JumpCloud's Custom Attributes enable you to create and store additional data about your users, beyond the standard attributes available for every user. Custom attributes are extensible through the API and can be used with the Workday directory integration and SAML Single Sign On (SSO). Custom attributes can also be used to automatically assign users to dynamic user groups.
Custom attributes currently aren’t supported for LDAP or RADIUS.
- You can create custom attributes for user groups, where users who are assigned to the user group inherit the custom attributes. See Group Inherited User Attributes to learn more.
- You can also manage custom user attributes through the JumpCloud API as a modifiable property for System Users. See JumpCloud API documentation for more information and examples.
Creating and Managing Custom Attributes in the Admin Portal
You can create and manage custom attributes from the Admin Portal and by adding, modifying, deleting, and querying this information through JumpCloud's API.
- Log in to the JumpCloud Admin Portal.
- Go to USER MANAGEMENT > Users.
- Click the green + symbol at the top-left to create a new user, or select an existing user.
- From the Details tab, scroll down to Custom Attributes.
- Click add new custom attribute:
- Attribute Name – contains a string defining the attribute’s display name. The name string must be fewer than 32 characters, must be unique, and can only contain letters and numbers, no special characters
- Attribute Value – contains a string to insert the attribute’s value. The Value string has no character restrictions
- Click add new custom attribute to add another custom attribute, or click Save User.
Creating and Managing Attributes with the PowerShell Module
You can use the JumpCloud PowerShell module to create and add attributes to existing users, as well as create new users with custom attributes.
Need to install the module? The module can be installed on Mac, Windows, and Linux in a few quick steps.
To add custom attributes to an existing user
To add a custom attribute to an existing user, issue the following command:
Set-JcUser "JC_USERNAME" -NumberOfCustomAttributes 1 -Attribute1_name "ATTRIBUTE_NAME" -Attribute1_value "VALUE"
You can also add multiple attributes to a user by modifying the -NumberOfCustomAttributes
value:
Set-JcUser Mr.User -NumberOfCustomAttributes 2 -Attribute1_name "Prefix1" -Attribute1_value "Mr." -Attribute2_name "Prefix2" -Attribute2_value "Sir"
To add custom attributes to multiple users
The same PowerShell command can be paired with Get-JcUserGroupMember to update multiple users that are part of a user group. Replace Group_Of_Users with the name of your user group, and replace Attribute1_name and Attribute1_value with the custom attribute information:
Get-JcUserGroupMember "Group_Of_Users" | Set-JcUser -NumberOfCustomAttributes 1 -Attribute1_name "ATTRIBUTE_NAME" -Attribute1_value "VALUE"
To create new users with custom attributes
To create a new user and add a custom attribute in the same operation, use the following command:
New-JCUser -firstname Mr -lastname User -username Mr.User -email [email protected] -NumberOfCustomAttributes 1 -Attribute1_name "Prefix" -Attribute1_value "Mr."
You can also create users in bulk with custom attributes by using a CSV file and the command Update-JCUsersFromCSV. See the following articles for more information:
Using Custom Attributes with SSO Apps
After adding custom attributes to your users, you can include them within the SAML assertion message when a user connects to SSO applications by adding the custom attribute to your SSO app connector.
The expected Service Provider Attribute Name format should be found within your application’s Service Provider documentation.
Using Custom Attributes with Dynamic User Groups
When configuring dynamic user groups, admins can add custom attributes to the group's membership conditions. The attribute values must match exactly, including case, with the custom attribute values located in the Custom Attributes section of the users' Details tab. Custom attributes are only available at the user level, not at the group level.
A maximum of five custom attributes can be used.