Available user attributes reference

The Google IdP Adapter can retrieve the following user attributes from Google.

To retrieve a specific attribute, configure the Google IdP Adapter instance in two places:

On the IdP Adapter screen, select the Attribute Retrieval option for the attribute.
On the Extended Contract screen, add the attribute.

The email attribute is always available.

For more information about these attributes, see .google.com/admin-sdk/directory/v1/reference/users//[Users] in the Google documentation.

Attribute Retrieval: Email
Attribute Name	Description
`sub`	The subject identifier of the authenticated user.
`email`	The email address of the authenticated user. This value is retrieved from the ID token.

Attribute Retrieval: Basic Profile
Attribute Name	Description
`sub`	The subject identifier of the authenticated user.
`email`	The email address of the authenticated user. This value is retrieved from the ID token.
`name`	The user’s full name.
`given_name`	The user’s first name.
`family_name`	The user’s last name.
`locale`	The user’s preferred locale.
`hd`	The hosted domain name of the user’s G Suite account, such as `example.com`.
`email_verified`	A boolean flag that indicates the verification status of the user’s email address. A value of `true` means the email address is verified.

Attribute Retrieval: Extended Profile
Attribute Name	Description
`email`	The email address of the authenticated user. This value is retrieved from the ID token.
`kind`	Identifies this resource as a person in OpenID Connect format.
`id`	The user’s unique ID.
`givenName`	The user’s first name.
`familyName`	The user’s last name.
`fullName`	The user’s full name.
`externalIds`	The raw JSON string.
`groups`	A multi-value list of groups that the user is a member of.