In addition to the default user attributes, you can add custom ones and define the values for each user. The attributes can then be used to specify application access in the following ways:
- Define application login authentication rules (through scripting only). For examples, see Example: Using custom user attributes.
- Make attributes available to the application service provider (SP) for SAML user authentication (via scripting only). For examples, see Example: Using custom user attributes.
You can add and define attributes for Active Directory/LDAP and Centrify Directory users. The additional attributes are stored in Privileged Access Service only and not copied to Active Directory/LDAP. You must make all updates using the Admin Portal.
Important: You can add a maximum of 10 attributes.
To make attributes available for login authentication rules and SAML user authentication, you must first add them to the user table. You can add a maximum of 10 attributes.
- Log in to Admin Portal
Click Settings > Users > Additional Attributes.
The Additional Attributes page opens.
- Click Users tab > Add button.
Enter a Name for the attribute.
Important: The name must contain an underscore. For example, employee_status.
Select the attribute Type from the drop-down list.
Numberallows whole numbers.
Number (decimal)allows numbers with decimals.
Textallows any string
True/Falseresults in a drop-down list for the attribute Value.
DateTimeresults in a date and time picker for the attribute Value.
- (Optional) Enter a Description for the attribute.
The new attribute displays on the Additional Attributes page.
You must define the attribute values for the relevant users before they can be authenticated using those attributes.
- Log in to Admin Portal.
- Click Access > Users.
- Select the relevant user account.
Click Additional Attributes.
You should see the custom attributes you added.
Click the Value column associated with the attribute name that you want to define.
Enter free-form characters or select from the drop-down list depending on the value type, then press Enter.
For example, a boolean (True/False) attribute type will have a drop-down list, while a Text attribute type allows any string.