Account Attributes

True if the user is enabled; otherwise, false.

List of the licenses that are assigned to the user.

Plans that are assigned to the user (Entitlement).

City in which the user is located.

Country/region in which the user is located.

Name for the department the user belongs to.

Indicates whether this user was synced from the on-premises directory.

Plans that are not assigned to the user.

Name displayed in the address book for the user.

Numerically identifies an employee within an organization.

Telephone number of the user's business fax machine.

First name of an user.

Groups assigned to an user (Entitlement).

Enterprise Applications assigned to a user.

Note
The existing servicePrincipals attribute has been renamed to a new entitlement attribute named appRoleAssignments (along with an associated new entitlement schema. For more information, refer to appRoleAssignments. To continue to manage Service Principals as a group object, the schema from Service Principal and the respective account attribute needs to be present in your configuration.

Property used to associate an on-premises Active Directory user account to their Microsoft Entra ID user account.

User’s job title.

Indicates the last time at which the user was synchronized with the on-premises directory.

Indicates the last time a client signed in to the directory on behalf of a user.

The timestamp represents date and time information always in UTC. For example, midnight UTC on Jan 1, 2022 is: 2022-01-01T00:00:00Z.

Indicates the last time a user signed in to the directory with an interactive authentication method.

The timestamp represents date and time information always in UTC. For example, midnight UTC on Jan 1, 2022 is: 2022-01-01T00:00:00Z.

The SMTP address for the user. For example, john@contoso.onmicrosoft.com

Mail alias for the user.

Specifies the collection of sign-in names for a local account in an Azure Active Directory B2C tenant.

Specifies the collection of userIdentities for a social user account in an Azure Active Directory B2C tenant.

Indicates whether the user account is a local account for an Azure Active Directory B2C tenant.

Manager of the user. (Type: String).

The Microsoft Entra ID connector provides support for provisioning the manager attribute. For more information, refer to Support for Provisioning Operations of manager Attribute.

Primary cellular telephone number for the user.

Unique identifier for the user.

This is an Account ID which must not be changed.

Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud.

A list of additional email addresses for the user.

Specifies password policies for the user.

Office location in the user's place of business.

ZIP OR postal code for the user's postal address.

Preferred written or spoken language for a person.

Proxy addresses.

For example, ["SMTP: bob@contoso.com", "smtp: bob@sales.contoso.com"]

Administrator Role assigned to user (Entitlement).

Specifies the voice over IP (VOIP) session initiation protocol (SIP) address for the user.

State or province in the user's address.

Street address of the user's place of business.

Last name of the user.

Primary telephone number of the user's place of business.

A two letter country code indicating usage location.

User principal name (UPN) of the user.

Type of the user.

List of channel membership of a user.

Type: Entitlement, Multi-Valued

Azure Role Assignments assigned to user (Only applicable for SailPoint CIEM).

Lists the associated application roles for the Account. This is a multi-valued, entitlement, and managed attribute.

Type: applicationRole, Multi-Valued

Level of the detected risky user.

State of the user's risk.

Details of the detected risk.

The date and time that the risky user was last updated.