Requesting attributes

In modern authentication systems, the ability to configure which attributes an application receives during user login provides significant advantages in security, personalization, and compliance. By selectively requesting specific attributes—both user specific and organization attributes—applications can tailor access control, streamline user experiences, and minimize unnecessary data collection.

This flexibility enhances security by ensuring that only relevant user information is used for access decisions, reducing the risk of over-permissioned accounts or unauthorized access. Additionally, it enables applications to comply with privacy regulations by collecting only the necessary user data, improving trust and transparency. Organizations can also use dynamic attributes to enable adaptive security policies, such as restricting access based on login context or enforcing multi-factor authentication under certain conditions.

By leveraging configurable attributes, applications can balance security, user convenience, and compliance while maintaining a more efficient and scalable identity management system.

Within Veriam, we support this by using attribute sets that you can link to your application to indicate what attributes your applications requires, and which you would like to receive when they are available.

Required & optional attributes

We distinguish between setting required and optional attributes. When you configure attributes to be required, it means that a user will not be able to login if they don't provide the attributes. For optional attributes, a user can still login if they don't provide the attributes, but they will be requested.

Whenever a user does not yet have the attributes you are requiring or requesting, the user is asked to provide these attributes when they login to your application for the first time.

When a user already has the attributes, they will be asked to consent to sharing those attributes with your application. For optional attributes, the user will be able to continue without consenting to sharing those attributes, which will result in your application not receiving these attributes. For required attributes, the user cannot continue logging in if they do not want to share these attributes with your application.

If a user has consented to sharing their attributes with your application, they will not be asked to share this again on next logins, unless you change what attributes are requested or they manually withdraw their consent to sharing those attributes. This way users are not constantly bothered by questions about sharing attributes, while your application still receives these attributes on each login.

Viewing attributes

Attributes that are shared with your application will be returned as part of the user identity every time a user logs in into your application. You will also be able to view these attributes from the Account and User overviews on the Veriam Admin portal for as long as the user has consented to share these attributes with you.

A user, or in case of organization attributes the organization admin, will be able to view what attributes they have consented to share with your application. They also have the option to withdraw their consent, which will mean that you will no longer see these attributes on the Account and User overviews in the Veriam Admin portal. On a next login, the user will be requested to share the attributes again, and will not be able to login when they do not want to share the required attributes.

Configure attribute sets

To configure an attribute set:

1. Navigate to Configuration - Attribute sets

2. Click on 'Create attribute set' and select if you want to create an attribute set for organization attributes or user attributes.

3. Provide an attribute set name and optionally a description. Both of these are only for internal use.

4. Drag the attributes your application requires to the 'Required attributes' column and the attributes you would like to receive when available to the 'Optional attributes' column.

5. Save and publish the attribute set.

Adding attribute sets to your application

After creating the attribute sets, we need to add them to your application, so Veriam knows what attributes need to be requested when a user logs in to your application. This step is explicitly needed so we can support different required and optional attributes depending on what application the user is logging into.

To assign an attribute set to your application:

1. Go to Applications

2. Select the application the attribute set should be added to, and click Edit.

3. Scroll down to the bottom to the 'Attribute sets' section.

4. Select the organization and/or user attribute set(s) that apply to your application. Note that you can add multiple attribute sets of each time if needed.

5. Save and publish the application changes.

On every next login, every user (and organization) will be requested to share the configured attributes, which will be remembered for every consecutive login.