The function or feature discussed below is only relevant to members of the beta programme

User accounts and permission sets have attributes (data fields) associated with them such as an account holder's name and email address. The attributes that appear are controlled by the attribute schema which you can tweak for your domain via the schema editor.

The schema editor allows domain administrators to define additional attributes to be stored on accounts and permission sets. These custom attributes can be used for things such as:

These custom attributes are in addition to some 'core' attributes which are hard wired into the system. The core attributes cannot be edited and will appear in interfaces ahead of any custom fields you add.

If you look at the account create dialogue you will notice that all the mandatory fields appear on the same tab and the optional fields are similarly grouped together. Custom attributes you create via the schema editor will appear below the core fields on those two tabs based on whether or not you have set the required flag on them.

Whilst the list of optional core fields is long, it is expected that most of the custom attributes you will want to add will be ones you set as required so would appear below the small number of mandatory core attributes, which are:


Types of attribute you can add (and release to service providers)


Single or multi-line text fields for information such as identifiers or course codes


For drop-down lists of options for things like job roles, disciplines or other things to group on


For either / or questions such as whether someone is full time, or allowed to access the restricted section.

Email address

Similar to a single line text field but includes validation for an email address.


Similar to a single line text field but includes validation for a URL

IP address range

Similar to a multi line text field


Can have a default value of a number of days later

Releasing attributes

Each custom attribute has the potential to be released to service providers alongside the releasable core attributes. Whether or not it is released and to which resources is controlled by the release policy.

Anything to watch out for?

Modifications to your schema can have far-reaching consequences, especially if you have already added data; you should always plan out what you want to achieve before making changes.

When attributes are released they use the unique name you entered when the attribute was created and this cannot be edited. Should you need to change this name you would need to create a new attribute and migrate data either one account at a time or by using bulk download / upload tools.

Once you create a custom attribute you cannot remove it, only disable it. When you disable attributes they no longer appear in any interface including bulk upload, download and the API - any processes you have set up that expect that data will run into difficulty.