User Attributes provide another powerful way to manage devices using a user-centric approach that can reduce a lot of admin time and simplify workflows. Once an end-user signs into their identity provider account, data returned from the provider is available within Addigy as device facts. Data such as Employee Department, Hire Date, Employee Type, etc., are very useful for automating Addigy in response to changes in your organization.
Prerequisites
- Addigy Identity is configured as outlined in our Entra setup guide.
Steps To Enable User Attributes for Entra
- Within the policy's Addigy Identity configuration enable "Collect User Attribute Data".
- Scroll to the bottom of the page and click "Save Changes"
Note: Nothing needs to be enabled or configured within Entra for this feature to function.
Supported Attributes
The table below list the supported attributes name, mapping value, and meaning:
Addigy Attribute Name |
Attribute Mapping Value |
Attribute Meaning |
Identity Email |
Email address for the user; for example: ["j@companyname.com"] NOTE: This property cannot contain accent characters. |
|
Identity Employee Department |
department |
The name of the department in which the user works. |
Identity Employee Hire Date |
employeeHireDate |
The date and time when the user was hired or will start work in case of a future hire. |
Identity Employee Type |
employeeType |
Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. |
Identity Mobile Phone |
mobilePhone |
The primary cellular telephone number for the user. |
Identity Provider Name |
entra, google, okta | The name of the Identity Provider. |
Identity User Display Name |
displayName |
The name is displayed in the directory for the user. This is usually the combination of the user's first and middle initial and last names. This property is required when a user is created and cannot be cleared during updates. |
Identity Username |
userPrincipalName |
The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. |
| Identity Office Location | usageLocation | A two letter country code (ISO standard 3166). Examples include: US, JP, and GB. |
Identity Usage Location |
officeLocation |
The office location in the user's place of business. |
Identity Password Set Date |
lastPasswordChangeDateTime |
The time when this Entra AD user last changed their password or when their password was created, whichever date the latest action was performed. |
FAQs
How often does this data refresh?
User Attributes refreshes every time the end-user successfully signs in.
What should I do with these attributes?
We recommend utilizing User Attributes to automatically filter devices using flex policies.
Does this new feature cost extra?
This feature does not come with an additional cost.
Where do I go to see these populated fields?
One Device: GoLive > Overview. Search for "Identity".
Multiple Devices: go to the devices page > Click on Columns > Search for "Identity". Then, select the attributes you would like to see.
I don't have this feature enabled. Does Addigy still collect the user data?
User information is only collected if the Collect User Attributes setting is enabled.
Why do some of my device facts show N/A?
It could mean the end-user still needs to sign in successfully or that the field in the Identity Provider directory is blank. It could also mean the feature is not enabled or configured properly.
How do I update the data that appears in Entra Active Directory?
Answer: Directions for updating provided data (Microsoft)
Is there more information from Entra on mapping sets?
Answer: User resource type properties and Group resource type properties