OIDC Scopes and Claims

The following is a list of the supported scopes and claims for the OIDC protocol.

Standard Claims

Scope

Claim(s)

Data Source

Visibility

openid

Required.  Returns the sub claim, which uniquely identifies the user. In an ID Token, iss, aud, exp, iat, and at_hash claims will also be present. To learn more about the ID Token claims, read ID Token Structure.

profile

family_name
given_name
name
preferred_username

sn
givenName
displayName
berkeleyEduKerberosPrincipalString

email

email

berkeleyEduAlternateID

private

Custom Claims

Scope

Claim(s)

Data Source

Visibility

berkeley_edu_default

uid
affiliations
groups

uid
berkeleyEduAffiliations
berkeleyEduIsMemberOf

berkeley_edu_groups

groups

berkeleyEduIsMemberOf

berkeley_edu_dept_number

department_number

departmentNumber

berkeley_edu_employee_id

employee_id

berkeleyEduUCPathID

private

berkeley_edu_cs_id

cs_id

berkeleyEduCSID

private

berkeley_edu_student_id

student_id

berkeleyEduStuID

private

berkeley_edu_ou

ou

ou