--- title: Create and modify managed object types description: If the managed object types provided in the default configuration don't meet your needs, you can create or modify them. component: pingoneaic page_id: pingoneaic:idm-objects:creating-modifying-managed-objects canonical_url: https://docs.pingidentity.com/pingoneaic/idm-objects/creating-modifying-managed-objects.html keywords: ["Data Object Model", "Schema"] section_ids: manage-object-ui: Create a managed object type using the IDM native admin console manage-object-types-rest: Create a managed object type using the REST API managed-objects-property-def-fields: Typical managed object property definition fields default-values-managed-obj: Default values --- # Create and modify managed object types If the managed object types provided in the default configuration don't meet your needs, you can create or modify them. Every object type has a `name` and a `schema` that describes the properties associated with that object. The `name` can only include the characters `a-z`, `A-Z`, `0-9`, and `_` (underscore). You can add any arbitrary properties to the schema. You can create or modify managed object type using the UI or the REST API. The Advanced Identity Cloud admin console is the recommended console for managing object types. Learn more in [Configure managed objects](../identities/configure-object-types.html). The IDM native admin console has limited functionality and doesn't support features such as relationship fields and enums. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Ping Identity recommends that you don't delete the default managed object types in your tenant. In many cases it can break your tenant.The IDM native admin console depends on the presence of the default managed object types and the default properties nested within them. If you remove any of these schema elements, and you use the IDM native admin console to configure IDM, you must modify the IDM native admin console code accordingly. For example, if you remove the `assignment` object type from the managed object configuration, the UI will throw exceptions wherever it queries this schema element. | ## Create a managed object type using the IDM native admin console To create a new managed object type in the IDM native admin console: 1. From the Advanced Identity Cloud admin console, select Native Consoles > Identity Management. 2. Click New Managed Object. 3. On the New Managed Object page, enter a name and readable title for the object, make optional changes, as necessary, and click Save. The readable title specifies what the object will be called in the UI. 4. On the Properties tab, specify the schema for the managed object (the properties that make up the object). 5. On the Scripts tab, specify any scripts that will be applied on events associated with that managed object. For example, scripts that will be run when an object of that type is created, updated, or deleted. > **Collapse: Example: managed object definition** > > ```json > { > "name": "Phone", > "schema": { > "$schema": "http://forgerock.org/json-schema#", > "type": "object", > "properties": { > "brand": { > "description": "The supplier of the mobile phone", > "title": "Brand", > "viewable": true, > "searchable": true, > "userEditable": false, > "policies": [], > "returnByDefault": false, > "pattern": "", > "isVirtual": false, > "type": [ > "string", > "null" > ] > }, > "assetNumber": { > "description": "The asset tag number of the mobile device", > "title": "Asset Number", > "viewable": true, > "searchable": true, > "userEditable": false, > "policies": [], > "returnByDefault": false, > "pattern": "", > "isVirtual": false, > "type": "string" > }, > "model": { > "description": "The model number of the mobile device, such as 6 plus, Galaxy S4", > "title": "Model", > "viewable": true, > "searchable": false, > "userEditable": false, > "policies": [], > "returnByDefault": false, > "pattern": "", > "isVirtual": false, > "type": "string" > } > }, > "required": [], > "order": [ > "brand", > "assetNumber", > "model" > ] > } > } > ``` To create a custom property: 1. In the Advanced Identity Cloud admin console, click Native Consoles > Identity Management. 2. Click the object type, for example Alpha\_user or Bravo\_user. 3. Click + Add a Property. This scrolls the page to the bottom and automatically focuses on the Name input field. 4. In the Name input field, enter a new property name prefixed with `custom_`; for example, enter `custom_department`. 5. In the Label input field, optionally enter a display name for the new property. 6. Click Save. To delete a custom property: 1. Delete all data stored in the custom property for all users, then run a full reconciliation. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you don't delete all data stored in the custom property **before** deleting the property, you might see errors when running subsequent reconciliations. | 2. In the Advanced Identity Cloud admin console, click Native Consoles > Identity Management. 3. Click the object type, for example Alpha\_user or Bravo\_user. 4. In the list of properties, find the row for the custom property that you want to delete: 1. Click the row's cross icon ([icon: times, set=fa]). 2. In the Delete Property confirmation modal, click Confirm. To customize an extension property: 1. In the Advanced Identity Cloud admin console, click Native Consoles > Identity Management. 2. Click the object type, for example, Alpha Realm - User or Bravo Realm - User. 3. Find an extension property that has one of the following default labels: * Generic Indexed String 1–20 or Generic Unindexed String 1–5 * Generic Indexed Multivalue 1–5 or Generic Multivalue String 1–5 * Generic Indexed Date 1–5 or Generic Date String 1–5 * Generic Indexed Integer 1–5 or Generic Integer String 1–5 | | | | - | --------------------------------------------------------------------------------------------- | | | If you need to make the property searchable, make sure you use an indexed extension property. | 4. Click the pen icon ([icon: pen, set=fa]) to edit the property. 5. In the Readable Title input field, enter a custom label. For example, `Department`. 6. Click Save. ## Create a managed object type using the REST API 1. Get the current managed object configuration *(tooltip: You can edit the managed object configuration over REST at the config/managed endpoint.)*: ```none curl \ --header "Authorization: Bearer " \ --header "Accept-API-Version: resource=1.0" \ --request GET \ "https:///openidm/config/managed" { "_id": "managed", "objects": [ {managed-config-object} ] } ``` 2. Make changes and replace the managed object configuration *(tooltip: You can edit the managed object configuration over REST at the config/managed endpoint.)*: ```none curl \ --header "Authorization: Bearer " \ --header "Content-type: application/json" \ --header "Accept-API-Version: resource=1.0" \ --request PUT \ --data '{ "_id": "managed", "objects": [ {managed-config-object} ] }' \ "https:///openidm/config/managed" { "_id": "managed", "objects": [ {managed-config-object} ] } ``` ## Typical managed object property definition fields The schema of a managed object describes the properties associated with that object. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | * Avoid using the dash character in property names (like `last-name`) because dashes in names make JavaScript syntax more complex. Instead, use "camel case" (`lastName`). If you can't avoid dash characters, write `source['last-name']` instead of `source.last-name` in your JavaScript. * Managed object properties that contain an underscore (`_`) are reserved for internal use. **Do not create** new properties that contain underscores, and do not include these properties in update requests. | * `title` The name of the property, in human-readable language, used to display the property in the UI. * `description` A brief description of the property. * `viewable` Specifies whether this property is viewable in the object's profile in the UI. Boolean, `true` or `false` (`true` by default). * `searchable` Specifies whether this property can be searched in the UI. A searchable property is visible in the end-user UI. Boolean, `true` or `false` (`false` by default). | | | | - | --------------------------------------------------------------------------------------------------------------------------------- | | | Do not modify the searchable setting on properties in the default managed object schema, unless otherwise noted in documentation. | * `userEditable` Specifies whether users can edit the property value in the UI. This property applies in the context of the End User UI, where users are able to edit certain properties of their own accounts. Boolean, `true` or `false` (`false` by default). * `pattern` Any specific pattern to which the value of the property must adhere. For example, a property whose value is a date might require a specific date format. * `policies` Any policy validation that must be applied to the property. * `required` Specifies whether the property must be supplied when an object of this type is created. Boolean, `true` or `false`. > **Collapse: To set a property as in the Advanced Identity Cloud admin console:** > > 1. In the Advanced Identity Cloud admin console, go to Identities > Configure. > > 2. Select the object type, for example, Alpha Realm - User or Bravo Realm - User. > > 3. Click the Properties tab. > > 4. Click the property you want to update. > > 5. On the Details tab, select the Required checkbox. > > 6. Click Save. > **Collapse: To set a property as in the IDM native admin console:** > > 1. In the left menu, go to Native Consoles > Identity Management. > > 2. Select the managed object, for example, Alpha Realm - User or Bravo Realm - User. A list of the properties in the managed object displays. The Required column displays which properties Advanced Identity Cloud currently requires. > > 3. Click the property you want to update. > > 4. In the Details tab, enable the Required field. > > 5. Click Save. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The `required` policy is assessed only during object creation, not when a managed object is updated. You can effectively bypass the policy by updating the managed object and supplying an empty value for that property. To prevent this inconsistency, set both `required` and `notEmpty` to `true` for required properties. This configuration indicates that the property must exist, and must have a value. | * `type` The data type for the property value; can be `string`, `array`, `boolean`, `integer`, `number`, `object`, `Resource Collection`, or `null`. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If any user might not have a value for a specific property (such as a `telephoneNumber`), you must include `null` as one of the property *types*. You can set a null property type in the UI:- In the Advanced Identity Cloud admin console: Identities > Configure > *identity\_object*, select the property, and under the Property Value tab, Show Advanced, select Nullable. - In the IDM native admin console: Configure > Managed Objects > User, select the property, and under the Property Value tab, Show Advanced, select `Nullable` to `true`.You can also set a null property type in your managed object configuration by setting `"type" : '[ "string","null" ]'` for that property (where `string` can be any other valid property type. This information is validated by the policy service.If you're configuring a data `type` of `array` through the Advanced Identity Cloud admin console or IDM native admin console, you're limited to two values. | * `isVirtual` Specifies whether the property takes a static value, or whether its value is calculated "on the fly" as the result of a script. Boolean, `true` or `false`. * `returnByDefault` For non-core attributes (virtual attributes and relationship fields), specifies whether the property is returned in the results of a query on an object of this type *if it is not explicitly requested*. Virtual attributes and relationship fields are not returned by default. Boolean, `true` or `false`. When the property is in an array within a relationship, always set to `false`. - `default` Specifies a default value if the object is created without passing a value. Default values are available for the following data types, and arrays of those types: * boolean * number * object * string | | | | - | ---------------------------------------------------------------------------- | | | Advanced Identity Cloud assumes all default values are valid for the schema. | - `enum` []()Restricts a field's possible values to a defined set of options. `enum` is supported for `string` and `number` types, and for `array` types containing strings or numbers. To define `enum` values, add the `enum` property to the field's schema definition. You can do this using an API PUT request to the `/openidm/config/managed` endpoint or in the Advanced Identity Cloud admin console. Learn more in [Property settings reference](../identities/customize-object-types.html#property-settings-reference). You can't use the IDM native admin console to add, remove, or edit enums. In the following examples, the `string` type shows the JSON hierarchy of the property, while the others truncate everything except the property itself. * string * number * array of strings ```json { "_id": "managed", "objects": [ { ... "schema": { ... "properties": [ ... { "favoriteColor": { "enum": [ "red", "green", "blue" ], "title": "Favorite Color", "type": "string", "viewable": true, "searchable": false, "userEditable": true, "description": "Choose your favorite color", "format": null, "isVirtual": false }, ... ``` ```json { "custom_enum_single_number": { "title": "Rating", "description": "Select the best number", "type": "number", "viewable": true, "userEditable": true, "enum": [ 4, 8, 15, 16, 23, 42 ] } } ``` ```json { "custom_enum_array_string": { "title": "Preferred Colors", "description": "Choose your preferred colors", "type": "array", "viewable": true, "userEditable": true, "items": { (1) "type": "string", "enum": [ "red", "green", "blue", "yellow" ] } } } ``` | | | | ----- | --------------------------------------------------------------- | | **1** | The `enum` definition must be placed within the `items` object. | | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Labels and translations for `enum` values are not set within the managed object schema. They must be configured using the [translation override feature](../tenants/tenant-localize.html#translating-enum-values) using API POST requests to the `/openidm/config/uilocale/` endpoint. | ## Default values You can specify default values in the managed object schema. If you omit a value when creating an object, the default value is automatically applied to the object type. You can have default values for the following data types, and arrays of those types: * boolean * number * object * string For example, the default managed object schema includes a default value that makes `accountStatus:active`, which effectively replaces the `onCreate` script that was previously used to achieve the same result. The following excerpt from the managed object schema displays the default value for `accountStatus`: ```json "accountStatus" : { "title" : "Status", "description" : "Status", "viewable" : true, "type" : "string", "searchable" : true, "userEditable" : false, "usageDescription" : "", "isPersonal" : false, "policies" : [ { "policyId": "regexpMatches", "params": { "regexp": "^(active|inactive)$" } } ], "default" : "active" } ``` | | | | - | ---------------------------------------------------------------------------- | | | Advanced Identity Cloud assumes all default values are valid for the schema. |