> ## Documentation Index
> Fetch the complete documentation index at: https://docs.seam.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Using User Identities to Scope Users' Device Access

> You can limit your users' access to a subset of devices.

First, create the [user identity](../../capability-guides/mobile-access/managing-mobile-app-user-accounts-with-user-identities#what-is-a-user-identity) that corresponds to your user. Configure the user identity with your internal user ID or other identifying information. Then, use the [Grant Access to Device](/api/user_identities/grant_access_to_device) method to assign the user identity access to specific devices.

After creating and configuring the user identity, create a [client session](/core-concepts/authentication/client-session-tokens/index) and capture the resulting [client session token](/core-concepts/authentication/client-session-tokens/index). When you use this token in your application, such as in a [Seam Component](/ui-components/overview/index), Seam limits you user's access to only the devices that you specified for the associated user identity.

<CodeGroup>
  ```javascript JavaScript theme={null}
  // Create the user identity.
  const user_identity = await seam.userIdentities.create({
      user_identity_key: "user-1"
  });

  // Grant the user identity access to a specific device.
  await seam.userIdentities.grantAccessToDevice(
      user_identity_id: user_identity.user_identity_id,
      // Specify the ID of the device that you want your
      // user to be able to access.
      device_id: "054765c8-a2fc-4599-b486-14c19f462c45"
  )

  // Create the client session.
  const client_session = await seam.clientSessions.create({
      user_identity_ids: [user_identity.user_identity_id]
  });

  // Use this token in your app.
  const token = client_session.token;
  ```

  ```bash cURL theme={null}
  # Create the user identity.
  user_identity=$(curl -X 'POST' \
    'https://connect.getseam.com/user_identities/create' \
    -H 'accept: application/json' \
    -H "Authorization: Bearer ${API_KEY}" \
    -H 'Content-Type: application/json' \
    -d '{
          "user_identity_key": "user-1"
    }')

  # Get the user identity ID.
  user_identity_id=$(echo $user_identity | jq -r '.user_identity.user_identity_id')

  # Grant the user identity access to a specific device.
  # For device_id, specify the ID of the device that you
  # want your user to be able to access.
  curl -X 'POST' \
    'https://connect.getseam.com/user_identities/grant_access_to_device' \
    -H 'accept: application/json' \
    -H 'Authorization: Bearer ${API_KEY}' \
    -H 'Content-Type: application/json' \
    -d "{
          \"user_identity_id\": \"$user_identity_id\",
          \"device_id\": \"054765c8-a2fc-4599-b486-14c19f462c45\"
    }"

  # Create the client session.
  client_session=$(curl -X 'POST' \
    'https://connect.getseam.com/client_sessions/create' \
    -H 'accept: application/json' \
    -H "Authorization: Bearer ${API_KEY}" \
    -H 'Content-Type: application/json' \
    -d "{
          \"user_identity_ids\": [\"$user_identity_id\"]
    }")

  # Get the resulting client session token and
  # use this token in your app.
  token=$(echo $client_session | jq -r '.client_session.token')
  ```

  ```python Python theme={null}
  # Create the user identity.
  user_identity = seam.user_identities.create(
      user_identity_key="user-1"
  )

  # Grant the user identity access to a specific device.
  seam.user_identities.grant_access_to_device(
      user_identity_id=user_identity.user_identity_id,
      # Specify the ID of the device that you want your
      # user to be able to access.
      device_id="054765c8-a2fc-4599-b486-14c19f462c45"
  )

  # Create the client session.
  client_session = seam.client_sessions.create(
      user_identity_ids=[user_identity.user_identity_id]
  )

  # Use this token in your app.
  token = client_session.token
  ```

  ```php PHP theme={null}
  // Create the user identity.
  $user_identity = $seam->user_identities->create(
    user_identity_key: "user-1"
  );

  // Grant the user identity access to a specific device.
  $seam->user_identities->grant_access_to_device(
      user_identity_id: $user_identity->user_identity_id,
      // Specify the ID of the device that you want your
      // user to be able to access.
      device_id: "054765c8-a2fc-4599-b486-14c19f462c45"
  );

  // Create the client session.
  $client_session = $seam->client_sessions->create(
    user_identity_ids: [$user_identity->user_identity_id]
  );

  // Use this token in your app.
  $token = $client_session->token;
  ```
</CodeGroup>
