Built-in attribute sources

Find information about built-in attributes.

Types of built-in attributes

are considered global or applicable to any Verify subscription.

Note: You cannot delete built-in attribute sources. However, you can perform limited editing on a built-in attribute. You can

Modify the tagging (Provisioning and Single sign-on).
Add more identity source credential maps.
Modify the default value.

Table 1. Built-in attribute sources
Name	Value	Description
`adaptive_risk_level`	`adaptive_risk_level`	The Adaptive Access risk level assessment in the current user session.
`department`	`department`	Name of the department where the user is a member.
`display_name`	`displayName`	The name of the user that is displayed.
`email`	`email`	Email address of the user where notification is sent.
`email_verified`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:emailVerified`	The field that indicates the timestamp when the user's email was verified.
`employee_id`	`employee_id`	Unique identifier of the user in the organization.
`enabled`	`enabled`	A Boolean value that indicates the user's administrative status.
`external_id`	`externalId`	The unique identifier for the user as defined by the provisioning client.
`family_name`	`family_name`	Surname of the user.
`fax_number`	`fax_number`	The user's fax number.
`given_name`	`given_name`	Given name of the user.
`groupIds`	`groups`	The list of groups that the user belongs to.
`home_number`	`home_number`	The user's home phone number.
`ibm:account_expiration`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:accountExpires`	The expiration date for the account. When the account expires, it is automatically set to inactive and cannot be used to log in.
`ibm:attatched_password_policy`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:attachedPasswordPolicy.value`	The password policy attached to the user.
`ibm:createTimestamp`	`meta.created`	A DateTime string that indicates when the user was created.
`ibm:deactivated`	`meta.deactivated`	A keyword that indicates why the user was deactivated.
`ibm:dynamic_groups`	`ibm:dynamic_groups`	The list of dynamic groups that the user belongs to.
`ibm:employeeType`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:userCategory`	The user category which is "regular" or "federated".
`ibm:homePostalAddress`	`addresses.formatted`	The formatted value of the home address.
`ibm:lastLogin`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:lastLogin`	The time a user last logged in.
`ibm:lastLoginRealm`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:lastLoginRealm`	The realm from which a user last logged in.
`ibm:lastLoginType`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:lastLoginType`	The type of login used when a user last logged in.
`ibm:linked_accounts`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:linkedAccounts`	An array of linked account information where each account has an externalId and realm.
`ibm:modifyTimestamp`	`mta.lastModified`	A DateTime string that indicates when the user was last modified.
`ibm:openbanking_intent_id`	`computed at runtime`	The unique identifier that binds the user’s authorization to an Open Banking transaction.
`ibm:pwdAccountLockedTime`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:pwdAccountLockedTime`	The field that indicates the timestamp when the user's password was locked. The value of this field is in milliseconds.
`ibm:pwdChangedTime`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:pwdChangedTime`	Indicates when the password changed for the current user entry.
`ibm:pwdFailureTime`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:pwdFailureTime`	Indicates a list of timestamps at which the user attempted to log in with the wrong password. The value of this field is in milliseconds and is read-only.
`ibm:pwdReset`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:pwdReset`	Indicates that the password is reset for the current user entry.
`ibm:threat_actionable_categories`	`critical/warning`	Actionable categories such as bots, and malware that were detected by threat intelligence.
`ibm:threat_actionable_ips`	`critical/warning`	Actionable IPs that were detected by threat intelligence.
`ibm:threat_all_failures`	`true/false`	All failures that were detected by threat intelligence.
`ibm:threat_compromised_credentials`	`critical/warning`	Compromised credentials that were detected by threat intelligence.
`ibm:threat_credentials_stuffing`	`critical/warning`	Credential stuffing attempts that were detected by threat intelligence.
`ibm:threat_is_suspicious_user`	`true/false`	A flag set by threat intelligence to indicate whether a user is suspicious.
`ibm:threat_login_deviations`	`critical/warning`	Login deviations that were detected by threat intelligence.
`ibm:threat_max_sev_reason`	`valid rule name`	The reason for the threat intelligence maximum severity alert.
`ibm:threat_multiple_failed_logins`	`critical/warning`	Multiple failed logins that were detected by threat intelligence.
`ibm:threat_severity`	`critical/warning`	The severity of the threat intelligence event.
`ibm:threat_xfe_risk_score(Remove like categories?)`	`float value`	The threat intelligence XFE risk score.
`job_title`	`job_title`	Job title of the user in the organization.
`language`	`preferredLanguage`	The user's preferred language.
`manager_uid`	`urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value`	The user Id of the user's manager.
`middle_name`	`name.middleName`	The user's middle name.
`mobile_number`	`mobile_number`	Mobile number of the user where notification is sent.
`name`	`name`	A combination of the `given_name` and `family_name`.
`pager_number`	`pager_number`	The user's pager number.
`preferred_username`	`preferred_username`	Username that is used to log in to the identity provider.
`realmName`	`realmName`	It is an identity provider attribute that helps distinguish users from multiple identity providers that have the same username. It uses the Realm value that is provided in the Authentication > Identity providers panel. For the following identity providers: Cloud Directory, the realm value is `cloudIdentityRealm`. IBMid, the realm value is `www.ibm.com`. SAML Enterprise, the realm value can be any unique name that you assigned when you created the identity provider. OnPrem LDAP, the realm value can be any unique name that you assigned when you created the identity provider. Apple, the realm value is `www.apple.com`. Baidu, the realm value is `www.baidu.com`. Facebook, the realm value is `www.facebook.com`. GitHub, the realm value is `www.github.com`. Google, the realm value is `www.google.com`. LinkedIn, the realm value is `www.linkedin.com`. QQ, the realm value is `www.qq.com`. Renren, the realm value is `www.renren.com`. WeChat, the realm value is `www.wechat.com`. Weibo, the realm value is `www.wiebo.com`. X, the realm value is `www.twitter.com`. Yahoo, the realm value is `www.yahoo.com`. If Realm was not defined in Identity providers, `realmName` is mapped to the SAML authentication request `realmName` attribute. If there is no incoming `realmName` attribute, `realmName` is derived from the SAML authentication response `saml:Issuer` data; the SAML issuer name.
`tenantId`	`tenantId`	A unique identifier (FQDN) that is assigned to the Verify subscription.
`uid`	`id`	Unique identifier of the user in the Verify cloud directory.
`unqualifiedUserName`	`urn:ietf:params:scim:schemas:extension:ibm:2.0:User:unqualifiedUserName`	The unqualified federated user name.
`upn`	`upn`	The User Principal Name.
`username`	`preferred_username`	The user' unique username.
`work_address`	`addresses.formatted`	The formatted value of the user' work address.
`work_country`	`addresses.country`	The country of the user' work address.
`work_locality`	`addresses.locality`	The user' work city or locality component.
`work_number`	`work_number`	The user' work phone number.
`work_postalcode`	`address.postalCode`	The user' work postal code.
`work_region`	`address.region`	The user' work region.
`work_street_address`	`address.streetAddress`	The user' work street address.