[id="mapping-organization-claims_{context}"]

=  Mapping organization claims
[role="_abstract"]
To map organization-specific claims into tokens, a client needs to request the *organization* scope when sending
authorization requests to the server. When authenticating in the context of an organization, clients can request the `organization` scope to map to tokens information
about the organizations the user is a member.

As a result, the token will contain a claim as follows:

```json
"organization": {
  "acme": {}
}
```

The organization claim can be used by clients (for example, from ID Tokens) and resource servers (for example, from access tokens)
to authorize access to protected resources based on the organization where the user is a member.

The `organization` scope is a built-in optional client scope at the realm.  Therefore, this scope is added to any client created
in the realm, by default.

The `organization` scope is requested using different formats:

[cols="2*", options="header"]
|===
|Format
|Description
| `organization` | Maps to a single organization if the user is a member of a single organization.
Otherwise, if a member of multiple organizations, the user will be prompted to select an organization when authenticating to the realm.
| `organization:<alias>` | Maps to a single organization with the given alias.
| `organization:*` | Maps to all organizations the user is a member of.
|===