IdP Access Token Allowed Audiences
Summary
IdP Access Token Allowed Audiences controls how the audience claim of an incoming IdP-issued access token is validated.
For Microsoft Entra an access-token is a JWT with an audience claim. When the IdP Access Token Allowed Audiences option is set, the aud claim of the access token JWT must match one of the entries.
This option can also be configured at the route-level.
How to Configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type |
|---|---|---|
idp_access_token_allowed_audiences | IDP_ACCESS_TOKEN_ALLOWED_AUDIENCES | Array of strings |
Examples
idp_access_token_allowed_audiences:
- https://sts.windows.net/f42bce3b-671c-4162-b24c-00ecc7641897/
- https://login.microsoftonline.com/f42bce3b-671c-4162-b24c-00ecc7641897/
Set IdP Access Token Allowed Audiences under Authenticate settings in the Console:
idpAccessTokenAllowedAudiences:
- https://sts.windows.net/f42bce3b-671c-4162-b24c-00ecc7641897/
- https://login.microsoftonline.com/f42bce3b-671c-4162-b24c-00ecc7641897/
See Kubernetes - Global Configuration for more information.