This site requires JavaScript to be enabled
External Customer KB > General > Provision User Attributes to Office 365 V2
Provision User Attributes to Office 365 V2
Article: KB0010028 Published: 04/14/2021 Last modified: 04/14/2021

This article lists all of the Office 365 user attributes that you can provision from OneLogin. These represent the attributes required by most implementations of Office 365. However, there may be attributes that you use with Office 365 that are not on this list. Those attributes may be supported by Azure Active Directory Sync Service (DirSync). For more information about whether to use DirSync or the OneLogin provisioning engine with your implementation of OneLogin SSO for Office 365, see "Before You Begin" in Configuring Office 365 SSO with OneLogin or contact OneLogin support.

The user attributes described in this article appear on the Parameters tab when you configure OneLogin for SSO or provisioning with Office 365.

Most of these attributes are used only for provisioning users to Office 365. Many of them can be mapped to specific OneLogin attributes, and many of them can be used to configure rules that map a specific OneLogin attribute value to a specific Office 365 attribute value.

For more information, see Configuring Office 365 SSO with OneLogin and Provisioning Users to Office 365.

Office 365 user attributes available for SSO or provisioning from OneLogin

Note: A OneLogin value of - No default - means that the attribute value stored in Active Directory will be passed to Office 365 unless specifically mapped. In most circumstances, if the default OneLogin value is - No default -, you should not change the value unless otherwise noted below.

Office 365 attribute Default OneLogin value Notes
City - No default -
Country - No default - Two-letter country code (ISO standard 3166); for example, “US” or “GB”.
Department - No default -
Display Name - No default -

Display Name sets the way the user name displays in Office 365 (including the name that appears in the From: field in emails).  If you do not set this to a OneLogin value, it defaults to {firstname} {lastname}This does not appear in the UI, but it does behave this way.

You can set Display Name to any OneLogin user attribute, or you can set it to a custom value using an Attribute Macro or Custom User Field. For example, you can set it to Last name, First name using the macro {lastname}{firstname}. Or you can set it to nickname by creating a custom user field (let's say nickname), populating the field with users' nickname values, and mapping the Display Name to the new field. For more information, see Attribute Macros and Custom User Fields. The Display Name can be set to AD ID, AD user name, or company. AD ID maps to the objectGUID field in AD, while AD user name maps to sAMAccountName field. 

FacsmilieTelephoneNumber - No default -
Groups - No value - Used to award membership to a Group in Office 365. Membership in an Office 365 Group will populate across all applications within the Office 365 platform. Distribution Lists are no longer supported. By default, no values are passed to the Groups field. 
ImmutableID AD ID

This value should always be AD ID. If OneLogin is not integrated with Active Directory (AD), and therefore there is no ImmutableID to provision from AD to Office 365, OneLogin generates a unique AD ID value to map to the Office 365 ImmutableID.

Note: The ImmutableID parameter is provisioned bi-directionally. If a OneLogin user is provisioned into Office 365, and that user exists with an assigned Immutable ID, OneLogin will copy that value back into the ImmutableID parameter. If the value in Office 365 differs from the value in OneLogin, we copy the value from Office 365 into OneLogin ImmutableID parameter. For this reason, we recommend you create a custom parameter to safely store ImmutableIDs.

The correct ImmutableID is required for SSO to function. SSO will fail if the wrong ImmutableID is stored in OneLogin.

Important! ImmutableID is immutable! You can't change it once it's set.

JobTitle - No default -
Licenses - No value - By default, no values are passed to the Licenses field. If you want to configure OneLogin to provision license assignments to Office 365 users, see "Using rules to provision Office 365 licenses to users" in Provisioning Users to Office 365
Mail - No default -
MailNickName - No default -
Mobile - No default -
PhysicalDeliveryOfficeName - No default -
PostalCode - No default -
PreferredLanguage - No default - Should follow ISO 639-1 Code; for example "en-US".
Sharepoint Online Persistent Sessions - Macro - Used to enable 5-day persistent sessions for Sharepoint Online. To enable, set the Macro value to true. To disable, set the value to false.
State - No default -
StreetAddress - No default -
TelephoneNumber - No default -
UsageLocation  US A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: "US", "JP", and "GB".
User Principal Name Email This value depends on your directory configuration. See below for details.
userType - No default - A string value that can be used to classify user types in your directory, such as “Member” and “Guest”. If the parameter is left blank, we implicitly set the value to "Member".

Your directory configuration determines how you map the Office 365 User Principal Name to the OneLogin value:

Office 365 attribute Active Directory with Dirsync Active Directory without Dirsync No Active Directory
User Principal Name userPrincipalName Email or userPrincipalName Email

Note. OneLogin does not pass the following attributes from Active Directory to Office 365. These are not available because you cannot override them in Office 365. 

  • proxyAddresses
  • sipProxyAddress

Expand/Collapse Comments
Was this helpful?