Supported attributes reference

Page created: 1 Mar 2023 |

Page updated: 1 Mar 2023

| 4 min read

Product PingFederate Integration Google Language English Integration Content Type Product documentation Audience Administrator

The following table consists of the list of User attributes that can be mapped from the Attribute Mapping screen when configuring Outbound Provisioning channels.

Note:

All values are validated by Google and must meet their requirements. See API Reference in the Google Workspace Admin SDK documentation.

Attribute	Description
`primaryEmail`	The user’s primary email address. This field is required and unique; it cannot be an alias of another user or group.
`familyName`	The user’s last name. This field is required.
`givenName`	The user’s first name. This field is required.
`password`	The user’s initial password. Works with the `passwordHashFunction` attribute to support plain text and hashed passwords. Important: To force users to update their password the next time they sign on by setting their `changePasswordAtNextLogin` attribute to `true`. Note: A user's password can only be set when provisioning the user for the first time. The provisioner cannot manage it on subsequent updates.
`aliases`	List of user’s alias email addresses. Note: The maximum number of aliases a user may have is 30.
`includeInGlobalAddressList`	Indicates if the user’s profile is visible in the Google Apps global address list when the contact sharing feature is enabled for the domain. Valid values include: true false
`passwordHashFunction`	The hash format of the password attribute. Depending on the password type, do one of the following: For plain-text passwords, do not set a value for the `passwordHashFunction` attribute. For hashed passwords, set the `passwordHashFunction` attribute to the appropriate hash type. The supported values are: SHA-1 MD5 CRYPT None (blank) Note: Google recommends sending the password property value as a base 16 bit encoded hash value.
`orgUnitPath`	The full path of the parent organizational unit associated with the user. To add a user to the root OU, the `orgUnitPath` should be set to a forward slash (/). An example value for placing a user under an organization unit one level below the root, which is the domain and indicated with the forward slash (/), the value would be as follows: /example An example value for placing a user under an organizational unit two levels below the root: /first_level/second_level
`changePasswordAtNextLogin`	Indicates if the user is forced to change their password at next login. Valid options include: true false
`ipWhitelisted`	Indicates if the user’s IP address is whitelisted. Valid values include: true false
`isAdmin`	Indicates a user with super administrative privileges. Valid values include: true false Note: This field can only be set if a Super Admin account was used when generating the OAuth Access and Refresh Tokens used during the Connection configuration.
`orgName`	The name of an organization. Note: Versions 3.0.1 and later of the Google Workforce Connector supports a single organization on the user.
`orgDept`	Specifies the users department within the organization, such as sales or engineering.
`orgSymbol`	The text string value of the organization. For example, the text symbol for Google is GOOG.
`orgCostCenter`	The cost center of the user’s organization.
`orgDescription`	The description of the organization.
`orgDomain`	The domain the organization belongs to.
`orgTitle`	The user’s title within the organization such as member or engineer.
`orgLocation`	The physical location of the organization.
`addressStreet`	The user’s street address, such as 1600 Amphitheatre Parkway. Note: Versions 3.0.1 and later of the Google Workforce Connector supports a single address on the user.
`addressPostalCode`	The ZIP or postal code of the address.
`addressExtended`	The extended portion of an address, such as an address that includes a sub-region.
`addressCountryCode`	The country code of the address. Uses the ISO 3166-1 standard (http://www.iso.org/iso/iso-3166-1_decoding_table).
`addressLocality`	The town or city of the address.
`addressRegion`	The abbreviated province or state of the address.
`addressCountry`	The country of the address.
`addressPoBox`	The post office box of the address.
`addressFormatted`	A full and unstructured postal address. This is not synced with the structured address fields. For this single string attribute you can include any of the following values: Street address P.O. box City State/province ZIP/postal code Country/region Note: This attribute is only supported in version 3.2.1 or later of the provisioner.
`workPhone`	A human-readable phone number. It may be in any telephone format. Note: When a value is mapped to this field, a phone is created for the user of type `work`.
`workPager`	A human-readable phone number. It may be in any telephone format. Note: When a value is mapped to this field, a phone is created for the user of type `work_pager`.
`workFax`	A human-readable phone number. It may be in any telephone format. Note: When a value is mapped to this field, a phone is created for the user of type `work_fax`.
`workMobile`	A human-readable phone number. It might be in any telephone format. Note: When a value is mapped to this field, a phone is created for the user of type `work_mobile`.
`primaryPhone`	Indicates which phone is the user’s primary phone. Only one phone may be marked as the primary phone. Valid values include: `work` `work_pager` `work_mobile` `work_fax` When set, the corresponding phone (`workPhone`, `workPager`, `workMobile` or `workFax`) will have its primary field set to true.

Supported attributes reference - PingFederate

Google Workspace Provisioner