Skip to main content

Using Identity Schemas to define custom user attributes

Learn what Identity Schemas are and how to use them to define user custom attributes.

Custom user attributes

User Entity combines operational attributes and custom attributes. Each user population in your organization may need different attributes based on roles or preferences. For example, customers may need fields like purchase history or preferences. Employees may need attributes like job roles or team names.

By customizing user attributes, organizations can better serve different user types with more personalized and secure experiences.

In the SecureAuth platform, these custom attributes use Identity Schemas. These schemas control which attributes users or administrators can view or edit. You can assign Identity Schemas to specific Identity Pools or share them across pools to match the needs of different user populations.

Identity Schemas

An Identity Schema uses a JSON schema to define how the payload and metadata objects objects represent user data in Identity APIs.

  • Payload schema defines the structure of user-related data in requests. For example, it can include a user's first and last name

  • Metadata schema validates user data but is read-only from the user's side. Metadata includes hidden fields like hidden: true for APIs such as Get User Profile.

SecureAuth provides system Identity Schemas for both payload and metadata. These default schemas are linked to Identity Pools and cannot be edited or deleted.

Here's a sample payload schema with required fields and custom attributes:

Object

Description

properties

A list of objects where each one represents a user-entered field

description

A brief description shown as a header on the user registration form

type

The schema format; this is always set to “object”

required

A list of fields users must complete to register

         {
    "properties": {
        "family_name": {
        "description": "user last name",
        "type": "string",
        "minLength": 1
        },
        "given_name": {
        "description": "user first name",
        "type": "string",
        "minLength": 1
        },
        "name": {
        "description": "user full name",
        "type": "string",
        "minLength": 1
        },
        "e-mail": {
        "description": "user e-mail",
        "type": "string",
        "minLength": 1,
        },
        "custom": {
        "description": "custom attribute",
        "type": "boolean",
        "minLength": 1
        }
    },
    "description": "sample user data schema",
    "type": "object",
    "required": [
        "family_name",
        "given_name",
        "name",
        "e-mail",
        "custom"
    ]
}

When you assign this Identity Schema to an Identity Pool, API requests must include the email and custom fields in the payload object to succeed.

On the user interface, users and administrators must enter all required fields as shown:

Identity schema for users

User form with required Identity Schema fields

In this section: