SCIM Provisioner

Supported attributes reference

The following standard SCIM attributes can be mapped for user provisioning. Different attributes will be supported depending on the target service.

Learn more about SCIM attributes in SCIM specification and the target service documentation.

Attribute Description

userName

A service provider’s unique identifier for the user.

This attribute is required.

givenName

The given name of the user, or first name in most Western languages (for example, 'Barbara' given the full name 'Ms. Barbara Jane Jensen, III').

familyName

The family name of the user, or last name in most Western languages (for example, 'Jensen' given the full name 'Ms. Barbara Jane Jensen, III').

middleName

The middle name(s) of the user (for example, "Jane" given the full name "Ms. Barbara Jane Jensen, III").

honorificPrefix

The honorific prefix(es) of the user, or title in most Western languages (for example, "Ms." given the full name "Ms. Barbara Jane Jensen, III").

honorificSuffix

The honorific suffix(es) of the user, or suffix in most Western languages (for example, "III" given the full name "Ms. Barbara Jane Jensen, III").

formattedName

The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (for example, "Ms. Barbara Jane Jensen, III").

workEmail

Work email for the user (for example, "bjensen@example.com").

homeEmail

Home email for the user (for example, "bjensen@example.com").

otherEmail

Other email for the user (for example, "bjensen@example.com").

displayName

The name of the user, suitable for display to end-users.

title

The user’s title, such as "Vice President".

externalId

A string that is an identifier for the resource as defined by the provisioning client.

password

This attribute is intended to be used as a means to set, replace, or compare (for example, filter for equality) a password.

preferredLanguage

Indicates the user’s preferred written or spoken languages and is generally used for selecting a localized user interface.

userType

Used to identify the relationship between the organization and the user. Typical values used might be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown", but any value may be used.

locale

Used to indicate the user’s default location for purposes of localizing such items as currency, date time format, or numerical representations.

nickName

The casual way to address the user in real life. For example,"Bob" or "Bobby" instead of "Robert".

profileUrl

A URI that is a uniform resource locator that points to a location representing the user’s online profile (for example, a web page).

profilePhotoUrl

A URI that is a uniform resource locator that points to the user’s profile photo. The resource MUST be a file (for example, a GIF, JPEG, or PNG image file) rather than a web page containing an image.

profileThumbnailUrl

A URI that is a uniform resource locator that points to the user’s profile thumbnail. The resource MUST be a file (for example, a GIF, JPEG, or PNG image file) rather than a web page containing an image.

timezone

The user’s time zone, in IANA Time Zone database format (for example, "America/Los_Angeles").

workPhone

The work phone number for the user (for example, "+1-201-555-0123").

mobilePhone

The mobile phone number for the user (for example, "+1-201-555-0123").

pagerPhone

The pager number for the user (for example, "+1-201-555-0123").

faxPhone

The fax number for the user (for example, "+1-201-555-0123").

homePhone

The home phone number for the user (for example, "+1-201-555-0123").

otherPhone

Another phone number that can be used to reach the user (for example, "+1-201-555-0123").

workStreetAddress

The work street address for the user, which may include house number, street name, P.O. box, and multi-line extended street address information.

workCity

The work city or locality component for the user’s mailing address.

workState

The work state or region component for the user’s mailing address.

workPostalCode

The work ZIP or postal code component for the user’s mailing address.

workCountry

The work country component for the user’s mailing address. When specified, the value MUST be in ISO 3166-1 "alpha-2" code format [ISO3166]; for example, the United States and Sweden are "US" and "SE", respectively.

workFormattedAddress

The user’s full work address, formatted for display.

homeStreetAddress

The home street address for the user, which may include house number, street name, P.O. box, and multi-line extended street address information.

homeCity

The home city or locality component for the user’s mailing address.

homeState

The home state or region component for the user’s mailing address.

homePostalCode

The home ZIP or postal code component for the user’s mailing address.

homeCountry

The home country component for the user’s mailing address. When specified, the value MUST be in ISO 3166-1 "alpha-2" code format [ISO3166]; for example, the United States and Sweden are "US" and "SE", respectively.

homeFormattedAddress

The user’s full home address, formatted for display.

otherStreetAddress

An alternate street address for the user, which may include house number, street name, P.O. box, and multi-line extended street address information.

otherCity

The alternate city or locality component for the user’s mailing address.

otherState

The alternate state or region component for the user’s mailing address.

otherPostalCode

The alternate ZIP or postal code component for the user’s mailing address.

otherCountry

The alternate country component for the user’s mailing address. When specified, the value MUST be in ISO 3166-1 "alpha-2" code format [ISO3166]; for example, the United States and Sweden are "US" and "SE", respectively.

otherFormattedAddress

The alternate address for the user, formatted for display.

qqIm

The QQ instant messaging address for the user.

skypeIm

The Skype instant messaging address for the user.

gtalkIm

The Google Talk instant messaging address for the user.

aimIm

The AOL Instant Messenger instant messaging address for the user.

icqIm

The ICQ instant messaging address for the user.

yahooIm

The Yahoo Messenger instant messaging address for the user.

msnIm

The MSN Messenger instant messaging address for the user.

xmppIm

The XMPP instant messaging address for the user.

entitlements

A list of entitlements for the user that represent a thing the user has. An entitlement may be an additional right to a thing, object, or service.

roles

A list of roles for the user that collectively represent who the user is. For example, "Student", "Faculty".

certificates

A list of certificates associated with the resource (for example, a user). Each value contains exactly one DER-encoded X.509 certificate (see Section 4 of [RFC5280]), which MUST be base64 encoded per Section 4 of [RFC4648].

employeeNumber

A string identifier, typically numeric or alphanumeric, assigned to a person, often based on order of hire or association with an organization.

costCenter

The cost center for the user.

organization

The organization for the user.

division

The division for the user.

department

The department for the user.

manager

The "id" of the SCIM resource representing the user’s manager.