- \n
- Log in to the JumpCloud Administrator Portal<\/a>.<\/li>\n\n\n\n
- Navigate to USER AUTHENTICATION > SSO<\/strong>.<\/li>\n\n\n\n
- For a new application:\n
- \n
- Click + Add New Application<\/strong>.<\/li>\n\n\n\n
- Click Custom OIDC App<\/strong>. <\/li>\n\n\n\n
- Enter a name in the Display Label<\/strong> field. Optionally you can add a Description <\/strong>and adjust the Display Option<\/strong>.<\/li>\n\n\n\n
- Select the SSO <\/strong>tab.<\/li>\n\n\n\n
- Under Attribute Mapping (optional)<\/strong>, use Standard Scopes and configure user, constant, and group attributes. <\/li>\n\n\n\n
- Click activate<\/strong>. <\/li>\n<\/ol>\n<\/li>\n\n\n\n
- For an existing application:\n
- \n
- Search for and select the desired application.<\/li>\n\n\n\n
- Select the SSO <\/strong>tab.<\/li>\n\n\n\n
- Under Attribute Mapping (optional)<\/strong>, use Standard Scopes and configure user, constant, and group attributes.<\/li>\n\n\n\n
- Click save<\/strong>. <\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n
Attribute Mappings (optional)<\/strong><\/h2>\n\n\n\n
Standard Scopes<\/strong><\/h3>\n\n\n\n
Scopes are space-separated lists of identifiers used to specify what access privileges are being requested. JumpCloud supports two of OIDC’s built in scope identifiers. Each scope includes different user attributes that are sometimes required by the Service Provider.<\/p>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\")
<\/p><\/div>Note:<\/strong> \nYou can edit the Service Provider Attribute Name according to their specifications. The JumpCloud attribute cannot be edited.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
\nSupported Scope Properties<\/h3>\n
\n \n\n \n \n \n \n \n\n OIDC Property <\/th>\n \n Description <\/th>\n \n Required <\/th>\n \n JumpCloud Property <\/th>\n <\/tr>\n \n openid <\/td>\n \n Identifies the request as an OpenID Connect request. <\/td>\n \n Yes <\/td>\n \n openid <\/td>\n <\/tr>\n \n profile <\/td>\n \n Requests access to the end user's default profile claims. <\/td>\n \n No <\/td>\n \n profile <\/td>\n <\/tr>\n \n email <\/td>\n \n Requests access to the email and email_verified claims. <\/td>\n \n No <\/td>\n \n email <\/td>\n <\/tr>\n \n offline_access <\/td>\n \n Requests a refresh token used to obtain more access tokens without re-prompting the user for authentication. <\/td>\n \n No <\/td>\n \n offline_access <\/td>\n <\/tr>\n <\/table>\n<\/div><\/div>\n\n\n\n Scope Values<\/strong><\/h3>\n\n\n\n
- \n
- openid is required for any OpenID request connect flow. If the openid scope value isn’t present, the request may be a valid OAuth 2.0 request, but it’s not an OpenID Connect request.<\/li>\n\n\n\n
- profile requests access to these default profile claims: family_name, given_name.<\/li>\n\n\n\n
- offline_access can only be requested in combination with a response_type that contains code. If the response_type doesn’t contain code, offline_access is ignored.<\/li>\n<\/ul>\n\n\n\n
A Standard Scope can be added to the connector by selecting one or both of the scopes.<\/p>\n\n\n\n
Additional User Attributes<\/strong><\/h3>\n\n\n\n
Additional attributes can be added to the OIDC connector with or without Standard Scopes. There are three types of attributes available.<\/p>\n\n\n\n
User Attribute Mapping<\/strong><\/h4>\n\n\n\n
- \n
- User-specific attributes sent to the Service Provider. For example, the Service Provider requires the location and job title for each user. Mapping those two attributes to JumpCloud attributes will add those claims (attributes) to the ID token.<\/li>\n<\/ul>\n\n\n\n
Constant Attributes<\/strong><\/h4>\n\n\n\n
- \n
- Constant-value attributes sent to the Service Provider. For example, a constant attribute for session duration limits session times for all users of the application, or service provider. <\/li>\n<\/ul>\n\n\n\n
Group Attributes<\/strong><\/h4>\n\n\n\n
- \n
- Groups that connect the user to the application are included in assertions to that application. The Groups Attribute Name is the service provider’s name of the group attribute (e.g. memberOf). <\/li>\n\n\n\n
- If the Group Attribute option is selected and the field is prepopulated with the group attribute name, that means we\u2019ve validated that the group attribute is supported by the service provider. If the group attribute option isn\u2019t selected and the Group Attribute Name field is empty, you need to find out if the service provider supports group attributes on your own. <\/li>\n<\/ul>\n\n\n\n<\/p><\/div>Note:<\/strong> \n
When you select the group attribute option for a connector, you must include a Groups Attribute Name. You’ll receive an error when you attempt to activate the connector if you select this option and leave Groups Attribute Name blank.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Group attributes may be used in some service providers to map roles.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
Creating or updating the OIDC App Attribute Mappings (optional) Standard Scopes Scopes are space-separated lists of identifiers used to specify […]<\/p>\n","protected":false},"author":205,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2855,2993,2902],"support_tag":[],"coauthors":[2839,2841],"acf":[],"yoast_head":"\n
OIDC Attributes (Claims) - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to find and configure OIDC Attributes (Claims)\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OIDC Attributes (Claims)\" \/>\n<meta property=\"og:description\" content=\"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-17T21:25:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"joyjaswinski, Nate Copt\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims\",\"url\":\"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims\",\"name\":\"OIDC Attributes (Claims) - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-05-23T21:18:27+00:00\",\"dateModified\":\"2023-07-17T21:25:47+00:00\",\"description\":\"Learn how to find and configure OIDC Attributes (Claims)\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"OIDC Attributes (Claims)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"OIDC Attributes (Claims) - JumpCloud","description":"Learn how to find and configure OIDC Attributes (Claims)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims","og_locale":"en_US","og_type":"article","og_title":"OIDC Attributes (Claims)","og_description":"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.","og_url":"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims","og_site_name":"JumpCloud","article_modified_time":"2023-07-17T21:25:47+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes","Written by":"joyjaswinski, Nate Copt"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims","url":"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims","name":"OIDC Attributes (Claims) - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-05-23T21:18:27+00:00","dateModified":"2023-07-17T21:25:47+00:00","description":"Learn how to find and configure OIDC Attributes (Claims)","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/oidc-attributes-claims"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/oidc-attributes-claims#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"OIDC Attributes (Claims)"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/86695"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/205"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/86695\/revisions"}],"predecessor-version":[{"id":94009,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/86695\/revisions\/94009"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=86695"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=86695"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=86695"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=86695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Group attributes may be used in some service providers to map roles.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
- Constant-value attributes sent to the Service Provider. For example, a constant attribute for session duration limits session times for all users of the application, or service provider. <\/li>\n<\/ul>\n\n\n\n
- User-specific attributes sent to the Service Provider. For example, the Service Provider requires the location and job title for each user. Mapping those two attributes to JumpCloud attributes will add those claims (attributes) to the ID token.<\/li>\n<\/ul>\n\n\n\n