Create Custom security attributes in Microsoft Entra ID

In this Microsoft Entra blog, we will show how to create and assign Entra ID security attributes to users.

Entra custom security attributes (CSA) are a modern version of Active Directory custom attributes and allow Entra admins to expand user profile properties and add attributes like a hiring date.

This feature is called custom security attributes, not just custom attributes because there is an element of security that doesn’t allow the global admin automatic access to security attributes.

Note: This feature is free and does not need to be on Entra P1 or P2

Create Custom security attributes in Microsoft Entra ID

To create a new custom security attribute set in your Entra tenant, you must assign your account the following RBAC Role:

Attributes Definition Administrator

To assign custom security attributes to a user, the person assigning the attributes will need the Attributes Assignment Administrator.

Attributes Assignment Administrator

Create a Custom Security Attribute

To create a new custom security attribute, ensure you have assigned the proper permission.

Open Entra portal

Click on Custom Security attributes

From the CSA page page, click on the Add attribute set

Note: An attribute set is a set of related collections of attributes.

Fill in the details on the attribute set page.

Now that we have an attribute set, it is time to add the actual attributes. In our case, I will create an attribute with the same name.

To add an attribute.

Click on the Attribute set name.

Click on Add Attribute

Add the details of the Attribute

Assign Custom Security Attributes to a User

After adding the attribute, the last step is to assign the new attribute to an Entra ID user. The user adding the CAS must have the following RBAC role assigned to them: Attributes Assignment Administrator.

To assign it to a user

Open the user profile

Click on Custom security attributes

Click on Add Assignment.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.