Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( Https ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

User attributes

Login.gov user accounts are either identity proofed or self-asserted. Login.gov continues to work toward achieving certification of compliance with NIST’s IAL2 standard from a third-party assessment organization.

User attributes

Login.gov user accounts are either identity proofed or self-asserted. Login.gov continues to work toward achieving certification of compliance with NIST’s IAL2 standard from a third-party assessment organization.

Here are the possible attributes that can be requested at a given IAL. This table contains the available user attributes, the IAL they are associated with, and how they can be accessed in OpenID Connect (OIDC) and SAML.

It is important to expect any number of characters in the (string) datatype unless directly followed by a number such as (string36). Strings are encrypted and stored in a text datatype with a maximum length of 65,535 bytes.

Attribute IAL1 ID Proofed OpenID Connect SAML

UUID
The user’s universally unique identifier.

sub (string36)

uuid (string36)

Email
The user’s email address.

email (string)

Requires the email scope.

email (string)

All emails
All of the email addresses on the user’s account.

all_emails (array of strings)

all_emails (array of strings)

IAL
Identity Assurance Level NIST 800-63-3.

ial (url, urn)

See OpenID Connect IAL values

ial (url, urn)

See SAML IAL values

AAL
Authenticator Assurance Level NIST 800-63-3.

aal (url, urn)

See OpenID Connect AAL values

aal (url, urn)

See SAML AAL values

First name
The user’s first (given) name.

given_name (string)

Requires profile or profile:name scopes.

first_name (string)

Last name
The user’s last (family) name.

family_name (string)

Requires profile or profile:name scopes.

last_name (string)

Address
The user’s address, including street, city, state, and zip code.

address (object)

The address claim, containing:
street_address (string)
locality (city, string)
region (state, string)
postal_code (zip code, string5)

Requires the address scope.

address1 (string)
address2 (string)
city (string)
state (string)
zipcode (string5)

Phone*
The user’s phone number formatted as E.164, for example: +18881112222.

phone (string, null)

Requires the phone scope.

phone (string, null)

Date of birth
Formatted as ISO 8601:2004, for example: YYYY-MM-DD.

birthdate (string10)

Requires profile or profile:birthdate scopes.

dob (string10)

Social security number
Example:
111-11-1111

social_security_number (string11)

Requires the social_security_number scope.

ssn (string11)

Verification timestamp*
When the user’s identity was last verified (or empty if it has never been verified).

verified_at (number, null)

Seconds since the Unix Epoc

Requires the profile:verified_at scope.

verified_at (string, ISO8601 format)

x509

x509_issuer (string) x509_presented (string) x509_subject (string)

Requires the x509 scope.

n/a

x509 Issuer

x509_issuer (string)

Requires the x509:issuer or x509 scope.

x509_issuer (string)

x509 Subject

x509_subject (string)

Requires the x509:subject or x509 scope.

x509_subject (string)

x509 Presented

x509_presented (boolean)

Requires the x509:presented or x509 scope.

x509_presented (string)

* Please note that only phone and verified_at idV user attributes may be returned as null.