User Claims#
User Claims are individual pieces of user data, like uid, email, firstName, etc., that are required by applications in order to identify a user. The Admin UI allows administrators to manage these user claims effectively.
The following fields are supported in the Person (attribute) creation form:
-
Name
- This field defines the internal name of the attribute.
-
Display Name
- A human-readable label for the attribute.
-
Description
- A short textual description explaining what the attribute is or how it is used.
-
Status
- Allows you to enable or disable attributes without deleting them
-
Data Type
- Defines the type of data the attribute holds. Common types include
string
,boolean
,numeric
, etc.
- Defines the type of data the attribute holds. Common types include
-
Edit Type
- Specifies who has permission to edit this attribute — either
ADMIN
orUSER
.
- Specifies who has permission to edit this attribute — either
-
View Type
- Specifies who can view this attribute in the UI —
ADMIN
orUSER
, or both.
- Specifies who can view this attribute in the UI —
-
Usage Type
- Defines the use case for the attribute
-
oxAuth Claim Name
- The name of the claim as it will appear in an OpenID Connect (OIDC) ID token or UserInfo response.
-
Multivalued?
- Boolean toggle to allow the attribute to store multiple values (e.g., a list of email addresses).
-
Hide On Discovery?
- Boolean setting that controls whether the attribute is shown on the
.well-known/openid-configuration
discovery endpoint.
- Boolean setting that controls whether the attribute is shown on the
-
Include In SCIM Extension?
- Boolean flag indicating whether the attribute should be part of the SCIM schema extension.
- Used to extend the SCIM (System for Cross-domain Identity Management) schema with custom attributes.
-
Enable Custom Validation for This Attribute?
- Toggle to activate custom validation rules like minimum/maximum length and regex.
- Helps enforce stricter formatting or content rules for this attribute. Must be enabled to use regex, min, or max length fields.
Regular expression:
- You can set a regex pattern to enforce the proper formatting of an attribute. For example, you could set a regex expression for an email attribute like this:
^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$
. - This would make sure that a value is added for the attribute only if it follows standard email formatting.
Minimum length:
- This is the minimum length of a value associated with this attribute.
Maximum length:
- This is the maximum length of a value associated with this attribute.
-
Saml1 URI
- Defines a URI for this attribute that is compatible with SAML 1.1 standards.
-
Saml2 URI
- Defines a URI for this attribute that is compatible with SAML 2.0 standards.