Add or Manage Claim
Master Claims management in Nodinite v7 with this comprehensive guide. Learn how to create, edit, delete, and restore authorization Claims for your OIDC/OAuth 2.0 deployment.
✅ Inline editing for quick Claim creation
✅ Track Claim usage across Policies
✅ Restore deleted Claims when needed
✅ Filter and search large Claim lists
Note
Claims are only available when Nodinite is configured for OIDC/OAuth 2.0 authentication mode. For Windows authentication mode, use Users and Windows AD Groups instead.
New to Claims? Read What is a Claim? first to understand the authorization model.
Accessing Claims Management
Navigate to Administration → Claims in the Nodinite Web Client.
Location of the Claims menu item in the Administration sidebar.
Claims List View
The Claims management page displays all Claims with the following information:
Example of the Claims list showing Key, Value, Description, and usage information.
Columns
| Column | Description |
|---|---|
| Status | Visual indicator - Available or Deleted (when "Include Deleted" is enabled) |
| Key | The claim key identifier |
| Value | The claim value |
| Description | Optional description explaining the Claim's purpose |
| Used In | Shows which Policies use this Claim (up to 10 displayed as badges) |
| Created | Timestamp when the Claim was created |
| Changed | Timestamp when the Claim was last modified |
| Actions | Menu with Edit, Delete, and Restore options |
Filters and Controls
- Add Claim button - Create a new Claim
- Search Filter - Filter Claims by Key, Value, or Description
- Include Deleted - Toggle to show/hide deleted Claims
- Column Sorting - Click column headers to sort
Adding a New Claim
Follow these steps to create a new Claim:
Step 1: Click "Add Claim"
Click the "Add Claim" button in the top-right corner of the Claims page.
Click the "Add Claim" button to create a new Claim.
Step 2: Enter Claim Details
A new row appears in inline edit mode. Fill in the required fields:
Enter the Key, Value, and optional Description for the new Claim.
| Field | Required | Description |
|---|---|---|
| Key | Yes | The claim key identifier (e.g., department, access_level, region) |
| Value | Yes | The claim value (e.g., finance, admin, europe) |
| Description | No | A clear description of what this Claim represents |
Tip
Best Practices for Keys:
- Use lowercase for consistency
- Use underscores for multi-word keys (e.g.,
access_level)- Choose descriptive names (e.g.,
departmentnotdept)
Tip
Best Practices for Values:
- Use lowercase for consistency
- Keep values simple and meaningful
- Avoid special characters when possible
Step 3: Save the Claim
Click the "Save" button (checkmark icon) to create the Claim.
Click the Save button to create the Claim.
Step 4: Verify Creation
The new Claim appears in the list with:
- Green success notification
- Timestamp in the "Created" column
- Empty "Used In" column (not yet assigned to any Policy)
The newly created Claim appears in the list.
Editing an Existing Claim
To modify a Claim's Key, Value, or Description:
Step 1: Click the Edit Button
Click the Edit button (pencil icon) in the Actions column.
Click the Edit button to modify a Claim.
Alternatively, click the "Action" dropdown and select "Edit".
Step 2: Modify Fields
The row enters edit mode. Modify any of the fields:
Modify the Key, Value, or Description fields.
- Key - Change the claim key
- Value - Change the claim value
- Description - Update the description
Warning
Changing Key or Value:
- Creates a new unique Key/Value combination
- Cannot create a duplicate of an existing Claim
- May impact Policies that use this Claim
Step 3: Save or Cancel
- Click "Save" (checkmark icon) to apply changes
- Click "Cancel" (X icon) to discard changes
Save your changes or cancel to discard.
Step 4: Verify Changes
- Timestamp in "Changed" column updates
- Success notification appears
- Changes are immediately applied to any Policies using this Claim
Deleting a Claim
To delete a Claim:
Step 1: Open Actions Menu
Click the "Action" dropdown button on the Claim row.
Open the Actions dropdown menu.
Step 2: Select Delete
Select "Delete" from the menu.
Select "Delete" to remove the Claim.
Step 3: Confirm Deletion
A confirmation modal appears:
Confirm deletion of the Claim.
Review the information:
- Claim Key and Value being deleted
- List of Policies that currently use this Claim
- Warning about impact
Click "Delete" to confirm, or "Cancel" to abort.
Important Notes About Deletion
Important
Deleted Claims and Policies:
Tip
Best Practice: Review the "Used In" column before deleting to understand which Policies will be affected.
Step 4: Verify Deletion
- Claim is removed from the main list
- Success notification appears
- To see deleted Claims, enable the "Include Deleted" filter
Restoring a Deleted Claim
To restore a previously deleted Claim:
Step 1: Enable "Include Deleted" Filter
Check the "Include Deleted" checkbox at the top of the Claims page.
Enable "Include Deleted" to show deleted Claims.
Step 2: Locate the Deleted Claim
Deleted Claims appear with:
- Red "Deleted" status badge
- Grayed-out or strike-through text
- Full historical information preserved
Deleted Claims are marked with a "Deleted" badge.
Step 3: Open Actions Menu
Click the "Action" dropdown on the deleted Claim.
Step 4: Select Restore
Select "Restore" from the menu.
Select "Restore" to recover the deleted Claim.
Step 5: Confirm Restoration
A confirmation modal appears:
Confirm restoration of the Claim.
Click "Restore" to confirm.
Step 6: Verify Restoration
- Claim returns to active status
- "Deleted" badge removed
- Available for use in Policies again
- Warning badges removed from Policies where it was referenced
Validation Rules
Nodinite enforces these rules when managing Claims:
Required Fields
- Cannot save without a Key
- Cannot save without a Value
Error message when required fields are empty.
Unique Combination
- Cannot create a Claim with an existing Key/Value combination
- Can create
department=financeanddepartment=hr(different values) - Can create
department=financeandregion=finance(different keys)
Error message when Key/Value combination already exists.
Case Sensitivity
department=Finance≠department=financeDepartment=finance≠department=finance- Keys and Values are case-sensitive
Viewing Claim Usage
Understanding which Policies use a Claim:
"Used In" Column
The "Used In" column shows:
The "Used In" column displays Policy badges.
- Policy badges - Clickable links to each Policy
- Count indicator - "(+2 more)" when more than 10 Policies
- Hover tooltip - Full list of all Policies
- Empty - Claim not used in any Policy
Navigating to Policies
Click any Policy badge to:
- Open that Policy detail page
- See all Claims in the Policy
- Edit the Policy if needed
Before Deletion
Use the "Used In" column to:
- Identify impact of deleting a Claim
- Plan migration to replacement Claims
- Coordinate with team members
Best Practices
Naming Conventions
Consistent Key Naming:
✅ Good:
department
access_level
region
environment
❌ Avoid:
Dept
AccessLevel
REGION
env-name
Consistent Value Naming:
✅ Good:
finance
admin
europe
production
❌ Avoid:
Finance_Dept
ADMIN
EU
prod-01
Descriptions
Always provide clear descriptions:
✅ Good Description:
"Member of the Finance Department - grants access to financial
integrations, invoicing systems, and financial reporting"
❌ Poor Description:
"Finance"
"Department claim"
Organization
Group related Claims logically:
Department Claims:
department=financedepartment=operationsdepartment=hrdepartment=it
Access Level Claims:
access_level=readonlyaccess_level=editoraccess_level=admin
Regional Claims:
region=europeregion=americasregion=asia
Regular Maintenance
- Review Claims quarterly
- Remove unused Claims
- Update descriptions for clarity
- Verify Policy assignments
Common Scenarios
Scenario 1: Department-Based Access
Goal: Create Claims for different departments
1. Add Claim: department=finance, "Finance Department member"
2. Add Claim: department=operations, "Operations Department member"
3. Add Claim: department=hr, "Human Resources Department member"
4. Create Policies that group these with other Claims
5. Assign Policies to appropriate Roles
Scenario 2: Multi-Level Permissions
Goal: Create tiered access levels
1. Add Claim: access_level=readonly, "Read-only access"
2. Add Claim: access_level=editor, "Edit access"
3. Add Claim: access_level=admin, "Full administrative access"
4. Combine with department Claims in Policies
5. Assign to Roles based on job function
Scenario 3: Regional Authorization
Goal: Restrict access by geographic region
1. Add Claim: region=europe, "European region access"
2. Add Claim: region=americas, "Americas region access"
3. Add Claim: region=asia, "Asia-Pacific region access"
4. Create region-specific Policies
5. Assign to Roles for regional teams
Scenario 4: Replacing a Claim
Goal: Replace an outdated Claim with a new one
1. Add new Claim with updated Key/Value
2. Note which Policies use the old Claim (check "Used In")
3. Edit each Policy to add new Claim
4. Remove old Claim from Policies
5. Delete old Claim once no longer used
Troubleshooting
Cannot Save Claim - "Key/Value already exists"
Issue: Error message when creating or editing a Claim
Cause: This exact Key/Value combination already exists (or existed and was deleted)
Solution:
- Check if the Claim exists in the active list
- Enable "Include Deleted" filter to check deleted Claims
- If found deleted, restore it instead of creating new
- If active, use the existing Claim
- If you need a different Claim, change the Key or Value
Claim Not Appearing in Policies
Issue: Created a Claim but don't see it in Policy editor
Check:
- Was the Claim saved successfully?
- Try refreshing the page
- Check if Claim was accidentally deleted
- Verify no browser console errors
Solution: Claims should appear immediately in the Policy editor's "All" tab. If not, contact support.
Cannot Delete Claim
Issue: Delete button disabled or error on deletion
Possible Causes:
- Insufficient permissions (not an Administrator)
- Browser session expired
- Concurrent modification by another user
Solution:
- Verify you have Administrator role
- Refresh the page and try again
- Log out and log back in
Deleted Claim Still Shows in Policy
Issue: Deleted Claim visible in Policy with warning badge
Explanation: This is expected behavior. Deleted Claims remain visible in Policies to:
- Maintain audit trail
- Prevent broken references
- Allow restoration if needed
Solution:
- This is normal - no action needed if intentional
- To remove from Policy: Edit the Policy and remove the Claim
- To restore the Claim: Use the Restore function
Security Considerations
Principle of Least Privilege
Create specific Claims rather than overly broad ones:
✅ Specific Claims:
department=finance
access_level=readonly
view=invoices_only
❌ Too Broad:
access=all
permission=everything
role=superuser
Audit Trail
Every Claim action is tracked:
- Creation timestamp and user
- Modification history
- Deletion and restoration events
- Usage in Policies
Review Before Deletion
Always check "Used In" before deleting:
- Understand impact on Policies
- Plan replacement Claims if needed
- Communicate with team
- Document the change
Quick Reference
| Action | Steps |
|---|---|
| Add Claim | Click "Add Claim" → Enter Key, Value, Description → Save |
| Edit Claim | Click Edit icon → Modify fields → Save |
| Delete Claim | Actions menu → Delete → Confirm |
| Restore Claim | Enable "Include Deleted" → Actions menu → Restore → Confirm |
| Find Usage | Check "Used In" column → Click Policy badges |
| Search Claims | Use search filter → Type Key, Value, or Description |
Next Step
What is a Policy? - Learn how to group Claims
Add or manage Policy - Create and manage Policies
What is a Role? - Understand Roles
Related Topics
Claims:
What is a Claim? - Understanding Claims
Claims Overview - Manage all Claims
Policies:
What is a Policy? - Understanding Policies
Policies Overview - Manage all Policies
Add or manage Policy - Create and manage Policies
Roles:
What is a Role? - Understanding Roles
Roles Overview - Manage all Roles
Configuration:
Access Management - Authorization overview
Install Nodinite v7 - OpenID - Configure OIDC/OAuth 2.0