Admin Groups Claims Value Provider

The Admin Groups claims provider returns group membership data for administrators based on their authentication within the Curity Identity Server‘s administrative interface. This allows downstream systems to make authorization decisions based on administrative roles and permissions.

Use Cases#

The Admin Groups claims value provider enables administrative authorization and access control scenarios within the Curity Identity Server ecosystem.

Common use cases include:

• Administrative Authorization: Include administrator group membership in tokens to enable fine-grained access control for administrative APIs and tools
• Role-Based Access Control: Provide administrative role information to downstream systems that need to enforce permissions based on admin group membership
• Audit and Compliance: Include group membership claims in tokens for audit trails that track which administrative groups performed specific actions
• Multi-Tenant Administration: Differentiate administrative access across multiple tenants or organizational units based on group membership
• Delegated Administration: Enable partial administrative capabilities by issuing tokens with specific admin group claims for delegated administrators

Getting Started#

To create an Admin Groups claims value provider, sign in to the Admin UI and navigate to Profiles → Token Service → Scopes → Claims Providers.

Select + New Claims Value Provider, give the provider a unique identifier and choose the Admin Groups type.

The provider retrieves group membership information for the authenticated administrator when tokens are issued.

Available Attributes#

The Admin Groups claims value provider returns:

• Administrative group names and identifiers that the authenticated administrator belongs to
• Group membership information from the Identity Server’s administrative user store