In this Microsoft Entra blog, we will show how to create and assign Entra ID security attributes to users.
Entra custom security attributes (CSA) are a modern version of Active Directory custom attributes and allow Entra admins to expand user profile properties and add attributes like a hiring date.
This feature is called custom security attributes, not just custom attributes because there is an element of security that doesn’t allow the global admin automatic access to security attributes.
Note: This feature is free and does not need to be on Entra P1 or P2
Set Permissions
To create a new custom security attribute set in your Entra tenant, you must assign your account the following RBAC Role:
Attributes Definition Administrator |
To assign custom security attributes to a user, the person assigning the attributes will need the Attributes Assignment Administrator.
Attributes Assignment Administrator |
Create a Custom Security Attribute
To create a new custom security attribute, ensure you have assigned the proper permission.
Open Entra portal
Click on Custom Security attributes
From the CSA page page, click on the Add attribute set
Note: An attribute set is a set of related collections of attributes.
Fill in the details on the attribute set page.
Now that we have an attribute set, it is time to add the actual attributes. In our case, I will create an attribute with the same name.
To add an attribute.
Click on the Attribute set name.
Click on Add Attribute
Add the details of the Attribute
Assign Custom Security Attributes to a User
After adding the attribute, the last step is to assign the new attribute to an Entra ID user. The user adding the CAS must have the following RBAC role assigned to them: Attributes Assignment Administrator.
To assign it to a user
Open the user profile
Click on Custom security attributes
Click on Add Assignment.