Attributes
Identity Attribute
There are 2 json files which distributes the identity in IDHub. One is Account.json for Accounts and Entitlement.json for Entitlements (This includes all entitlement types e.g. Groups, Roles, License etc)
Attribute Name | Attribute Type | Attribute Description |
---|---|---|
id | string | Unique Identifier of Identity |
name | string | Name of Identity |
endpoint | string | Endpoint name of Identity |
description | string | Description of Identity |
schema | string | Schema path of Identity |
Account Attribute
Below are the default attributes that Account.json can accommodate to fetch account related information from your Entra ID instance.
Attribute Name | Attribute Type | Attribute Description | Required |
---|---|---|---|
accountEnabled | boolean | True if the user is enabled; otherwise, false. | Yes |
city | string | City in which the user is located. | |
country | string | Country/region in which the user is located. | |
department | string | Name for the department the user belongs to. | |
displayName | string | Name displayed in the address book for the user. | Yes |
employeeId | string | Numerically identifies an employee within an organization. | |
givenName | string | First name of an user. | |
jobTitle | string | User’s job title. | |
mail | string | The SMTP address for the user. For example, john@abcd.onmicrosoft.com | |
mailNickname | string | Mail alias for the user. | Yes |
managerDisplayName | string | Manager of the user. (Type: String). The Microsoft Entra ID connector provides support for provisioning the manager attribute. | |
managerLogin | string | Manager’s mail nickname of the user. | |
mobilePhone | string | Primary cellular telephone number for the user. | |
meta | complex | A complex attribute containing resource metadata with subattributesresourceType - The name of the resource type of the resource. created - The DateTime that the resource was added to the service provider lastModified - The most recent DateTime that the details of this resource were updated at the service provider. If this resource has never been modified since its initial creation, the value MUST be the same as the value of created location - The URI where the resource is available version - The version of the resource being returned. | |
id | string | Unique identifier for the user. This is an Account ID which must not be changed. | Yes |
schemas | string | Unique value of the user | |
officeLocation | string | Office location in the user's place of business. | |
postalCode | string | ZIP OR postal code for the user's postal address. | |
state | string | State or province in the user's address. | |
streetAddress | string | Street address of the user's place of business. | |
surname | string | Last name of the user. | |
telephoneNumber | string | Primary telephone number of the user's place of business. | |
usageLocation | string | A two letter country code indicating usage location. | |
userPrincipalName | string | User principal name (UPN) of the user. | Yes |
Other Attributes
Other Attributes can be included by support team are discussed here
Attribute Name | Attribute Type | Attribute Description |
---|---|---|
membership | complex | List of the licenses that are assigned to the user. |
dirSyncEnabled | boolean | Indicates whether this user was synced from the on-premises directory. |
facsimileTelephoneNumber | string | Telephone number of the user's business fax machine. |
immutableId | string | Property used to associate an on-premises Active Directory user account to their Microsoft Entra ID user account. |
lastDirSyncTime | dateTime | Indicates the last time at which the user was synchronized with the on-premises directory. |
lastNonInteractiveSignInDateTime | dateTime | Indicates the last time a client signed in to the directory on behalf of a user. The timestamp represents date and time information always in UTC. For example, midnight UTC on Jan 1, 2022 is: 2022-01-01T00:00:00Z . |
lastSignInDateTime | dateTime | Indicates the last time a user signed in to the directory with an interactive authentication method. The timestamp represents date and time information always in UTC. For example, midnight UTC on Jan 1, 2022 is: 2022-01-01T00:00:00Z . |
signInNames | string | Specifies the collection of sign-in names for a local account in an Azure Active Directory B2C tenant. |
userIdentities | string | Specifies the collection of userIdentities for a social user account in an Azure Active Directory B2C tenant. |
creationType | string | Indicates whether the user account is a local account for an Azure Active Directory B2C tenant. |
onPremisesSecurityIdentifier | string | Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. |
otherMails | complex | A list of additional email addresses for the user. |
prefferedLanguage | string | Preferred written or spoken language for a person. |
userType | string | Type of the user. |
riskLevel | string | Level of the detected risky user. |
riskState | string | State of the user's risk. |
riskDetail | string | Details of the detected risk. |
riskLastUpdateDateTime | dateTime | The date and time that the risky user was last updated. |
Entitlement Attribute
Below are the default entitlement attributes that Entitlement.json can accommodate to fetch entitlements like Group, Roles etc from your Entra ID instance.
Attribute Name | Attribute Type | Attribute Description | Required |
---|---|---|---|
id | boolean | LICENSE~License Id or GROUP~Group Id or TEAM~Team Id or ROLE~Role Id | Yes |
externalId | string | A String that is an identifier for the resource as defined by the provisioning client. | |
displayName | string | Display Name of Entitlement. Maximum length: 256 characters | Yes |
type | string | LICENSE or GROUP or TEAM or ROLE | Yes |
meta | string | A complex attribute containing resource metadata with subattributesresourceType : The name of the resource type of the resourcecreated : The datetime that the resource was added to the service providerlastModified : The most recent datetime that the details of this resource were updated at the service provider. If this resource has never been modified since its initial creation, the value MUST be the same as the value of created location : The URI where the resource is availableversion : The version of the resource being returned. | |
schemas | string | The schemas attribute is an array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure. This attribute may be used by parsers to define the attributes present in the JSON structure that is the body to an HTTP request or response. Each String value is an unique URI. | Yes |