Skip to main content

User attributes

login.gov user accounts are either proofed (LOA3) or not (LOA1), corresponding to NIST 800-63-2 levels of assurance (LOA). Here are the possible attributes that can be requested at a given LOA. This table contains the available user attributes, the LOA they are associated with, and how they can be accessed in OpenID Connect and SAML.

Attribute LOA1 LOA3 OpenID Connect SAML
UUID
The user’s universally unique identifier, which is unique per application.
checkmark checkmark sub (string) uuid
Email
The user’s email address.
checkmark checkmark email (string)

Requires the email scope.
email
First name
The user’s first (given) name.
  checkmark given_name (string)

Requires profile or profile:name scopes.
first_name
Last name
The user’s last (family) name.
  checkmark family_name (string)

Requires profile or profile:name scopes.
last_name
Address
The user’s address, including street, city, state, and zip code.
  checkmark address (object)

The address claim, containing street_address, locality (city), region (state), and postal_code (zip code). Requires the address scope.
address1
address2
city
state
zipcode
Phone
The user’s phone number formatted as E.164, for example: +1 (555) 555-5555
  checkmark phone (string)

Requires the phone scope.
phone
Date of birth
Formatted as ISO 8601:2004, for example: YYYY-MM-DD
  checkmark birthdate (string)

Requires profile or profile:birthdate scopes.
dob
Social security number   checkmark social_security_number (string)

Requires the social_security_number scope.
ssn