea what my limit is for scopes/access policies I can add. This method allows granular control though which is important for our use case
    2. Let people use the org auth server instead of custom servers and just set the attributes in the profile mapping for the app
      1. This is a more simplistic option but I lose insight for which apps are accessing the server.
    Expand Post

  • BhaskarM.18336 (Customer)

    I use both based on "business unit" need.

    if they don't have such need on custom claims use default one

    if they need custom claims , use custom auth

     

This question is closed.
Loading
Custom attributes in OIDC per-app