diff --git a/pom.xml b/pom.xml
index 00cc0bb6e..8dbaaef2a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-admin</artifactId>
-    <version>6.13.38</version>
+    <version>6.13.39-alpha-247-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
index c60a08141..f35b09508 100644
--- a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
+++ b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
@@ -12,6 +12,7 @@ public enum OktaCustomScope {
     SITE_SYNC("uid2.admin.site-sync", Role.PRIVATE_OPERATOR_SYNC),
     METRICS_EXPORT("uid2.admin.metrics-export", Role.METRICS_EXPORT),
     ENCLAVE_REGISTRAR("uid2.admin.enclave-registrar", Role.ENCLAVE_REGISTRAR),
+    CLIENT_KEY_ISSUANCE("uid2.admin.client-key-issuance", Role.MAINTAINER),
     INVALID("invalid", Role.UNKNOWN);
     private final String name;
     private final Role role;
diff --git a/src/test/java/com/uid2/admin/auth/AdminAuthMiddlewareTest.java b/src/test/java/com/uid2/admin/auth/AdminAuthMiddlewareTest.java
index 8c9cc49ff..35c013415 100644
--- a/src/test/java/com/uid2/admin/auth/AdminAuthMiddlewareTest.java
+++ b/src/test/java/com/uid2/admin/auth/AdminAuthMiddlewareTest.java
@@ -256,7 +256,9 @@ private static Stream<Arguments> testAccessTokenUnauthorizedData() {
             Arguments.of(OktaCustomScope.SECRET_ROTATION.getName(), new Role[] {Role.SHARING_PORTAL}),
             Arguments.of(OktaCustomScope.SECRET_ROTATION.getName(), new Role[] {Role.PRIVATE_OPERATOR_SYNC}),
             Arguments.of(OktaCustomScope.SITE_SYNC.getName(), new Role[] {Role.SECRET_ROTATION}),
-            Arguments.of(OktaCustomScope.SITE_SYNC.getName(), new Role[] {Role.SHARING_PORTAL})
+            Arguments.of(OktaCustomScope.SITE_SYNC.getName(), new Role[] {Role.SHARING_PORTAL}),
+            Arguments.of(OktaCustomScope.CLIENT_KEY_ISSUANCE.getName(), new Role[] {Role.SUPER_USER}),
+            Arguments.of(OktaCustomScope.CLIENT_KEY_ISSUANCE.getName(), new Role[] {Role.PRIVILEGED})
         );
     }
 
@@ -279,7 +281,8 @@ private static Stream<Arguments> testAccessTokenGoodData() {
         return Stream.of(
           Arguments.of(OktaCustomScope.SS_PORTAL, OktaCustomScope.SS_PORTAL.getRole()),
           Arguments.of(OktaCustomScope.SECRET_ROTATION, OktaCustomScope.SECRET_ROTATION.getRole()),
-          Arguments.of(OktaCustomScope.SITE_SYNC, OktaCustomScope.SITE_SYNC.getRole())
+          Arguments.of(OktaCustomScope.SITE_SYNC, OktaCustomScope.SITE_SYNC.getRole()),
+          Arguments.of(OktaCustomScope.CLIENT_KEY_ISSUANCE, OktaCustomScope.CLIENT_KEY_ISSUANCE.getRole())
         );
     }
 
diff --git a/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java b/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java
index 400f3afcc..e01fbf322 100644
--- a/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java
+++ b/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java
@@ -14,6 +14,7 @@ private static Stream<Arguments> testFromNameData() {
             Arguments.of("uid2.admin.ss-portal", OktaCustomScope.SS_PORTAL),
             Arguments.of("uid2.admin.secret-rotation", OktaCustomScope.SECRET_ROTATION),
             Arguments.of("uid2.admin.site-sync", OktaCustomScope.SITE_SYNC),
+            Arguments.of("uid2.admin.client-key-issuance", OktaCustomScope.CLIENT_KEY_ISSUANCE),
             Arguments.of("dummy", OktaCustomScope.INVALID)
         );
     }