All Products
Search

This Product

    Identity as a Service:Field management

    Document Center

    Identity as a Service:Field management

    Last Updated:Dec 01, 2025

    This document describes the field management feature in the IDaaS EIAM system, including viewing and permission configuration of basic fields, along with the creation, configuration, and usage methods of extension fields, helping administrators flexibly manage user information fields.

    Basic fields

    Function description

    Basic fields are predefined fields in the system, containing basic user information such as username, email, phone number, etc. This feature allows administrators to:

    • View the system's predefined basic fields.

    • Configure the display status of fields in the user portal.

    • Manage user editing permissions for specific fields.

    Procedure

    1. Access the basic field management interface

      1. Log on to the IDaaS console. In the navigation pane on the left, select EIAM. Select the corresponding IDaaS instance, and click Manage in the Actions column.

      2. In the Account menu, click Field Management > Basic Fields.

    2. View editable fields

      1. In the Basic Fields tab, select Editable Fields Only on the far left.

      2. The list will only display fields that users are allowed to edit.

    3. Basic field column descriptions

      Field

      Description

      Field Display Name

      The name of the field displayed in the user interface

      Field ID

      The internal field identifier in the system

      Data type

      String

      Required

      Indicates whether the field is required

      Unique

      Indicates whether the field must be unique

      User Permissions

      Indicates whether the field is invisible, visible, or editable for end users.

      Actions

      User-side permissions can only be edited for user display name, user email, and phone number fields.

    4. Field permission configuration

      1. Find the editable field in the basic field list.

      2. Click the Modify button (only available for user display name, user email, and phone number fields).

      3. In the Edit Field page that appears, set the User Permissions.

        • Invisible: Select to make the field invisible to users.

        • Visible: Select to make the field visible to users.

        • Editable: Select to allow users to edit the field.

      4. Click OK to save the configuration.

    Note

    Basic fields are predefined by the system and cannot be deleted or added.

    Extension fields

    Function overview

    IDaaS supports custom extension of account fields to store additional attribute values, such as employee ID, birthday, region, etc. Administrators can define and use new fields in the extension field menu.

    Note

    Currently, only account extension fields are supported. Extension fields for other entities are not supported.

    Creating fields

    Administrators can go to the Extended Fields page and click the Create Field button to display the field creation form. The following information needs to be provided:

    Field

    Description

    Editable

    Field Display Name

    The display name of the field.

    Editable.

    Field ID

    The unique identifier of the field. Only lowercase English letters and underscores are allowed. Cannot start with an underscore.

    Not editable.

    Field Type

    How the field is rendered on the page. Options include the following:

    • Input box

    • Select dropdown

    • Checkbox

    Not editable.

    Field Type:

    Input Field

    After selecting the input box type, you need to fill in the following fields:

    • Data type: Specify whether the data is a string or number.

    • Default value: The value the system will use by default when no value is provided for this field. This is similar to the DEFAULT value in relational databases.

    Data type: No.

    Default value: Yes.

    Field Type:

    Drop-down List

    • Data type: Specify whether the data is a string or number.

    • Data items: Define the key-value pairs for different options in the dropdown.

    • For data compatibility reasons, data items cannot be deleted after creation. They can only be disabled/enabled during editing. When disabled, the data item will disappear from the options, but existing data will not be affected.

    • Default value: Specify the default option for the field by entering the corresponding data item key.

    Data type: No.

    Data items

    • Add: Yes.

    • Disable/Enable: Yes.

    • Delete: No.

    • Modify key: No.

    • Modify name: Yes.

    Default value: Yes.

    Field Type:

    Check Box

    Parameters are filled in as above for the Select dropdown.

    Same as above for the Select dropdown.

    Field Description

    This parameter is optional.

    Explanatory information displayed below the field.

    Editable.

    Required

    If selected, this field will be required for all subsequent account creation or editing operations.

    Note

    Note: If you have configured IdP identity providers for account import and you add a new required field, you must go to the Identity Provider page to add field mapping. Otherwise, synchronization will fail.

    Not editable.

    Unique

    Specifies whether the field must be unique within the current instance. For example, you might want to select this when storing employee IDs.

    Not editable.

    Encryption

    For sensitive information, IDaaS supports encrypting data before storing it in the database to enhance security.

    Not editable.

    User Permissions

    Administrators have full permissions for extension fields. In some scenarios, user permissions for fields should be restricted.

    Specify user permissions for the current extension field. Valid values:

    • Invisible: Users cannot see the current field.

    • Visible: Users can see the field value but cannot edit it.

    • Editable: Users can view and edit their own values in this field.

    Editable.

    Filling in extension fields

    After creating a new field and ensuring it is enabled, you can use it.

    Administrators can go to the Accounts And Orgs page and click the Create Account button. At the top of the popup form, you can switch to the Extended Field tab to specify values for all extension fields of the account.

    User self-service

    If the User Permissions for a field is set to visible, users can log on to their portal, click My Account, and see the corresponding field and value in Extended Information.

    If the User Permissions for a field is set to Editable, users can click the modify option for the field to edit the option value.

    Retrieving extension fields

    Applications can retrieve account extension field information in three ways:

    Type

    Description

    Dev/OpenAPI

    Applications can retrieve extension information for any specified account, typically for synchronization purposes, which is a management function. Dev/OpenAPI returns all extension field information for the account without requiring additional configuration. For more information, see API documentation.

    OIDC SSO account id_token/userinfo

    After OIDC SSO, applications can retrieve the extension field content of the currently logged-in account.

    Extension fields are not returned in SSO results by default. In the extended id_token, administrators can configure to return extension field information as well. The OIDC Userinfo endpoint will return the same content as in the id_token.

    The format to fill in is user.customFieldMap.$field key value$.fieldValue.

    SAML SSO account attribute statements

    After SAML SSO, applications can retrieve the extension field content of the currently logged-in account.

    Extension fields are not returned in SSO results by default. In the Attribute Statements, you can customize the returned information, allowing extension information to be returned in the SAMLResponse.