Supported user and group attributes
Attributes are pieces of information that help you define and identify individual user
or group objects, such as name
, email
, or
members
. IAM Identity Center supports most commonly used attributes regardless if they
are entered manually during user creation or when automatically provisioned using a
synchronization engine such as defined in the System for Cross-Domain Identity
Management (SCIM) specification. For more information about this specification, see
https://tools.ietf.org/html/rfc7642
Because IAM Identity Center supports SCIM for automatic provisioning use cases, the Identity Center directory supports all of the same user and group attributes that are listed in the SCIM specification, with a few exceptions. The following sections describe which attributes are not supported by IAM Identity Center.
User objects
All attributes from the SCIM user schema (https://tools.ietf.org/html/rfc7643#section-8.3
-
password
-
ims
-
photos
-
entitlements
-
x509Certificates
All sub-attributes for users are supported, except for the following:
-
'display'
sub-attribute of any multi-valued attribute (For example,emails
orphoneNumbers
) -
'version'
sub-attribute of'meta'
attribute
Group objects
All attributes from the SCIM group schema (https://tools.ietf.org/html/rfc7643#section-8.4
All sub-attributes for groups are supported, except for the following:
-
'display'
sub-attribute of any multi-valued attribute (For example, members).