Who can use this feature?
Workspace Owners, Super Admins, and Admins
Only supported using the Cerby web app
As a workspace Owner, Super Admin, or Admin, you can configure a custom user schema for your IdLCM integration to connect disconnected apps to Cerby.
Configuring a custom user schema in Cerby ensures that user profiles and access controls are properly aligned with the requirements of each external app. This enables more accurate provisioning and seamless integration with your organization’s identity and access policies.
For each external app available in the app catalog of IdLCM integrations, Cerby provides a default user schema that you can update to perform one of the following actions:
The following sections describe each action.
Add custom attributes
Cerby supports the definition of custom attributes to extend the default user schema. The goal is to tailor user profiles to your organization's specific requirements by adding fields that are not part of the standard schema.
IMPORTANT: When you create a custom attribute for a user schema, you must define the new attributes and its corresponding mapping within your Identity Provider (IdP). For instructions, read the official documentation of your IdP:
Okta:
Map app attributes on the Provisioning page
NOTE: Okta only supports urn:ietf:params:scim:schemas:extension:enterprise:2.0:User namespace for schema extensions.
You can define a custom attribute using the following JSON structure:
attributes: [
{
validator: {
type: 'cerby:json-schema',
spec: {
type: 'string',
},
},
label: 'CustomField',
type: 'cerby:user-schema-attribute',
dataClassification: 'plain',
allowEmptyInSync: true,
primaryIdentifier: false,
required: true,
returned: 'always',
multiValued: false,
},
]
The following table provides a description of each JSON field used for defining a custom user schema attribute:
Fields | Description | Type |
| Specifies the validation method used. For Cerby, use | String |
| Defines the data type of the attribute.
| String |
| Contains the human-readable name of the attribute. | String |
| Indicates the constant value | String |
| Indicates the sensitivity level of the data. The valid values are the following:
| String |
| Indicates if the attribute can be empty when syncing user data between systems. | Boolean |
| Indicates if this field serves as a unique identifier for the user. | Boolen |
| Indicates if the attributes must be provided when creating or updating a user. | Boolean |
| Indicates when the field is included in responses. The valid values are the following:
| String |
| Indicates if the attribute supports multiple values. | Boolean |
Table 1. Descriptions of the user schema custom attributes fields
Add custom roles
Cerby supports the creation of custom roles in the user schema, enabling you to define role attributes that align with how your connected apps manage access. By defining a custom role attribute, you can automatically assign the right role to each user when their account is created or updated.
IMPORTANT: After defining custom roles in your IdLCM integrations, you must configure the mapping within your IdP to ensure role information is included correctly during user provisioning. For instructions, read the official documentation of your IdP:
You can define a custom role using the following JSON structure by adding a new entry to the roles.options array in the user schema:
{
"description": "Custom role",
"displayName": "Custom Role",
"incompatibleRoles": [],
"ranking": 1,
"type": "cerby:role-option",
"value": "custom-role"
},
...
The following table provides a description of each JSON field used to define a custom role within the roles.options array:
Fields | Description | Type |
| Describes what the role represents or is used for. | String |
| Indicates the name of the role as it appears in the UI. | String |
| Defines a list of role values that are not allowed to be assigned with this role. | Array |
| Defines the role prioritization, especially when multiple roles are available | Integer |
| Identifies the element as a role option. For Cerby, use | String |
| Defines the internal value or ID of the role. | String |
Table 2. Descriptions of the user schema custom roles fields