Profile - User Systems - Entra ID attribute mapping

The following table describes the Compliance Suite person/identity attribute mapping to or from Entra ID user objects.

This mapping is non-configurable.

In Entra ID, privileged roles and sensitive properties can be assigned to persons or applications. To be able to read the protected properties, the role Privileged Authentication Administrator must be assigned to the Entra ID application in CCS.

The mapping shown is only applied for pure Entra ID users and cannot be used for Entra ID users that are synchronized with an ADDS user. These users are mapped via ADDS attribute mapping.

Compliance Suite attribute

Entra ID user field

Comment

person.Name

DisplayName

person.FirstName

FirstName

person.LastName

LastName

person.Cellphone

Mobile

person.Phone

BusinessPhones

person.Initials

MailNickname

person.Manager

Manager

Person.EmployeeId

Employee ID

person.Location.CompleteAddress

StreetAddress

E.g.: Address1 + Address2 + Address3

person.Location.City

City

person.Location.State

State

person.Location.ZipCode

PostalCode

person.Location.Country.Name

Country

person.Location.Country.Alpha2

UsageLocation

If person.Location.Country is not set then this is set to DK

Person.Email

mail or SMTP: - proxyaddress

This attribute is only exchanged between Microsoft Entra ID and CCS. If multiple Microsoft Entra ID systems are used, the system with highest priority defines what value is set.

identity.UniqueIdentifier

UserPrincipalName

For Azure AD USI.

identity.Statecode

AccountEnabled

For Azure AD USI.

On-premises extension attribute mapping

This mapping can be configured in table AzureADAttributeMapping.

Compliance Suite attribute	Entra ID user field (AzureAD field)	Comment
Person.ResourceSystemValues.{UserSystem.ShortName}	extensionAttribute1	Only extension attributes from 1 to 15 are allowed in the AzureADField
Person.ResourceSystemValues.{UserSystem.ShortName}	extensionAttribute2	Only extension attributes from 1 to 15 are allowed in the AzureADField

Compliance Suite attribute

Entra ID user field (AzureAD field)

Comment

Person.ResourceSystemValues.{UserSystem.ShortName}

extensionAttribute1

Only extension attributes from 1 to 15 are allowed in the AzureADField

Person.ResourceSystemValues.{UserSystem.ShortName}

extensionAttribute2

Only extension attributes from 1 to 15 are allowed in the AzureADField

Mapping for multiple Entra ID tenants

Within Entra ID, you can modify the table AzureADAttributeMapping to change the property of a field to map to a different field. This mapping is only applied to pure Entra ID users. For Entra ID users that are synchronized with an AD DS user, the AD DS attribute mapping is used.

The following table shows the default mapping which is only applied for pure Entra ID users. This mapping is not used for Entra ID users that are synchronized with AD DS users.

D365Field	AzurADField (refers to Entra ID field)	Mapping direction
person.Name	displayName	In and out of CCS
person.FirstName	givenName
person.LastName	surname
person.Location.CompleteAddress	streetAddress
person.Location.State	state
person.Location.ZipCode	postalCode
person.Location.City	city
person.Location.Country.Name	country
person.Location.Country.Alpha2	usageLocation
person.Phone	businessPhones
person.EmployeeId	employeeId
person.Initials	mailNickname
person.Cellphone	mobilePhone

D365Field

AzurADField (refers to Entra ID field)

Mapping direction

person.Name

displayName

In and out of CCS

person.FirstName

givenName

person.LastName

surname

person.Location.CompleteAddress

streetAddress

person.Location.State

state

person.Location.ZipCode

postalCode

person.Location.City

city

person.Location.Country.Name

country

person.Location.Country.Alpha2

usageLocation

person.Phone

businessPhones

person.EmployeeId

employeeId

person.Initials

mailNickname

person.Cellphone

mobilePhone

Additional attributes that can be mapped, are:

department
jobTitle
manager
extensionAttribute1-15

The following attributes should not be mapped.

Attribute	Description
mail	The primary email address on the person is always mapped.
mailNickName	This attribute is used because Entra ID sets it to userPrincipalName, which is used as name before @ when creating a user.
UserType	This attribute determines if the person’s guest attribute is set to true or false.

Attribute

Description

mail

The primary email address on the person is always mapped.

mailNickName

This attribute is used because Entra ID sets it to userPrincipalName, which is used as name before @ when creating a user.

UserType

This attribute determines if the person’s guest attribute is set to true or false.

The following fields are mapped to the user system identities and cannot be configured:

Compliance Suite field	Entra ID user field	Comment
identity.External	UserType	UserType is set true if it equal to 0 (Guest)
identity.ObjectId	Id
identity.UniqueIdentifier	UserPrincipalName	For Azure AD USI.
identity.Synchronized	OnPremisesSyncEnabled	True If synchronized from AD DS. False or NULL For other synchronizations.
identity.Name	UserPrincipalName
identity.Statecode/Statuscode	AccountEnabled	For Azure AD USI.

Compliance Suite field

Entra ID user field

Comment

identity.External

UserType

UserType is set true if it equal to 0 (Guest)

identity.ObjectId

identity.UniqueIdentifier

UserPrincipalName

For Azure AD USI.

identity.Synchronized

OnPremisesSyncEnabled

True
If synchronized from AD DS.
False or NULL
For other synchronizations.

identity.Name

UserPrincipalName

identity.Statecode/Statuscode

AccountEnabled

For Azure AD USI.