Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

User attributes

login.gov user accounts are either proofed (IAL2) or self-asserted (IAL1), corresponding to NIST 800-63-3 Identity Assurance Level (IAL).

Here are the possible attributes that can be requested at a given IAL. This table contains the available user attributes, the IAL they are associated with, and how they can be accessed in OpenID Connect and SAML.

-----------------------------
Attribute IAL1 IAL2 OpenID Connect SAML

UUID
The user’s universally unique identifier.

checkmark

checkmark

sub (string)

uuid

Email
The user’s email address.

checkmark

checkmark

email (string)

Requires the email scope.

email

First name
The user’s first (given) name.

checkmark

given_name (string)

Requires profile or profile:name scopes.

first_name

Last name
The user’s last (family) name.

checkmark

family_name (string)

Requires profile or profile:name scopes.

last_name

Address
The user’s address, including street, city, state, and zip code.

checkmark

address (object)

The address claim, containing street_address, locality (city), region (state), and postal_code (zip code). Requires the address scope.

address1
address2
city
state
zipcode

Phone
The user’s phone number formatted as E.164, for example: +1 (555) 555-5555

checkmark

phone (string)

Requires the phone scope.

phone

Date of birth
Formatted as ISO 8601:2004, for example: YYYY-MM-DD

checkmark

birthdate (string)

Requires profile or profile:birthdate scopes.

dob

Social security number

checkmark

social_security_number (string)

Requires the social_security_number scope.

ssn

Verification timestamp
When the user’s identity was last verified (or empty if it has never been verified)

checkmark

checkmark

verified_at (number, null)

Seconds since the Unix Epoc

Requires the profile:verified_at scope.

verified_at (string, ISO8601 format)

x509

checkmark

checkmark

x509_subject (string) x509_presented (string)

Requires the x509 scope

n/a

x509 Subject

checkmark

checkmark

x509_subject (string)

Requires the x509:subject scope

x509_subject

x509 Presented

checkmark

checkmark

x509_presented (string)

Requires the x509_presented scope.

x509_presented