Configure additional attributes for MFA

When you define the attributes using the Additional Attributes for MFA options, CyberArk Identity maps these additional attributes to the Identity Administration portal and uses their values for MFA notification.

drak4btwn8

To add attributes:

Log in to the Identity Administration portal.
Click Settings > Authentication > Security Settings > Add button in the Additional Attributes for MFA area.
Select an attribute from the drop-down list.

Use the Custom attribute for other phone numbers, such as fax or IP phone. When you use the Custom attribute, the attribute name must match one in the Attr LDAP Name column as shown here.
Provide the relevant information based on the selected attribute.
Click Add.

The attribute is added to the associated table.
Click Save.

We import all Active Directory user attributes, but we only monitor and accept updates for the attributes listed in the following table.

Attributes	Attributes	Attributes
accountExpires	lockoutTime	otherMobile
c	mail	pager
cn	manager	primaryGroupID
co	member	postalCode
countryCode	memberOf	postOfficeBox
directReports	mobile	pwdlastset
distinguishedName	name	sAMAccountName
displayName	otherPager	sn
givenName	otherTelephone	st
groupType	otherMailbox	streetAddress
homePhone	otherFacsimileTelephoneNumber	userAccountControl
I	otherHomePhone	userPrincipalName
ipPhone	otherIpPhone	telephoneNumber
		wWWHomePage

The following table lists the Active Directory user attributes used by Office 365. Some of these attributes are duplicated in the above table.

Attributes	Attributes	Attributes
assistant	msExchArchiveName	msExchSenderHintTranslations
authOrig	msExchAssistantName	msExchTeamMailboxExpiration
c	msExchAuditAdmin	msExchTeamMailboxSharePointUrl
cn	msExchAuditDelegate	msExchUsageLocation
co	msExchAuditDelegateAdmin	msExchUserHoldPolicies
company	msExchAuditOwner	msRtcSip-ApplicationOptions
countryCode	msExchBlockedSendersHash	msRtcSip-DeploymentLocator
department	msExchBypassAudit	msRtcSip-Line
description	msExchBypassModerationFromDLMembersLink	msRtcSip-OptionFlags
displayName	msExchBypassModerationLink	msRtcSip-OwnerUrn
dLMemRejectPerms	msExchDelegateListLink	msRtcSip-PrimaryUserAddress
dLMemSubmitPerms	msExchElcExpirySuspensionEnd	msRtcSip-UserEnabled
extensionAttribute1	msExchElcExpirySuspensionStart	objectGUID
extensionAttribute2	msExchElcMailboxFlags	objectSid
extensionAttribute3	msExchEnableModeration	otherFacsimileTelephoneNumber
extensionAttribute4	msExchExtensionCustomAttribute1	otherHomePhone
extensionAttribute5	msExchExtensionCustomAttribute2	otherIPPhone
extensionAttribute6	msExchExtensionCustomAttribute3	otherMobile
extensionAttribute7	msExchExtensionCustomAttribute4	otherPager
extensionAttribute8	msExchExtensionCustomAttribute5	otherTelephone
extensionAttribute9	msExchHideFromAddressLists	pager
extensionAttribute10	msExchImmutableId	physicalDeliveryOfficeName
extensionAttribute11	msExchLitigationHoldDate	postalCode
extensionAttribute12	msExchLitigationHoldOwner	postOfficeBox
extensionAttribute13	msExchMailboxAuditEnable	preferredLanguage
extensionAttribute14	msExchMailboxAuditLogAgeLimit	proxyaddresses
extensionAttribute15	msExchMailboxGuid	publicDelegates
facsimileTelephoneNumber	msExchModeratedByLink	pwdLastSet
givenName	msExchModerationFlags	samaaccountname
homePhone	msExchRecipientDisplayType	sn
info	msExchRecipientTypeDetails	st
initials	msExchRemoteRecipientType	streetAddress
IPPhone	msExchRequireAuthToSendTo	targetAddress
legacyExchangeDN	msExchResourceCapacity	telephoneAssistant
mail	msExchResourceDisplay	telephoneNumber
manager	msExchResourceMetadata	thumbnailPhoto
middleName	msExchResourceSearchProperties	title
mobile	msExchRetentionComment	userAccountControl
msDS-HABSeniorityIndex	msExchRetentionURL	userCertificate
msDS-PhoneticDisplayName	msExchSafeRecipientsHash	userSMIMECertificate
msExchArchiveGuid	msExchSafeSendersHash	wWWHomePage