This topic will walk you through Ironclad's supported user attributes. This includes how to create a custom attribute schema and build fields using custom attributes.
SCIM, or the System for Cross-Domain Identity Management specification, is an open standard designed to make identity management in cloud-based applications, such as Ironclad, easier. It includes a defined schema for users and groups to reduce complexity. In addition to supporting this defined schema for user attributes, Ironclad also supports custom attributes if needed. The two main use cases for using user attributes within Ironclad are:
-
Leveraging the "UserAttribute()" formula in Workflow Designer to access those attributes to populate fields in a workflow.
-
Determining hierarchies for approvers and signers via user reference chains.
Ironclad supports the standard SCIM Core Resources and Extensions attributes. For more information on SCIM endpoints in Ironclad, refer to our Developer Hub.
User Resource Schema
The first core schema is the user reference schema, which often includes the basic information that represents the user. Some attributes are singular, whereas others can have multiple values.
Namespace: “urn:ietf:params:scim:schemas:core:2.0:User”
Singular Attributes
- userName
- name (formatted, familyName, givenName, middleName, honorificSuffix)[This is a complex attribute that is structured as an object. In the payload, this information is formatted as a JSON object with keys being name .familyName, name.givenName, etc.]
- displayName
- nickName
- profileUrl
- title
- userType
- preferredLanguage
- locale
- timezone
- active
- password
Attributes with Multiple Values
- emails (value, display, type, primary)
- phoneNumbers (value, display, type, primary)
- ims (value, display, type, primary)
- photos (value, display, type, primary)
- addresses (formatted, streetAddress, locality, region, postalCode, country, type)
- groups (value, $ref, display, type)
- entitlements (value, display, type, primary)
- role (value, display, type, primary)
Enterprise User Schema
The enterprise user schema can be used to extend the user schema to meet larger company needs, such as information about what organization or function a user belongs to (or acts on behalf of).
Namespace: “urn:ietf:params:scim:schemas:extension:enterprise:2.0:User”
Attributes
- employeeNumber
- costCenter
- organization
- division
- department
- manager (value, $ref, displayName)
Create a Custom Attribute Schema
Ironclad supports the use of custom attributes. Often, company-specific information is needed for use cases such as reporting (e.g., mapping a user to a legal entity) or driving approvals (e.g., assigning the legal approval to different groups of lawyers depending on the user’s region). Attributes only need to be created once, and can then be used similarly to the user reference and enterprise attributes. To learn more about mapping to a custom attribute from Okta, refer to SCIM in Ironclad with Okta.
NOTE
Ironclad no longer supports direct access to these API endpoints for setting custom user attributes. To add or modify custom attributes, please contact Support or your Implementation team to enable the SCIM Custom User Attributes feature.
Once the SCIM Custom User Attributes feature is enabled for a company account, the system administrator can configure and manage custom user attributes.
To configure custom user attributes via UI:
- Click on your profile icon located in the top right corner of Ironclad. Navigate to Company Settings > Integrations.
- Click the SAML integration.
- Click SCIM Configuration and scroll to the bottom of the page.
Example of a JSON Payload
{
"managerName": {
"type": "string",
"required": false,
"returned": "default",
"caseExact": false,
"mutability": "readWrite",
"uniqueness": "none",
"description": "The name of the User’s manager.",
"multiValued": false,
"mapping": {
"type": "direct",
"key": "managerName"
}
},
"managerEmail": {
"type": "string",
"required": false,
"returned": "default",
"caseExact": false,
"mutability": "readWrite",
"uniqueness": "none",
"description": "The email/username of the SCIM resource representing the User’s manager.",
"multiValued": false,
"internalAttributeType": {
"type": "UserChain",
"maxDepth": 50,
"referencedAttribute": [
"userName"
]
},
"mapping": {
"type": "direct",
"key": "managerEmail"
}
},
"legalEntities": {
"type": "complex",
"required": false,
"returned": "default",
"caseExact": false,
"mutability": "readWrite",
"uniqueness": "none",
"description": "Legal entities represented by the User.",
"multiValued": true,
"subAttributes": {
"usEntity": {
"type": "string",
"required": false,
"returned": "default",
"caseExact": false,
"mutability": "readWrite",
"uniqueness": "none",
"description": "Legal entity for the United States.",
"multiValued": false
},
"japanEntity": {
"type": "string",
"required": false,
"returned": "default",
"caseExact": false,
"mutability": "readWrite",
"uniqueness": "none",
"description": "Legal entity for Japan.",
"multiValued": false
}
}
},
"managementLevel": {
"type": "string",
"required": false,
"returned": "default",
"caseExact": false,
"mutability": "readWrite",
"uniqueness": "none",
"description": "The management level of the User.",
"multiValued": false,
"mapping": {
"type": "direct",
"key": "managementLevel"
}
},
"region": {
"type": "string",
"required": false,
"returned": "default",
"caseExact": false,
"mutability": "readWrite",
"uniqueness": "none",
"description": "The User’s region.",
"multiValued": false,
"mapping": {
"type": "direct",
"key": "region"
}
}
}
Build Fields Using Custom Attributes
Example Enterprise Attribute Formula Field in Workflow Designer
Example Custom Attribute Formula Field in Workflow Designer