User attributes

login.gov user accounts are either proofed (IAL2) or self-asserted (IAL1), corresponding to NIST 800-63-3 Identity Assurance Level (IAL).

Here are the possible attributes that can be requested at a given IAL. This table contains the available user attributes, the IAL they are associated with, and how they can be accessed in OpenID Connect and SAML.

Attribute	OpenID Connect	SAML
UUID The user’s universally unique identifier.	`sub` (string)	`uuid`
Email The user’s email address.	`email` (string) Requires the `email` scope.	`email`
First name The user’s first (given) name.	`given_name` (string) Requires `profile` or `profile:name` scopes.	`first_name`
Last name The user’s last (family) name.	`family_name` (string) Requires `profile` or `profile:name` scopes.	`last_name`
Address The user’s address, including street, city, state, and zip code.	`address` (object) The address claim, containing `street_address`, `locality` (city), `region` (state), and `postal_code` (zip code). Requires the `address` scope.	`address1` `address2` `city` `state` `zipcode`
Phone The user’s phone number formatted as E.164, for example: `+1 (555) 555-5555`	`phone` (string) Requires the `phone` scope.	`phone`
Date of birth Formatted as ISO 8601:2004, for example: `YYYY-MM-DD`	`birthdate` (string) Requires `profile` or `profile:birthdate` scopes.	`dob`
Social security number	`social_security_number` (string) Requires the `social_security_number` scope.	`ssn`
Verification timestamp When the user’s identity was last verified (or empty if it has never been verified)	`verified_at` (number, null) Seconds since the Unix Epoc Requires the `profile` or `profile:verified_at` scope.	`verified_at` (string, ISO8601 format)