diff --git a/core/authentication/JWTManager.py b/core/authentication/JWTManager.py
index 3f661a08bf7666baef50f3e907c901d57137bb11..e791141c487913e6ca771f95f56db9f649f5797f 100644
--- a/core/authentication/JWTManager.py
+++ b/core/authentication/JWTManager.py
@@ -2,7 +2,7 @@ import jwt
 import time
 
 
-def get_UID_PID(JWT, url):
+def get_UID_PID_ID_TOKEN(JWT, url):
     jwks_client = jwt.PyJWKClient(url)
     signing_key = jwks_client.get_signing_key_from_jwt(JWT)
     # wait for token to be valid
@@ -10,5 +10,18 @@ def get_UID_PID(JWT, url):
     data = jwt.decode(JWT,
                       signing_key.key,
                       algorithms=["RS256"],
+                      audience="aixCIlenz",
                       options={"verify_exp": False})
     return data["user_id"], data["project_id"]
+
+def get_UID_PID_CI_JOB_JWT(JWT, url):
+    jwks_client = jwt.PyJWKClient(url)
+    signing_key = jwks_client.get_signing_key_from_jwt(JWT)
+    # wait for token to be valid
+    time.sleep(2)
+    data = jwt.decode(JWT,
+                      signing_key.key,
+                      algorithms=["RS256"],
+                      options={"verify_exp": False})
+    return data["user_id"], data["project_id"]
+
diff --git a/core/job.py b/core/job.py
index 1d6738f0bd96b7290b99c078bdebd93639b954fa..9f784bfa07f7e6f1c56fbaf929c0c4ecfb4d1882 100644
--- a/core/job.py
+++ b/core/job.py
@@ -90,8 +90,18 @@ class Job:
         self.rt_utility_path = rep(settings["Runtime Utility Path"])
         self.scripts_path = f'{self.rt_utility_path}/scripts'
         if self.down_scoping:
-            uid, pid = jwt.get_UID_PID(get_cenv('CI_JOB_JWT'),
+            try:
+                uid, pid = jwt.get_UID_PID_ID_TOKEN(get_cenv('HPC_CI_TOKEN'),
+                                      f"{get_cenv('CI_SERVER_URL')}/-/jwks")
+            except:
+                logging.warn("id token HPC_CI_TOKEN, with aud: aixCIlence not defined.")
+                try:
+                    uid, pid = jwt.get_UID_PID_CI_JOB_JWT(get_cenv('CI_JOB_JWT'),
                                        f"{get_cenv('CI_SERVER_URL')}/-/jwks")
+                except:
+                    logging.error("No valid jwt available for verification")
+                    exit(1)
+
             self.account = man.get_account(get_cenv('CI_SERVER_URL'), pid, uid, self.key_path, self.map_path,
                                            self.aes_path)
             self.user_path = settings["User Path"].replace("$USER", self.account)
diff --git a/utility/.gitlab/.template.yml b/utility/.gitlab/.template.yml
index f62fdcdbb090491ed57eac332498c73ad143f018..78a6160e2456bf7ba7b342847dcfefcaa431d299 100644
--- a/utility/.gitlab/.template.yml
+++ b/utility/.gitlab/.template.yml
@@ -32,6 +32,10 @@ stages:          # List of stages for jobs, and their order of execution
 
 default:
   tags: [$RUNNER_TAG]
+  #  id_tokens:
+  # HPC_CI_TOKEN:
+  #   aud: aixCIlenz
+
 
 variables:
   SLURM_PARAM_TIMELIMIT: "-t 10:00"
@@ -214,6 +218,18 @@ fail-timeout-job:       # This job runs in the build stage, which runs first.
     - sleep 1200
   allow_failure: true
 
+idtoken-job:       # This job runs in the build stage, which runs first.
+  stage: build
+  id_tokens:
+    HPC_CI_TOKEN:
+      aud: aixCIlenz
+  variables:
+    SLURM_PARAM_CPUS: "-c 2"
+  script:
+    - module list
+    - echo "Compiling the code..."
+    - echo "Compile complete."
+
 build-job:       # This job runs in the build stage, which runs first.
   stage: build
   variables: