Attributes
Identity Attribute
There are 2 json files which distributes the identity in IDHub. One is Account.json for Accounts and Entitlement.json for Entitlements
| Attribute Name | Attribute Type | Attribute Description |
|---|---|---|
id | string | Unique Identifier of Identity |
name | string | Name of Identity |
endpoint | string | Endpoint name of Identity |
description | string | Description of Identity |
schema | string | Schema path of Identity |
Account Attribute
Below are the default attributes that Account.json can accommodate to fetch account related information from your Microsoft AD instance.
| Attribute Name | Attribute Type | Attribute Description | Required | Sample Value |
|---|---|---|---|---|
| id | string | A unique, immutable identifier assigned to the user object within Active Directory. | False | 3f1b5a72-2d4f-4a1b-9a77-9bfb1aab1234 |
| cn | string | The user’s canonical name within Active Directory, representing the user object’s distinguished naming attribute. | False | CN=john.doe,OU=Employees,DC=example,DC=com |
| company | string | The name of the organization or company the user is affiliated with. | False | Example Corporation |
| department | string | The internal department or business unit to which the user belongs. | False | Information Technology |
| displayName | string | The full display name shown in address lists, typically combining first and last name. | False | John Doe |
| givenName | string | The user’s legal first name as stored in Active Directory. | True | John |
| sn | string | The user’s surname or last name. | True | Doe |
| employeeID | string | A unique identifier assigned to the user by the organization for employment or HR purposes. | False | E12345 |
| employeeType | string | The classification of the user within the organization (e.g., Employee, Contractor, Vendor). | False | Employee |
| string | The primary email address associated with the user’s Active Directory account. | True | john.doe@example.com | |
| sAMAccountName | string | The Windows logon name used for legacy authentication and domain sign-in, limited to 20 characters. | True | jdoe |
| streetAddress | string | The first line of the user’s business or residential physical address. | False | 123 Main St |
| postOfficeBox | string | An optional P.O. Box number associated with the user’s mailing address. | False | PO Box 789 |
| l | string | The city component of the user’s physical or mailing address. | False | Seattle |
| st | string | The state or province component of the user’s address. | False | Washington |
| postalCode | string | The ZIP or postal code associated with the user’s address. | False | 98109 |
| co | string | The full name of the country where the user resides or works. | False | United States |
| telephoneNumber | string | The user’s primary business telephone number. | False | +1 206 555 0198 |
| title | string | The user’s formal job title or role within the organization. | False | Systems Administrator |
| userPrincipalName | string | The user’s sign-in identity in email-format (UPN), typically used for modern authentication. | False | john.doe@example.com |
| userAccountControl | string | A system attribute that defines the account status and user-level access flags (e.g., enabled/disabled). | False | 512 |
| managerLogin | string | The Active Directory login name of the user’s direct manager. | False | asmith |
| managerDisplayName | string | The full display name of the user’s direct manager. | False | Alice Smith |
| manager | string | The Distinguished Name (DN) of the user’s manager within Active Directory. | False | CN=Alice Smith,OU=Managers,DC=example,DC=com |
Other Attributes
Other Attributes can be included by support team are discussed here
| Attribute Name | Attribute Type | Attribute Description |
|---|---|---|
| initials | string | Middle Name/Initials |
| Description | string | Description |
| physicalDeliveryOfficeName | string | Office |
| wWWHomePage | string | Web Page |
| password | string | Password |
| c | string | Country 2 Digit Code - e.g., US |
| countryCode | string | Country Code - e.g., 840 for the US |
| memberOf | string | Add to Groups |
| removememberOf | string | Remove from Groups |
| accountExpires | string | Account Expires (use the same date format as the server) |
| userAccountControl | string | User Account Control |
| thumbnailPhoto / exchangePhoto (supports high resolution photos) / jpegPhoto / photo / thumbnailLogo | string | User Photo |
| profilePath | string | Profile Path |
| scriptPath | string | Login Script |
| homeDirectory | string | Home Folder |
| homeDrive | string | Home Drive |
| userWorkstations | string | Log on to |
| homePhone | string | Home |
| pager | string | Pager |
| mobile | string | Mobile |
| facisimileTelephoneNumber | string | Fax |
| ipPhone | string | IP Phone |
| info | string | Notes |
| title | string | Title |
| manager | string | Manager |
| mailNickName | string | Mail Alias |
| displayNamePrintable | string | Simple Display Name |
| msExchHideFromAddressLists | string | Hide from Exchange Address Lists |
| submissionContLength | string | Sending Message Size (KB) |
| delivContLength | string | Receiving Message Size (KB) |
| msExchRequireAuthToSendTo | string | Accept Messages from Authenticated Users Only |
| unauthOrig | string | Reject Messages From |
| authOrig | string | Accept Messages From |
| publicDelegates | string | Send on Behalf |
| altRecipient | string | Forward To |
| deliverAndRedirect | string | Deliver and Redirect |
| msExchRecipLimit | string | Recipient Limits |
| mDBuseDefaults | string | Use Mailbox Store Defaults |
| mDBStorageQuota | string | Issue Warning at (KB) |
| mDBOverQuotaLimit | string | Prohibit Send at (KB) |
| mDBOverHardQuotaLimit | string | Prohibit Send and Receive at (KB) |
| deletedItemFlags | string | Do not Permanently Delete Messages Until the Store Has Been Backed Up |
| garbageCollPeriod | string | Keep Deleted Items for (days) |
| msExchOmaAdminWirelessEnable | string | Outlook Mobile Access |
| protocolSettings | string | Outlook Web Access |
| tsAllowLogon | string | Allow Terminal Server Logon |
| tsProfilePath | string | Terminal Services Profile Path |
| tsHomeDir | string | Terminal Services Home Directory |
| tsInheritInitialProgram | string | Start the Following Program at Logon |
| tsInitialProgram | string | Starting Program File Name |
| tsWorkingDir | string | Start In |
| tsDeviceClientDrives | string | Connect Client Drive at Logon |
| tsDeviceClientPrinters | string | Connect Client Printer at Logon |
| tsDeviceClientDefaultPrinter | string | Default to Main Client Printer |
| tsTimeOutSettingsDisConnections | string | End Disconnected Session |
| tsTimeOutSettingsConnections | string | Active Session Limit |
| tsTimeOutSettingsIdle | string | Idle Session Limit |
| tsBrokenTimeOutSettings | string | When Session Limit Reached or Connection Broken |
| tsReConnectSettings | string | Allow Reconnection |
| tsShadowSettings | string | Remote Control |
| preventDeletion | string | Protect Accidental Deletion |
| managerCanUpdateMembers | string | Manager Can Update Members |
| primaryGroupID | string | Primary Group ID |
| msExchAdminGroup | string | Administrative Group |
| msExchHomeServerName | string | Exchange Server Name |
| managedBy | string | Managed By |
Entitlement Attribute
Below are the default entitlement attributes that Entitlement.json can accommodate to fetch entitlements like Group etc from your Microsoft AD instance.
| Attribute Name | Attribute Type | Attribute Description | Required |
|---|---|---|---|
cn | string | The name of the group. | Yes |
name | string | The name of the group. | Yes |
description | string | The description of the group | Yes |
wWWHomePage | string | This is the custom attribute for Client | |
schemas | string | The schemasattribute is an array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure. This attribute may be used by parsers to define the attributes present in the JSON structure that is the body to an HTTP request or response. Each String value is an unique URI. | Yes |