IdentityServer / OIDC claims and roles

Hope you can help.

We are hosting our own Squidex and have setup authentication against our separate IdentityServer 4 server by setting the OIDC settings is appsettings.json. I am a bit confused - we have many users who can login to IdentityServer - some should be able to access Squidex and some should not. The ones that can access Squidex we want to have map to different Squidex roles - admins etc. What roles or claims do we need achieve this?
Joe Bloggs is a valid IDS user and should be able to access Squidex as an administrator
Jane Doe is a valid IDS user and should be able to access Squidex as a content author
Jim Beam is a valid IDS user but should not have any access to Squidex

Any advice is really appreciated

You cannot stop people from using Squidex, BUT…

  1. You can map users to become admins:

Give them an admin permission

The claim types: urn:squidex:permissions=squidex.*

The permissions:

  1. Disable the creation of apps:

  2. Lock new users automatically:

  3. Use appropriate roles for your other users when you invite them to the app.

Thanks so much Sebastian for your quick reply :grinning: