diff --git a/app.js b/app.js
index 623d514..b7ed2f3 100644
--- a/app.js
+++ b/app.js
@@ -66,24 +66,30 @@ app
 app.post('/oauth/token', async (req, res) => {
   const date = Math.floor(Date.now() / 1000)
   if (req.body.grant_type === 'client_credentials' && req.body.client_id) {
-    const accessToken = await signToken({
-      iss: jwksOrigin,
-      aud: [audience],
-      sub: 'auth0|management',
-      iat: date,
-      exp: date + 7200,
-      azp: req.body.client_id
-    })
+    const claim = {}
+    claim[adminCustomClaim] = true
+    const accessToken = await signToken(
+      addCustomClaims('management@example.org', [claim], {
+        iss: jwksOrigin,
+        aud: [audience],
+        sub: 'auth0|management',
+        iat: date,
+        exp: date + 7200,
+        azp: req.body.client_id
+      })
+    )
 
-    const idToken = await signToken({
-      iss: jwksOrigin,
-      aud: req.body.client_id,
-      sub: 'auth0|management',
-      iat: date,
-      exp: date + 7200,
-      azp: req.body.client_id,
-      name: 'Management API'
-    })
+    const idToken = await signToken(
+      addCustomClaims('management@example.org', [claim], {
+        iss: jwksOrigin,
+        aud: req.body.client_id,
+        sub: 'auth0|management',
+        iat: date,
+        exp: date + 7200,
+        azp: req.body.client_id,
+        name: 'Management API'
+      })
+    )
 
     debug('Signed token for management API')