Retrieving the user’s directory attributes

The LoginUser object offers a single method, Get(), that retrieves any one of the current user’s attributes. It takes as its argument a string that specifies the key of the attribute to retrieve. LoginUser.Get(“mail”), for example, returns the user’s email address as stored in Active Directory.

When LoginUser.Get() executes, the Privileged Access Service contacts the source directory through the connector for the user’s organization and retrieves the attribute. If, for example, an Active Directory user has logged into the Admin Portal as a member of the Acme organization, executing LoginUser.Get() during one of that user’s log-on sessions contacts the Acme Active Directory service through the connector set up in Acme’s internal network. If a Privileged Access Service user has logged in, executing LoginUser.Get() queries the Cloud Directory Service (CDS).

Note:   Not all attributes are common between directory services. If you have uses managed by different directory services (for example, AD and LDAP), use the LoginUser.ServiceType or Login.User.ServiceName properties to determine the user’s source directory and then get the appropriate attribute key. Refer to LoginUser object for more information.


if(LoginUser.ServiceType == 'LDAPProxy'){
    UserIdentifier = LoginUser.Get('uid');
} else {
    UserIdentifier = LoginUser.Username;


The preceding example checks to see if the user is managed by LDAP. If the user’s service type is LDAPProxy, the script gets the current user’s UID attribute, otherwise it uses the LoginUser.Username property.