Add custom user attributes
In addition to the default user attributes, you can add custom ones and define the values for each user. The attributes can then be used to specify application access in the following ways:
- Define application login authentication rules (through scripting only).
For example, see Example: Use custom user attributes.
- Make attributes available to the application service provider (SP) for SAML user authentication (via scripting only).
For examples, see Example: Use custom user attributes.
You can add and define attributes for Active Directory/LDAP and CyberArk Cloud Directory users. The additional attributes are stored in CyberArk Identity only and not copied to Active Directory/LDAP. You must make all updates using the Identity Administration portal.
Add user attributes
To make attributes available for login authentication rules and SAML user authentication, you must first add them to the user table. You can add a maximum of 25 attributes.
- Log in to the Identity Administration portal
Click Settings > Customization > Additional Attributes.
The Additional Attributes page opens.
- Click Users tab > Add button.
Enter a Name for the attribute.The name must start with a letter and contain an underscore. For example,
Select User Editable if you want your users to edit the value from the User Portal.
Select the attribute Type from the drop-down list.
Numberallows whole numbers.
Number (decimal)allows numbers with decimals.
Textallows any string
True/Falseresults in a drop-down list for the attribute Value.
DateTimeresults in a date and time picker for the attribute Value.
- (Optional) Enter a Description for the attribute.
The new attribute displays on the Additional Attributes page.
You must define the attribute values for the relevant users before they can be authenticated using those attributes.
- Log in to the Identity Administration portal.
- Click Core Services > Users.
- Select the relevant user account.
Click Additional Attributes.
You should see the custom attributes you added.
Click the Value column associated with the attribute name that you want to define.
Enter free-form characters or select from the drop-down list depending on the value type, then press Enter.
For example, a boolean (True/False) attribute type will have a drop-down list, while a Text attribute type allows any string.