Account Attributes

True if the user is enabled; otherwise, false.

List of the licenses that are assigned to the user.

Plans that are assigned to the user (Entitlement).

City in which the user is located.

Country/region in which the user is located.

Name for the department the user belongs to.

Indicates whether this user was synced from the on-premises directory.

Plans that are not assigned to the user.

Name displayed in the address book for the user.

Numerically identifies an employee within an organization.

Telephone number of the user's business fax machine.

First name of an user.

Groups assigned to an user (Entitlement).

Enterprise Applications assigned to a user.
Note
The existing servicePrincipals
attribute has been renamed to a new entitlement attribute named appRoleAssignments
(along with an associated new entitlement schema. For more information, refer to appRoleAssignments. To continue to manage Service Principals as a group object, the schema from Service Principal and the respective account attribute needs to be present in your configuration.

Property used to associate an on-premises Active Directory user account to their Microsoft Entra ID user account.

User’s job title.

Indicates the last time at which the user was synchronized with the on-premises directory.

Indicates the last time a user signed in to the directory with an non-interactive authentication method.
The timestamp represents date and time information always in UTC. For example, midnight UTC on Jan 1, 2022 is 2022-01-01T00:00:00Z
.
Note
This attribute is not present by default and must be added explicitly to the account schema if required.

Indicates the request identifier of the last non-interactive sign-in performed by this user.
Note
This attribute is not present by default and must be added explicitly to the account schema if required.

Indicates the last time a user signed in to the directory with an interactive authentication method.
The timestamp represents date and time information always in UTC. For example, midnight UTC on Jan 1, 2022 is 2022-01-01T00:00:00Z
.
Note
This attribute is not present by default and must be added explicitly to the account schema if required.

Indicates the request identifier of the last interactive sign-in performed by this user.
Note
This attribute is not present by default and must be added explicitly to the account schema if required.

Indicates the date and time of the user's most recent successful sign-in activity.
The timestamp type represents date and time information always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z
.
Note
This attribute is not present by default and must be added explicitly to the account schema if required.

Indicates the request identifier of the last successful sign-in activity.
Note
This attribute is not present by default and must be added explicitly to the account schema if required.

The SMTP address for the user. For example, john@contoso.onmicrosoft.com

Mail alias for the user.

Specifies the collection of sign-in names for a local account in an Azure Active Directory B2C tenant.

Specifies the collection of userIdentities for a social user account in an Azure Active Directory B2C tenant.

Indicates whether the user account is a local account for an Azure Active Directory B2C tenant.

Manager of the user. (Type: String).
The Microsoft Entra ID connector provides support for provisioning the manager
attribute. For more information, refer to Support for Provisioning Operations of manager Attribute.

Primary cellular telephone number for the user.

Unique identifier for the user.
This is an Account ID which must not be changed.

Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud.

A list of additional email addresses for the user.

Specifies password policies for the user.

Office location in the user's place of business.

ZIP OR postal code for the user's postal address.

Preferred written or spoken language for a person.

Proxy addresses.
For example, ["SMTP: bob@contoso.com", "smtp: bob@sales.contoso.com"]

Administrator Role assigned to user (Entitlement).

Specifies the voice over IP (VOIP) session initiation protocol (SIP) address for the user.

State or province in the user's address.

Street address of the user's place of business.

Last name of the user.

Primary telephone number of the user's place of business.

A two letter country code indicating usage location.

User principal name (UPN) of the user.

Type of the user.

List of channel membership of a user.
Type: Entitlement, Multi-Valued

Azure Role Assignments assigned to user (Only applicable for SailPoint CIEM).

Lists the associated application roles for the Account. This is a multi-valued, entitlement, and managed attribute.
Type: applicationRole, Multi-Valued
Risky User Alert Supported Attributes

Level of the detected risky user.

State of the user's risk.

Details of the detected risk.

The date and time that the risky user was last updated.