User identity attributes and properties reference

You may need to work with user identity attributes in PingOne Advanced Identity Cloud for the following reasons:

To customize the identity attribute display names shown in the user profile in the UI
To reference the identity attributes in scripts and API calls

The attribute and property names are not consistent between the underlying AM and IDM services. To address this, the reference tables depict the equivalent attribute.

Using the reference tables

If you write scripts for AM that access user profiles, then use AM attribute names. User profile script examples: OAuth2 access token modification; OIDC claims; decision node scripts for authentication journeys (trees).
If you write scripts for IDM that access managed objects, then use IDM property names. Managed object script examples: onUpdate, onCreate, onDelete, and so forth.
If you use APIs to access managed objects or user profiles:
- Calls to /am APIs must use AM attribute names.
- Calls to /openidm APIs must use IDM property names.

If you use the IDM admin UI to change the display name of a property, the change is reflected in both the IDM admin UI and the Advanced Identity Cloud admin UI; however, on the API side and in scripts, the generic names remain unchanged.

Reference tables

Basic user attributes

Display Name IDM Property AM Attribute

Display Name	IDM Property	AM Attribute
Username	`userName`	`uid`
Common Name	`cn`	`cn`
Display Name	`displayName`	`displayName`
Password	`password`	`userPassword`
Status	`accountStatus`	`inetUserStatus`
First Name	`givenName`	`givenName`
Last Name	`sn`	`sn`
Email Address	`mail`	`mail`
Description	`description`	`description`
Telephone Number	`telephoneNumber`	`telephoneNumber`
Address 1	`postalAddress`	`street`
City	`city`	`l`
State/Province	`stateProvince`	`st`
Postal Code	`postalCode`	`postalCode`
Country	`country`	`co`

Username

userName

uid

Common Name

cn

Display Name

displayName

Password

password

userPassword

Status

accountStatus

inetUserStatus

First Name

givenName

Last Name

sn

Email Address

mail

Description

description

Telephone Number

telephoneNumber

Address 1

postalAddress

street

City

city

l

State/Province

stateProvince

st

Postal Code

postalCode

Country

country

co

Additional user attributes

Description IDM Property AM Attribute

Description	IDM Property	AM Attribute
Alias list	`aliasList`	`iplanet-am-user-alias-list`
Applications	`applications`	`fr-idm-managed-application-member`
Applications I Own	`ownerOfApp`	`fr-idm-managed-application-owner`
Assigned dashboard	`assignedDashboard`	`assignedDashboard`
Assignments	`assignments`	`fr-idm-managed-assignment-member`
Consented Mappings	`consentedMappings`	`fr-idm-consentedMapping`
Direct Reports	`reports`	`manager`
Manager	`manager`	`fr-idm-managed-user-manager`
Authorization Roles	`authzRoles`	not available^[1]
Effective Assignments	`effectiveAssignments`	`fr-idm-effectiveAssignment`
Effective Applications	`effectiveApplications`	`fr-idm-effectiveApplications`
Effective Groups	`effectiveGroups`	`fr-idm-effectiveGroup`
Effective Roles	`effectiveRoles`	`fr-idm-effectiveRole`
Groups	`groups`	`fr-idm-managed-user-groups`
KBA	`kbaInfo`	`fr-idm-kbaInfo`
Preferences	`preferences`	`fr-idm-preferences`
Profile image	`profileImage`	`labeledURI`
Provisioning Roles	`roles`	`fr-idm-managed-user-roles`
Organizations I Administer	`adminOfOrg`	`fr-idm-managed-organization-admin`
Organizations I Own	`ownerOfOrg`	`fr-idm-managed-organization-owner`
Organizations to which I Belong	`memberOfOrg` `memberOfOrgIDs`	`fr-idm-managed-organization-member` `fr-idm-managed-user-memberoforgid`
Password Last Changed Time	`passwordLastChangedTime`	`pwdChangedTime`
Password Expiration Time	`passwordExpirationTime`	`pwdExpirationTime`
Task Proxies^[2]	`taskProxies`	n/a
Task Principals^[2]	`taskPrincipals`	`fr-idm-managed-user-task-principals`

Alias list

aliasList

iplanet-am-user-alias-list

Applications

applications

fr-idm-managed-application-member

Applications I Own

ownerOfApp

fr-idm-managed-application-owner

Assigned dashboard

assignedDashboard

Assignments

assignments

fr-idm-managed-assignment-member

Consented Mappings

consentedMappings

fr-idm-consentedMapping

Direct Reports

reports

manager

Manager

manager

fr-idm-managed-user-manager

Authorization Roles

authzRoles

not available^[1]

Effective Assignments

effectiveAssignments

fr-idm-effectiveAssignment

Effective Applications

effectiveApplications

fr-idm-effectiveApplications

Effective Groups

effectiveGroups

fr-idm-effectiveGroup

Effective Roles

effectiveRoles

fr-idm-effectiveRole

Groups

groups

fr-idm-managed-user-groups

KBA

kbaInfo

fr-idm-kbaInfo

Preferences

preferences

fr-idm-preferences

Profile image

profileImage

labeledURI

Provisioning Roles

roles

fr-idm-managed-user-roles

Organizations I Administer

adminOfOrg

fr-idm-managed-organization-admin

Organizations I Own

ownerOfOrg

fr-idm-managed-organization-owner

Organizations to which I Belong

memberOfOrg
memberOfOrgIDs

fr-idm-managed-organization-member
fr-idm-managed-user-memberoforgid

Password Last Changed Time

passwordLastChangedTime

pwdChangedTime

Password Expiration Time

passwordExpirationTime

pwdExpirationTime

Task Proxies^[2]

taskProxies

n/a

Task Principals^[2]

taskPrincipals

fr-idm-managed-user-task-principals

Description IDM Property AM Attribute

Description	IDM Property	AM Attribute
Notifications	`_notifications`	`fr-idm-managed-user-notifications`
Revision	`_rev`	`etag`
User Metadata	`_meta`	`fr-idm-managed-user-meta`
UUID	`_id`	`fr-idm-uuid`

Notifications

_notifications

fr-idm-managed-user-notifications

Revision

_rev

etag

User Metadata

_meta

fr-idm-managed-user-meta

UUID

_id

fr-idm-uuid

General purpose extension attributes

Strings

Display Name IDM Property AM Attribute

Display Name	IDM Property	AM Attribute
Generic Indexed String 1	`frIndexedString1`	`fr-attr-istr1`
Generic Indexed String 2	`frIndexedString2`	`fr-attr-istr2`
Generic Indexed String 3	`frIndexedString3`	`fr-attr-istr3`
Generic Indexed String 4	`frIndexedString4`	`fr-attr-istr4`
Generic Indexed String 5	`frIndexedString5`	`fr-attr-istr5`
Generic Unindexed String 1	`frUnindexedString1`	`fr-attr-str1`
Generic Unindexed String 2	`frUnindexedString2`	`fr-attr-str2`
Generic Unindexed String 3	`frUnindexedString3`	`fr-attr-str3`
Generic Unindexed String 4	`frUnindexedString4`	`fr-attr-str4`
Generic Unindexed String 5	`frUnindexedString5`	`fr-attr-str5`

Generic Indexed String 1

frIndexedString1

fr-attr-istr1

Generic Indexed String 2

frIndexedString2

fr-attr-istr2

Generic Indexed String 3

frIndexedString3

fr-attr-istr3

Generic Indexed String 4

frIndexedString4

fr-attr-istr4

Generic Indexed String 5

frIndexedString5

fr-attr-istr5

Generic Unindexed String 1

frUnindexedString1

fr-attr-str1

Generic Unindexed String 2

frUnindexedString2

fr-attr-str2

Generic Unindexed String 3

frUnindexedString3

fr-attr-str3

Generic Unindexed String 4

frUnindexedString4

fr-attr-str4

Generic Unindexed String 5

frUnindexedString5

fr-attr-str5

Multivalues

Display Name IDM Property AM Attribute

Display Name	IDM Property	AM Attribute
Generic Indexed Multivalue 1	`frIndexedMultivalued1`	`fr-attr-imulti1`
Generic Indexed Multivalue 2	`frIndexedMultivalued2`	`fr-attr-imulti2`
Generic Indexed Multivalue 3	`frIndexedMultivalued3`	`fr-attr-imulti3`
Generic Indexed Multivalue 4	`frIndexedMultivalued4`	`fr-attr-imulti4`
Generic Indexed Multivalue 5	`frIndexedMultivalued5`	`fr-attr-imulti5`
Generic Unindexed Multivalue 1	`frUnindexedMultivalued1`	`fr-attr-multi1`
Generic Unindexed Multivalue 2	`frUnindexedMultivalued2`	`fr-attr-multi2`
Generic Unindexed Multivalue 3	`frUnindexedMultivalued3`	`fr-attr-multi3`
Generic Unindexed Multivalue 4	`frUnindexedMultivalued4`	`fr-attr-multi4`
Generic Unindexed Multivalue 5	`frUnindexedMultivalued5`	`fr-attr-multi5`

Generic Indexed Multivalue 1

frIndexedMultivalued1

fr-attr-imulti1

Generic Indexed Multivalue 2

frIndexedMultivalued2

fr-attr-imulti2

Generic Indexed Multivalue 3

frIndexedMultivalued3

fr-attr-imulti3

Generic Indexed Multivalue 4

frIndexedMultivalued4

fr-attr-imulti4

Generic Indexed Multivalue 5

frIndexedMultivalued5

fr-attr-imulti5

Generic Unindexed Multivalue 1

frUnindexedMultivalued1

fr-attr-multi1

Generic Unindexed Multivalue 2

frUnindexedMultivalued2

fr-attr-multi2

Generic Unindexed Multivalue 3

frUnindexedMultivalued3

fr-attr-multi3

Generic Unindexed Multivalue 4

frUnindexedMultivalued4

fr-attr-multi4

Generic Unindexed Multivalue 5

frUnindexedMultivalued5

fr-attr-multi5

Dates

Display Name IDM Property AM Attribute

Display Name	IDM Property	AM Attribute
Generic Indexed Date 1	`frIndexedDate1`	`fr-attr-idate1`
Generic Indexed Date 2	`frIndexedDate2`	`fr-attr-idate2`
Generic Indexed Date 3	`frIndexedDate3`	`fr-attr-idate3`
Generic Indexed Date 4	`frIndexedDate4`	`fr-attr-idate4`
Generic Indexed Date 5	`frIndexedDate5`	`fr-attr-idate5`
Generic Unindexed Date 1	`frUnindexedDate1`	`fr-attr-date1`
Generic Unindexed Date 2	`frUnindexedDate2`	`fr-attr-date2`
Generic Unindexed Date 3	`frUnindexedDate3`	`fr-attr-date3`
Generic Unindexed Date 4	`frUnindexedDate4`	`fr-attr-date4`
Generic Unindexed Date 5	`frUnindexedDate5`	`fr-attr-date5`

Generic Indexed Date 1

frIndexedDate1

fr-attr-idate1

Generic Indexed Date 2

frIndexedDate2

fr-attr-idate2

Generic Indexed Date 3

frIndexedDate3

fr-attr-idate3

Generic Indexed Date 4

frIndexedDate4

fr-attr-idate4

Generic Indexed Date 5

frIndexedDate5

fr-attr-idate5

Generic Unindexed Date 1

frUnindexedDate1

fr-attr-date1

Generic Unindexed Date 2

frUnindexedDate2

fr-attr-date2

Generic Unindexed Date 3

frUnindexedDate3

fr-attr-date3

Generic Unindexed Date 4

frUnindexedDate4

fr-attr-date4

Generic Unindexed Date 5

frUnindexedDate5

fr-attr-date5

Integers

Display Name IDM Property AM Attribute

Display Name	IDM Property	AM Attribute
Generic Indexed Integer 1	`frIndexedInteger1`	`fr-attr-iint1`
Generic Indexed Integer 2	`frIndexedInteger2`	`fr-attr-iint2`
Generic Indexed Integer 3	`frIndexedInteger3`	`fr-attr-iint3`
Generic Indexed Integer 4	`frIndexedInteger4`	`fr-attr-iint4`
Generic Indexed Integer 5	`frIndexedInteger5`	`fr-attr-iint5`
Generic Unindexed Integer 1	`frUnindexedInteger1`	`fr-attr-int1`
Generic Unindexed Integer 2	`frUnindexedInteger2`	`fr-attr-int2`
Generic Unindexed Integer 3	`frUnindexedInteger3`	`fr-attr-int3`
Generic Unindexed Integer 4	`frUnindexedInteger4`	`fr-attr-int4`
Generic Unindexed Integer 5	`frUnindexedInteger5`	`fr-attr-int5`

Generic Indexed Integer 1

frIndexedInteger1

fr-attr-iint1

Generic Indexed Integer 2

frIndexedInteger2

fr-attr-iint2

Generic Indexed Integer 3

frIndexedInteger3

fr-attr-iint3

Generic Indexed Integer 4

frIndexedInteger4

fr-attr-iint4

Generic Indexed Integer 5

frIndexedInteger5

fr-attr-iint5

Generic Unindexed Integer 1

frUnindexedInteger1

fr-attr-int1

Generic Unindexed Integer 2

frUnindexedInteger2

fr-attr-int2

Generic Unindexed Integer 3

frUnindexedInteger3

fr-attr-int3

Generic Unindexed Integer 4

frUnindexedInteger4

fr-attr-int4

Generic Unindexed Integer 5

frUnindexedInteger5

fr-attr-int5

1. IDM authorization roles are not available through an AM attribute. To make role-based decisions in your scripts, use the groups attribute instead.

2. Requires IGA, which is an add-on capability.