Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( Https ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

User attributes

Login.gov user accounts are either identity proofed or self-asserted. Login.gov continues to work toward achieving certification of compliance with NIST's IAL2 standard from a third-party assessment organization.

Here are the possible attributes that can be requested at a given IAL. This table contains the available user attributes, the IAL they are associated with, and how they can be accessed in OpenID Connect and SAML.

It is important to expect any number of characters in the (string) datatype unless directly followed by a number such as (string36). Strings are encrypted and stored in a text datatype with a maximum length of 65,535 bytes.

Attribute IAL1 ID Proofed OpenID Connect SAML

UUID
The user’s universally unique identifier.

checkmark

checkmark

sub (string36)

uuid (string36)

Email
The user’s email address.

checkmark

checkmark

email (string)

Requires the email scope.

email (string)

All emails
All of the email addresses on the user’s account

checkmark

checkmark

all_emails (array of strings)

all_emails (array of strings)

IAL
Identity Assurance Level NIST 800-63-3.

checkmark

checkmark

ial (url, urn)

See OpenID Connect IAL values

ial (url, urn)

See SAML IAL values

AAL
Authenticator Assurance Level NIST 800-63-3.

checkmark

checkmark

aal (url, urn)

See OpenID Connect AAL values

aal (url, urn)

See SAML AAL values

First name
The user’s first (given) name.

checkmark

given_name (string)

Requires profile or profile:name scopes.

first_name (string)

Last name
The user’s last (family) name.

checkmark

family_name (string)

Requires profile or profile:name scopes.

last_name (string)

Address
The user’s address, including street, city, state, and zip code.

checkmark

address (object)

The address claim, containing:
street_address (string)
locality (city, string)
region (state, string)
postal_code (zip code, string5)

Requires the address scope.

address1 (string)
address2 (string)
city (string)
state (string)
zipcode (string5)

Phone
The user’s phone number formatted as E.164, for example: +18881112222

checkmark

phone (string, null)

Requires the phone scope.

phone (string, null)

Date of birth
Formatted as ISO 8601:2004, for example: YYYY-MM-DD

checkmark

birthdate (string10)

Requires profile or profile:birthdate scopes.

dob (string10)

Social security number
Example:
111-11-1111

checkmark

social_security_number (string11)

Requires the social_security_number scope.

ssn (string11)

Verification timestamp
When the user’s identity was last verified (or empty if it has never been verified)

checkmark

checkmark

verified_at (number, null)

Seconds since the Unix Epoc

Requires the profile:verified_at scope.

verified_at (string, ISO8601 format)

x509

checkmark

checkmark

x509_issuer (string) x509_presented (string) x509_subject (string)

Requires the x509 scope

n/a

x509 Issuer

checkmark

checkmark

x509_issuer (string)

Requires the x509:issuer scope.

x509_issuer

x509 Subject

checkmark

checkmark

x509_subject (string)

Requires the x509:subject scope

x509_subject

x509 Presented

checkmark

checkmark

x509_presented (string)

Requires the x509:presented scope.

x509_presented