Used to generate additional user Claims which can be used later on in Policy assignment, Entitlements and Conditions.
User Claim Scripts are so called because they create additional user claims. User claim scripts are run AFTER both user sign-in and running the device claim scripts but BEFORE the Policy assignment. Scripts can include existing user, device and system claims, and the additional user claims it generates can be used elsewhere in the system. Within the Controller the new claims can be used as assignment criteria within Policies. These new claims are also added to the claims Token; so within the Gateway, they can be used as access criteria in Conditions and used in Entitlement scripts to define protected hosts.
Requirements/Considerations
The script runs on the Controller whenever a user is authenticated and at claims token renewal.
The script runs in a sandboxed JavaScript engine which supports external httpGet/Post/Put/Delete calls.
Multiple user claim results (dictionary) are merged. There is no clear strategy to handle these conflicts - one will override the other.
The final claims are not encrypted.
Before you start
Get a better understanding of user claims including details relating to user claim scripts
General background on the use of scripts
Refer to claims in detail for information about all the claims used in the system.
Use the User Claim Scripts form to:
Add a new user claim script
Edit an existing user claim script