Available attributes from Feide directories#
The extended userinfo and user lookup endpoints return information from the directories of the user’s home organization. Which attributes are available to a service depends on the attribute groups the service has access to. The attribute groups are configured in the customer portal. Attribute groups correspond to scopes in OAuth/OpenID Connect terminology. The list below shows all attributes that may be returned. They are included in the response if the directory holds the data and the client has the corresponding attribute group.
For each attribute, the following information is given:
The attribute name
The attribute group required to access the attribute
The attribute’s data type
A description of the attribute
Required attributes#
As long as the client has the corresponding attribute group, the following attributes are always present in the response:
- cn
- Attribute group:
userinfo-nameData type: Array which may hold multiple stringsThe name of the person object in the directory
- displayName
- Attribute group:
userinfo-nameData type: StringPerson’s preferred name
- eduPersonAffiliation
- Attribute group:
groups-orgData type: Array which may hold multiple stringsPerson’s role at home organization (e. g.: student, employee)
- eduPersonEntitlement
- Attribute group:
groups-eduoruserinfo-entitlementData type: Array which may hold multiple stringsThis attribute has multiple uses. Feide uses it to encode group affiliations for primary and secondary education. Organizations may also use it for other purposes.
Entitlements which encode groups are available to services which have the
groups-eduscope. The encoding is described in Appendix 3 - Registration of group information within eduPersonEntitlement. However, we strongly recommend that services use the groups API to access group information.Example - group affiliations for a primary school teacher:
"eduPersonEntitlement": [ "urn:mace:feide.no:go:group:b::NO987654321:7A:2024-08-01:2025-06-30:Faculty:7A", "urn:mace:feide.no:go:group:b::NO987654321:7B:2024-08-01:2025-06-30:Faculty:7B", "urn:mace:feide.no:go:grep:http://psi.udir.no/laereplan/aarstrinn/aarstrinn7" ]
Services which have the
userinfo-entitlementscope will get all entitlements which match any of the entitlement prefixes registered for the service in the customer portal.Example - organization internal use:
"eduPersonEntitlement": [ "accountOrigin:SAP" ]
- eduPersonPrincipalName
- Attribute group:
userid-feideData type: StringPerson’s Feide ID
- givenName
- Attribute group:
userinfo-nameData type: Array which may hold multiple stringsPerson’s first name
- norEduPersonLegalName
- Attribute group:
userinfo-nameData type: StringPerson’s formal name as registered with public authorities
- norEduPersonNIN
- Attribute group:
userid-ninData type: StringPerson’s national identity number
- sn
- Attribute group:
userinfo-nameData type: Array which may hold multiple stringsPerson’s surname
- uid
- Attribute group:
userid-feideData type: Array which holds a single stringPerson’s local username
Attributes required for higher education#
The attributes below are required for higher education and optional for primary and secondary education.
- Attribute group:
emailData type: Array which may hold multiple stringsPerson’s email address
- schacHomeOrganization
- Attribute group:
groups-orgData type: StringRealm for the person’s home organization
Optional attributes#
The following attributes are optional:
- eduPersonOrcid
- Attribute group:
userid-orcidData type: Array which may hold multiple stringsPerson’s ORCID digital researcher IDs
- eduPersonPrimaryAffiliation
- Attribute group:
groups-orgData type: StringPerson’s primary role (e.g. student, employee)
- eduPersonPrincipalNamePrior
- Attribute group:
userid-feideData type: Array which may hold multiple stringsPerson’s previous Feide IDs at the same organization
- eduPersonScopedAffiliation
- Attribute group:
groups-orgData type: Array which may hold multiple stringsPerson’s role and institution at home organization. Example:
["student@trondheim.kommune.no", "student@no975278921.trondheim.kommune.no"] - facsimileTelephoneNumber
- Attribute group:
userinfo-phoneData type: Array which may hold multiple stringsPerson’s facsimile telephone number
- homePhone
- Attribute group:
userinfo-phoneData type: Array which may hold multiple stringsPerson’s home phone number
- homePostalAddress
- Attribute group:
userinfo-addressData type: Array which may hold multiple stringsPerson’s home postal address
- l
- Attribute group:
userinfo-addressData type: Array which may hold multiple stringsName of locality
- mobile
- Attribute group:
userinfo-mobileData type: Array which may hold multiple stringsPerson’s mobile telephone number
- norEduPersonBirthDate
- Attribute group:
userinfo-birthdateData type: StringPerson’s date of birth
- norEduPersonLIN
- Attribute group:
userid-linData type: Array which holds a single stringLocal replacement for national identity number
- o
- Attribute group:
groups-orgData type: StringName of the person’s home organization
- ou
- Attribute group:
groups-orgData type: Array which may hold multiple stringsName of the person’s school/organization unit
- postOfficeBox
- Attribute group:
userinfo-addressData type: Array which may hold multiple stringsPerson’s P.O. box
- postalAddress
- Attribute group:
userinfo-addressData type: Array which may hold multiple stringsPerson’s postal addresses
- postalCode
- Attribute group:
userinfo-addressData type: Array which may hold multiple stringsPerson’s postal code
- preferredLanguage
- Attribute group:
userinfo-languageData type: StringPerson’s preferred language
- street
- Attribute group:
userinfo-addressData type: Array which may hold multiple stringsPerson’s street address
- telephoneNumber
- Attribute group:
userinfo-phoneData type: Array which may hold multiple stringsPerson’s telephone numbers
- title
- Attribute group:
userinfo-titleData type: Array which may hold multiple stringsPerson’s title