Account Manager Claims Value Provider

The Account Manager claims provider retrieves claims by querying the configured account manager for the authenticated user’s account data. The available attributes depend on the account manager configuration and the schema defined in the connected user store.

Use Cases#

The Account Manager claims value provider enables token issuance workflows that require user profile data from centralized user stores.

Common use cases include:

• User Profile Claims: Include standard user attributes like email, phone number, name, and address in ID tokens and access tokens
• Custom Attributes: Add organization-specific user attributes stored in the account manager to tokens for business logic
• Role and Group Information: Retrieve user roles or group memberships from the user store for authorization decisions
• Dynamic Attribute Lookup: Fetch current user data at token issuance time to ensure tokens contain up-to-date information
• Multi-Source Integration: Combine account manager attributes with other claims providers for comprehensive token data

For detailed guidance on user data management and token design patterns, visit the User Management Profile .

Getting Started#

To create an Account Manager claims value provider, sign in to the Admin UI and navigate to Profiles → Token Service → Scopes → Claims Providers.

Select + New Claims Value Provider, give the provider a unique identifier and select the Account Manager type.

Select the Account Manager that contains the user data, and toggle the desired options.

The provider retrieves attributes from the selected account manager when tokens are issued. The authenticated user’s identifier determines which account record to query.

For more information on configuring account managers, see Account Managers .