Contents
Overview
Duo Directory includes a basic list of user attributes. Extend your Duo Directory schema with custom user attributes and populate attribute values manually or from external directories.
Default User Attributes
The default Duo Directory user attributes are:
|
Attribute |
Description |
|---|---|
| Username |
The user's primary Duo username. Typically this matches the external application username or primary authentication login name your users submit to Duo. |
| Display Name |
The full name of the user. |
| Email Address |
The user's email address. |
| First Name |
The user's given name. |
| Last Name |
The user's surname or family name. |
| Entra Federated User ID |
Used with Microsoft 365 Duo SSO applications. |
Add a Custom User Attribute
-
Log in to the Duo Admin Panel.
-
Navigate to Users → User Attributes. The "All Attributes" table lists your existing attributes.
-
Click Add Custom Attribute.
-
Enter a name for your new attribute in the Name field. The name you enter can contain a maximum of 256 alphanumeric characters, spaces, hyphens, and periods. You may also enter a description up to 256 characters.
-
Click Add Custom Attribute to save your new attribute.
This example adds a custom attribute to hold an employee ID value.
Custom Attribute Uses
Import Attributes Values with Directory Sync
Your external directory sync configurations can import values for your custom attributes from external directories.
-
When creating a new directory sync, or while viewing the details of an existing directory sync, scroll down to the "Synced Attributes" section of the page.
-
Click the Add Attribute button and select the custom attribute you would like to add to this directory sync from the list.
-
Enter the external directory source attribute's name in the text field.
This example imports the employeeid attribute from an external directory into Duo as the "Employee ID" custom attribute.
Add Custom Attributes to Users from the Admin Panel
You can update individual users to add additional user attribute values from the Admin Panel. Identify user attributes that were manually added by the presence of a Remove action to the right of the input field.
-
Locate the user you want to edit using the search tool at the top of the page, or navigate to Users → Users. Click the username to view their details page.
-
Scroll down to and click Add Attribute.
-
Select an available user attribute from the list.
-
The selected attribute appears above the add button. Enter your desired value for that attribute in the text field.
-
Scroll down and click Save Changes.
This example adds the default "First Name" attribute to the user. The "Employee ID" custom attribute has already been added to the user with a value.
When you add a new user in the Admin Panel you can add additional attributes immediately after user creation.
Delete Attributes from Users
Delete an additional attribute from a user by clicking the Remove action to the right of the attribute's value.
Import Attribute Values from CSV Files
You can import values for any custom attributes you create via CSV file import. See Importing Users for more information.
Map Attributes from External SSO Sources
If you use an external authentication source with Duo Single Sign-On, such as Active Directory or a SAML identity provider, you can map custom user attributes to attributes that exist in your external authentication source. You can then configure your Duo SSO SAML applications to send your mapped custom attribute values from the external authentication source to the application when users sign in.
This example maps the "Employee ID" custom attribute to an employeeID attribute in an external SSO SAML authentication source.
Outbound Provisioning
When configuring outbound provisioning for an application, user attributes can be mapped to application attributes. In this example, both default user attributes and the custom "Employee ID" attribute have been mapped to attributes supported by the external application.
