diff --git a/cmd/devinit/main.go b/cmd/devinit/main.go
index ec1d85bd2..c55feedd6 100644
--- a/cmd/devinit/main.go
+++ b/cmd/devinit/main.go
@@ -322,6 +322,7 @@ func createIdentityProviders(factory store.Factory, err error, orgId string, env
 	if err != nil {
 		return err
 	}
+
 	idp := &types.IdentityProvider{
 		Name:           "Fake OIDC",
 		OrganizationID: orgId,
@@ -330,7 +331,13 @@ func createIdentityProviders(factory store.Factory, err error, orgId string, env
 		ClientSecret:   envCfg.idpClientSecret,
 		EmailDomain:    "nrc.no",
 		Scopes:         "openid profile offline_access",
-		ClaimMappings:  types.ClaimMappings{Mappings: nil, Version: "0"},
+		ClaimMappings:  types.ClaimMappings{
+			Subject:       "{{.sub}}",
+			DisplayName:   "{{.displayName}}",
+			FullName:      "{{.fullName}}",
+			Email:         "{{.email}}",
+			EmailVerified: "{{.emailVerified}}",
+			Version: "0"},
 	}
 	if len(idps) == 0 {
 		_, err := idpStore.Create(context.Background(), idp, store.IdentityProviderCreateOptions{})
diff --git a/frontend/apps/core-authnz-frontend/src/components/AuthenticatedApp.tsx b/frontend/apps/core-authnz-frontend/src/components/AuthenticatedApp.tsx
index 38add189c..5fea3b32a 100644
--- a/frontend/apps/core-authnz-frontend/src/components/AuthenticatedApp.tsx
+++ b/frontend/apps/core-authnz-frontend/src/components/AuthenticatedApp.tsx
@@ -10,7 +10,7 @@ import { Clients } from './clients/Clients';
 
 const AuthenticatedApp: FC = () => {
   return (
-    <div className="d-flex flex-column vh-100 vw-100 bg-dark">
+    <div className="d-flex flex-column min-vh-100 vw-100 bg-dark">
       <NavBar />
       <Switch>
         <Route path="/organizations/add" component={OrganizationEditor} />
diff --git a/frontend/apps/core-authnz-frontend/src/components/organizations/identityproviders/IdentityProviderEditor.tsx b/frontend/apps/core-authnz-frontend/src/components/organizations/identityproviders/IdentityProviderEditor.tsx
index 438c62c0a..bcc67d259 100644
--- a/frontend/apps/core-authnz-frontend/src/components/organizations/identityproviders/IdentityProviderEditor.tsx
+++ b/frontend/apps/core-authnz-frontend/src/components/organizations/identityproviders/IdentityProviderEditor.tsx
@@ -18,7 +18,14 @@ type FormData = {
   organizationId: string;
   emailDomain: string;
   scopes: string;
-  claimMappings: { Version: string; Mappings: any };
+  claimMappings: {
+    version: string;
+    subject: string;
+    displayName: string;
+    fullName: string;
+    email: string;
+    emailVerified: string;
+  };
 };
 
 export const IdentityProviderEditor: FC<Props> = (props) => {
@@ -49,18 +56,18 @@ export const IdentityProviderEditor: FC<Props> = (props) => {
     setValue('emailDomain', data.emailDomain);
     setValue('clientSecret', '');
     setValue('scopes', data.scopes);
-    setValue(
-      'claimMappings.Mappings',
-      JSON.stringify(data.claimMappings.Mappings),
-    );
-    setVersion(data.claimMappings.Version);
+    setValue('claimMappings.subject', data.claimMappings.subject);
+    setValue('claimMappings.displayName', data.claimMappings.displayName);
+    setValue('claimMappings.fullName', data.claimMappings.fullName);
+    setValue('claimMappings.email', data.claimMappings.email);
+    setValue('claimMappings.emailVerified', data.claimMappings.emailVerified);
+    setVersion(data.claimMappings.version);
   };
 
   useEffect(() => {
     if (id) {
       apiClient.getIdentityProvider({ id }).then((resp) => {
         if (resp.response) {
-          console.log('RESP', resp.response);
           setData(resp.response);
         }
       });
@@ -81,8 +88,12 @@ export const IdentityProviderEditor: FC<Props> = (props) => {
         emailDomain: args.emailDomain,
         scopes: args.scopes,
         claimMappings: {
-          Version: newVersion,
-          Mappings: JSON.parse(args.claimMappings.Mappings),
+          version: newVersion,
+          subject: args.claimMappings.subject,
+          displayName: args.claimMappings.displayName,
+          fullName: args.claimMappings.fullName,
+          email: args.claimMappings.email,
+          emailVerified: args.claimMappings.emailVerified,
         },
       };
       let resp;
@@ -192,20 +203,110 @@ export const IdentityProviderEditor: FC<Props> = (props) => {
             {fieldErrors('scopes')}
           </div>
 
-          <div className="form-group mb-2">
-            <label className="form-label text-light">
-              Claim Mapping (Version: {version})
-            </label>
-            <textarea
-              {...register('claimMappings.Mappings', {
-                required: true,
-              })}
-              className={classNames(
-                'form-control form-control-darkula',
-                fieldClasses('claimMappings.Mappings'),
-              )}
-            />
+          <h6 className="text-light mt-5">
+            Claim Mapping, Current Version: {version}
+          </h6>
+          <p className="form-text text-muted mb-4">
+            Please use go template syntax:
+            <a
+              href="https://blog.gopheracademy.com/advent-2017/using-go-templates/"
+              target="_blank"
+              rel="noreferrer"
+            >
+              Examples
+            </a>
+          </p>
+
+          <div className="form-group row mb-3">
+            <div className="col-sm-2 text-light">
+              <label htmlFor="subject">Subject</label>
+            </div>
+            <div className="col-sm-10">
+              <input
+                {...register('claimMappings.subject', {
+                  required: true,
+                })}
+                id="subject"
+                className={classNames(
+                  'form-control form-control-darkula',
+                  fieldClasses('claimMappings.subject'),
+                )}
+              />
+            </div>
           </div>
+
+          <div className="form-group row mb-3">
+            <div className="col-sm-2 text-light">
+              <label htmlFor="displayName">Display Name</label>
+            </div>
+            <div className="col-sm-10">
+              <input
+                {...register('claimMappings.displayName', {
+                  required: true,
+                })}
+                id="displayName"
+                className={classNames(
+                  'form-control form-control-darkula',
+                  fieldClasses('claimMappings.displayName'),
+                )}
+              />
+            </div>
+          </div>
+
+          <div className="form-group row mb-3">
+            <div className="col-sm-2 text-light">
+              <label htmlFor="fullName">Full Name</label>
+            </div>
+            <div className="col-sm-10">
+              <input
+                {...register('claimMappings.fullName', {
+                  required: true,
+                })}
+                id="fullName"
+                className={classNames(
+                  'form-control form-control-darkula',
+                  fieldClasses('claimMappings.fullName'),
+                )}
+              />
+            </div>
+          </div>
+
+          <div className="form-group row mb-3">
+            <div className="col-sm-2 text-light">
+              <label htmlFor="email">Email</label>
+            </div>
+            <div className="col-sm-10">
+              <input
+                {...register('claimMappings.email', {
+                  required: true,
+                })}
+                id="email"
+                className={classNames(
+                  'form-control form-control-darkula',
+                  fieldClasses('claimMappings.email'),
+                )}
+              />
+            </div>
+          </div>
+
+          <div className="form-group row mb-3">
+            <div className="col-sm-2 text-light">
+              <label htmlFor="emailVerified">Email Verified</label>
+            </div>
+            <div className="col-sm-10">
+              <input
+                {...register('claimMappings.emailVerified', {
+                  required: true,
+                })}
+                id="emailVerified"
+                className={classNames(
+                  'form-control form-control-darkula',
+                  fieldClasses('claimMappings.emailVerified'),
+                )}
+              />
+            </div>
+          </div>
+
           {fieldErrors('claimMappings')}
 
           <button disabled={isSubmitting} className="btn btn-success mt-2">
diff --git a/frontend/apps/core-authnz-frontend/src/types/types.ts b/frontend/apps/core-authnz-frontend/src/types/types.ts
index 9f93e2f31..e4f4f75ea 100644
--- a/frontend/apps/core-authnz-frontend/src/types/types.ts
+++ b/frontend/apps/core-authnz-frontend/src/types/types.ts
@@ -104,8 +104,12 @@ export class IdentityProvider {
   public scopes = '';
 
   public claimMappings = {
-    Version: '0',
-    Mappings: {},
+    version: '0',
+    subject: '',
+    displayName: '',
+    fullName: '',
+    email: '',
+    emailVerified: '',
   };
 }
 
diff --git a/pkg/api/types/identity_provider.go b/pkg/api/types/identity_provider.go
index c02bc6580..34a4491b1 100644
--- a/pkg/api/types/identity_provider.go
+++ b/pkg/api/types/identity_provider.go
@@ -25,10 +25,15 @@ type IdentityProvider struct {
 }
 
 type ClaimMappings struct {
-	Version  string            `json:"Version"`
-	Mappings map[string]string `json:"Mappings"`
+	Version       string `json:"version"`
+	Subject       string `json:"subject"`
+	DisplayName   string `json:"displayName"`
+	FullName      string `json:"fullName"`
+	Email         string `json:"email"`
+	EmailVerified string `json:"emailVerified"`
 }
 
+
 // IdentityProviderList represents a list of IdentityProvider
 type IdentityProviderList struct {
 	Items []*IdentityProvider `json:"items"`
diff --git a/pkg/server/login/handlers/login/action_auth_code_exchange_succeeded.go b/pkg/server/login/handlers/login/action_auth_code_exchange_succeeded.go
index 6eb36baf9..6473e453a 100644
--- a/pkg/server/login/handlers/login/action_auth_code_exchange_succeeded.go
+++ b/pkg/server/login/handlers/login/action_auth_code_exchange_succeeded.go
@@ -30,11 +30,12 @@ func handleAuthCodeExchangeSucceeded(
 		}
 
 		l.Debug("finding user identifier for oidc provider", zap.String("subject", authRequest.Claims.Subject), zap.String("domain", idp.Domain))
-		identifier, err := loginStore.FindOidcIdentifier(authRequest.Claims.Subject, idp.Domain)
+		identifier, err := loginStore.FindOidcIdentifier(ctx, authRequest.Claims.Subject, idp.Domain)
 		if err != nil {
 			if meta.ReasonForError(err) == meta.StatusReasonNotFound {
 				l.Info("user identifier not found. creating new identity")
 				newIdentity, err := loginStore.CreateOidcIdentity(
+					ctx,
 					idp.Domain,
 					authRequest.Claims.Subject,
 					authRequest.AccessToken,
@@ -45,6 +46,22 @@ func handleAuthCodeExchangeSucceeded(
 					return err
 				}
 				identifier = newIdentity.Credentials[0].Identifiers[0]
+
+				newIdentityProfile := store2.IdentityProfile{
+					ID:    newIdentity.ID,
+					IdentityProviderID: idp.ID,
+					Subject:       authRequest.Claims.Subject,
+					DisplayName:   authRequest.Claims.DisplayName,
+					FullName:      authRequest.Claims.FullName,
+					Email:         authRequest.Claims.Email,
+					EmailVerified: authRequest.Claims.EmailVerified,
+				}
+
+				if err := loginStore.CreateOidcIdentityProfile(ctx, newIdentityProfile); err != nil {
+					l.Error("failed to store identity profile", zap.Error(err))
+					return err
+				}
+
 			} else {
 				l.Error("failed to get user identifier for oidc provider", zap.Error(err))
 				return err
diff --git a/pkg/server/login/handlers/login/action_performing_auth_code_exchange.go b/pkg/server/login/handlers/login/action_performing_auth_code_exchange.go
index 2aeb5fcb0..671c8bc9c 100644
--- a/pkg/server/login/handlers/login/action_performing_auth_code_exchange.go
+++ b/pkg/server/login/handlers/login/action_performing_auth_code_exchange.go
@@ -1,17 +1,21 @@
 package login
 
 import (
+	"bytes"
 	"context"
 	"errors"
 	"fmt"
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/looplab/fsm"
+	"github.com/nrc-no/core/pkg/api/types"
 	"github.com/nrc-no/core/pkg/logging"
 	"github.com/nrc-no/core/pkg/server/login/authrequest"
 	"github.com/nrc-no/core/pkg/store"
 	"go.uber.org/zap"
 	"golang.org/x/oauth2"
 	"net/http"
+	"strconv"
+	"text/template"
 )
 
 func handlePerformingAuthCodeExchange(
@@ -64,7 +68,7 @@ func handlePerformingAuthCodeExchange(
 		}
 
 		l.Debug("verifying token")
-		processedToken, err := processOidcToken(req.Context(), tokenFromExchange, verifier)
+		processedToken, err := processOidcToken(req.Context(), tokenFromExchange, verifier, idp)
 		if err != nil {
 			l.Error("failed to verify token", zap.Error(err))
 			return err
@@ -106,6 +110,7 @@ func processOidcToken(
 	ctx context.Context,
 	token *oauth2.Token,
 	verifier *oidc.IDTokenVerifier,
+	idp *types.IdentityProvider,
 ) (*ProcessedToken, error) {
 
 	l := logging.NewLogger(ctx)
@@ -133,21 +138,105 @@ func processOidcToken(
 		return nil, err
 	}
 
-	// unmarshal claims
-	var userProfile authrequest.Claims
-	if err := idToken.Claims(&userProfile); err != nil {
+
+	var claimInft interface{}
+	if err := idToken.Claims(&claimInft); err != nil {
 		l.Error("failed to unmarshal claims from ID token", zap.Error(err))
 		return nil, err
 	}
 
+	userProfile, err := extractIdentityProfileTemplateVersion(ctx, claimInft, idp)
+
 	result := &ProcessedToken{
 		OriginalToken: token,
 		RawIDToken:    rawIDToken,
 		AccessToken:   token.AccessToken,
 		RefreshToken:  token.RefreshToken,
 		IDToken:       idToken,
-		Claims:        &userProfile,
+		Claims:        userProfile,
 	}
 
 	return result, nil
 }
+
+
+func extractIdentityProfileTemplateVersion(
+	ctx context.Context,
+	claimInft interface{},
+	idp *types.IdentityProvider,
+) (*authrequest.Claims, error){
+
+	l := logging.NewLogger(ctx)
+
+	var userProfile authrequest.Claims
+
+	mappedClaimInft, ok := claimInft.(map[string]interface{})
+	if !ok {
+		l.Error("failed to cast claims into type map[string]interface{}")
+		return nil, errors.New("failed to cast claims into type map[string]interface{}")
+	}
+
+	subjectTpl := template.New("")
+	subjectTplParsed, err := subjectTpl.Parse(idp.ClaimMappings.Subject)
+	if err != nil { return nil, err}
+	var subjectBuffer bytes.Buffer
+	if err := subjectTplParsed.Execute(&subjectBuffer, mappedClaimInft); err != nil {
+		l.Error("failed to execute template for subject claim", zap.Error(err))
+		return nil, err
+	}
+	subjectString := subjectBuffer.String()
+	if err != nil { return nil, err}
+	userProfile.Subject = subjectString
+
+	displayNameTpl := template.New("")
+	displayNameTplParsed, err := displayNameTpl.Parse(idp.ClaimMappings.DisplayName)
+	if err != nil { return nil, err}
+	var displayNameBuffer bytes.Buffer
+	if err := displayNameTplParsed.Execute(&displayNameBuffer, mappedClaimInft); err != nil {
+		l.Error("failed to execute template for displayName claim", zap.Error(err))
+		return nil, err
+	}
+	displayNameString := displayNameBuffer.String()
+	if err != nil { return nil, err}
+	userProfile.DisplayName = displayNameString
+
+	fullNameTpl := template.New("")
+	fullNameTplParsed, err := fullNameTpl.Parse(idp.ClaimMappings.FullName)
+	if err != nil { return nil, err}
+	var fullNameBuffer bytes.Buffer
+	if err := fullNameTplParsed.Execute(&fullNameBuffer, mappedClaimInft); err != nil {
+		l.Error("failed to execute template for FullName claim", zap.Error(err))
+		return nil, err
+	}
+	fullNameString := fullNameBuffer.String()
+	if err != nil { return nil, err}
+	userProfile.FullName = fullNameString
+
+	emailTpl := template.New("")
+	emailTplParsed, err := emailTpl.Parse(idp.ClaimMappings.Email)
+	if err != nil { return nil, err}
+	var emailBuffer bytes.Buffer
+	if err := emailTplParsed.Execute(&emailBuffer, mappedClaimInft); err != nil {
+		l.Error("failed to execute template for FullName claim", zap.Error(err))
+		return nil, err
+	}
+	emailString := emailBuffer.String()
+	if err != nil { return nil, err}
+	userProfile.Email = emailString
+
+	emailVerifiedTpl := template.New("")
+	emailVerifiedTplParsed, err := emailVerifiedTpl.Parse(idp.ClaimMappings.EmailVerified)
+	if err != nil { return nil, err}
+	var emailVerifiedBuffer bytes.Buffer
+	if err := emailVerifiedTplParsed.Execute(&emailVerifiedBuffer, mappedClaimInft); err != nil {
+		l.Error("failed to execute template for FullName claim", zap.Error(err))
+		return nil, err
+	}
+	emailVerifiedString := emailVerifiedBuffer.String()
+	emailVerifiedBool, _ := strconv.ParseBool(emailVerifiedString)
+	if err != nil { return nil, err}
+	userProfile.EmailVerified = emailVerifiedBool
+
+
+	return &userProfile, nil
+}
diff --git a/pkg/server/login/handlers/login/action_performing_auth_code_exchange_test.go b/pkg/server/login/handlers/login/action_performing_auth_code_exchange_test.go
new file mode 100644
index 000000000..226b1d38a
--- /dev/null
+++ b/pkg/server/login/handlers/login/action_performing_auth_code_exchange_test.go
@@ -0,0 +1,131 @@
+package login
+
+import (
+	"context"
+	"github.com/nrc-no/core/pkg/api/types"
+	"github.com/nrc-no/core/pkg/server/login/authrequest"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+var idp = types.IdentityProvider{
+	ID: "id",
+	Name: "name",
+	OrganizationID: "organizationId",
+	Domain: "domain",
+	ClientID: "clientId",
+	ClientSecret: "secret",
+	EmailDomain: "emailDomain",
+	Scopes: "scope1 scope2",
+	ClaimMappings: types.ClaimMappings{
+		Version       : "v1",
+		Subject       : "{{.SubjectFieldName}}",
+		DisplayName   : "{{.Title}} {{.FirstName}} {{.LastName}}",
+		FullName      : "{{.FirstName}} {{.LastName}}",
+		Email         : "{{.EmailFieldName}}",
+		EmailVerified : "{{.EmailVerifiedFieldName}}",
+	},
+}
+var idp2 = types.IdentityProvider{
+	ID: "id",
+	Name: "name",
+	OrganizationID: "organizationId",
+	Domain: "domain",
+	ClientID: "clientId",
+	ClientSecret: "secret",
+	EmailDomain: "emailDomain",
+	Scopes: "scope1 scope2",
+	ClaimMappings: types.ClaimMappings{
+		Version       : "v1",
+		Subject       : "SubjectFieldName",
+	},
+}
+
+
+func TestExtractIdentityProfile(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	tests := []struct {
+		name          string
+		claims        interface{}
+		idp           types.IdentityProvider
+		expect        authrequest.Claims
+		wantErr       bool
+	}{
+		{
+			name: "maps correctly",
+			claims: map[string]interface{}{
+				"SubjectFieldName": "subjectValue",
+				"Title": "Prof.",
+				"FirstName": "Neil",
+				"LastName": "Armstrong",
+				"EmailFieldName": "emailValue",
+				"EmailVerifiedFieldName": true,
+			},
+			idp: idp,
+			expect: authrequest.Claims{
+				Subject: "subjectValue",
+				DisplayName: "Prof. Neil Armstrong",
+				FullName: "Neil Armstrong",
+				Email: "emailValue",
+				EmailVerified: true,
+			},
+			wantErr: false,
+		},
+		{
+			name: "fails to map data if IDP claims are not setup correctly",
+			claims: map[string]interface{}{
+				"SubjectFieldName": "subjectValue",
+				"Title": "Prof.",
+				"FirstName": "Neil",
+				"LastName": "Armstrong",
+				"EmailFieldName": "emailValue",
+				"EmailVerifiedFieldName": true,
+			},
+			idp: idp2,
+			expect: authrequest.Claims{
+				Subject: "SubjectFieldName",
+				DisplayName: "",
+				FullName: "",
+				Email: "",
+				EmailVerified: false,
+			},
+			wantErr: false,
+		},
+		{
+			name: "fills profile with placeholders for missing data",
+			claims: map[string]interface{}{
+				"SubjectFieldName": "subjectValue",
+			},
+			idp: idp,
+			expect: authrequest.Claims{
+				Subject: "subjectValue",
+				DisplayName: "<no value> <no value> <no value>",
+				FullName: "<no value> <no value>",
+				Email: "<no value>",
+				EmailVerified: false,
+			},
+			wantErr: false,
+		},
+		{
+			name: "fails if claims is not a map[string]interface{}",
+			claims: 3,
+			idp: idp,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := extractIdentityProfileTemplateVersion(ctx, tt.claims, &tt.idp)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			if !assert.NoError(t, err) {
+				return
+			}
+			assert.Equal(t, tt.expect, *got)
+		})
+	}
+}
diff --git a/pkg/server/login/store/identity_profile.go b/pkg/server/login/store/identity_profile.go
new file mode 100644
index 000000000..9fd894441
--- /dev/null
+++ b/pkg/server/login/store/identity_profile.go
@@ -0,0 +1,11 @@
+package store
+
+type IdentityProfile struct {
+	ID                 string
+	IdentityProviderID string
+	Subject            string
+	DisplayName        string
+	FullName           string
+	Email              string
+	EmailVerified      bool
+}
diff --git a/pkg/server/login/store/interface.go b/pkg/server/login/store/interface.go
index dd99d84b5..7bdff5a91 100644
--- a/pkg/server/login/store/interface.go
+++ b/pkg/server/login/store/interface.go
@@ -4,9 +4,11 @@ import (
 	"context"
 	"errors"
 	"github.com/nrc-no/core/pkg/api/meta"
+	"github.com/nrc-no/core/pkg/logging"
 	"github.com/nrc-no/core/pkg/store"
 	"github.com/nrc-no/core/pkg/utils/pointers"
 	uuid "github.com/satori/go.uuid"
+	"go.uber.org/zap"
 	"gorm.io/gorm"
 )
 
@@ -15,8 +17,9 @@ type Interface interface {
 	CreateAuthRequest(ctx context.Context, authRequest *AuthRequest) (*AuthRequest, error)
 	UpdateAuthRequest(ctx context.Context, authRequest *AuthRequest) (*AuthRequest, error)
 	GetIdentity(ctx context.Context, id string) (*Identity, error)
-	FindOidcIdentifier(identifier string, identityProviderId string) (*CredentialIdentifier, error)
-	CreateOidcIdentity(issuer string, identifier string, initialAccessToken string, initialRefreshToken string, initialIdToken string) (*Identity, error)
+	FindOidcIdentifier(ctx context.Context, identifier string, identityProviderId string) (*CredentialIdentifier, error)
+	CreateOidcIdentity(ctx context.Context, issuer string, identifier string, initialAccessToken string, initialRefreshToken string, initialIdToken string) (*Identity, error)
+	CreateOidcIdentityProfile(ctx context.Context, profile IdentityProfile) error
 }
 
 type loginStore struct {
@@ -92,6 +95,7 @@ func (l *loginStore) GetIdentity(ctx context.Context, id string) (*Identity, err
 }
 
 func (l *loginStore) CreateOidcIdentity(
+	ctx context.Context,
 	issuer string,
 	identifier string,
 	initialAccessToken string,
@@ -138,7 +142,28 @@ func (l *loginStore) CreateOidcIdentity(
 
 }
 
+func (l *loginStore) CreateOidcIdentityProfile(
+	ctx context.Context,
+	profile IdentityProfile,
+) error {
+	logger := logging.NewLogger(ctx)
+
+	db, err := l.db.Get()
+	if err != nil {
+		logger.Error("failed to create database connection", zap.Error(err))
+		return err
+	}
+
+	if err := db.Create(&profile).Error; err != nil {
+		logger.Error("failed to create IdentityProfile in database", zap.Error(err))
+		return err
+	}
+
+	return nil
+}
+
 func (l *loginStore) FindOidcIdentifier(
+	ctx context.Context,
 	identifier string,
 	issuer string,
 ) (*CredentialIdentifier, error) {
diff --git a/pkg/server/login/store/interface_test.go b/pkg/server/login/store/interface_test.go
index 6a6059060..83164b3d8 100644
--- a/pkg/server/login/store/interface_test.go
+++ b/pkg/server/login/store/interface_test.go
@@ -1,6 +1,7 @@
 package store
 
 import (
+	"context"
 	"github.com/nrc-no/core/pkg/mocks"
 	"github.com/nrc-no/core/pkg/store"
 	"github.com/nrc-no/core/pkg/utils/pointers"
@@ -76,10 +77,11 @@ var identity3 = Identity{
 }
 
 func TestFindOidcIdentifier(t *testing.T) {
-
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 	s, _ := getStore(t)
 
-	id, err := s.FindOidcIdentifier("identifier-one", "provider1")
+	id, err := s.FindOidcIdentifier(ctx, "identifier-one", "provider1")
 	if !assert.NoError(t, err) {
 		return
 	}
@@ -95,8 +97,10 @@ func TestFindOidcIdentifier(t *testing.T) {
 }
 
 func TestFindOidcIdentifierWhenUserHasMany(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 	s, _ := getStore(t)
-	id, err := s.FindOidcIdentifier("identifier-two-b", "provider2")
+	id, err := s.FindOidcIdentifier(ctx, "identifier-two-b", "provider2")
 	if !assert.NoError(t, err) {
 		return
 	}
@@ -104,8 +108,10 @@ func TestFindOidcIdentifierWhenUserHasMany(t *testing.T) {
 }
 
 func TestFindOidcIdentifierWhenUserHasMultipleProviders(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 	s, _ := getStore(t)
-	id, err := s.FindOidcIdentifier("identifier-three-b", "provider3b")
+	id, err := s.FindOidcIdentifier(ctx, "identifier-three-b", "provider3b")
 	if !assert.NoError(t, err) {
 		return
 	}
diff --git a/pkg/server/login/store/migrate.go b/pkg/server/login/store/migrate.go
index f51d266ed..566797500 100644
--- a/pkg/server/login/store/migrate.go
+++ b/pkg/server/login/store/migrate.go
@@ -6,5 +6,6 @@ func Migrate(db *gorm.DB) error {
 	return db.AutoMigrate(
 		&Credential{},
 		&Identity{},
-		&CredentialIdentifier{})
+		&CredentialIdentifier{},
+		&IdentityProfile{})
 }
diff --git a/pkg/store/identity_provider.go b/pkg/store/identity_provider.go
index c2b7ae594..2b6a78efb 100644
--- a/pkg/store/identity_provider.go
+++ b/pkg/store/identity_provider.go
@@ -62,8 +62,12 @@ type IdentityProvider struct {
 }
 
 type ClaimMappings struct {
-	Version  string
-	Mappings map[string]string
+	Version       string
+	Subject       string
+	DisplayName   string
+	FullName      string
+	Email         string
+	EmailVerified string
 }
 
 func (c ClaimMappings) Value() (driver.Value, error) {
@@ -77,45 +81,10 @@ func (c *ClaimMappings) Scan(src interface{}) error {
 		return fmt.Errorf("failed to scan scan claims: value of type %T could not be converted to []byte", src)
 	}
 
-	var i interface{}
-	err := json.Unmarshal(source, &i)
+	err := json.Unmarshal(source, &c)
 	if err != nil {
 		return err
 	}
-
-	m, ok := i.(map[string]interface{})
-
-	if !ok {
-		return fmt.Errorf("failed to scan scan claims: value of type %T could not be converted to map[string]interface{}", i)
-	}
-
-	versionIntf, ok := m["Version"]
-	if ok {
-		versionStr, ok := versionIntf.(string)
-		if !ok {
-			return fmt.Errorf("version is not a string")
-		}
-		c.Version = versionStr
-	}
-
-	claimMappingsInft, ok := m["Mappings"]
-
-	c.Mappings = map[string]string{}
-
-	if ok {
-		claimMapping, ok := claimMappingsInft.(map[string]interface{})
-		if ok {
-
-			for key, elementIntf := range claimMapping {
-				claimStr, ok := elementIntf.(string)
-				if !ok {
-					return fmt.Errorf("claim mapping is not a string")
-				}
-				c.Mappings[key] = claimStr
-			}
-		}
-	}
-
 	return nil
 }
 
@@ -300,8 +269,12 @@ func mapIdentityProviderList(i IdentityProviders, keepClientSecrets bool) []*typ
 // mapIdentityProviderTo maps a store.IdentityProvider to a types.IdentityProvider
 func mapIdentityProviderTo(i *IdentityProvider, keepClientSecret bool) *types.IdentityProvider {
 	claimMappings := &types.ClaimMappings{
-		Version:  i.ClaimMappings.Version,
-		Mappings: i.ClaimMappings.Mappings,
+		Version: i.ClaimMappings.Version,
+		Subject       : i.ClaimMappings.Subject,
+		DisplayName   : i.ClaimMappings.DisplayName,
+		FullName      : i.ClaimMappings.FullName,
+		Email         : i.ClaimMappings.Email,
+		EmailVerified : i.ClaimMappings.EmailVerified,
 	}
 	result := &types.IdentityProvider{
 		ID:             i.ID,
@@ -322,8 +295,12 @@ func mapIdentityProviderTo(i *IdentityProvider, keepClientSecret bool) *types.Id
 // mapIdentityProviderFrom maps a types.IdentityProvider into a store.IdentityProvider
 func mapIdentityProviderFrom(i *types.IdentityProvider) *IdentityProvider {
 	claimMappings := &ClaimMappings{
-		Version:  i.ClaimMappings.Version,
-		Mappings: i.ClaimMappings.Mappings,
+		Version: i.ClaimMappings.Version,
+		Subject       : i.ClaimMappings.Subject,
+		DisplayName   : i.ClaimMappings.DisplayName,
+		FullName      : i.ClaimMappings.FullName,
+		Email         : i.ClaimMappings.Email,
+		EmailVerified : i.ClaimMappings.EmailVerified,
 	}
 	return &IdentityProvider{
 		ID:             i.ID,
diff --git a/pkg/store/migrate.go b/pkg/store/migrate.go
index 4d86c40e0..03059fe41 100644
--- a/pkg/store/migrate.go
+++ b/pkg/store/migrate.go
@@ -1,6 +1,8 @@
 package store
 
-import "gorm.io/gorm"
+import (
+	"gorm.io/gorm"
+)
 
 func Migrate(db *gorm.DB) error {
 	return db.AutoMigrate(