Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( Https ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

User attributes

login.gov user accounts are either proofed (IAL2) or self-asserted (IAL1), corresponding to NIST 800-63-3 Identity Assurance Level (IAL).

Here are the possible attributes that can be requested at a given IAL. This table contains the available user attributes, the IAL they are associated with, and how they can be accessed in OpenID Connect and SAML.

It is important to expect any number of characters in the (string) datatype unless directly followed by a number such as (string36). Strings are encrypted and stored in a text datatype with a maximum length of 65,535 bytes.

Attribute IAL1 IAL2 OpenID Connect SAML

UUID
The user’s universally unique identifier.

checkmark

checkmark

sub (string36)

uuid (string36)

Email
The user’s email address.

checkmark

checkmark

email (string)

Requires the email scope.

email (string)

IAL
Identity Assurance Level NIST 800-63-3.

checkmark

checkmark

ial (url, urn)

See OpenID Connect IAL values

ial (url, urn)

See SAML IAL values

AAL
Authenticator Assurance Level NIST 800-63-3.

checkmark

checkmark

aal (url, urn)

See OpenID Connect AAL values

aal (url, urn)

See SAML AAL values

First name
The user’s first (given) name.

checkmark

given_name (string)

Requires profile or profile:name scopes.

first_name (string)

Last name
The user’s last (family) name.

checkmark

family_name (string)

Requires profile or profile:name scopes.

last_name (string)

Address
The user’s address, including street, city, state, and zip code.

checkmark

address (object)

The address claim, containing:
street_address (string)
locality (city, string)
region (state, string)
postal_code (zip code, string5)

Requires the address scope.

address1 (string)
address2 (string)
city (string)
state (string)
zipcode (string5)

Phone
The user’s phone number formatted as E.164, for example: +18881112222

checkmark

phone (string, null)

Requires the phone scope.

phone (string, null)

Date of birth
Formatted as ISO 8601:2004, for example: YYYY-MM-DD

checkmark

birthdate (string10)

Requires profile or profile:birthdate scopes.

dob (string10)

Social security number
Example:
111-11-1111

checkmark

social_security_number (string11)

Requires the social_security_number scope.

ssn (string11)

Verification timestamp
When the user’s identity was last verified (or empty if it has never been verified)

checkmark

checkmark

verified_at (number, null)

Seconds since the Unix Epoc

Requires the profile:verified_at scope.

verified_at (string, ISO8601 format)

x509

checkmark

checkmark

x509_subject (string) x509_presented (string)

Requires the x509 scope

n/a

x509 Subject

checkmark

checkmark

x509_subject (string)

Requires the x509:subject scope

x509_subject

x509 Presented

checkmark

checkmark

x509_presented (string)

Requires the x509_presented scope.

x509_presented