User attributes
login.gov user accounts are either proofed (LOA3) or not (LOA1), corresponding to NIST 800-63-2 levels of assurance (LOA). Here are the possible attributes that can be requested at a given LOA. This table contains the available user attributes, the LOA they are associated with, and how they can be accessed in OpenID Connect and SAML.
| Attribute | LOA1 | LOA3 | OpenID Connect | SAML |
|---|---|---|---|---|
| UUID The user’s universally unique identifier. |
 |
|
sub (string) |
uuid |
| Email The user’s email address. |
|
|
email (string)Requires the email scope. |
email |
| First name The user’s first (given) name. |
|
given_name (string)Requires profile or profile:name scopes. |
first_name |
|
| Last name The user’s last (family) name. |
|
family_name (string)Requires profile or profile:name scopes. |
last_name |
|
| Address The user’s address, including street, city, state, and zip code. |
|
address (object)The address claim, containing street_address, locality (city), region (state), and postal_code (zip code). Requires the address scope. |
address1address2citystatezipcode |
|
| Phone The user’s phone number formatted as E.164, for example: +1 (555) 555-5555 |
|
phone (string)Requires the phone scope. |
phone |
|
| Date of birth Formatted as ISO 8601:2004, for example: YYYY-MM-DD |
|
birthdate (string)Requires profile or profile:birthdate scopes. |
dob |
|
| Social security number | |
social_security_number (string)Requires the social_security_number scope. |
ssn |