User attributes

login.gov user accounts are either proofed (IAL2) or self-asserted (IAL1), corresponding to NIST 800-63-3 Identity Assurance Level (IAL).

Here are the possible attributes that can be requested at a given IAL. This table contains the available user attributes, the IAL they are associated with, and how they can be accessed in OpenID Connect and SAML.

-----------------------------

Attribute	OpenID Connect	SAML
UUID The user’s universally unique identifier.	`sub` (string)	`uuid`
Email The user’s email address.	`email` (string) Requires the `email` scope.	`email`
First name The user’s first (given) name.	`given_name` (string) Requires `profile` or `profile:name` scopes.	`first_name`
Last name The user’s last (family) name.	`family_name` (string) Requires `profile` or `profile:name` scopes.	`last_name`
Address The user’s address, including street, city, state, and zip code.	`address` (object) The address claim, containing `street_address`, `locality` (city), `region` (state), and `postal_code` (zip code). Requires the `address` scope.	`address1` `address2` `city` `state` `zipcode`
Phone The user’s phone number formatted as E.164, for example: `+1 (555) 555-5555`	`phone` (string) Requires the `phone` scope.	`phone`
Date of birth Formatted as ISO 8601:2004, for example: `YYYY-MM-DD`	`birthdate` (string) Requires `profile` or `profile:birthdate` scopes.	`dob`
Social security number	`social_security_number` (string) Requires the `social_security_number` scope.	`ssn`
Verification timestamp When the user’s identity was last verified (or empty if it has never been verified)	`verified_at` (number, null) Seconds since the Unix Epoc Requires the `profile` or `profile:verified_at` scope.	`verified_at` (string, ISO8601 format)
x509	`x509` (string) Requires the `x509` scope	(unavailable)
x509 Subject	`x509_subject` (string) Requires the `x509:subject` scope	(unavailable)
x509 Presented	`x509_presented` (string) Requires the `x509_presented` scope.	(unavailable)