Standard OAuth/OIDC Scope & SAML AuthnContext Values
An OAuth scope and SAML AuthnContext is a parameter that defines the level of access or permissions requested by an application to access a user's data or perform actions on their behalf, ensuring data and privacy protection. This represents the authentication context, detailing how a user will authenticate and establish the confidence level in the authentication event for security and trust.
What is an OAuth & OIDC scope?
In OAuth, a scope is a parameter that defines the access level or permissions requested by an application when trying to access a user's data or perform specific actions on their behalf. It limits what the application can do and access, ensuring that the user's data and privacy are protected.
What is SAML AuthnContext?
In SAML, AuthnContext refers to the authentication context, which provides information about how a user was authenticated. It specifies the method or mechanisms used to verify a user's identity during the authentication process. AuthnContext helps establish the level of confidence in the authentication event, ensuring that the received assertions are based on the desired level of security and trust.
Standard Scope & AuthnContext Values
Authentication
| Scope/AuthContext Value | Policy Description | |
|---|---|---|
| login | ID.me Social Login | Learn more |
| mfa | Multi-Factor Authentication | Learn more |
| http://idmanagement.gov/ns/assurance/ial/1/aal/2 | NIST IAL1/AAL2 | Learn more |
Identity Verification
| Scope/AuthContext Value | Policy Description | |
|---|---|---|
| kba_replacement | Identity proofing requiring one piece of evidence. | Learn more |
| fortified_identity | Identity proofing requiring two piece of evidence. | Learn more |
| http://idmanagement.gov/ns/assurance/ial/2/aal/2 | NIST IAL2/AAL2 | Learn more |
Attributes Exchange & Community Verification
| Scope/AuthContext Value | Policy Description | |
|---|---|---|
| military | Verify members and dependents of the uniformed services (Coast Guard, Army, Air Force, Navy, Marines, Space Force, US Public Health, and NOAA) | Learn more |
| responder | Verify active and retired members of the First Responder community (911 Dispatcher, EMT, Firefighter, Police Officer) | Learn more |
| student | Verify students who are actively enrolled in an accredited, government-recognized public or private university or college that grants degrees or certificates. | Learn more |
| teacher | Verify members of the Teachers community (State-licensed/certified PreK-12 classroom teacher, PreK-12 Principals or assistant principal, PreK-12 School employee, College or university professor) | Learn more |
| government | Verify members who are government employees (Federal, State, or Local): | Learn more |
| employee | Verify members who are employees for specific companies. | Learn more |
| hospital_employee | Verify members who are hospital employees for healthcare systems and hospitals. | Learn more |
| alumni | Verify alumnus who has earned any degree from an accredited US College or University. | Learn more |
| nurse | Verify members of the nurses community (Advanced Registered Nurse Practitioners, Registered Nurses, Licensed Practical Nurses, and Advanced Practice Registered Nurses) | Learn more |
| medical | Verify members of are apart of the medical professional community. | Learn more |
| military_canada | Verify members of the Canadian military community | Learn more |
| responder_canada | Verify members of the Canadian first responder community | Learn more |
| student_canada | Verify members of the Canadian student community | Learn more |
| teacher_canada | Verify members of the Canadian teacher community | Learn more |
| government_canada | Verify members who are Canadian government employees. | Learn more |
| nurse_canada | Verify members of the Canadian nurse community | Learn more |
| doctor_canada | Verify members of the Canadian doctor community | Learn more |
| alumni_canada | Verify members who are Canadian alumnus. | Learn more |
| http://idmanagement.gov/ns/assurance/ial/2/aal/2/epcs | Verify a provider's identity and meet DEA requirements for Electronically Prescribed Controlled Substances. | Learn more |
| http://idmanagement.gov/ns/assurance/ial/2/aal/2/erx | Verify a provider's identity to enable digital signature eletronic prescriptions. | Learn more |
| kba_replacement/covid/results | Validate a user's COVID test results prior to attending an event. | Learn more |
| kba_replacement/covid/verify | Validate a user's vaccination status after registration and prior to attending an event. | Learn more |
| kba_replacement/covid/questionnaire | Validate a user's health status after registration and prior to attending an event. | Learn more |