User attributes
This list includes the attributes available for users when logging in using login.helsinki.fi single sign-on service or from LDAP. All attributes are not available for all users.
Columns
- LDAP: Marked if attribute is not available in LDAP.
- SAML name: Attribute is available from IdP using SAML2 protocol.
- OIDC claim name: Attribute is available from IdP using OIDC protocol.
FriendlyName / LDAP | Multivalued | Value / Example | LDAP | SAML name1 | OIDC claim name | OIDC type | |
cn | Yes2 | "FirstName Surname" | urn:oid:2.5.4.3 | cn | Array | ||
displayName | No | "FirstName Surname" | urn:oid:2.16.840.1.113730.3.1.241 | name | String | ||
eduPersonAffiliation | Yes | Role in the organization student/faculty/staff/employee/member/affiliate3 | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | eduPersonAffiliation | Array | ||
eduPersonAssurance | Yes | Identity assurance according to REFEDS Assurance Framework | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | eduPersonAssurance | Array | ||
eduPersonEntitlement | Yes | Rights to specific resources | No | urn:oid:1.3.6.1.4.1.5923.1.1.1.7 | eduPersonEntitlement | Array | |
eduPersonPrimaryAffiliation | No | Primary role in the organization3 | urn:oid:1.3.6.1.4.1.5923.1.1.1.5 | eduPersonPrimaryAffiliation | String | ||
eduPersonPrincipalName | No | "uid@helsinki.fi" | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | eduPersonPrincipalName | String | ||
eduPersonScopedAffiliation | Yes | "<eduPersonAffiliaction>@helsinki.fi" | No | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | eduPersonScopedAffiliation | Array | |
employeeNumber | No | SAP-HR employee number | urn:oid:2.16.840.1.113730.3.1.3 | employeeNumber | String | ||
funetEduPersonEPPNTimeStamp | No | Date when user account was created | urn:oid:1.3.6.1.4.1.16161.1.1.24 | funetEduPersonEPPNTimeStamp | String | ||
funetEduPersonLearnerId | No | National learner ID | urn:oid:1.3.6.1.4.1.16161.1.1.27 | funetEduPersonLearnerId | String | ||
funetEduPersonStudentCategory | Yes | Student categories: bachelor/master/licentiate/doctor/visiting-student/exchange-student etc. | urn:oid:1.3.6.1.4.1.16161.1.1.20 | funetEduPersonStudentCategory | Array | ||
| gecos | No | UNIX: firstname lastname | |||||
| gidNumber | No | UNIX: primary group id | |||||
givenName | Yes2 | First name | urn:oid:2.5.4.42 | given_name | String | ||
| homeDirectory | No | UNIX: home directory path | |||||
| hy247EmployeeNumber | No | Employee number for HY247 users | urn:mace:funet.fi:helsinki.fi:hy247EmployeeNumber | hy247EmployeeNumber | String | ||
| hyAccountType | No | urn:oid:1.3.6.1.4.1.18869.1.1.1.33 | hyAccountType | String | |||
| hyAccountingCode | No | Accounting code | |||||
hyGroupCn4 | Yes | User groups (LDAP:ssa memberOf) | No | urn:mace:funet.fi:helsinki.fi:hyGroupCn | hyGroupCn | Array | |
hyLicenseLevelMicrosoft | No | Microsoft license for the user | urn:mace:funet.fi:helsinki.fi:hyLicenseLevelMicrosoft | hyLicenseLevelMicrosoft | String | ||
| hyOrganizationPrimaryUnit | No | Organisation registry code for primary organisation unit (ensisijainen organisaatioyksikkö). Value is 1 if not known. | urn:oid:1.3.6.1.4.1.18869.1.1.1.56 | hyOrganizationPrimaryUnit | String | ||
| hyPersonADExpiryDate | No | AD account expiry date | |||||
| hyPersonEducationCode | Yes | Student's degree programme codes from Sisu. | urn:oid:1.3.6.1.4.1.18869.1.1.1.58 | hyPersonEducationCode | Array | ||
| hyPersonEmployerCode | Yes | Employee's payroll unit code from SAP HR (palkanmaksuyksikkö). | urn:oid:1.3.6.1.4.1.18869.1.1.1.29 | hyPersonEmployerCode | Array | ||
| hyPersonKamuIdentifier | No | Kamu service identifier | urn:oid:1.3.6.1.4.1.18869.1.1.1.61 | hyPersonKamuIdentifier | String | ||
| hyPersonLicenses | Yes | Liceses (currently only Microsoft) | urn:oid:1.3.6.1.4.1.18869.1.1.1.49 | hyPersonLicenses | Array | ||
| hyPersonPersonnelUnit | Yes | Employee's and others personnel unit code from SAP HR (henkilöstöyksikkö) | urn:oid:1.3.6.1.4.1.18869.1.1.1.59 | hyPersonPersonnelUnit | Array | ||
| hyPersonSecurityTestExpiryDate | No | Person's security test expiry date. | urn:oid:1.3.6.1.4.1.18869.1.1.1.60 | hyPersonSecurityTestExpiryDate | String | ||
hyPersonSisuId | No | Sisu service identifier | urn:oid:1.3.6.1.4.1.18869.1.1.1.48 | hyPersonSisuId | String | ||
| hyPersonStudentFacultyCode | Yes | Student's organisation codes from Sisu. | urn:oid:1.3.6.1.4.1.18869.1.1.1.57 | hyPersonStudentFacultyCode | Array | ||
hyPersonStudentId | No | Student number | urn:mace:funet.fi:helsinki.fi:hyPersonStudentId | hyPersonStudentId | String | ||
| hyProfitUnit | No | Profit unit / financial code for most users (tulosyksikkö) | |||||
| loginShell | No | UNIX: login shell | |||||
Yes2 | Email address | urn:oid:0.9.2342.19200300.100.1.3 | String | ||||
| memberOf4 | Yes | User groups (nimellä hyGroupCn SAML/OIDC) | |||||
nationalIdentificationNumber | No | Finnish Personal Identity Code | urn:oid:1.2.246.21 |
|
| ||
ou | Yes | Changing in the near future: Should be organization unit name. Currently includes H- and A-codes. | urn:oid:2.5.4.11 | ou | Array | ||
preferredLanguage | No | Possible values: fi/en/sv | urn:oid:2.16.840.1.113730.3.1.39 | preferredLanguage | String | ||
schacDateOfBirth | No | Date of birth in YYYYMMDD-format, e.g. 19901231 | urn:oid:1.3.6.1.4.1.25178.1.2.3 | schacDateOfBirth | String | ||
schacExpiryDate | No | Account expiration date. | urn:oid:1.3.6.1.4.1.1466.115.121.1.24 | schacExpiryDate | String | ||
schacGender | No | Possible values: 0 (Not known), 1 (Male), 2 (Female), 3 (Not specified). | urn:oid:1.3.6.1.4.1.25178.1.2.2 | schacGender | String | ||
schacHomeOrganization | No | “helsinki.fi” | urn:oid:1.3.6.1.4.1.25178.1.2.9 | schacHomeOrganization | String | ||
schacHomeOrganizationType | Yes2 | “urn:schac:homeOrganizationType:fi:university” | urn:oid:1.3.6.1.4.1.25178.1.2.10 | schacHomeOrganizationType | Array | ||
schacPersonalUniqueCode | Yes | University of Helsinki student number in Haka specified format. ESI (European Student Identifier) in national format. | urn:oid:1.3.6.1.4.1.25178.1.2.14 | schacPersonalUniqueCode | Array | ||
schacPersonalUniqueID | Yes | Finnsh Personal Identity Code or similar unique identifier in Haka-specified format. | urn:oid:1.3.6.1.4.1.25178.1.2.15 | schacPersonalUniqueID1 | Array | ||
sn | Yes2 | Surname | urn:oid:2.5.4.4 | family_name | String | ||
uid | Yes2 | User account name / identifier | urn:oid:0.9.2342.19200300.100.1.1 | uid | String | ||
| uidNumber | No | UNIX: uid id |
We use Haka's funetEduPerson schema for attributes included in it. Check the schema specification for more information https://wiki.eduuni.fi/display/CSCHAKA/funetEduPersonSchema2dot5.
- Technical name for the attribute used in SAML messages.
- Multivalued in the attribute schema, but single valued in the University of Helsinki, at least for now.
- Check Haka federation convertion for more information about the values: https://wiki.eduuni.fi/display/CSCHAKA/funetEduPersonSchema2dot5#funetEduPersonSchema2dot5-eduPersonAffiliation
- hyGroupCn (memberOf) includes all user's IAM groups: https://helpdesk.it.helsinki.fi/ohjeet/muut-ohjeet/ryhmienhallintatyokalu-iam