About Microsoft Entra ID attribute fields

2024-12-10Last updated

When you synchronize an external system with Genetec ClearID™ using the System for Cross-domain Identity Management (SCIM) standard, your external system attributes are imported into ClearID identity attributes. The import uses the field mappings in Microsoft Entra ID.

Most of the ClearID identity fields are created as custom attributes.

You must prefix each field with: urn:ietf:params:scim:schemas:extension:clearid:2.0:User

Table 1. Identity attributes
Attribute fields Notes
Basic fields:

active

username

displayname
  • These basic fields are the only fields that we use from the SCIM base schema.
  • displayName is required in the mapping.
Base identity fields:

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:description

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:firstName

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:lastName

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:middleName

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:countryCode

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:email
  • firstName or lastName must be supplied in the mapping (the same as in the portal identity form).
  • email must be a valid email format to be created in the identity properly.
  • countryCode must be a 3-letter code. It’s best to use a constant value from Microsoft Entra ID for now.
CompanyData fields:

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:employeeNumber

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:secondaryEmail

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:cityOfResidence

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:stateOfResidence

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:zipCode

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:phoneNumberPrimary

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:phoneNumberSecondary
  • secondaryEmail must be a valid email format to be created in the identity properly.
PrivateData fields:

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:supervisorName

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:departmentName

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:jobTitle

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:companyName

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:workerTypeDescription

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:workerTypeCode
SystemData fields:

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:hasExtendedTime

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:externalId
  • Boolean fields only work with the SCIM 2.0 feature flag.
  • externalId is required and needs to be unique. This value is used to manage the creation of identities (same way in OneIdentity). The easiest way to use this value is to map with an email or username.
Other custom fields: (that aren’t directly part of the identity model)

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:hasWebPortalAccess

urn:ietf:params:scim:schemas:extension:clearid:2.0:User:isAdmin
  • Boolean fields only work with the SCIM 2.0 feature flag.

Attribute fields that are not supported

Date fields:
  • birthday
  • activationDateUtc
  • expirationDateUtc
  • externalSyncTimeUtc
Fields with ids (reference to identityIds):
  • creationOnBehalf
  • approvers
  • siteId
  • provisioningAttributes
  • customFields