Docs

User Profile Structure

Auth0's normalized user profile consists of a few different components:

  • Details: Core User Profile object, which contains basic info, such as name, email, and timestamp of the user's latest login. This object may also contain info from a user's source connection.

  • Metadata: Two sub-objects used to store additional user info.

    • user_metadata: Store attributes that do not impact what the user can access, such as work address, home address, or user preferences.

    • app_metadata: Store attributes that can impact what the user can access or how an application functions, such as support plan, security roles, or access control groups.

    Learn more about metadata, including when to use app_metadata and user_metadata, and best practices.

User profile attributes

The following attributes are available on the user profile. Some of these attributes may be updated, imported, and exported, as noted below.

Blacklist user attributes

If there are user fields that should not be stored by Auth0 due to privacy reasons, you can blacklist the attributes you do not want persisting in Auth0 databases. For details, see Blacklist User Attributes.

By default, user profile attributes provided by identity providers other than Auth0 (such as Google, Facebook, Twitter) are not directly editable because they are updated from the identity provider each time the user logs in.

To be able to edit the name, nickname, given_name, family_name, or picture attributes on the normalized user profile, you must configure your connection sync with Auth0 so that user attributes will be updated from the identity provider only on user profile creation. Root attributes will then be available to be edited individually or by bulk import using the Management API.

Name Type Description Search? Update? Import? Upsert during import? Export?
app_metadata object Custom fields that store info about a user that influences the user's access, such as support plan, security roles, or access control groups. For more info, see Metadata Overview. Y Y Y Y Y
blocked boolean Indicates whether the user has been blocked. Importing enables subscribers to ensure that users remain blocked when migrating to Auth0. Y Y Y N Y
created_at date time Timestamp indicating when the user profile was first created. Y N N N Y
email text (unique) The user's email address. Y Y Y N Y
email_verified boolean Indicates whether the user has verified their email address. Y Y Y Y Y
family_name text The user's family name. Y Y Y Y Y
given_name text The user's given name. Y Y Y Y Y
identities array (object)

Contains info retrieved from the identity provider with which the user originally authenticates. Users may also link their profile to multiple identity providers; those identities will then also appear in this array. The contents of an individual identity provider object varies by provider, but it will typically include the following:

  • connection (text): Name of the Auth0 connection used to authenticate the user.
  • isSocial (boolean): Indicates whether the connection is a social one.
  • provider (text): Name of the entity that is authenticating the user, such as Facebook, Google, SAML, or your own provider.
  • user_id (text): User's unique identifier for this connection/provider.
  • profileData (object): User info associated with the connection. When profiles are linked, it is populated with the associated user info for secondary accounts.

In some cases, it will also include an API Access Token to be used with the provider.

Y N N N Y
last_ip text IP address associated with the user's last login. Y N N N Y
last_login date time Timestamp indicating when the user last logged in. If a user is blocked and logs in, the blocked session updates last_login. If you are using this property from inside a Rule using the user object, its value will be associated with the login that triggered the rule; this is because rules execute after login. Y N N N Y
last_password_reset date time Timestamp indicating the last time the user's password was reset/changed. At user creation, this field does not exist. N N N N N
logins_count integer Number of times the user has logged in. If a user is blocked and logs in, the blocked session is counted in logins_count. Y N N N Y
multifactor text List of multi-factor providers with which the user is enrolled. N N N N Y
name text The user's full name. Y Y Y Y Y
nickname text The user's nickname. Y Y Y Y Y
phone_number text The user's phone number. Only valid for users with SMS connections. Y Y N N Y
phone_verified boolean Indicates whether the user has been verified their phone number. Only valid for users with SMS connections. Y Y N N Y
picture text URL pointing to the user's profile picture. N Y Y Y Y
updated_at date time Timestamp indicating when the user's profile was last updated/modified. Changes to last_login are considered updates, so most of the time, updated_at will match last_login. Y N N N Y
user_id text (unique) The user's identifier. Importing allows user records to be synchronized across multiple systems without using mapping tables. Y N Y N Y
user_metadata object Custom fields that store info about a user that does not impact what they can or cannot access, such as work address, home address, or user preferences. For more info, see Metadata Overview. Y Y Y Y Y
username text (unique) The user's username. Y Y Y N Y

Two other fields are not technically part of the user profile, but may be of interest when importing users:

  • password_hash (text): Hashed password for the user's connection. When users are created, Auth0 uses bcrypt to secure the password. Importing compatible hashed passwords allows users to retain their passwords, thereby providing a smoother experience. Compatible passwords should be hashed using bcrypt $2a$ or $2b$ and have 10 saltRounds.
  • password_set_date (date time): Timestamp indicating when the password for the user's connection was set. At user creation, this field exists, and last_password_reset does not. If the user has reset their password, this field and last_password_reset are identical.

View user profile structure

To view the user profile structure, navigate to Users in the Auth0 Dashboard, and then click a user you want to view.

Keep reading