Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

User accounts and permission sets have attributes (data fields) associated with them such as name and email address. The attributes that appear are controlled by the attribute schema and you can now tweak that schema for your domain via the schema editor.

The schema editor allows domain administrators to define additional attributes to be stored on accounts and permission sets. These custom attributes can be used for:


  • First name
  • Last name
  • Email address

Types of attribute you can add and release


Single or multi-line text fields for information such as identifiers or course codes


For drop-down lists of options for things like job roles, disciplines or other things to group on


For either / or questions such as whether someone is full time, or allowed to access the restricted section.

Email address

Similar to a single line text field but includes validation for an email address.


Similar to a single line text field but includes validation for a URL

IP address range

Similar to a multi line text field


Can have a default value of a number of days later

Making attributes releasable

Each custom attribute can be set as releasable which means that our systems could pass that information on to the resource a user was accessing, subject to the release policy. If an attribute is not marked as releasable it will not appear in the release policy so cannot be released.

Anything to watch out for?

Modifications to your schema can have far-reaching consequences, especially once you have added data, so plan out what you want to achieve before making any changes.


Once you create a custom attribute you cannot remove it, only disable it. When you disable attributes they no longer appear in any interface including the API - i.e. they will not be returned by an API call, and any API call that tries to write to that attribute will fail.