> ## Documentation Index
> Fetch the complete documentation index at: https://docs.envzero.com/llms.txt
> Use this file to discover all available pages before exploring further.

# OIDC Additional Claims

> env zero OIDC tokens now include projectId, templateId, environmentId, and deployerEmail claims for fine-grained authorization in AWS IAM and other systems.

env0 enables easy OIDC integration by passing an environment variable named `ENV0_OIDC_TOKEN` to your deployments - its value contains a short lived OIDC token (JWT) for authentication via a third party application.

## Improved Authorization

Your authorization server can use our newly added claims for more secure and fine-grained authorization, for example, here are a few possible verifications:

* Only a specific team can deploy to a specific environment
* A specific template can only be deployed to your `dev` / `staging` projects and not to the `production` project
* Enforce a workspace name pattern in your organization

We added the following claims to the OIDC token:

* `organizationId`
* `projectId`
* `templateId`
* `templateName`
* `environmentId`
* `environmentName`
* `workspaceName`
* `deploymentLogId`
* `deployerEmail`

Learn more about [OIDC integration](/guides/integrations/oidc-integrations).