Claim Management

Learn more about how to use claims to map account attributes in the identity store to a set of defined claims

What Are Claims?

Conceptually, a “claim” represents a piece of information related to a particular entity (in most cases, a user), typically being sworn to by an identity provider, when a token or assertion is obtained.

In practice, claims are typically a collection of name/value pairs. The example below shows a collection of name/value pairs that you might find in something like an OpenID Connect (OIDC)id_token.

{
"family_name": "Smith",
"given_name": "John",
"middle_name": "B",
"preferred_username": "jsmith",
"website": "https://brandtegrity.io",
"locale": ""en-GB"
"gender": "male"
"updated_at": 2352123875,
}

Why Do I Need Claim Management?

Because of the standards centric nature of customer identity, it is advantageous to have a high level of customization with regards to how a brand stores, displays and shares user profile data. Customers may be acquired in a variety of means: via standard registration UI, via federation protocols such as SAML/OIDC, or via social login. Customers may also be federated out to other systems controlled by a brand via similar protocols.

Claim management is used to define a mapping between account attributes within an identity store and claims within a token or assertion, and vice versa. It is this management of claims, or a Claims Mapping, that allows Fusion to map local attributes to any defined claims that an application may require.

Fusion layers Claim Management into three conceptual levels:

  • Account Attributes: Account attributes represent the root meaning of a piece of customer data. Documentation on account attributes can be found here.

  • Native Claims: Native claims represent how customer data is expressed within Strivacity Fusion. This is how a customer will see this customer data within the product.

  • Claim Mappings: Claim mappings represent how customer data is expressed or obtained outside of Strivacity Fusion. For instance, a claim mapping could control how customer data is expressed within something like an OIDC id_token. Or, a claim mapping could control how data is obtained from a Social Login profile such as Facebook.

Social Login Claim Management

In addition to OIDC claim management, admins can now manage claim mappings for any social login providers, providing full control over the scope of what customer account information is synchronized and stored from social platforms with Fusion and any other Fusion integration applications, like CRM.

For further information see Social Login Claim Management on how to configure this for each social login provider