How to add and define user attributes

In addition to the default user attributes, you can add custom ones and define the values for each user. The attributes can then be used to specify application access in the following ways:

You can add and define attributes for Active Directory/LDAP and Centrify Directory users. The additional attributes are stored in Privileged Access Service only and not copied to Active Directory/LDAP. You must make all updates using the Admin Portal.

Important: You can add a maximum of 10 attributes.

ClosedAdd user attributes

To make attributes available for login authentication rules and SAML user authentication, you must first add them to the user table. You can add a maximum of 10 attributes.

  1. Log in to Admin Portal
  2. Click Settings > Users > Additional Attributes.

    The Additional Attributes page opens.

  3. Click Users tab > Add button.
  4. Enter a Name for the attribute.

    Important: The name must contain an underscore. For example, employee_status.

  5. Select the attribute Type from the drop-down list.

    • Number allows whole numbers.
    • Number (decimal) allows numbers with decimals.
    • Textallows any string
    • True/False results in a drop-down list for the attribute Value.
    • DateTime results in a date and time picker for the attribute Value.
  6. (Optional) Enter a Description for the attribute.
  7. Click Add.

    The new attribute displays on the Additional Attributes page.

ClosedDefine attributes

You must define the attribute values for the relevant users before they can be authenticated using those attributes.

  1. Log in to Admin Portal.
  2. Click Access > Users.
  3. Select the relevant user account.
  4. Click Additional Attributes.

    You should see the custom attributes you added.

  5. Click the Value column associated with the attribute name that you want to define.

  6. Enter free-form characters or select from the drop-down list depending on the value type, then press Enter.

    For example, a boolean (True/False) attribute type will have a drop-down list, while a Text attribute type allows any string.