Skip to main content

Normalized User Profile

When a user logs in with SSO, each identity provider shares the user profile information in their own format. This adds complexity for the application developers to parse the user profile info and code related identity workflows. To make this seamless for developers, Scalekit normalizes the user profile info into a standard set of fields across all identity providers.

This means that you'd always receive the user profile payload in a fixed set of fields, irrespective of the identity provider and protocol you interact with. This is one of our foundational aspects of the Unified SSO solution.

Sample Normalized User Profile
{
"email": "john.doe@acmecorp.com",
"email_verified": true,
"family_name": "Doe",
"given_name": "John",
"locale": "en",
"name": "John Doe",
"picture": "https://lh3.googleusercontent.com/a/ACg8ocKNE4TZ...iEma17URCEf=s96-c",
"sub": "conn_17576372041941092;google-oauth2|104630259163176101050",
"identities": [
{
"connection_id": "conn_17576372041941092",
"organization_id": "org_17002852291444836",
"connection_type": "OIDC",
"provider_name": "AUTH0",
"social": false,
"provider_raw_attributes": {
"aud": "ztTgHijLLguDXJQab0oiPyIcDLXXrJX6",
"email": "john.doe@acmecorp.com",
"email_verified": true,
"exp": 1714580633,
"family_name": "Doe",
"given_name": "John",
"iat": 1714544633,
"iss": "https://dev-rmmfmus2g7vverbf.us.auth0.com/",
"locale": "en",
"name": "John Doe",
"nickname": "john.doe",
"nonce": "Lof9SpxEzs9dhUlJzgrrbQ==",
"picture": "https://lh3.googleusercontent.com/a/ACg8ocKNE4T...17URCEf=s96-c",
"sid": "5yqRJIfjPh8c7lr1s2N-IbY6WR8VyaIZ",
"sub": "google-oauth2|104630259163176101050",
"updated_at": "2024-04-30T10:02:30.988Z"
}
}
]
}

Full list of User Profile attributes

Profile AttributeData TypeDescription
substringAn identifier for the user, as submitted by the Identity Provider that completed the Single Sign-on.
emailstringThe user's email address.
email_verifiedbooleanTrue if the user's e-mail address has been verified as claimed by the Identity Provider; otherwise false.
namestringFully formatted user's name
family_namestringThe user's surname or last name.
given_namestringThe user's given name or first name.
localestringThe user's locale, represented by a BCP 47 language tag. Example: 'en'
picturestringThe user's profile picture in URL format
identitiesArray of Identity ObjectsArray of all identity information received from the Identity Providers in the raw format

Identity Object attributes

Identity AttributeData TypeDescription
organization_idstringUnique ID of the organization to which this user belongs to
connection_idstringUnique ID of the connection for which this identity data is fetched from
connection_typestringtype of the connection: SAML or OIDC
provider_namestringname of the connection provider. Example: Okta, Google, Auth0
socialbooleanIs the connection a social provider (like Google, Microsoft, GitHub etc) or an enterprise connection.
provider_raw_attributesobjectkey-value map of all the raw attributes received from the connection provider as-is

Notes

  • The sub field is a concatenation of the connection_id and a unique identifier assigned to the user by the identity provider.
  • The identities array may contain multiple objects if the user has authenticated through different methods.
  • The provider_raw_attributes object contains all original data from the Identity Provider, which may vary based on the provider and connection type.

Is this page helpful? Yes No