Custom Security Attributes

Custom security attributes in Microsoft Entra ID are business-specific attributes (key-value pairs) that you can define and assign to Microsoft Entra objects. These attributes can be used to store information, categorize objects, or enforce fine-grained access control over specific Azure resources.

In addition to the schema attributes listed in Schema Attributes section, the connector supports managing the custom security attributes that are defined in Azure. Creation of local user (B2C) also supports custom attributes.

Supported Operations for Custom Security Attributes

Aggregation of assigned custom security attributes for MS Entra ID users.
Assign, update, remove custom security attributes for MS Entra ID users.

Required Permissions

Assign the Attribute Assignment Administrator role to the Microsoft Entra ID source to manage the custom security attributes.

Note

To aggregate custom security attributes, you must update the Account Schema with the custom attribute names.
The custom security attribute name must match the Attribute set and Attribute name defined on the Microsoft Entra ID system.

Use the following format for single-valued and multivalued type string custom attributes:

customSecurityAttributes _< Attribute set name>_< Attribute name >

For instance, if you have multiple attribute sets with attributes defined as follows:

Attribute 1:

Attribute set = Engineering

Attribute = Project

Attribute data type = Collection of Strings

Attribute value = ["Baker","Cascade"]

Attribute 2:

Attribute set = Engineering

Attribute = ProjectDate

Attribute data type = String

Attribute value = "2022-10-01"

Attribute 3:

Attribute set = Marketing

Attribute = EmployeeId

Attribute data type = String

Attribute value = "QN26904"

Then, the Account Schema for the above attributes should define them in the following way:

For Attribute 1:

customSecurityAttributes _ Engineering _ Project ( Data Type – String , isMulti - True)

For Attribute 2:

customSecurityAttributes _ Engineering _ ProjectDate ( Data Type – String )

For Attribute 3:

customSecurityAttributes _ Marketing _ EmployeeId ( Data Type – String )

To manage the assignments (such as assigning, updating, and removing custom security attributes for MS Entra ID Users) in addition to adding attributes in Account Schema, you need to also add the attributes in a similar format to Create Account within the Identity Security Cloud user interface.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Custom Security Attributes

Supported Operations for Custom Security Attributes

Required Permissions

Documentation Feedback