# Troubleshoot access management

This article has troubleshooting tips to help you resolve the issues if you are receiving errors or seeing unexpected behavior related to access management.

# Token and claims

If there are any issues with a user's authentication, you can retrieve and read issued JWTs from a web browser using the Network section of the Developer tools. By default, the content of the claims in the token is encoded in a non-human readable format. To read the token content, you need to paste it into a JWT decoding tool such as jwt.ms (opens new window).

Check that the token contains the claims listed in this article and that the values within the token match the expected values defined in CDF (as it relates to group SIDs specifically).

Below is an example of an OAuth 2.0/OIDC token issued from Azure AD, containing all mandatory information to authenticate the user using the CDF portal application.

{
  "aud": "https://openfield.cognitedata.com",
  "iss": "https://sts.windows.net/~~~~~~~~-~~~~-~~~~-~~~~-~~~~~~~~~~~~5/",
  "iat": 1615211873,
  "nbf": 1615211873,
  "exp": 1615215773,
  "acr": "1",
  "aio": "AZQAa/8TAAAAyJhgrQQDIeLdV6L8ihHRav6lQANXu27jnkK5Y9x+tskrnZgw1mBcZJ8xVcPDWJso/WOop60PruNM4XA14b0H1wrwDX4+q5YX9tC6O6Dx7axTg7Yx3kRfScjO3WBPFRqRp0yPsQ+l8KdcO59FODEaTcLQeBqR9gSZrK/VylSkJ62Cp+47MUnZWmeSC5pX4nR4",
  "amr": ["rsa", "mfa"],
  "appid": "9f039f43-cd64-4d32-abc1-333ca411e5f9",
  "appidacr": "0",
  "email": "glen.sykes@example.com",
  "family_name": "Sykes",
  "given_name": "Glen",
  "groups": [
    "73d09ef9-1295-4193-af7b-da134dfaca70",
    "f5620625-57b9-47fc-82d9-df3df8b2950e"
  ],
  "idp": "https://sts.windows.net/a9ae5b54-3600-4917-a9dc-3020723360b3/",
  "ipaddr": "~~.~~.~~~.~~",
  "name": "Glen Sykes",
  "oid": "b45a1671-9ee5-4810-a4a4-1fdc7c20d8a1",
  "rh": "0.AAAAH7vyMKEox0aobgCZRWEZZUOfA59kzTJNq8EzPKQR5fl6AHw.",
  "scp": "IDENTITY user_impersonation",
  "sub": "mp9krYK2S_QjiFWwTcr-kONiQX4R2Yfb_ww6wCw_Yx8",
  "tid": "30f2bb1f-28a1-46c7-a86e-009945611965",
  "unique_name": "glen.sykes@example.com",
  "uti": "MjCUJzWVzE2AMQkcHtw6AA",
  "ver": "1.0"
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Last Updated: 4/30/2021, 12:42:57 PM