How to utilize custom attributes created in IDC for AM related scripts?

Hi everyone,

We struck with scenario where we created custom attribute named “custom_familytype” in managed user object. We can utilize that attribute for IDM related operations using its “IDM property” name but when it comes to AM related operations like passing custom attribute in access token using token modification script it requires to utilize “AM attribute” name of that particular attribute and we couldn’t be able to find it.
So I need help to find corresponding am attribute name value for any custom attribute created through IDM in ForgeRock Identity Cloud.
Thanks in advance …!


You may be able to get values for all custom attributes in a JSON format.

For reference, How to set a custom attribute in ForgeRock Identity Cloud using Scripted Decision Node?

1 Like

Hi there,

what if I want to add this custom attribute “custom_familyname” in a SAML assertion? what would be the AM property for this attribute should I pass?
Thanks in advance!

If you are using journeys, you can read the value for ‘custom_familyname’ in a scripted node and set it as a session property called ‘familyName’.

Then in SAML assertion config, just map claim name to session property name. e.g. a claim called ‘family_name’ can be mapped to ‘familyName’ where ‘familyName’ is the session property.

By default, SAML attribute mapper will look for a user attribute called ‘familyName’. If it doesnt find it, it will look for a session property by the name ‘familyName’ and use that value for the claim.

You will have to whitelist ‘familyName’ as a session property for this approach.

Read the first few lines here - Use IDP attribute mapper to map user-configured attributes to SAML attributes :: ForgeRock Identity Cloud Docs