Custom Security Attributes enable storage of sensitive information on user and application objects in Azure Active Directory and consist of two components: attributes and attribute sets. Each attribute consists of a definition and an assignment and each attribute set consists of a definition and the permissions applied to the attribute setsset.
Attribute defintions
The definition of an attribute or attribute set cannot be changed once the object is created. The value definition of an attribute can be changed by authorized users at any time. The permission to modify the value of an attribute is granted to users via access rights on set consists of the name of the attribute set that contains the attribute.
Attribute defintions
The key components The definition of an attribute definition are consists of the name of the attribute, the attribute set that contains the attribute, the data type of the attribute, and if the attribute value is single-valued or multi-valued. The data type can be string, integer, or boolean.
Attribute assignments
The assignment of an attribute is the value of an attribute and can modified by authorized users at any time. The value must adhere to the requirements of the data type defined for the attribute.
Attribute set permissions
The permissions on an attribute set define who can modify the value of any attributes in attribute set.
Limitations
- A maximum of 500 attributes can be defined in a tenant.
- A maximum of 500 attribute sets can be defined in a tenant.
- A maximum of 50 values can be set on a each user or application.
...
The following restrictions are currently applied to custom security attributes in the utexas tenant. These restrictions are intended to allow attributes to be recycled and prevent exhaustion of attribute values by a single attribute.
- Each attribute Attributes and attribute set sets will adhere to a generic naming convention
- Each attribute set Attribute sets will contain a single attribute
- Only single-valued attributes are permitted
...