Attributes
Identity Attribute
There are 2 json files which distributes the identity in IDHub. One is Account.json for Accounts and Entitlement.json for Entitlements (This includes all entitlement types e.g. Groups, Roles, License etc)
| Attribute Name | Attribute Type | Attribute Description |
|---|---|---|
id | string | Unique Identifier of Identity |
name | string | Name of Identity |
endpoint | string | Endpoint name of Identity |
description | string | Description of Identity |
schema | string | Schema path of Identity |
Account Attribute
Below are the default attributes that Account.json can accommodate to fetch account related information from your Entra ID instance.
| Attribute Name | Attribute Type | Attribute Description | Required | Sample Value |
|---|---|---|---|---|
| city | string | The city in which the user is located. Maximum length is 128 characters. | False | Seattle |
| companyName | string | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters. | False | Contoso Ltd. |
| country | string | The country/region in which the user is located; for example, US or UK. Maximum length is 128 characters. | False | US |
| department | string | The name for the department in which the user works. Maximum length is 64 characters. | False | Information Technology |
| displayName | string | The name displayed in the address book for the user. This is usually the combination of the users first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. | True | John A. Doe |
| employeeHireDate | date | The date and time when the user was hired or will start work in case of a future hire. | False | 2023-06-15 |
| employeeId | string | The employee identifier assigned to the user by the organization. The maximum length is 16 characters. | False | EMP10293 |
| employeeType | string | Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. | False | Employee |
| externalUserState | string | For an external user invited to the tenant using the invitation API [https://docs.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0], this property represents the invited users invitation status. For invited users, the state can be PendingAcceptance or Accepted, or null for all other users. | False | Accepted |
| faxNumber | string | The fax number of the user. | False | +1 425-555-0199 |
| givenName | string | The given name (first name) of the user. Maximum length is 64 characters | False | John |
| jobTitle | string | The users job title. Maximum length is 128 characters. | False | Senior Systems Engineer |
| mailNickname | string | The mail alias for the user. This property must be specified when a user is created. Maximum length is 64 characters. | True | johndoe |
| mobilePhone | string | The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. Maximum length is 64 characters. | False | +1 206-555-0134 |
| postalCode | string | The postal code for the users postal address. The postal code is specific to the users country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. | False | 98109 |
| state | string | The state or province in the users address. Maximum length is 128 characters. | False | Washington |
| officeLocation | string | The street address of the users place of business. Maximum length is 1024 characters. | False | 500 Terry Ave N, Floor 3 |
| surname | string | "The users surname (family name or last name). Maximum length is 64 characters. | False | Doe |
| userPrincipalName | string | The user principal name (UPN) of the user. | True | john.doe@contoso.com |
| managerLogin | string | The login name of the manager | False | jane.smith@contoso.com |
| managerDisplayName | string | Display name of manager | False | Jane Smith |
Other Attributes
Other Attributes can be included by support team are discussed here
| Attribute Name | Attribute Type | Attribute Description |
|---|---|---|
membership | complex | List of the licenses that are assigned to the user. |
dirSyncEnabled | boolean | Indicates whether this user was synced from the on-premises directory. |
facsimileTelephoneNumber | string | Telephone number of the user's business fax machine. |
immutableId | string | Property used to associate an on-premises Active Directory user account to their Microsoft Entra ID user account. |
lastDirSyncTime | dateTime | Indicates the last time at which the user was synchronized with the on-premises directory. |
lastNonInteractiveSignInDateTime | dateTime | Indicates the last time a client signed in to the directory on behalf of a user. The timestamp represents date and time information always in UTC. For example, midnight UTC on Jan 1, 2022 is: 2022-01-01T00:00:00Z. |
lastSignInDateTime | dateTime | Indicates the last time a user signed in to the directory with an interactive authentication method. The timestamp represents date and time information always in UTC. For example, midnight UTC on Jan 1, 2022 is: 2022-01-01T00:00:00Z. |
signInNames | string | Specifies the collection of sign-in names for a local account in an Azure Active Directory B2C tenant. |
userIdentities | string | Specifies the collection of userIdentities for a social user account in an Azure Active Directory B2C tenant. |
creationType | string | Indicates whether the user account is a local account for an Azure Active Directory B2C tenant. |
onPremisesSecurityIdentifier | string | Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. |
otherMails | complex | A list of additional email addresses for the user. |
prefferedLanguage | string | Preferred written or spoken language for a person. |
userType | string | Type of the user. |
riskLevel | string | Level of the detected risky user. |
riskState | string | State of the user's risk. |
riskDetail | string | Details of the detected risk. |
riskLastUpdateDateTime | dateTime | The date and time that the risky user was last updated. |
Entitlement Attribute
Below are the default entitlement attributes that Entitlement.json can accommodate to fetch entitlements like Group, Roles etc from your Entra ID instance.
| Attribute Name | Attribute Type | Attribute Description | Required |
|---|---|---|---|
id | boolean | LICENSE~License Id or GROUP~Group Id or TEAM~Team Id or ROLE~Role Id | Yes |
externalId | string | A String that is an identifier for the resource as defined by the provisioning client. | |
displayName | string | Display Name of Entitlement. Maximum length: 256 characters | Yes |
type | string | LICENSE or GROUP or TEAM or ROLE | Yes |
meta | string | A complex attribute containing resource metadata with subattributesresourceType : The name of the resource type of the resourcecreated : The datetime that the resource was added to the service providerlastModified : The most recent datetime that the details of this resource were updated at the service provider. If this resource has never been modified since its initial creation, the value MUST be the same as the value of createdlocation : The URI where the resource is availableversion : The version of the resource being returned. | |
schemas | string | The schemasattribute is an array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure. This attribute may be used by parsers to define the attributes present in the JSON structure that is the body to an HTTP request or response. Each String value is an unique URI. | Yes |