# Using User Identities to Scope Users' Device Access

First, create the [user identity](/latest/capability-guides/mobile-access/managing-mobile-app-user-accounts-with-user-identities.md#what-is-a-user-identity) that corresponds to your user. Configure the user identity with your internal user ID or other identifying information. Then, use the [Grant Access to Device](https://docs.seam.co/latest/api/user_identities/grant_access_to_device) method to assign the user identity access to specific devices.

After creating and configuring the user identity, create a [client session](/latest/core-concepts/authentication/client-session-tokens.md) and capture the resulting [client session token](/latest/core-concepts/authentication/client-session-tokens.md). When you use this token in your application, such as in a [Seam Component](/latest/ui-components/overview.md), Seam limits you user's access to only the devices that you specified for the associated user identity.

{% tabs %}
{% tab title="JavaScript" %}

```javascript
// Create the user identity.
const user_identity = await seam.userIdentities.create({
    user_identity_key: "user-1"
});

// Grant the user identity access to a specific device.
await seam.userIdentities.grantAccessToDevice(
    user_identity_id: user_identity.user_identity_id,
    // Specify the ID of the device that you want your
    // user to be able to access.
    device_id: "054765c8-a2fc-4599-b486-14c19f462c45"
)

// Create the client session.
const client_session = await seam.clientSessions.create({
    user_identity_ids: [user_identity.user_identity_id]
});

// Use this token in your app.
const token = client_session.token;
```

{% endtab %}

{% tab title="cURL" %}

```bash
# Create the user identity.
user_identity=$(curl -X 'POST' \
  'https://connect.getseam.com/user_identities/create' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer ${API_KEY}" \
  -H 'Content-Type: application/json' \
  -d '{
        "user_identity_key": "user-1"
  }')

# Get the user identity ID.
user_identity_id=$(echo $user_identity | jq -r '.user_identity.user_identity_id')

# Grant the user identity access to a specific device.
# For device_id, specify the ID of the device that you
# want your user to be able to access.
curl -X 'POST' \
  'https://connect.getseam.com/user_identities/grant_access_to_device' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer ${API_KEY}' \
  -H 'Content-Type: application/json' \
  -d "{
        \"user_identity_id\": \"$user_identity_id\",
        \"device_id\": \"054765c8-a2fc-4599-b486-14c19f462c45\"
  }"

# Create the client session.
client_session=$(curl -X 'POST' \
  'https://connect.getseam.com/client_sessions/create' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer ${API_KEY}" \
  -H 'Content-Type: application/json' \
  -d "{
        \"user_identity_ids\": [\"$user_identity_id\"]
  }")

# Get the resulting client session token and
# use this token in your app.
token=$(echo $client_session | jq -r '.client_session.token')
```

{% endtab %}

{% tab title="Python" %}

```python
# Create the user identity.
user_identity = seam.user_identities.create(
    user_identity_key="user-1"
)

# Grant the user identity access to a specific device.
seam.user_identities.grant_access_to_device(
    user_identity_id=user_identity.user_identity_id,
    # Specify the ID of the device that you want your
    # user to be able to access.
    device_id="054765c8-a2fc-4599-b486-14c19f462c45"
)

# Create the client session.
client_session = seam.client_sessions.create(
    user_identity_ids=[user_identity.user_identity_id]
)

# Use this token in your app.
token = client_session.token
```

{% endtab %}

{% tab title="PHP" %}

```php
// Create the user identity.
$user_identity = $seam->user_identities->create(
  user_identity_key: "user-1"
);

// Grant the user identity access to a specific device.
$seam->user_identities->grant_access_to_device(
    user_identity_id: $user_identity->user_identity_id,
    // Specify the ID of the device that you want your
    // user to be able to access.
    device_id: "054765c8-a2fc-4599-b486-14c19f462c45"
);

// Create the client session.
$client_session = $seam->client_sessions->create(
  user_identity_ids: [$user_identity->user_identity_id]
);

// Use this token in your app.
$token = $client_session->token;
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.seam.co/latest/ui-components/overview/using-user-identities-to-scope-users-device-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.