IDaaS EIAM supports two types of account fields: basic fields predefined by the system, and extension fields that you create to store additional user attributes such as employee ID, department, or region.
Once created, extension fields can be consumed by applications in three ways: retrieved via the Dev/OpenAPI for synchronization, included in the OIDC id_token and UserInfo endpoint after SSO, or returned in SAML Attribute Statements.
Basic fields
Basic fields are system-predefined fields that capture standard user information such as username, email address, and phone number. They cannot be added or deleted — only their user-facing visibility and editability can be configured, and only for three fields: user display name, user email, and phone number.
View basic fields
Log on to the IDaaS console. In the navigation pane, select IDaaS consoleEIAM, then select your IDaaS instance and click Manage.
Go to Account > Field Management > Basic Fields.
To see only user-editable fields, select Editable Fields Only on the left.
The basic field list contains the following columns:
| Column | Description |
|---|---|
| Field display name | The label shown in the user interface |
| Field ID | The internal identifier used by the system |
| Data type | Always String for basic fields |
| Required | Whether the field is mandatory |
| Unique | Whether the field value must be unique across accounts |
| User permissions | Whether end users can see or edit the field: Invisible, Visible, or Editable |
| Actions | Available only for user display name, user email, and phone number |
Configure user permissions for a basic field
Only three basic fields support permission changes: user display name, user email, and phone number.
In the Basic Fields tab, find the field you want to update.
Click Modify in the Actions column.
In the Edit Field dialog, set User Permissions
Invisible — the field is hidden from users
Visible — users can see the field value but cannot edit it
Editable — users can view and update their own value
Click OK to save.
Extension fields
Extension fields let you store custom user attributes beyond the built-in basic fields. Common examples include employee ID, birthday, and region.
Only account extension fields are supported. Extension fields for other entity types (such as groups or organizations) are not supported.
Create an extension field
Go to Account > Field Management > Extended Fields.
Click Create Field and fill in the form:
General settings
| Field | Description | Editable after creation |
|---|---|---|
| Field display name | The label shown in the UI | Yes |
| Field ID | A unique identifier for this field. Use only lowercase letters and underscores; cannot start with an underscore. This value maps to the field key used in API and SSO configurations. | No |
| Field type | Controls how the field is rendered: Input box, Drop-down list, or Checkbox | No |
| Field description | (Optional) Explanatory text displayed below the field | Yes |
| Required | If selected, this field must be filled in for all account create and edit operations. If you have identity providers (IdPs) configured for account import and you add a new required field, you must go to the Identity Provider page to add field mapping. Otherwise, synchronization will fail. | No |
| Unique | Whether the field value must be unique within this instance. Select this for fields like employee ID. | No |
| Encryption | Encrypts field data before storing it. Use this for sensitive attributes to reduce exposure risk. | No |
| User permissions | Controls end-user access to this field: Invisible, Visible, or Editable. | Yes |
Field type: Input box
| Parameter | Description | Editable after creation |
|---|---|---|
| Data type | String or Number | No |
| Default value | The value used when no input is provided. Equivalent to the DEFAULT constraint in a relational database. | Yes |
Field type: Drop-down list
| Parameter | Description | Editable after creation |
|---|---|---|
| Data type | String or Number | No |
| Data items | Key-value pairs for the dropdown options. The key is the stored value; the display name is what users see. For example, you might store the key 1 and display it as Small. | Add: Yes / Disable or enable: Yes / Delete: No / Modify key: No / Modify display name: Yes |
| Default value | The key of the option selected by default | Yes |
Data items cannot be deleted after creation. To remove an option from the dropdown, disable it. Existing field values are not affected when an item is disabled.
Field type: Checkbox
Uses the same parameters and editability rules as drop-down list.
Click OK to create the field.
Fill in extension fields for an account
After creating and enabling a field:
Go to Accounts And Orgs and click Create Account.
In the create account dialog, switch to the Extended Field tab.
Enter values for the extension fields, then submit the form.
User self-service
Users can view and edit their own extension field values from the user portal:
Visible fields appear in My Account > Extended Information (read-only).
Editable fields include a modify option so users can update their own values.
Retrieve extension fields in applications
Applications can access extension field data through three methods:
| Method | Returned by default | Configuration required |
|---|---|---|
| Dev/OpenAPI | Yes — all extension fields are returned without extra configuration | None. See the API documentation. |
OIDC SSO (id_token / UserInfo endpoint) | No | In the extended id_token settings, add the field using the format user.customFieldMap.$field key value$.fieldValue. The UserInfo endpoint returns the same claims as the id_token. |
| SAML SSO (Attribute Statements) | No | In the application's Attribute Statements configuration, add a custom attribute to include the extension field value in the SAMLResponse. |