Add custom user attributes

In addition to the default user attributes, you can add custom ones and define the values for each user. The attributes can then be used to specify application access in the following ways:

You can add and define attributes for Active Directory/LDAP and CyberArk Cloud Directory users. The additional attributes are stored in CyberArk Identity only and not copied to Active Directory/LDAP. You must make all updates using the Identity Administration portal.

Add user attributes

To make attributes available for login authentication rules and SAML user authentication, you must first add them to the user table. You can add a maximum of 25 attributes.

  1. Log in to the Identity Administration portal
  2. Click Settings > Customization > Additional Attributes.

    The Additional Attributes page opens.

  3. Click Users tab > Add button.
  4. Enter a Name for the attribute.

    The name must start with a letter and contain an underscore. For example, employee_status.
  5. Select User Editable if you want your users to edit the value from the User Portal.

  6. Select the attribute Type from the drop-down list.

    • Number allows whole numbers.
    • Number (decimal) allows numbers with decimals.
    • Textallows any string
    • True/False results in a drop-down list for the attribute Value.
    • DateTime results in a date and time picker for the attribute Value.
  7. (Optional) Enter a Description for the attribute.
  8. Click Add.

    The new attribute displays on the Additional Attributes page.

Define attributes

You must define the attribute values for the relevant users before they can be authenticated using those attributes.

  1. Log in to the Identity Administration portal.
  2. Click Core Services > Users.
  3. Select the relevant user account.
  4. Click Additional Attributes.

    You should see the custom attributes you added.

  5. Click the Value column associated with the attribute name that you want to define.

  6. Enter free-form characters or select from the drop-down list depending on the value type, then press Enter.

    For example, a boolean (True/False) attribute type will have a drop-down list, while a Text attribute type allows any string.