Create a scope
By default there are no scopes when a Tenant is created. Creating a scope is simple and involves only a couple of steps.
- Navigate to the Scopes Admin Page (https://www.theidentityhub.com/{tenant}/Admin/Scope) of your Tenant and click on Add. If you don't have a Tenant yet, you can register one for free.
- Type a Name and Description of the Scope.
- Click Save.
Configuration parameters
| Parameter | Description |
|---|---|
| Name | Name of the scope. |
| Description | Description of the scope. |
| Token life time | The life time of an access token (OAuth 2.0/OpenID Connect) when this scope is granted for the access token. See Token Life Time |
Add a claim rule to a scope
When scopes are requested it is possible to allow the scope only to be granted under certain conditions.
This can be either the presence of a specified claim for the user or the user should have a specific claim with a specific value.
When multiple claim rules are specified all should be satisfied before the scope will be granted.
| Parameter | Description |
|---|---|
| Claim | The claim the user should have, eg the user should have an emailaddress |
| Value | The specific value that a claim should have, eg the user should be in a specific role. |
The Identity Hub related scopes
The Identity Hub has endpoints that require the app calling the endpoint to have a specific scope. In case you have apps that use these endpoints create the related scopes in your tenant and assign them to the specific apps.
| Scope | Purpose | Used by |
|---|---|---|
| tih_import | The scope required for apps that import users | Onpremises ADSync tool |
| tih_searchusers | The scope required for apps that search users | The Identity Hub Claimsprovider in Sharepoint |