User accounts and permission sets have attributes (data fields) associated with them such as name and email address. The attributes that appear are controlled by the attribute schema and you can now tweak that schema for your domain via the schema editor.
The schema editor allows domain administrators to define additional attributes to be stored on accounts and permission sets. These custom attributes can be used for:
- First name
- Last name
- Email address
Types of attribute you can add and release
Single or multi-line text fields for information such as identifiers or course codes
For drop-down lists of options for things like job roles, disciplines or other things to group on
For either / or questions such as whether someone is full time, or allowed to access the restricted section.
Similar to a single line text field but includes validation for an email address.
Similar to a single line text field but includes validation for a URL
IP address range
Similar to a multi line text field
Can have a default value of a number of days later
Making attributes releasable
Each custom attribute can be set as releasable which means that our systems could pass that information on to the resource a user was accessing, subject to the release policy. If an attribute is not marked as releasable it will not appear in the release policy so cannot be released.
Anything to watch out for?
Modifications to your schema can have far-reaching consequences, especially once you have added data, so plan out what you want to achieve before making any changes.
Once you create a custom attribute you cannot remove it, only disable it. When you disable attributes they no longer appear in any interface including the API - i.e. they will not be returned by an API call, and any API call that tries to write to that attribute will fail.