RapidIdentity Cloud Directory Schema
- 20 Jan 2023
- 9 Minutes to read
-
Contributors
-
Print
-
DarkLight
RapidIdentity Cloud Directory Schema
- Updated on 20 Jan 2023
- 9 Minutes to read
-
Contributors
-
Print
-
DarkLight
RapidIdentity Cloud Metadirectory Schema
The directory schema for RapidIdentity Cloud provides a set of rules that define the data elements to be stored and used by RapidIdentity.
To ensure consistency and continuity between RapidIdentity software releases, Identity Automation maintains a comprehensive change management process for the RapidIdentity Cloud Metadirectory. All proposed changes are reviewed by the Directory Change Control Board on a periodic basis and evaluated based on a myriad of factors including but not limited to the business justification and resulting impact associated with the proposed change.
As an integral component of the RapidIdentity System, proposed changes to the RapidIdentity Cloud Metadirectory are considered to be a new feature or a feature enhancement and submitted as Product Ideas via the Identity Automation Support Community. Idea submissions are evaluated on a periodic basis and approved based product fit, alignment with product strategy and customer and market demand.
People/Accounts
- All account entries must be put directly under ou=Accounts,dc=meta.
- All LDAP entries MUST contain objectClass=idautoPerson , a unique idautoID value and at least one unique idautoPersonUserNameMV value.
- The DN for all accounts must look like idautoID=<idautoID_value>,ou=Accounts,dc=meta.
Core Attributes
Attribute Name | Friendly Name | Data Type | Multi-Valued | Unique | Indexes | Description / Constraints | RING Entity::Field/Method |
idautoID | ID | UUID | N | Y | eq |
| Entity::identity |
idautoPersonUserNameMV | Usernames | String | Y | Y | eq, sub |
| User::usernames |
givenName | First Name | String | N | N | eq, sub |
| User::firstName |
sn | Last Name | String | N | N | eq, sub |
| User::lastName |
displayName | Display Name | String | N | N | eq, sub |
| User::displayName |
String | N | Y | eq, sub |
| User::email | ||
idautoPersonEmailAddresses | Email Addresses | String | Y | Y | eq, sub |
| User::altEmails |
idautoPersonHomeEmail | Personal Email Address | String | N | Y | eq, sub |
| User::resetEmail |
idautoDisabled | - | Boolean | N | N | eq |
| Entity::active |
userPassword | - | Binary | N | N | - |
| User::passwordHash |
idauto-pwdPrivate | - | Binary | N | N | - |
| N/A |
idauto-pwdPrivateTS | - | DateTime | N | N | eq |
| N/A |
idautoPersonPhotoURL | Photo URL | String | N | N | - |
| User::imageUrl |
mobile | Mobile Numbers | String | Y | N | - |
| User::mobileNumbers |
manager | Manager | DN | Y | N | eq |
| User::getLinksFrom(), User::linkFrom() |
directReports | - | DN | Y | N | eq |
| User::getLinksTo(), User::linkTo() |
idautoPersonEndDate | Expiration Date | Date/Time | N | N | eq |
| User::expirationDate |
employeeType | Account Type | String | Y | N | eq |
| User::accountTypes |
idautoChallengeSet | - | String | Y | N | - |
| User::challengeSet.challengeItems |
idautoChallengeSetTimestamp | - | Date/Time | N | N | - |
| User::challengeSet.lastModified |
idautoRequestAssociations | - | String | Y | N | eq |
| User::requestAssociations |
idautoPersonClaimCode | Claim Code | String | N | N | eq |
| User::claimCode |
idautoPersonClaimFlag | Claimed | Boolean | N | N | - |
| User::isClaimed |
memberOf | DN | Y | N |
| User::getDirectMemberships() (from Operational Attributes) |
Profile Attributes
None of these attributes have a unique constraint.
Attribute Name | Friendly Name | Data Type | Multi-Valued | Indexes | Description / Constraints | RING Entity::Field/Method |
l | City | String | Y | eq, sub |
| User::addresses |
st | State | String | Y | eq, sub |
| User::addresses |
postalCode | Postal Code | String | Y | - |
| User::addresses |
idautoPersonMiddleName | Middle Name | String | N | - |
| User::middleName |
idautoPersonOfficePhone | Office Phone | String | N | - |
| User::officePhone |
idautoPersonPhoneExtension | Phone Extension | String | N | - |
| User::phoneExtension |
idautoPersonHomePhone | Home Phone | String | N | - |
| User::homePhone |
idautoPersonBirthdate | Birthdate | Date | N | - |
| User::birthdate |
idautoPersonTermDate | Source Termination Date Last Enroll Date | Date | N | - |
| User::terminationDate |
idautoPersonEmployeeTypes | Employee Types | String | Y | eq |
| User::accountTypes |
idautoPersonDeptCodes | Department Codes | String | Y | eq, sub |
| User::departments |
idautoPersonDeptCode | Primary Department Code | String | N | eq, sub |
| User::departments |
idautoPersonDeptDescrs | Departments | String | Y | eq, sub |
| User::departments |
idautoPersonDeptDescr | Department | String | N | eq, sub |
| User::departments |
idautoPersonLocCodes | Location Codes | String | Y | eq, sub |
| User::locations |
idautoPersonLocCode | Primary Location Code | String | N | eq, sub |
| User::locations |
idautoPersonLocNames | Locations | String | Y | eq, sub |
| User::locations |
idautoPersonLocName | Primary Location | String | N | eq, sub |
| User::locations |
idautoPersonJobCodes | Job Codes | String | Y | eq, sub |
| User::jobs |
idautoPersonJobCode | Job Code | String | N | eq, sub |
| User::jobs |
idautoPersonJobTitles | Job Titles | String | Y | eq, sub |
| User::jobs |
idautoPersonJobTitle | Job Title | String | N | eq, sub |
| User::jobs |
Education Attributes
None of these attributes have unique constraints
Attribute Name | Friendly Name | Data Type | Multi-Valued | Indexes | Description / Constraints |
idautoPersonTeachers | Teachers | DN | Y | eq |
|
idautoPersonStudents | - | DN | Y | eq |
|
idautoPersonGradeLevel | Grade Level | String | Y | eq |
|
idautoPersonSchoolCodes | School Codes | String | Y | eq |
|
idautoPersonSchoolNames | School Names | String | Y | eq, sub |
|
Special Attributes
None of these attributes are multi-valued or have unique constraints
Attribute Name | Friendly Name | Data Type | Indexes | Description / Constraints | RING Entity::Field/Method |
idautoPersonStatusOverride | Override Source Status | Boolean | eq |
| User::overrideStatus |
idautoPersonRenameUsername | Rename Username | String | - |
| User::renameUsername |
idautoPersonRenameFlagDate | Rename Date | Date | eq |
| User::renameFlagDate |
idautoPersonActivationDate | Activation Date | Date | - |
| User::activationDate |
idautoPersonSourceStatus | Source System Status | String | - |
| User::externalIDs |
idautoPersonToSystem1 | Sync Person to System 1 | Boolean | - |
| User::externalIDs |
idautoPersonToSystem2 | Sync Person to System 2 | Boolean | - |
| User::externalIDs |
idautoPersonToSystem3 | Sync Person to System 3 | Boolean | - |
| User::externalIDs |
idautoPersonToSystem4 | Sync Person to System 4 | Boolean | - |
| User::externalIDs |
idautoPersonToSystem5 | Sync Person to System 5 | Boolean | - |
| User::externalIDs |
idautoPersonSafeIdCompromisedDate | Account Compromised Date | Date | eq |
Introduced in version | User::compromisedDate |
Other IDs
All of these attributes have a unique constraint
Attribute Name | Friendly Name | Data Type | Multi-Valued | Indexes | Description / Constraints | RING Entity::Field/Method |
idautoPersonHRID | Employee ID | String | N | eq,sub |
Substring index added in version: | User::externalIDs |
idautoPersonStuID | Student ID | String | N | eq,sub |
Substring index added in version: | User::externalIDs |
idautoPersonPayrollID | Payroll ID | String | N | eq |
| User::externalIDs |
idautoPersonSystem1ID | System 1 ID | String | N | eq |
| User::externalIDs |
idautoPersonSystem2ID | System 2 ID | String | N | eq |
| User::externalIDs |
idautoPersonSystem3ID | System 3 ID | String | N | eq |
| User::externalIDs |
idautoPersonSystem4ID | System 4 ID | String | N | eq |
| User::externalIDs |
idautoPersonSystem5ID | System 5 ID | String | N | eq |
| User::externalIDs |
idautoPersonStateID | State ID | String | N | eq |
| User::externalIDs |
idautoPersonDistrictID | District ID | String | N | eq |
| User::externalIDs |
idautoPersonSchoolID | School ID | String | N | eq |
| User::externalIDs |
idautoPersonSAMAccountName | AD Username | String | N | eq |
| User::externalIDs |
idautoPersonPrevSAMAccountNames | Previous AD Usernames | String | Y | eq |
| User::externalIDs |
Extensible
None of these attributes have a unique constraint
Attribute Name | Friendly Name | Data Type | Multi-Valued | Unique | Indexes | Description / Constraints | RING Entity::Field/Method |
idautoPersonExt1 | Custom Attribute 1 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt2 | Custom Attribute 2 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt3 | Custom Attribute 3 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt4 | Custom Attribute 4 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt5 | Custom Attribute 5 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt6 | Custom Attribute 6 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt7 | Custom Attribute 7 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt8 | Custom Attribute 8 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt9 | Custom Attribute 9 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt10 | Custom Attribute 10 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt11 | Custom Attribute 11 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt12 | Custom Attribute 12 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt13 | Custom Attribute 13 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt14 | Custom Attribute 14 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt15 | Custom Attribute 15 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt16 | Custom Attribute 16 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt17 | Custom Attribute 17 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt18 | Custom Attribute 18 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt19 | Custom Attribute 19 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExt20 | Custom Attribute 20 | String | Y | N | eq, sub |
| Entity::attributes |
idautoPersonExtBool1 | Custom Boolean Attribute 1 | Boolean | N | N | eq |
| Entity::attributes |
idautoPersonExtBool2 | Custom Boolean Attribute 2 | Boolean | N | N | eq |
| Entity::attributes |
idautoPersonExtBool3 | Custom Boolean Attribute 3 | Boolean | N | N | eq |
| Entity::attributes |
idautoPersonExtBool4 | Custom Boolean Attribute 4 | Boolean | N | N | eq |
| Entity::attributes |
idautoPersonExtBool5 | Custom Boolean Attribute 5 | Boolean | N | N | eq |
| Entity::attributes |
idautoPersonAppRoles1 | Application 1 Roles | String | Y | N | eq |
| Entity::attributes |
idautoPersonAppRoles2 | Application 2 Roles | String | Y | N | eq |
| Entity::attributes |
idautoPersonAppRoles3 | Application 3 Roles | String | Y | N | eq |
| Entity::attributes |
idautoPersonAppRoles4 | Application 4 Roles | String | Y | N | eq |
| Entity::attributes |
idautoPersonAppRoles5 | Application 5 Roles | String | Y | N | eq |
| Entity::attributes |
idautoPersonAppRoles6 | Application 6 Roles | String | Y | N | eq |
| Entity::attributes |
idautoPersonAppRoles7 | Application 7 Roles | String | Y | N | eq |
| Entity::attributes |
idautoPersonAppRoles8 | Application 8 Roles | String | Y | N | eq |
| Entity::attributes |
idautoPersonAppRoles9 | Application 9 Roles | String | Y | N | eq |
| Entity::attributes |
idautoPersonAppRoles10 | Application 10 Roles | String | Y | N | eq |
| Entity::attributes |
Groups
- All account entries must be put directly under ou=Groups,dc=meta.
- All LDAP entries MUST contain objectClass=groupOfNames , objectClass=idautoGroup, a unique idautoID value and a unique cn value.
- The DN for all accounts must look like idautoID=<idautoID value>,ou=Groups,dc=meta.
Core Attributes
Attribute Name | Friendly Name | Data Type | Multi-Valued | Unique | Indexes | Description / Constraints | RING Entity::Field/Method |
idautoID | ID | UUID | N | Y | eq |
| Entity::identity |
cn | Group Name | String | N | Y | eq, sub |
| Entity::name |
description | Group Description | String | N | N | eq, sub |
| Entity::description |
member | - | DN | Y | N | eq |
| Group::getDirectMembers() |
idautoGroupOwners | - | DN | Y | N | eq |
| Group::owners |
idautoGroupCoOwners | - | DN | Y | N | eq |
| Group::coOwners |
idautoGroupCoOwnerEditable | - | Boolean | N | N | - |
| Group::coOwnersEditable |
idautoGroupIncludeFilter | - | String | N | N | - |
| Group::dynamicIncludes |
idautoGroupIncludeBaseDN | - | DN | N | N | - |
| N/A |
idautoGroupExcludeFilter | - | String | N | N | - |
| Group::dynamicExcludes |
idautoGroupExcludeBaseDN | - | DN | N | N | - |
| N/A |
idautoGroupStaticIncludes | - | DN | Y | N | eq |
| Group::staticIncludes |
idautoGroupStaticExcludes | - | DN | Y | N | eq |
| Group::staticExcludes |
idautoGroupSyncInterval | - | Integer | N | N | - |
| Group::syncIntervalInHours |
idautoGroupLastSynced | - | DateTime | N | N | eq |
| Group::lastSyncedOn |
Special Attributes
Attribute Name | Friendly Name | Data Type | Multi-Valued | Unique | Indexes | Description / Constraints | RING Entity::Field/Method |
idautoGroupEmailAddress | Group Email Address | String | N | Y | eq, sub |
| Group::email |
idautoGroupEmailAliases | Group Email Aliases | String | Y | Y | eq, sub |
| Group::emailAliases |
idautoGroupToSystem1 | Sync Group to System 1 | Boolean | N | N | - |
| Group::externalIDs |
idautoGroupToSystem2 | Sync Group to System 2 | Boolean | N | N | - |
| Group::externalIDs |
idautoGroupToSystem3 | Sync Group to System 3 | Boolean | N | N | - |
| Group::externalIDs |
idautoGroupToSystem4 | Sync Group to System 4 | Boolean | N | N | - |
| Group::externalIDs |
idautoGroupToSystem5 | Sync Group to System 5 | Boolean | N | N | - |
| Group::externalIDs |
idautoGroupToSystem6 | Sync Group to System 6 | Boolean | N | N | - |
| Group::externalIDs |
idautoGroupToSystem7 | Sync Group to System 7 | Boolean | N | N | - |
| Group::externalIDs |
idautoGroupToSystem8 | Sync Group to System 8 | Boolean | N | N | - |
| Group::externalIDs |
idautoGroupToSystem9 | Sync Group to System 9 | Boolean | N | N | - |
| Group::externalIDs |
idautoGroupToSystem10 | Sync Group to System 10 | Boolean | N | N | - |
| Group::externalIDs |
Extensible
None of these attributes have a unique constraint
Attribute Name | Friendly Name | Data Type | Multi-Valued | Indexes | Description / Constraints | RING Entity::Field/Method |
idautoGroupExt1 | Custom Group Attribute 1 | String | Y | eq, sub |
| Group::attributes |
idautoGroupExt2 | Custom Group Attribute 1 | String | Y | eq, sub |
| Group::attributes |
idautoGroupExt3 | Custom Group Attribute 1 | String | Y | eq, sub |
| Group::attributes |
idautoGroupExt4 | Custom Group Attribute 1 | String | Y | eq, sub |
| Group::attributes |
idautoGroupExt5 | Custom Group Attribute 1 | String | Y | eq, sub |
| Group::attributes |
Operational
Read-only attributes not associated with any particular class but available on all
Operational Attributes
Attribute Name | Friendly Name | Data Type | Multi-Valued | Unique | Indexes | Description / Constraints | RING Entity::Field/Method |
memberOf | DN | Y | N |
| User::getDirectMemberships(), Group::getDirectMemberships() | ||
entryDN | DN | N | N |
| Entity::name | ||
createTimestamp | Date | N | N |
| Entity::createdOn | ||
modifyTimestamp | Date | N | N |
| Entity::modifiedOn | ||
creatorsName | DN | N | N |
| Entity::createdBy | ||
modifiersName | DN | N | N |
| Entity::modifiedBy |
Was this article helpful?