Configuring contact authorization IDs

A contact authorization ID is a unique value that identifies a contact across multiple applications. A given contact is expected to have the same contact authorization ID in ClaimCenter, ContactManager, the IdP, and any other system that stores contact information.

The contactAuthorizationIds resource access strategy expects that every external user that makes a request is associated with a contact that has a contact authorization ID. This ID must be present in the caller's JWT, and it is used to determine which resources the caller has access to.

The following diagram illustrates an example of this.
Contact authorization ID in JWT identifying a contact in ClaimCenter

In this example, Ray Newton is a policyholder who has filed a claim for damage done to his vehicle during a storm. As a result to this, the ClaimCenter database has:

A contact (with ID cc:217631) which stores contact-specific information about Ray, such as his first and last name, and contact authorization ID (cc:123456).
A ClaimContact (with ID cc:930234), which stores claim-specific information, such as an array of roles he has on the claim.
The claim itself (ID cc:904444)

When Ray uses a portal to access information about his claim, the portal sends a request to Cloud API (GET /claim/v1/claims/cc:904444). The request includes a JWT that specifies Ray's contact authorization ID. ClaimCenter uses this information to determine the caller is contact cc:217631. Then, ClaimCenter provides access to claim cc:904444 as appropriate for the insured on the claim.