diff --git a/pom.xml b/pom.xml
index b24d883f..a628fe8e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,7 +16,7 @@
         <!-- check micrometer.version vertx-micrometer-metrics consumes before bumping up -->
         <micrometer.version>1.12.2</micrometer.version>
         <junit-jupiter.version>5.11.2</junit-jupiter.version>
-        <uid2-shared.version>11.4.16</uid2-shared.version>
+        <uid2-shared.version>11.4.21-alpha-349-SNAPSHOT</uid2-shared.version>
         <okta-jwt.version>0.5.10</okta-jwt.version>
         <netty.version>4.1.135.Final</netty.version>
         <image.version>${project.version}</image.version>
diff --git a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
index d1fd7aed..566605ee 100644
--- a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
+++ b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
@@ -13,6 +13,7 @@ public enum OktaCustomScope {
     SITE_SYNC("uid2.admin.site-sync", Role.PRIVATE_OPERATOR_SYNC),
     METRICS_EXPORT("uid2.admin.metrics-export", Role.METRICS_EXPORT),
     ENCLAVE_REGISTRAR("uid2.admin.enclave-registrar", Role.ENCLAVE_REGISTRAR),
+    CLIENT_KEY_ISSUANCE("uid2.admin.client-key-issuance", Role.CLAUDE_ACCESS),
     INVALID("invalid", Role.UNKNOWN);
     private final String name;
     private final Role role;
diff --git a/src/test/java/com/uid2/admin/auth/AdminAuthMiddlewareTest.java b/src/test/java/com/uid2/admin/auth/AdminAuthMiddlewareTest.java
index 8c9cc49f..e2a15507 100644
--- a/src/test/java/com/uid2/admin/auth/AdminAuthMiddlewareTest.java
+++ b/src/test/java/com/uid2/admin/auth/AdminAuthMiddlewareTest.java
@@ -256,7 +256,10 @@ private static Stream<Arguments> testAccessTokenUnauthorizedData() {
             Arguments.of(OktaCustomScope.SECRET_ROTATION.getName(), new Role[] {Role.SHARING_PORTAL}),
             Arguments.of(OktaCustomScope.SECRET_ROTATION.getName(), new Role[] {Role.PRIVATE_OPERATOR_SYNC}),
             Arguments.of(OktaCustomScope.SITE_SYNC.getName(), new Role[] {Role.SECRET_ROTATION}),
-            Arguments.of(OktaCustomScope.SITE_SYNC.getName(), new Role[] {Role.SHARING_PORTAL})
+            Arguments.of(OktaCustomScope.SITE_SYNC.getName(), new Role[] {Role.SHARING_PORTAL}),
+            Arguments.of(OktaCustomScope.CLIENT_KEY_ISSUANCE.getName(), new Role[] {Role.SUPER_USER}),
+            Arguments.of(OktaCustomScope.CLIENT_KEY_ISSUANCE.getName(), new Role[] {Role.PRIVILEGED}),
+            Arguments.of(OktaCustomScope.CLIENT_KEY_ISSUANCE.getName(), new Role[] {Role.MAINTAINER})
         );
     }
 
@@ -279,7 +282,8 @@ private static Stream<Arguments> testAccessTokenGoodData() {
         return Stream.of(
           Arguments.of(OktaCustomScope.SS_PORTAL, OktaCustomScope.SS_PORTAL.getRole()),
           Arguments.of(OktaCustomScope.SECRET_ROTATION, OktaCustomScope.SECRET_ROTATION.getRole()),
-          Arguments.of(OktaCustomScope.SITE_SYNC, OktaCustomScope.SITE_SYNC.getRole())
+          Arguments.of(OktaCustomScope.SITE_SYNC, OktaCustomScope.SITE_SYNC.getRole()),
+          Arguments.of(OktaCustomScope.CLIENT_KEY_ISSUANCE, OktaCustomScope.CLIENT_KEY_ISSUANCE.getRole())
         );
     }
 
diff --git a/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java b/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java
index e249c4cb..126d0b00 100644
--- a/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java
+++ b/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java
@@ -16,6 +16,7 @@ private static Stream<Arguments> testFromNameData() {
             Arguments.of("uid2.admin.ss-portal", OktaCustomScope.SS_PORTAL),
             Arguments.of("uid2.admin.secret-rotation", OktaCustomScope.SECRET_ROTATION),
             Arguments.of("uid2.admin.site-sync", OktaCustomScope.SITE_SYNC),
+            Arguments.of("uid2.admin.client-key-issuance", OktaCustomScope.CLIENT_KEY_ISSUANCE),
             Arguments.of("dummy", OktaCustomScope.INVALID)
         );
     }