User accounts and permission sets have attributes (data fields) associated with them such as name and email address. The attributes that appear are controlled by the attribute schema and you can now tweak that schema for your domain via the schema editor.

The schema editor allows domain administrators to define additional attributes to be stored on accounts and permission sets. These custom attributes can be used for:

These custom attributes are in addition to some 'core' attributes which are hard wired into the system. The core attributes cannot be edited and will appear in interfaces ahead of any custom fields you add.

If you look at the account create dialogue you will see that all the mandatory fields appear on the same tab and the optional fields are similarly grouped together. Custom attributes you create via the schema editor will appear below the core fields on those two tabs.


Whilst the list of optional core fields is long, it is expected that most of the custom attributes you will want to add will be ones you set as required so would appear below the small number of mandatory core attributes, which are:

Types of attribute you can add and release


Single or multi-line text fields for information such as identifiers or course codes


For drop-down lists of options for things like job roles, disciplines or other things to group on


For either / or questions such as whether someone is full time, or allowed to access the restricted section.

Email address

Similar to a single line text field but includes validation for an email address.


Similar to a single line text field but includes validation for a URL

IP address range

Similar to a multi line text field


Can have a default value of a number of days later

Making attributes releasable

Each custom attribute can be set as releasable which means that our systems could pass that information on to the resource a user was accessing, subject to the release policy. If an attribute is not marked as releasable it will not appear in the release policy so cannot be released.

Anything to watch out for?

Modifications to your schema can have far-reaching consequences, especially once you have added data, so plan out what you want to achieve before making any changes.

When attributes are released they use the unique name you entered when the attribute was created and this cannot be changed later. To do so you would need to create a new attribute and migrate data either one account at a time or by using bulk download / upload tools.

Once you create a custom attribute you cannot remove it, only disable it. When you disable attributes they no longer appear in any interface including the API - i.e. they will not be returned by an API call, and any API call that tries to write to that attribute will fail.