Custom Security Attributes enable storage of sensitive information on user and application objects in Azure Active Directory .
Attributes
Each attribute consists of the following: the name of the attribute, the name of attribute set that contains the attribute, the data type of the attribute, and the value of the attribute. The name of the attribute, the containing attribute set, and the data type and consist of two components: attributes and attribute sets. The definition of an attribute or attribute set cannot be changed once the attribute has been object is created. The value value of the an attribute can be changed by authorized users at any time. The permission to modify the value of an attribute is granted to users via access rights on the attribute set that contains the attribute.
Attribute
...
defintions
The key components of an attribute definition are the name of the attribute, the attribute set and the attributes contained within the set. The name of the attribute set cannot be changed once the attribute set has been created. The list of attributes in the set can be expanded by creating new attribute. Existing attributes in set cannot be removed. that contains the attribute, the data type of the attribute, and if the attribute value is single-valued or multi-valued. The data type can be string, integer, or boolean.
Limitations
- A maximum of 500 attributes can be defined in a tenant.
- A maximum of 500 attribute sets can be defined in a tenant.
- A maximum of 50 values can be defined on a each user or application.
Implementation
The following restrictions are currently applied to custom security attributes. These restrictions are intended to allow attributes to be recycled and prevent exhaustion of attribute values by a single attribute.
- Each attribute and attribute set will adhere to a generic naming convention
- Each attribute set will contain a single attribute
- Only single-valued attributes are permitted
Naming Conventions
The following naming conventions are proposed for Custom Security Attributes to ensure that attributes and attribute sets can be re-used.
- The name of each attribute and associated attribute set will include the tenant name followed by the static Csa identifier followed by the object type for the attributes in the set and a sequential numeric identifier within the set of attribute sets that are of the same object type.
- utexasCsaUser1, utexasCsaUser2, utexasCsaApp1, utexasCsaApp2
- utexasCsaUser1Single1utexasCsaString1, utexasCsaInteger2, utexasCsaApp1Bool1utexasCsaBoolean3