In this article:
1. Introduction to User Attributes
2. How to Map User Attributes in Your Account
2.1. With Microsoft Azure Entra ID (SAML)
2.2. With Okta (SAML)
2.3. With OneLogin (SAML)
2.4. With Microsoft Azure Entra ID (OpenID Connect (OIDC))
2.5. With Okta (OpenID Connect (OIDC))
2.6. With OneLogin (OpenID Connect (OIDC))
3. User Attributes in the Account
3.1. User Attributes in the Account Administration
3.2. User Attributes in My Account
3.3. In the Users' Info Popover
3.4. In the Worklog Entries Report
4. How to Get User Attributes from the API
User attributes let you add more information about the users in your account. Here is how to use them and populate their values through your identity provider (IdP).
1. Introduction to User Attributes
User attributes give you greater flexibility in adding more properties to the users in your account. Think of them as custom fields where you can input more details about users, such as branch, department, external ID, etc. Account Owners can create these attributes from the dedicated “User attributes” tab in the Account Administration. The attribute values can be populated either from the SSO (when it is enabled) or from the Users table (in User management) when the SSO is disabled.
Important:
- Only Account Owners can create and edit user attributes.
- When SSO is enabled and user attributes are mapped, Account Owners cannot edit them.
- We recommend not storing confidential information in user attributes, as they will be visible to all users across the application.
2. How to Map User Attributes in Your Account
2.1. With Microsoft Azure Entra ID (SAML)
Here is how to map user attributes using Microsoft Azure (we're using ‘Job title’ as an example attribute):
Step 1.
Open your already created app and navigate to the Single sign-on tab (1). Then, click the Edit icon (2) in the “Attributes & Claims” section.
Step 2.
Click on “Add new claim.”
Step 3.
Fill out your claim details:
- For name — type in the parameter that Businessmap expects to receive (this name will appear under “Provider field name” in Businessmap's SSO configuration → see image below).
- For source attribute — choose the attribute that sends “jobtitle” to Businessmap (user.jobtitle). In this case, for each user who logs in, Azure will send their job title from their profile.
Important: If there is no “jobtitle” value for a given user in Azure, no value will be populated in Businessmap.
Step 4.
In Businessmap (Account Administration → Integrations → Applications → SSO), when you open the SSO configuration panel, you will see the User attribute name on the left and the Provider field name, which will be sent from Azure, on the right. Each time a user logs in, the data in that field will be refreshed.
If you have enabled User Provisioning and want to automate the refresh of values, you can follow these steps:
1. After completing the steps above, from the app settings, select “Provisioning.” Then, under the “Manage” section, select “Provisioning” again.
2. Checkmark “Show advanced options” and click “Edit attribute list for customappsso.”
3. Add the new attribute, which must be named "urn:ietf:params:scim:schemas:extension:kanbanize:2.0:User:{{remote_name}}" and it has to be STRING.
Note: If you keep both strings (the one with "enterprise" and the one with "kanbanize"), there is a chance they might conflict with each other, leading to unexpected results.
4. In the “Attribute Mapping” menu, if you want to use an attribute (e.g. user.employeeid), but it is already in use, you need to enter and edit “Target Attribute” to be the newly created attribute — “urn:ietf:params:scim:schemas:extension:kanbanize:2.0:User:{remote_name}”
2.2. With Okta (SAML)
Without User Provisioning:
- In your Okta account, navigate to the Applications tab and select the desired SAML app where you want to add a custom attribute.
- Click on the General tab and scroll down to the SAML Settings section. Select Edit to launch the App Configuration wizard.
- In the Attribute Statements (Optional) section, type in the name of the desired attribute, e.g. “jobTitle.”
- In the second text box, enter the variable name from the Okta profile, prefixed with "user." (such as "user.title").
For a step-by-step guide on creating attributes in Okta, please check the dedicated guide.
With User Provisioning:
1. After you have set up your IdP configuration, go to Directory → Profile Editor.
2. Select the desired app.
3. Create a new attribute by clicking the “Add Attribute” button and configure it as follows:
- In Display name, enter the attribute name you want to see, e.g. External User ID.
- In Variable name and External name, enter a name that matches the remote name in Businessmap, e.g. externalUserId.
- In External namespace, enter “urn:ietf:params:scim:schemas:core:2.0:User”
4. The new attribute will now be available for users. In this case — External User ID. If you want to map an existing value to this attribute, go to Mappings → Okta User to {{App name}}.
Find the externalUserId attribute (it's in the right column), and on the left side, input the value you want to map from user.{{attribute}}. In the example below, user.email, the user's External ID will be their email address.
5. Whenever you add a user, you will see this attribute in the user's parameters. Changing the attribute's value will override the default value (which in this case is the user's email).
2.3. With OneLogin (SAML)
Important: If user provisioning is disabled, you need to checkmark “Include in SAML assertion” whenever you add a new parameter.
1. In OneLogin, go to the respective app's settings.
2. Select “Configuration” from the menu, and then “SCIM JSON Template” (if provisioning is enabled).
3. Inside the “SCIM JSON Template” you need to add the remote name of the app, so it can send data to it (if provisioning is enabled).
Add a comma after the last parameter in the json body and include "{remote_name}": "{$parameters.PARAMETER}". Replace PARAMETER with the attribute we want to send with the '{remote_name}' key. In the example above, we're using “scimusernamе” (if provisioning is enabled).
4. You can see the available parameters you can add in the Parameters tab. You can also add a new parameter and configure it for “externalUserId” in the Configuration tab.
5. When adding a user, you will now see the new “externalUserId” parameter and can assign a value to it which will be sent to Businessmap. You can later update that value too.
Learn more about configuring SAML Single Sign-On in Businessmap.
2.4. With Microsoft Azure Entra ID (OpenID Connect (OIDC))
1. In Azure Entra ID, go to “Enterprise app” and select the respective OIDC app.
2. In the Single sign-on tab, click “Edit” in the Attributes & Claims section.
3. Add a new attribute (its name should match the remote name in Businessmap).
4. To receive this parameter in Businessmap and ensure the integration works smoothly, you need to add two properties in the “Manifest” tab:
- Go to “App Registrations”
- Select “Manifest”
- Set acceptMappedClaims, allowPublicClient as true
Learn more about adding attributes here.
2.5. With Okta (OpenID Connect (OIDC))
You can use an existing attribute and map it to “externalUserId” or create a new one by following these steps:
1. In Okta, go to Directory → Profile Editor and select the respective app.
2. Create a new attribute and next to Variable name, enter a name that matches the remote name in Businessmap, e.g. externalUserId.
Now you need to configure the claim inside the token:
- To use a custom claim, go to Security → API → Authorization Servers, and select which authorization server you want to use.
- Select the server and copy its Issuer from the Settings tab and paste it into Businessmap's OIDC SSO configuration panel.
- In the Claims tab, click “Add Claim,” and configure it as follows:
- For Name, enter the remote name set in Businessmap.
- For Include in token type, select “ID Token” and “Always” from the dropdown fields.
- For Value, enter the attribute we want to map from the user's app settings. For example, if you have created a custom “externalUserId” claim, you should enter “appuser.externalUserId” in this field. Learn more about it in Okta's guide on tokens.
2.6. With OneLogin (OpenID Connect (OIDC))
In OneLogin, select the respective app, go to Parameters, and add a new parameter.
Learn more about configuring OpenID Connect (OIDC) SSO in Businessmap.
3. User Attributes in the Account
User attributes are available in the following areas of the account:
- Account Administration → User Management → the Users and User Attributes tabs
- My Account → Attributes
- User info popover
- Worklog Entries Report
3.1. User Attributes in the Account Administration
3.1.1. User Attributes Tab
There is a dedicated tab in the User Management panel available in the Account Administration. This is where Account Owners can create, edit, and review user attributes.
3.1.2. Users Tab
There is a separate column for each attribute in the Users tab. If the SSO is disabled, Account Owners can add or modify the attribute values for each user from the three-dot menu → Edit member.
3.2. User Attributes in My Account
Every user, regardless of their admin privileges, can see the attributes in their My Account menu under the Attributes tab. This is a view-only tab, so even Account Owners cannot edit their attributes from here.
3.3. In the Users' Info Popover
In the info popover available when you assign users to cards, you can see each user's assigned attributes.
3.4. In the Worklog Entries Report
User attributes are also available as an option in the “Configure results” menu in the Worklog Entries report. If you select it, the system will create a separate column in the report's results table for each attribute in the account. It is not possible to hide some attributes and display others. Learn more about the Worklog Entries report.
4. How to Get User Attributes from the API
- To get the IDs of all user attributes in your account, you need to send a GET request:
/api/v2/userAttributes
- To get the name and ID of a specific attribute, you need to send a GET request:
/api/v2/userAttributes/{attribute_id}
- To add an attribute value to a certain user, you need to make a PUT request:
/api/v2/users/{user_id}/attributes/{attribute_id}
and for the body:
{
"value": "{attribute_value}"
}