Resource Type
Account
Metadata
Certificates
Certificate
Settings
SecuritySettings
NetworkAccess
NetworkAccessIpRange
PasswordPolicies SessionSettings SingleSignOnSettings
PlatformEncryptionSettings SharingSettings EncryptionKeySettings SiteSettings EmailAdministrationSettings RealTimeEventSettings UserManagementSettings AccountSettings ConnectedAppSettings SchemaSettings ChatterSettings EventSettings LightningExperienceSettings MobileSettings ApexSettings MyDomainSettings ActivitiesSettings CommunitiesSettings FileUploadAndDownloadSecuritySettings
RemoteSiteSettings
RemoteSiteSetting
CorsAllowListOrigins
CorsAllowlistOrigin
DelegateGroups
DelegateGroup
ConnectedApps
ConnectedApp
SObjects
Users
User
ConnectedApplications
ConnectedApplication
UserProvisioningConfigs
UserProvisioningConfig
OauthTokens
OauthToken
EmailRelays
EmailRelay

ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableAccountOwnerReport boolean Indicates whether Account Owner Report can (true) or can’t (false) be run by all users.
enableAccountHistoryTracking boolean Indicates whether history tracking is enabled for accounts (true) or not (false). The default value is false. If history tracking is disabled, the History related list is removed from account page layouts. However, history data is still available for reporting up to the date and time when tracking was disabled. Available in API version 47.0 and later.
enableContactHistoryTracking boolean Indicates whether history tracking is enabled for contacts (true) or not (false). Available in API version 46.0 and later.
showViewHierarchyLink boolean Indicates whether the default View Hierarchy link on all business account detail pages is visible (true) or hidden (false).
enableAccountTeams boolean Indicates whether account teams are enabled (true) or not (false). The Metadata API can’t be used to disable account teams.
enableRelateContactToMultipleAccounts boolean Indicates whether users can relate a contact to multiple accounts (true) or only one account (false). The default value is false. If this feature (Contacts to Multiple Accounts) is disabled, secondary contact–account relationships created while the feature was enabled are deleted. Available in API version 47.0 and later. Avoid using the Metadata API to enable this feature. Use the Account Settings page in Setup to enable Contacts to Multiple Accounts.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
allowUsersToRelateMultipleContactsToTasksAndEvents boolean This field indicates whether Shared Activities is enabled. When the value is true, allows users to relate multiple contacts to a task or event.
autoRelateEventAttendees boolean When users add attendees to events, events are automatically related to up to 50 contacts or one lead. An attendee is matched by their email address to a contact or lead. Admins control this field on the Activity Settings page. Available in API version 42.0 and later.
enableRollUpActivToContactsAcct boolean Enables a contact’s activities to be rolled up and displayed on the contact’s primary account. Default value is true. Available in API versions 47.0 and later.
enableSidebarCalendarShortcut boolean In the sidebar, displays a shortcut link to a user’s last-used calendar view. Admins control this field on the Activity Settings page.
enableUNSTaskDelegatedToNotifications boolean On the Activity Settings page, exposes a setting for Admins to hide or show a user setting that lets individual users enable or disable email notifications when tasks are assigned to them.
enableListViewScheduling boolean Extends the functionality of enableDragAndDropScheduling and enableClickCreateEvents to list view calendars. Admins control this field on the User Interface settings page.
enableSimpleTaskCreateUI boolean Allows admins to specify whether tapping New Task in Salesforce opens a regular task record edit page or a page that displays key task fields first. Admins control this field on the Activity Settings page.
showMyTasksHoverLinks boolean In the My Tasks section of the Home tab and on the calendar day view. When a user hovers over the subject of a task, a hover link displays an overlay with selected task details. When a user clicks the subject of a task, displays the task detail page. Admins use a mini page layout to configure the fields shown in the overlay. Admins control this field on the User Interface settings page.
enableEmailTracking boolean Enables tracking of outbound HTML emails if an organization uses HTML email templates. Admins control this field on the Activity Settings page.
enableActivityReminders boolean Enables popup activity reminders for an organization. Admins control this field on the Activity Settings page.
enableClickCreateEvents boolean Lets users create events in day and weekly calendar views by double-clicking a specific time slot and entering the details of the event in an overlay. Hovering over an event displays an overlay where users can view the event details or delete the event without leaving the page. Admins use a mini page layout to configure the fields shown in the overlays. Does not support recurring events or multi-person events. Admins control this field on the User Interface settings page.
enableDragAndDropScheduling boolean Lets users create events associated with records by dragging a record from a list view onto a calendar view and entering the details of the event in an overlay. Hovering over an event displays an overlay where users can view the event details or delete the event without leaving the page. Admins use a mini page layout to configure the fields shown in the overlays. Admins control this field on the User Interface settings page.
enableGroupTasks boolean Lets users assign independent copies of a new task to multiple users. Admins control this field on the Activity Settings page.
showCustomLogoMeetingRequests boolean Displays a custom logo in meeting request emails and on a meeting’s Web page. Invitees see the logo when a user either invites them to an event or requests a meeting. Admins control this field on the Activity Settings page.
showHomePageHoverLinksForEvents boolean In the calendar section of the Home tab. When a user hovers over the subject of an event, a hover link displays an overlay with selected event details. (Hover links are always available in other calendar views.) When a user clicks the subject of an event, displays the event detail page. Admins use a mini page layout to configure the fields shown in the overlay. Admins control this field on the User Interface settings page.
enableMultidayEvents boolean Enables creation of events that end more than 24 hours after they start. Admins control this field on the Activity Settings page.
enableRecurringEvents boolean Enables creation of events that repeat at specified intervals. Admins control this field on the Activity Settings page.
enableRecurringTasks boolean Enables creation of tasks that repeat at specified intervals. Admins control this field on the Activity Settings page.
enableUserListViewCalendars boolean Allows users to create and view user list view calendars in Lightning Experience. Available in API versions 47.0 and later
showEventDetailsMultiUserCalendar boolean Displays event details on-screen rather than in hover text. Admins control this field on the Activity Settings page.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableApexCtrlImplicitWithSharingPref boolean Indicates whether the Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing critical update is activated (true) or not (false)
enableCompileOnDeploy boolean Indicates whether Apex code is automatically recompiled (true) or not (false). When set to true, code is recompiled before completing a metadata deployment, change set deployment, package installation, or package upgrade. The default value is true for production orgs and false for others.
enableDoNotEmailDebugLog boolean Indicates whether Apex debug log details are suppressed in unhandled exception emails (true) or not (false). The default value is false.
enableApexApprovalLockUnlock boolean Indicates whether approval process lock and unlock operations from Apex code are allowed (true) or not (false). The default value is false.
enableAuraApexCtrlGuestUserAccessCheckPref boolean Indicates whether the Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile critical update is activated (true) or not (false).
enableDisableParallelApexTesting boolean Indicates whether Apex tests are serially executed (true) or not (false). The default value is false.
enableAggregateCodeCoverageOnly boolean Indicates whether aggregate (not detailed) totals are tracked for Apex test coverage data (true) or not (false). The default value is false.
enableApexPropertyGetterPref boolean Indicates whether the Enforce Access Modifiers on Apex Properties in Lightning Component Markup critical update is activated (true) or not (false).
enableAuraApexCtrlAuthUserAccessCheckPref boolean Indicates whether the Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile critical update is activated (true) or not (false).
enableGaplessTestAutoNum boolean Indicates whether autonumbering gaps are prevented by Apex test executions not incrementing autonumber fields for non-test records (true) or not (false). The default value is true.
enableMngdCtrlActionAccessPref boolean Indicates whether the Disable Access to Non-global Apex Controller Methods in Managed Packages critical update is activated (true) or not (false).
enableNonCertifiedApexMdCrud boolean Indicates whether Apex classes can access metadata, public or protected, through classes in the Metadata namespace (true) or not (false). The default value is false.
enableSecureNoArgConstructorPref boolean Indicates whether Apex type visibility rules are strictly enforced for the Type.newInstance method (true) or not (false). The default value is false. When enabled, regardless of API version, you can instantiate only Apex classes with a no-arguments constructor that is visible to the code running Type.newInstance. Available in API version 48.0 and later.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
caSigned boolean Required. Indicates whether this certificate is signed by the issuer (true) or not (false).
fullName string Unique identifier for the certificate
expirationDate number The date the certificate expires and is no longer usable.
keySize number The size of the key in bits.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableOutOfOfficeEnabledPref boolean Indicates whether to add an Out of Office setting to a user profile page (true), or to omit it (false). When the value is set to true, this option adds a control to user profile pages for setting a personal out-of-office message. In Setup, enableOutOfOfficeEnabledPref equates to the Chatter setting Users can set Out of Office message.
enableFeedPinning boolean Indicates whether to allow the pinning of posts in a feed (true) or not (false). When set to true. Authorized users can pin posts to the top of the feed. The feed supports up to three pinned posts. Pinned posts stay pinned until they’re unpinned. After post pinning is enabled, authorized users include admins and group owners and managers. Admins can also assign post pinning permission through permission sets or user profiles. In Setup, enableFeedPinning equates to the Chatter setting Allow post pinning.
unlistedGroupsEnabled boolean Indicates whether to allow the creation of unlisted groups (true) or to prevent their creation (false). When the value is set to true, users can create unlisted groups. Unlisted groups don’t appear on the Groups list page. Membership in unlisted groups is by invitation only. In Setup, unlistedGroupsEnabled equates to the Chatter setting Enable Unlisted Groups.
enableChatter boolean Indicates whether Chatter is enabled for your org (true) or not (false).
enableChatterEmoticons boolean Indicates whether the automatic conversion of text characters, such as :), into a graphic emoticon is allowed in Chatter (true) or isn’t allowed (false). In Setup, enableChatter equates to the Chatter setting Allow Emoticons.
enableFeedEdit boolean Indicates whether qualified users can edit feed posts and comments (true) or not (false). Qualified users include. The author of the post or comment. The person who owns the record that was posted to or commented on. The Chatter or site moderator. In Setup, enableFeedEdit equates to the Chatter setting Allow users to edit posts and comments.
enableFeedsDraftPosts boolean Indicates whether draft posts are automatically saved every seven seconds (true) or not (false). When set to true. Adds the My Drafts feed to the Chatter tab. Saves draft posts automatically every seven seconds. Makes drafts available in the My Drafts feed. When the user posts the entry, the draft is automatically removed from the My Drafts feed. In Setup, enableFeedsDraftPosts equates to the Chatter setting Allow draft posts.
enableRichLinkPreviewsInFeed boolean Indicates whether to convert links in posts into embedded videos, images, and article previews (true) or not to convert the links (false). In Setup, enableRichLinkPreviewsInFeed equates to the Chatter setting Allow Rich Link Previews.
enableCaseFeedRelativeTimestamps boolean In Case feeds, indicates whether to use relative (true) or absolute (false) date and time stamp formats on Case feed items. When the value is true, Case feed items show a relative timestamp (for example, 10m ago). When the value is true, users can hover over the relative timestamp to see the absolute. When the value is false, Case feed items show an absolute timestamp (for example, January 7, 2020 at 12:15PM). When you change this setting, all timestamps in Case feeds reflect that change. The default value is true. This field is available in API version 48.0 and later. In Setup, enableCaseFeedRelativeTimestamps equates to the Chatter setting Show relative timestamp
allowRecordsInChatterGroup boolean Indicates whether records can be associated with groups (true), or not (false). If groups already have record data, setting this field to false doesn’t delete it. In Setup, allowRecordsInChatterGroup equates to the Chatter setting Allow Records in Groups.
enableFeedsRichText boolean Indicates whether to use the Rich Text Editor in the Chatter Publisher (true) or not (false). The rich text editor supports text formats, inline images, hyperlinks, and, when enabled for the org, code snippets. In Setup, enableFeedsRichText equates to the Chatter setting Allow users to compose rich text posts.
enableInviteCsnUsers boolean Indicates whether a licensed user can invite customers to private groups that the licensed user owns or manages (true) or not (false). When the value is set to true, licensed users can invite customers who are from outside org email domains. Invited customers can see information only in the groups that they're invited to. They can interact only with members of those groups. In Setup, enableInviteCsnUsers equates to the Chatter setting Allow customer invitations.
enableTodayRecsInFeed boolean Indicates whether to allow the posting of recommendations for using the Salesforce Today app in users’ feeds (true) or not (false). When set to true, automatically posts recommendations for using the Salesforce Today app in users’ feeds. In Setup, enableTodayRecsInFeed equates to the Chatter setting Allow Today Recommendations.
allowChatterGroupArchiving boolean Indicates whether manual and automatic group archiving are allowed on all Chatter groups (true) or aren’t allowed (false).
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableCspNotesOnAccConPref boolean When true, allows customer users to access notes and attachments associated with accounts and contacts. Available in API version 48.0 and later.
enableNetPortalUserReportOpts boolean When true, allows external users in Experience Cloud sites, with permission, to run reports. Available in API version 48.0 and later.
enableEnablePRM boolean When true, allows admins to enable partner users. Available in API version 48.0 and later.
enableGuestRecordReassignOrgPref boolean When true, allows admins to set a default owner for records created by guest users. Available in API version 48.0 and later.
enableInviteChatterGuestEnabled boolean When true, allows guest users to be invited to use Chatter. Available in API version 48.0 and later.
enableOotbProfExtUserOpsEnable boolean When true, allows use of standard external profiles for self-registration and user creation. Available in API version 48.0 and later.
enableCspContactVisibilityPref boolean When true, allows users to see contacts from private accounts that they have read access to, when the contact is controlled by the parent record. Available in API version 48.0 and later.
applyLoginPageTypeToEmbeddedLogin boolean When true, applies the Experience Cloud site login page type (default, Login Discovery, Experience Builder, or Visualforce) to all Embedded Login implementations. When false, applies the username and password login page type to all Embedded Login implementations. For orgs created before the Salesforce Summer ‘20 release, the default setting is false. For new orgs, the default setting is true. Available in API version 49.0 and later.
enableExternalAccHierPref boolean When true, enables the External Account Hierarchy object. Available in API version 48.0 and later.
enableNetworksEnabled boolean When true, allows users to enable digital experiences. Available in API version 47.0 and later.
enablePRMAccRelPref boolean When true, enables Account Relationship object and Account Relationship Data Sharing Rule setup options. Available in API version 48.0 and later.
enableRelaxPartnerAccountFieldPref boolean When true, allows editing for partner account fields on and opportunities and leads. Available in API version 48.0 and later.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
iconUrl string Reserved for future use.
attributes object A custom attribute of the connected app. Represents the field names that make up a custom attribute when using SAML with a ConnectedApp. Tailor these values to a specific service provider.
 key string The attribute's identifier.
 formula string The value of the attribute.
canvasConfig object The configuration options of the connected app if it's exposed as a canvas app.
 canvasUrl string The URL of the third-party app that's exposed as a canvas app.
 lifecycleClass string The name of the Canvas.CanvasLifecycleHandler Apex class.
 locations string Indicates where the canvas app can appear to the user.
 options string Indicates whether to hide the share button and header in the publisher for your canvas app, and whether the app is a canvas personal app.
 samlInitiationMethod string If you're using SAML single sign-on (SSO), indicates which provider initiates the SSO flow.
 accessMethod string Indicates how the canvas app initiates the OAuth authentication flow.
contactPhone string The phone number for Salesforce to use to contact you.
logoUrl string An optional logo for the app. The logo appears with the app's entry in the list of apps and on the consent page the user sees when authenticating. The URL must use HTTPS, and the logo can't be larger than 125 pixels high or 200 pixels wide. The default logo is a cloud.
oauthPolicy object Specifies Oauth access policies associated with your connected app.
 ipRelaxation string Specifies whether a user's access to the connected app is restricted by IP ranges.
 refreshTokenPolicy string Specifies how long a refresh token is valid for.
 singleLogoutUri string If single logout is enabled, specify the single logout URL.
plugin string The name of a custom Apex class that extends Auth.ConnectedAppPlugin to customize the behavior of the app.
contactEmail string Required. The email address Salesforce uses for contacting you or your support team.
description string An optional description for your app.
infoUrl string An optional URL for a web page with more information about your app.
ipRanges list<object> Specifies the ranges of IP addresses that can access the app without requiring the user to authenticate with the connected app.
sessionPolicy object Specifies the configuration options for a connected app's session policies. Use these policies to define how long a user's session can last before reauthenticating, to block user access to the connected app, or to require multi-factor authentication (MFA) to access the app.
 policyAction string If the High Assurance session security level is applied to the connected app, specify associated high assurance action.
 sessionLevel string Applies the High Assurance session security level to the connected app. This session level requires users to verify their identity with multi-factor authentication when they log in to the connected app.
 sessionTimeout number The length of time the connected app's session lasts.
startUrl string If the app isn't accessed from a mobile device, users are directed to this URL after they've authenticated.
label string Required. The name of the app.
mobileStartUrl string Users are directed to this URL after they've authenticated when the app is accessed from a mobile device. If you don't give a URL, the user is sent to the app's default start page after authentication completes. If the connected app that you're creating is a canvas app, then you can leave this field blank. The Canvas App URL field contains the URL that gets called for the connected app.
oauthConfig object Represents the field names that configure how your connected app communicates with Salesforce.
 idTokenConfig object Specifies the ID token configuration for the connected app OAuth settings.
 idTokenAudience string The audiences that this ID token is intended for.
 idTokenIncludeAttributes boolean Indicates whether attributes are included in the ID token.
 idTokenIncludeCustomPerms boolean Indicates whether custom permissions are included in the ID token.
 idTokenIncludeStandardClaims boolean Indicates whether standard claims about the authentication event are included in the ID token.
 idTokenValidity number The length of time that the ID token is valid for after it's issued. The value can be from 1 to 720 minutes. The default is 2 minutes.
 isAdminApproved boolean If set to false (default setting), anyone in the org can authorize the app. Users must approve the app the first time they access it. If set to true, only users with the appropriate profile or permission set can access the app. These users don't have to approve the app before they can access it.
 isConsumerSecretOptional boolean If set to false (default setting), the connected app's client secret is required in exchange for an access token in the OAuth 2.0 web server flow.
 isSecretRequiredForRefreshToken boolean If set to true (default), the app's client secret is required in the authorization request of a refresh token and hybrid refresh token flow. If set to false and an app sends the client secret in the authorization request, Salesforce still validates it.
 assetTokenConfig object Specifies an OAuth asset token configuration for the connected app OAuth settings.
 assetAudiences string The audience claim associated with the asset token payload. This claim identifies who the JWT is intended for.
 assetIncludeAttributes boolean If set to true (default setting), custom attributes associated with the connected app are included in the asset token payload. If set to false, these attributes aren't included.
 assetIncludeCustomPerms boolean If set to true (default setting), custom permissions associated with the connected app are included in the asset token payload. If set to false, these permissions aren't included.
 assetSigningCertId string The ID of the JWT certificate's signing secret.
 assetValidityPeriod number The asset token's validity period. The validity must be the expiration time of the assertion within 3 minutes, expressed as the epoch number.
 callbackUrl string The endpoint that Salesforce calls back to your connected app during OAuth; it's the OAuth redirect_uri.
 consumerSecret string A value that is combined with the consumerKey and used by the consumer for identification to Salesforce.
 isIntrospectAllTokens boolean If set to true, authorizes the connected app to introspect all access and refresh tokens within the entire org. If set to false (default), the connected app can introspect its own tokens.
 scopes list<object> A list of scopes associated with the connected app. The scopes refer to permissions given by the user running the connected app.
 scope string The name of the scope.
 singleLogoutUrl string The single logout endpoint. This URL is the endpoint where Salesforce sends a logout request when users log out of Salesforce.
 certificate string The PEM-encoded certificate string, if the app uses a certificate.
 consumerKey string A value used by the consumer for identification to Salesforce.
permissionSetName string Specifies the permissions required to perform different functions with the connected app.
pluginExecutionUser string Specifies the user to run the plugin as.
profileName string Specifies the profile (base-level user permissions) required to perform different functions with the connected app.
samlConfig object Specifies how an app uses single sign-on.
 samlSloUrl string The SAML single-logout endpoint of the connected app service provider (SP). This endpoint is where SAML LogoutRequests and LogoutResponses are sent when users log out of Salesforce. The SP provides this endpoint.
 samlSubjectCustomAttr string If the samlSubjectType is CustomAttr, include that custom value here; otherwise, leave empty.
 acsUrl string The assertion consumer service URL from the service provider.
 certificate string The PEM-encoded certificate string, if the app uses a certificate.
 entityUrl string The entity ID from your service provider.
 encryptionCertificate string The name of the certificate to use for encrypting SAML assertions to the service provider. This certificate is saved in the organization's Certificate and Key Management list.
 encryptionType string When Salesforce is the identity provider, the SAML configuration can specify the encryption method used for encrypting SAML assertions to the service provider. The service provider detects the encryption method in the SAML assertion for decryption.
 samlSigningAlgoType string Indicates the signing algorithm applied to SAML requests and responses when Salesforce is the identity provider.
 samlSubjectType string The single sign-on identifier for the user.
 issuer string A URI that sends the SAML response. A service provider can use this URI to determine which identity provider sent the response.
 samlIdpSLOBinding string The SAML HTTP binding type from the service provider used for single logout.
 samlNameIdFormat string Indicates the format the service provider (SP) requires for the user's single sign-on identifier.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableAdminApprovedAppsOnly boolean If false (default), any connected app can call the Salesforce API. If true, only apps that have been approved or installed by the admin can call the Salesforce API. To access this field, you must contact Salesforce Customer Support to enable API Access Control.
enableAdminApprovedAppsOnlyForExternalUser boolean If false (default), authenticated customers or partners can use any unblocked connected app to access the Salesforce API. If true, authenticated customers and partners can’t access the Salesforce API unless they use a connected app that is installed in the org and unblocked. Install and unblock connected apps on the Connected Apps OAuth Usage page. To access this field, you must contact Salesforce Customer Support to enable API Access Control.
enableSkipUserProvisioningWizardWelcomePage boolean If false (default), the User Provisioning Wizard Welcome page shows up when you access the wizard. To skip the welcome page in the future, you can select Do not show me this next time. If true, the Welcome page doesn’t show up the next time that you access the wizard.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
StartUrl string If the app is not accessed from a mobile device, users are directed to this URL after they’ve authenticated.
Id string The unique identifier of Connected Application
CreatedById string User The unique identifier (id) for the User who created the Connected Application.
CreatedDate number The time when the Connected Application was created
MobileStartUrl string Users are directed to this URL after they’ve authenticated when the app is accessed from a mobile device.
OptionsHasSessionLevelPolicy boolean Specifies whether the connected app requires a High Assurance level session.
PinLength number For mobile apps, this field is the PIN length requirement for users of the connected app. Valid values are 4, 5, 6, 7, or 8.
LastModifiedById string User The unique identifier (id) for the User who modified the Connected Application recently.
LastModifiedDate number The time when the Connected Application was last modified by a user
MobileSessionTimeout string Length of time after which the system logs out inactive mobile users
OptionsAllowAdminApprovedUsersOnly boolean Indicates whether access is limited to users granted approval to use the connected app by an administrator. Manage profiles for the app by editing each profile’s Access list.
SystemModstamp number The time when the Connected Application was last modified by a user or an automated process (such as a trigger)
Name string The unique name for this object.
OptionsRefreshTokenValidityMetric boolean Specifies whether the refresh token validity is based on duration or inactivity. If true, the token validity is measured based on the last use of the token; otherwise, it is based on the token duration.
RefreshTokenValidityPeriod number The duration of an authorization token until it expires in hours, months, or days as set in the connected app management page.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
urlPattern string A URL pattern for the origin. The origin URL pattern must include the HTTPS protocol and a domain name, and may include a port. The wildcard character (*) is supported and must be in front of a second-level domain name. For example, https://*.example.com adds all subdomains of example.com to the allowlist. The origin URL pattern can be an IP address. However, an IP address and a domain that resolve to the same address are not the same origin and must be added to the CORS allowlist as separate entries.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
roles list<string> The roles and subordinates for which delegated administrators of the group can create and edit users.
fullName string Unique identifier for the DelegateGroup
customObjects list<string> The custom objects associated with the group. Delegated administrators can customize nearly every aspect of each of those custom objects, including creating a custom tab. However, they cannot create or modify relationships on the objects or set organization-wide sharing defaults. Delegated administrators must have access to custom objects to access the merge fields on those objects from formulas.
groups list<string> The groups with users assigned by delegated administrators.
label string Required. The delegated group’s non-API name.
loginAccess boolean Required. Allows users in this group to log in as users in the role hierarchy that they administer (true) or not (false). Depending on your organization settings, individual users must grant login access to allow their administrators to log in as them.
permissionSets list<string> The permission sets assignable to users in specified roles and all subordinate roles by delegated administrators.
profiles list<string> The profiles assignable to users by delegated administrators.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableSendViaExchangePref boolean Indicates whether users can use Office 365 to send emails (true) or not (false). Default value is false.
enableEmailToSalesforce boolean Indicates whether Email to Salesforce is enabled (true) or disabled (false). This field has a default value of false.
enableComplianceBcc boolean Indicates whether a copy of each outbound email message is sent to an email address you specify (true) or not (false). This field has a default value of false.
enableEnhancedEmailEnabled boolean Indicates whether Enhanced Email is enabled (true) or not (false). Default value is true.
enableHandleBouncedEmails boolean Indicates whether emails sent from Salesforce to an invalid email address bounce back to Salesforce (true) or not (false) . This field has a default value of true. With bounce handling enabled, reps know which lead, contact, or person account has a bad email address, and they know which specific email wasn’t delivered.
enableHtmlEmail boolean Indicates whether users receive Email-To-Case emails in HTML format (true) or receive a text version instead (false). This field has a default value of false. When this field is set to true, users receive a warning message about potential malicious HTML before they view incoming HTML email content.
enableInternationalEmailAddresses boolean Indicates whether non-Latin-based characters are allowed in email addresses (true) or not (false) when sending emails to and from Salesforce. This field has a default value of true in orgs created in Summer '20 or later. In orgs created in Spring '20 or earlier, the default value is false. Available in API version 49.0 and later.
enableListEmailLogActivities boolean Indicates whether Salesforce logs sent list emails as activities (true) or not (false). Default value is true.
sendMassEmailNotification boolean Indicates whether users receive an auto-generated status email from Salesforce for each mass email they send (true) or not (false). This field has a default value of true.
enableRestrictTlsToDomains boolean Indicates whether the selected Transport Layer Security (TLS) setting applies only to specific domains (true) or applies to all domains (false). This field has a default value of false.
enableEmailSpfCompliance boolean Indicates whether outgoing emails comply with Sender Policy Framework (SPF) email authentication (true) or not (false). This field has a default value of true.
enableEmailSenderIdCompliance boolean Indicates whether outgoing emails comply with Sender ID email protocols (true) or not (false). This field has a default value of false. To enable this preference, enableEmailSpfCompliance must be set to true.
enableEmailWorkflowApproval boolean Indicates whether users can respond to email approval requests directly from their email (true) or not (false). This field has a default value of false.
enableSendViaGmailPref boolean Indicates whether users can use Gmail to send emails (true) or not (false). Default value is false.
enableEmailConsentManagement boolean Indicates whether Enforce Email Privacy Settings is enabled (true) or not (false). When enabled, Salesforce respects each recipient’s email privacy preferences. Default value is false.
enableUseOrgFootersForExtTrans boolean Indicates whether emails sent through external email services (such as Gmail or Office 365) include the Salesforce footer (true) or not (false). This field has a default value of false.
sendTextOnlySystemEmails boolean Indicates whether all system emails are sent via text only (true) or allow other formats (false). This field has a default value of false.
enableResendBouncedEmails boolean Indicates whether the system forwards a copy of each bounced email message to the sender (true) or only displays the bounce alert (false). This field has a default value of false. To enable this preference, enableHandleBouncedEmails must be set to true.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Host string Indicates the host name or IP address of your company's SMTP server
IsRequireAuth boolean Indicates whether (true) or not (false) authentication is required. When setting this field to true, the TlsSetting must be set to RequiredVerify.
TlsSetting string Specifies whether Salesforce uses TLS for SMTP sessions. Possible values include: Off, Preferred, Required, PreferredVerify, RequiredVerify.
Username string Specifies the username for relay host STMP authentication. When IsRequireAuth is set to true, this field is required.
AuthType string Specifies which SASL mechanism Salesforce uses for SMTP authentication. This field is available when Enable SMTP Auth is selected. Possible values include: PLAIN, LOGIN.
Port string Indicates the port number of your company’s SMTP server. Possible values include: 25, 587, 10025, 11025.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
canOptOutOfDerivationWithBYOK boolean Indicates that users can opt out of key derivation processes on a key-by-key basis when they upload key material (true) or can’t (false). The default value is false.
enableCacheOnlyKeys boolean Indicates whether the Cache-Only Key Service is available (true) or not (false). The default value is false. If set to true, users can configure a cache-only key callout connection and apply key material stored outside of Salesforce to data on demand.
enableReplayDetection boolean Indicates whether cache-only key callouts are protected from replay attacks by a nonce (true) or not (false). Requires enableCacheOnlyKeys=”true” before setting enableReplayDetection to true.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableStreamingApi boolean Enables (true) or disables (false) Streaming API in the org. Default value is true.
enableTerminateOldestSession boolean Determines the behavior of legacy transaction security policies that trigger an end-session action during an API-based login (a login that doesn’t come through the UI.) An end-session action occurs when a user exceeds the maximum number of allowed Salesforce sessions. When true, and a user triggers an end-session action, Salesforce terminates the user’s oldest session until the user is in compliance. When set to false, Salesforce blocks the most recent user’s attempt to log in and doesn’t allow a new user session. Default value is false. Available in API versions 47.0–49.0.
enableDeleteMonitoringData boolean Allows (true) or disallows (false) users to delete event log files and LoginEvent data. Users require the Delete Event Monitoring Records user permission, which is available when this setting is enabled. Default value is false.
enableTransactionSecurityPolicies boolean Enables (true) or disables (false) the ability to create and use transaction security policies in the Salesforce UI. Default value is false.
enableDynamicStreamingChannel boolean Enables (true) or disables (false) the dynamic creation of a streaming channel when you subscribe to generic streaming. Default value is false.
enableLoginForensics boolean Enables (true) or disables (false) the Login Forensics feature. Login Forensics helps you track and audit your org's user login activity. Default value is false. Available in API versions 47.0–49.0.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
dispositions object Represents the metadata used to manage file type behavior.
 behavior string File download behavior
 filetype string The file type that this disposition applies to
 securityRiskFiletype boolean Indicates file types that cannot have behavior set to EXECUTE, due to security risks.
noHtmlUploadAsAttachment boolean Indicates whether to allow HTML uploads as attachments or document records.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableAuraCDNPref boolean Indicates whether Lightning Experience and other apps use a content delivery network (CDN) to serve the static content for Lightning Component framework.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableS1EncryptedStoragePref2 boolean Indicates whether the Salesforce mobile web uses secure and persistent browser caching to improve performance (true) or not (false).
ATTRIBUTE TYPE REFERS TO DESCRIPTION
doesApiLoginRequireOrgDomain boolean If true, users must use the org’s My Domain login URL to access the Salesforce API. If false (default), users can also access the Salesforce API using the generic Salesforce page, https://InstanceName.salesforce.com and through the login URL https://login.salesforce.com.
enableNativeBrowserForAuthOnAndroid boolean If true, use the native browser for authentication of Android mobile apps. Default is false.
enableNativeBrowserForAuthOnIos boolean If true, use the native browser for authentication of iOS mobile apps. Default is false.
useStabilizedMyDomainHostnames boolean Indicates whether the instance name is hidden in My Domain URLs for Visualforce, Experience Builder, Site.com Studio, and content files (true) or not (false). This field has a default value of true. For example, MyDomainName--PackageName.na44.visual.force.com becomes MyDomainName--PackageName.visualforce.com when this field is set to true.
useStabilizedSandboxMyDomainHostnames boolean This field corresponds to the Stabilize the Hostname for My Domain URLs in Sandboxes release update, which was enforced in Summer ’20. When true, the instance name is hidden in My Domain URLs for sandboxes orgs. For example, MyDomainName--test.cs5.my.salesforce.com became MyDomainName--test.my.salesforce.com. As of API version 49.0, this field's value is always true, regardless of the value that you set. Changing its value has no effect on Salesforce, even if it reads false. This change applies retroactively back to API version 47.0, when this field was first introduced. Previously, in API version 47.0 to 49.0, this field indicated whether the instance name was hidden in My Domain URLs for sandboxes orgs (true) or not (false), and the field's default value was false. Now, in all API versions, this field's value is always true, even if it reads false.
canOnlyLoginWithMyDomainUrl boolean If true, users must use the org's My Domain login URL to log in. If false (default), users can also log in using the org’s instance Salesforce URL, https://InstanceName.salesforce.com, and through the login URL https://login.salesforce.com.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AppName string The label for the connected app that’s associated with this OAuth token.
Id string Reserved for future use. Currently, the value is always null.
LastUsedDate number The most recent date when the OAuth token was used.
UserId string User The owner of the token.
CreatedDate number The time when the OauthToken was created
AccessToken string The refresh token for authorization.
UseCount number How often the token has been used.
AppMenuItemId string The unique ID for the App Picker menu item that’s associated with this OAuth token.
RequestToken string The authorization code that was used to request the corresponding AccessToken. With this authorization code, you can revoke the corresponding AccessToken by passing the DeleteToken.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
historyRestriction number The number of previous passwords saved for users so that they must always reset a new, unique password. Valid values are 0 through 24 passwords remembered. The maximum value of 24 applies to API version 31.0 and later. In earlier versions, the maximum value is 16.
lockoutInterval string The duration of the login lockout. Valid values are FifteenMinutes (this value is the default value), ThirtyMinutes, SixtyMinutes, Forever (must be reset by admin)
maxLoginAttempts string The number of login failures allowed for a user before the user is locked out. Valid values are NoLimit, ThreeAttempts, FiveAttempts, TenAttempts. This value is the default value.
minimumPasswordLength number The minimum number of characters required for a password. The number can contain from 5 to 50 characters (default is 8). Available in API version 35.0 and later. Before API version 35.0, specify minimum password length with the enumeration minPasswordLength, with valid values FiveCharacters, EightCharacters (default), TenCharacters, TwelveCharacters (API version 31.0 and later), and FifteenCharacters (API version 34.0 and later).
minimumPasswordLifetime boolean If enabled (true), passwords can't be changed more than one time during a 24-hour period.
obscureSecretAnswer boolean If enabled (true), hide answers to security questions as the user types.
expiration string The length of time until a user password expires and must be changed. Valid values are Never, ThirtyDays, SixtyDays, NinetyDays, SixMonths, OneYear
questionRestriction string The restriction on whether the answer to the password hint question can contain the password itself. Valid values are None, DoesNotContainPassword
complexity string The types of characters that must be used in a user's password. Valid values are NoRestriction, AlphaNumeric, SpecialCharacters, UpperLowerCaseNumeric, UpperLowerCaseNumericSpecialCharacters, Any3UpperLowerCaseNumericSpecialCharacters
ATTRIBUTE TYPE REFERS TO DESCRIPTION
canEncryptManagedPackageFields boolean Indicates whether users can enable encryption on custom fields in installed managed packages (true) or not (false).
enableDeterministEncryption boolean Indicates whether customers apply the deterministic encryption scheme to supported fields (true) or not (false). The deterministic encryption scheme lets customers filter on encrypted data.
enableEventBusEncryption boolean Indicates whether events are encrypted at rest in the event bus (true) or not (false). The events include change data capture events and platform events. The default value is false. If false, events aren't encrypted and are stored in clear text in the event bus.
enableEncryptFieldHistory boolean Indicates whether the background encryption process applies the customer's active key material to field history and feed tracking values (true) or not (false). The default value is false. If false, background encryption processes apply active key material to all encrypted data except duplicates of that data stored in field history or feed tracking.
isMEKForEncryptionRequired boolean Indicates whether encryption policy tasks, such as enabling encryption on fields, also require the Manage Encryption Keys permission (true) or not (false), in addition to those tasks’ baseline permissions.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
StreamingApiConcurrentClients object The number of Concurrent CometD clients (subscribers) across all channels and for all event types
 Max number The maximum number of Concurrent CometD clients (subscribers) across all channels and for all event types
 Remaining number The remaining number of Concurrent CometD clients (subscribers) across all channels and for all event types that can subscribe
RealTimeEvents list<object> A list of Real-Time Event entities
ATTRIBUTE TYPE REFERS TO DESCRIPTION
url string The URL for the remote site.
description string The description explaining what this remote site setting is used for.
disableProtocolSecurity boolean Indicates whether code within Salesforce can access the remote site regardless of whether the user's connection is over HTTP or HTTPS (true) or not (false). When true, code within Salesforce can pass data from an HTTPS session to an HTTP session, and vice versa.
fullName string The name can only contain characters, letters, and the underscore (_) character, must start with a letter, and cannot end with an underscore or contain two consecutive underscore characters.
isActive boolean Indicates if the remote site setting is active (true) or not (false).
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableSOSLOnCustomSettings boolean Indicates whether custom settings values are returned in Salesforce Object Search language (SOSL) queries (true) or not (false). This field has a default value of false.
enableAdvancedCMTSecurity boolean Indicates whether custom metadata type values are available only to Apex, flow, and formula operations (true) or exposed in other contexts such as through the Enterprise WSDL or SOAP API (false). This field has a default value of false.
enableAdvancedCSSecurity boolean Indicates whether custom settings type values are available only to Apex, flow, and formula operations (true) or exposed in other contexts such as through the Enterprise WSDL or SOAP API (false). This field has a default value of false.
enableListCustomSettingCreation boolean Indicates whether you can create custom settings when using application-level data definitions (true) or not (false). This field has a default value of false.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableAuditFieldsInactiveOwner boolean If true, this setting enables audit fields and updating the owner for records that are owned by inactive users. The default value is false. This field is available in API version 47.0 and later.
enforceUserDeviceRevoked boolean If enabled, and a UserDevice's status is set to revoked, that device can't log in from a Salesforce app. Logins from browsers aren't affected. This field is available in API version 50.0 and later.
enableAuraSecureEvalPref boolean If true, this setting prevents the creation of function expressions in dynamically created Aura components. The default is false. This field is available in API version 47.0 and later.
canUsersGrantLoginAccess boolean If true, users can grant login access to Support. If false, only an admin can grant login access.
enableAdminLoginAsAnyUser boolean If true, the "Administrator Can Log in as Any User" field is enabled
ATTRIBUTE TYPE REFERS TO DESCRIPTION
allowUserAuthenticationByCertificate boolean If enabled (true), users can authenticate with a PEM-encoded X.509 digital certificate. Not enabled by default. Available in API version 47.0 and later.
enableClickjackNonsetupUserHeaderless boolean Indicates whether clickjack protection for customer Visualforce pages with standard headers turned off is enabled (true) or disabled (false).
enableLightningLogin boolean If enabled (true), users can use Lightning Login (Salesforce Authenticator) to log in instead of a password. Available in API Version 47.0 and later.
enableLightningLoginOnlyWithUserPerm boolean If enabled (true), only users with the Lightning Login User permission can log in with Salesforce Authenticator instead of a password. Available in API version 47.0 and later.
hasUserSwitching boolean If 'Enable user switching' is true (default), users can log in to other orgs by selecting their profile picture and using the Switcher. You must also enable the 'Enable caching and autocomplete on login page' setting. If false, the Switcher isn't enabled and your org doesn't appear in Switchers on other orgs.
identityConfirmationOnTwoFactorRegistrationEnabled boolean Indicates if users are required to confirm their identities when adding a verification method such as Salesforce Authenticator for multi-factor authentication (MFA), instead of requiring a re-login. (Multi-factor authentication was formerly called two-factor authentication.) This field is available in API version 40.0 and later.
enableOauthCorsPolicy boolean If set to true, enables Cross-Origin Resource Sharing (CORS) for these OAuth endpoints: /services/oauth2/token /services/oauth2/revoke /services/oauth2/introspect Default setting is false. Available in API version 50.0 and later.
enforceIpRangesEveryRequest boolean If true, the IP addresses in Login IP Ranges are enforced when a user accesses Salesforce (on every page request), including access from a client app. If false, the IP addresses in Login IP Ranges are enforced only when a user logs in. This field affects all user profiles that have login IP restrictions. Available in API version 34.0 and later.
enableClickjackNonsetupSFDC boolean Indicates whether clickjack protection for non-setup Salesforce pages is enabled (true) or disabled (false).
lockerServiceCSP boolean If true, a stricter Content Security Policy is enabled to disallow the unsafe-inline source for the script-src CSP directive. Script tags can’t be used to load JavaScript, and event handlers can’t use inline JavaScript. Lightning Locker and Lightning Web Security depend on this setting to be enabled to protect Lightning components.
lockSessionsToDomain boolean Indicates whether the current UI session for a user is associated with a specific domain. This check helps prevent unauthorized use of the session ID in another domain. The value is true by default for orgs created with the Spring '15 release or later. Available in API version 33.0 and later.
enableCSRFOnPost boolean Indicates whether Cross-Site Request Forgery (CSRF) protection on POST requests on non-setup pages is enabled (true) or disabled (false).
enableClickjackSetup boolean Indicates whether clickjack protection for setup pages is enabled (true) or disabled (false).
enableSMSIdentity boolean If enabled (true), the default, users can receive a one-time password in a text message (SMS) to verify their identity. Users must verify their mobile phone number before they can receive SMS messages.
enableU2F boolean If enabled (true), users can use a physical U2F-compatible security key for multi-factor authentication (MFA) and identity verification. The default is false. Available in API version 47.0 and later.
forceLogoutOnSessionTimeout boolean If enabled (true), the default, when sessions time out for inactive users, current sessions become invalid. The browser refreshes and returns to the login page. To access the organization, the user must log in again.
sessionTimeout string The length of time after which users without activity are prompted to log out or continue working. Valid values are FifteenMinutes, ThirtyMinutes, SixtyMinutes, TwoHours, FourHours, EightHours, TwelveHours
canConfirmIdentityBySmsOnly boolean Prevents identity verification by email for users who have registered other verification methods, such as SMS or Salesforce Authenticator. If no other verification methods are configured, users are verified by email. By default, this setting is disabled (false) for existing orgs. For new orgs, this setting is enabled (true) by default. Available in API version 48.0 and later.
disableTimeoutWarning boolean Indicates whether the session timeout warning popup is disabled (true) or enabled (false).
enforceUserDeviceRevoked boolean If enabled, and a UserDevice’s status is set to revoked, that device can’t log in from a Salesforce app. Logins from browsers aren’t affected. This field is available in API version 50.0 and later.
redirectionWarning boolean Indicates whether users see an alert when they click a link in a web tab that redirects them outside the saleforce.com domain. Available in API version 42.0 and later.
enableCacheAndAutocomplete boolean Indicates whether the user's browser is allowed to store usernames and auto-fill the User Name field on the login page (true) or not (false).
enableClickjackNonsetupUser boolean Indicates whether clickjack protection for customer Visualforce pages with standard headers turned on is enabled (true) or disabled (false).
FileUploadAndDownloadSecurityRules list<object> A list of rules representing the security settings for uploading and downloading files.
lockSessionsToIp boolean Indicates whether user sessions are locked to the IP address from which the user logged in (true) or not (false).
canConfirmEmailChangeInLightningCommunities boolean When users change their email address, they receive an email at the new address with a link. After they click the link, their new email address takes effect.
enableContentSniffingProtection boolean Indicates if the browser is prevented from inferring the MIME type from the document content and from executing malicious files (JavaScript, Stylesheet) as dynamic content. This field is available in API version 39.0 and later.
enablePostForSessions boolean Indicates whether cross-domain session information is exchanged using a POST request instead of a GET request, such as when a user is using a Visualforce page. In this context, POST requests are more secure than GET requests. Available in API version 31.0 and later.
hasRetainedLoginHints boolean If you enable 'Remember me until logout' (true), usernames (login hints) are cached until the user logs out. If a session times out, usernames appear on the Switcher as inactive. If false (default), usernames aren't cached for SSO sessions.
forceRelogin boolean If true, an admin who is logged in as another user must log in again to their original session, after logging out as the secondary user. If false, the admin isn't required to log in again.
identityConfirmationOnEmailChange boolean Indicates if a user's identity is confirmed when changing their email address, instead of requiring a re-login. This field is available in API version 42.0 and later.
referrerPolicy boolean Indicates whether the referer header hides sensitive information that could be present in the full URL. If true, then the referer header displays only salesforce.com. If false, then the header displays the entire URL. For a Visualforce user, if referrerPolicy is set to true, then the referer header displays only force.com. If false, then the header displays the entire URL. Available in API version 42.0 and later.
enableCSPOnEmail boolean Indicates whether a content security policy is enabled for the email template. A content security policy helps prevent cross-site scripting attacks by listing allowed sources of images and other content.
enableCSRFOnGet boolean Indicates whether Cross-Site Request Forgery (CSRF) protection on GET requests on non-setup pages is enabled (true) or disabled (false).
enableXssProtection boolean Indicates if protection against reflected cross-site scripting attacks is enabled. If a reflected cross-site scripting attack is detected and XSS protection is enabled, the browser shows a blank page with no content. This field is available in API version 39.0 and later.
requireHttpOnly boolean Sets the HttpOnly attribute on session cookies, making them inaccessible via JavaScript. If true, session ID cookie access is restricted.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableStandardReportVisibility boolean Indicates whether users can view reports based on standard report types that may expose data of users to whom they don't have access (true) or not (false). This field has a default value of false.
deferSharingRules boolean Indicates whether sharing rule calculations are suspended (true) or not (false). This field has a default value of false. This field is available in API version 49.0 and later.
enableManualUserRecordSharing boolean Indicates whether users can share their own user record (true) or not (false). This field has a default value of false.
enableRestrictAccessLookupRecords boolean Indicates whether users must have read access to a record to see the record's name in lookup and system fields (true) or not (false). This field has a default value of true in Salesforce orgs created in Spring '20 or later and a default value of false in all other orgs. This field is available in API version 48.0 and later.
deferGroupMembership boolean Indicates whether group membership calculations are suspended (true) or not (false). This field has a default value of false. This field is available in API version 49.0 and later.
enablePortalUserVisibility boolean Indicates whether portal users in the same customer or partner portal account can see each other regardless of the organization-wide defaults (true) or not (false). This field has a default value of false. To enable this field, contact Salesforce Support.
enableCommunityUserVisibility boolean Indicates whether site users in the same site can see each other regardless of the organization-wide defaults (true) or not (false). This field has a default value of false. In orgs created in API version 47.0 and later, this setting doesn't apply to guest users.
enableManagerGroups boolean Indicates whether users can share records with their managers and manager subordinates groups (true) or not (false). This field has a default value of false. To use this field, you need the 'View and Manage Users' permission.
enableRemoveTMGroupMembership boolean Removes group membership info for the original territory management feature after migrating to Enterprise Territory Management when set to true. This field has a default value of false. Once this field is set to true, it can't be set to false again.
enableTerritoryForecastManager boolean Indicates whether forecast managers can act as delegated administrators for territories below them in the hierarchy (true) or not (false). This field has a default value of false.
enableAccountRoleOptimization boolean Indicates whether person roles are assigned to new site users in accounts without existing users (true) or if regular site roles are created for new users (false). This field has a default value of false.
enableAssetSharing boolean Indicates whether sharing is enabled for assets (true) or asset access is determined by the parent object's sharing rules (false). This field has a default value of false.
enableSecureGuestAccess boolean When true, guest users have organization-wide defaults set to Private. To share records with them, guest user sharing rules must be used.
enablePartnerSuperUserAccess boolean Indicates whether you can grant super user access to partners in sites (true) or not (false). This field has a default value of false. To use this field, you need the 'Customize Application' permission.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableSamlLogin boolean If you enable 'SAML Enabled' (true), users can SSO into Salesforce from providers via SAML. The default isn't enabled (false).
isLoginWithSalesforceCredentialsDisabled boolean If true, users are redirected to third-party identity providers for authentication.
enableMultipleSamlConfigs boolean If true (default), you can configure multiple SAML providers. After enabling the setting, it can’t be disabled.
enableSamlJitProvisioning boolean If you enable User Provisioning Enabled (true), you can provision users through a SAML assertion (called just-in-time provisioning). Requires EnableSamlLogin to be true and enableMultipleSamlConfigs to be false. The default is enabled (false).
enableForceDelegatedCallout boolean If you enable Force Delegated Authentication Callout (true), a callout to the SSO endpoint occurs regardless of login restriction failures. If disabled (false), the default, and if a user’s first login attempt fails due to login restrictions within the Salesforce org, a call isn’t made to the SSO endpoint.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableTopicsInSites boolean Indicates whether guest and authenticated external users can view topics in Salesforce Sites and Salesforce portals (true) or not (false). The default value is false.
enableSitesRecordReassignOrgPref boolean When true, indicates when the org assigns records created by guest users of a site to a default owner in the org. When false, the guest user remains the owner of the record. The default value is false. Available in API version 48.0 and later.
enableProxyLoginICHeader boolean Indicates whether security tokens for API logins from callouts (in API version 31.0 and earlier) are required (true) or not (false). The default value is true.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
CallCenterId string If Salesforce CRM Call Center is enabled, represents the call center that this user is assigned to.
IndividualId string ID of the data privacy record associated with this user. This field is available if Data Protection and Privacy is enabled.
ReceivesInfoEmails boolean Indicates whether the user receives informational email from Salesforce (true) or not (false).
SenderEmail string The email address used as the From address when the user sends emails. This address is the same value shown in Setup on the My Email Settings page.
Signature string The signature text added to emails. This text is the same value shown in Setup on the My Email Settings page.
UserPermissionsMarketingUser boolean Indicates whether the user is enabled to manage campaigns in the user interface (true) or not (false). Label is Marketing User.
Address object Address of the user.
 CountryCode string The ISO country code for the address.
 Latitude number Used with Longitude to specify the precise geolocation of the address.
 Longitude number Used with Latitude to specify the precise geolocation of the address.
 State string The state detail for the address.
 City string The city detail for the address.
 Country string The country detail for the address.
 PostalCode string The postal code for the address.
 StateCode string The ISO state code for the address.
 Street string The street detail for the address.
 Accuracy string Accuracy level of the geocode for the mailing address.
Alias string The user’s alias. For example, jsmith.
UserPermissionsSiteforcePublisherUser boolean Indicates whether the user is allocated one Site.com Publisher feature license (true) or not (false). Label is Site.com Publisher User. The Site.com Publisher feature license grants the user access to the Site.com application. Users with a Publisher license can build and style websites, control the layout and functionality of pages and page elements, and add and edit content.
UserPreferencesShowEmailToExternalUsers boolean Indicates the visibility of the email address field in the user’s contact information. Email address is visible only to internal members of the user’s organization when this field is false. Email address is visible to external members in an Experience Cloud site when this field is true. External users are users with Community, Customer Portal, or partner portal licenses. When false, this field returns the value #N/A. The default value is false.
UserPermissionsKnowledgeUser boolean Indicates whether the user is enabled to use Salesforce Knowledge (true) or not (false). Label is Knowledge User.
UserPreferencesShowFaxToGuestUsers boolean Indicates the visibility of the fax number field in the user’s contact information. When true, the fax number field is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value ​false in UserPreferencesShowFaxToExternalUsers, making the user’s fax number visible to guests. The default value is false.
Division string The division associated with this user, similar to Department, and unrelated to DefaultDivision.
MiddleName string The user’s middle name.
SmallBannerPhotoUrl string The URL for the small user profile banner photo.
WirelessEmail string Wireless email address associated with this user. For use with Salesforce Wireless Edition. This field is available only if the Wireless and Email permissions are enabled for your organization.
Department string The company department associated with the user.
IsPortalSelfRegistered boolean Indicates whether the user is a Customer Portal user who self-registered for your organization's Customer Portal (true) or not (false).
Username string Contains the name that a user enters to log in to the API or the user interface. The value for this field must be in the form of an email address, using all lowercase characters. It must also be unique across all organizations. If you try to create or update a User with a duplicate value for this field, the operation is rejected.
UserPreferencesHideS1BrowserUI boolean Controls the interface that the user sees when logging in to Salesforce from a supported mobile browser. If false, the user is automatically redirected to the Salesforce mobile web. If true, the user sees the full Salesforce site. The default value is false. Label is Salesforce User.
UserPreferencesLightningExperiencePreferred boolean When true, redirects the user to the Lightning Experience interface. Label is Switch to Lightning Experience.
UserPreferencesShowPostalCodeToExternalUsers boolean Indicates the visibility of the postal or ZIP code field in the user’s contact information. Postal code is visible only to internal members of the user’s organization when this field is false. Postal code is visible to external members in an Experience Cloud site when this field is true, or this field is false but UserPreferencesShowPostalCodeToGuestUsers is true, which overrides this field’s value External users are users with Community, Customer Portal, or partner portal licenses. The default value is false.
CreatedDate number The time when the User was created
FederationIdentifier string Indicates the value that must be listed in the Subject element of a Security Assertion Markup Language (SAML) IDP certificate to authenticate the user for a client application using single sign-on. This value must be specified if the SAML User ID Type is Assertion contains Federation ID from the User record. Otherwise, this field can’t be edited.
UserPreferencesHideBiggerPhotoCallout boolean When true, users can choose to hide the callout text below the large profile photo.
UserPermissionsSFContentUser boolean Indicates whether the user is allocated one Salesforce CRM Content User License (true) or not (false). Label is Salesforce CRM Content User. The Salesforce CRM Content User license grants the user access to the Salesforce CRM Content application.
UserPreferencesDisableMessageEmail boolean When false, the user automatically receives email for Chatter messages sent to the user.
City string The city associated with the user.
UserRoleId string ID of the user’s UserRole. Label is Role ID.
UserPreferencesTaskRemindersCheckboxDefault boolean When true, a reminder popup is automatically set on the user's tasks. Corresponds to the By default, set reminder on Tasks to... checkbox on the Reminders page in the user interface. This field is related to UserPreference and customizing activity reminders.
IsPortalEnabled boolean Indicates whether an active, external, user has access to Experience Cloud sites or portals (true) or not (false). This field is only available if one of these conditions is true: Digital experiences is enabled and you have community or portal user licenses, Portals are enabled.
UserPreferencesHideCSNDesktopTask boolean When true, the Chatter recommendations panel never displays the recommendation to install Chatter Desktop.
UserPreferencesShowCountryToGuestUsers boolean Indicates the visibility of the country field in the user’s contact information. When true, country is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowCountryToExternalUsers, making the user’s country visible to external members. The default value is false.
UserPreferencesShowFaxToExternalUsers boolean Indicates the visibility of the fax number field in the user’s contact information. Fax number is visible only to internal members of the user’s organization when this field is false. Fax number is visible to external members in an Experience Cloud site when this field is true. External users are users with Community, Customer Portal, or partner portal licenses. The default value is false.
UserPermissionsJigsawProspectingUser boolean Indicates whether the user is allocated one Data.com user license (true) or not (false). The Data.com user license lets the user add Data.com contact and lead records to Salesforce in supported editions. Label is Data.com User.
UserPreferencesNativeEmailClient boolean Use this field to set a default email preference for the user’s native email client. This field is available in API version 47.0 and later. The default value is false, corresponding to the Salesforce docked email composer.
Manager string User lookup field used to select the user's manager. This field establishes a hierarchical relationship, preventing you from selecting a user that directly or indirectly reports to themselves.
UserPreferencesDisCommentAfterLikeEmail boolean When false, the user automatically receives email every time someone comments on a post that the user liked. This field is available in API version 24.0 and later.
UserPreferencesHideChatterOnboardingSplash boolean When true, the initial Chatter onboarding prompts don’t appear.
UserPreferencesShowProfilePicToGuestUsers boolean Indicates the visibility of the user’s profile photo. When true, the photo is visible to guest users in an Experience Cloud site. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When false, this field returns the stock photo. The default value is false.
UserPreferencesShowWorkPhoneToGuestUsers boolean Indicates the visibility of the work phone field in the user’s contact information. When true, the work phone field is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value ​false in UserPreferencesShowWorkPhoneToExternalUsers, making the user’s work phone visible to guests. The default value is false.
FullPhotoUrl string The URL for the user's profile photo. This field is available even if Chatter is disabled. The URL is updated every time a photo is uploaded and reflects the most recent photo. If a newer photo is uploaded, the URL returned for an older photo isn’t guaranteed to return a photo. Query this field for the URL of the most recent photo.
Latitude number Used with Longitude to specify the geolocation of an address. Acceptable values are numbers between –90 and 90 up to 15 decimal places.
UserPreferencesReceiveNoNotificationsAsApprover boolean Controls email notifications from the approval process for approvers. If true, emails are disabled. If false, emails are enabled. The default value is false.
Id string The unique identifier of User
TimeZoneSidKey string This field is a restricted picklist field. A User time zone affects the offset used when displaying or entering times in the user interface. But the API doesn’t use a User time zone when querying or setting values. Values for this field are named using region and key city, according to ISO standards. You can also manually set one User time zone in the user interface, and then use that value for creating or updating other User records via the API.
PostalCode string The user’s postal or ZIP code. Label is Zip/Postal Code.
UserPreferencesContentEmailAsAndWhen boolean When false, a user with Salesforce CRM Content subscriptions receives a once-daily email summary if activity occurs on the subscribed content, libraries, tags, or authors. To receive email, the UserPreferencesContentNoEmail field must also be false. The default value is false.
UserPreferencesDisMentionsCommentEmail boolean When false, the user automatically receives email every time the user is mentioned in comments.
UserPreferencesHideSfxWelcomeMat boolean Controls whether a user sees the Lightning Experience new user message. That message welcomes users to the new interface and provides step-by-step instructions that describe how to return to Salesforce Classic.
UserPreferencesShowTitleToExternalUsers boolean Indicates the visibility of the business title field in the user’s contact information. Title is visible only to internal members of the user’s organization when this field is false. Title is visible to external members in an Experience Cloud site when this field is true, or this field is false but UserPreferencesShowTitleToGuestUsers is true, which overrides this field’s value. External users are users with Community, Customer Portal, or partner portal licenses. The default value is true.
LocaleSidKey string This field is a restricted picklist field. The value of the field affects formatting and parsing of values, especially numeric values, in the user interface. It doesn’t affect the API. The field values are named according to the language, and the country if necessary, using two-letter ISO codes. The set of names is based on the ISO standard. You can also manually set a user’s locale in the user interface, and then use that value for inserting or updating other users via the API.
MobilePhone string The user’s mobile device number.
Fax string The user’s fax number.
LastViewedDate number The timestamp for when the current user last viewed this record. If this value is null, it’s possible that this record was referenced (LastReferencedDate) but not viewed.
OfflineTrialExpirationDate number The date and time when the user’s Connect Offline trial expires.
UserPermissionsLiveAgentUser boolean Indicates whether the user is enabled to use Chat (true) or not (false). Label is Live Agent User.
UserPermissionsWirelessUser boolean Required if the Wireless permission is enabled. Indicates whether the user is enabled to use Wireless Edition (true) or not (false). Label is Wireless User.
UserPreferencesDisableEndorsementEmail boolean When false, the member automatically receives email every time someone endorses them for a topic.
CreatedById string User The unique identifier (id) for the User who created the User.
CountryCode string The ISO country code associated with the user.
UserPreferencesDisableFeedbackEmail boolean When false, the user automatically receives emails related to WDC feedback. The user receives these emails when someone requests or offers feedback, shares feedback with the user, or reminds the user to answer a feedback request.
UserPreferencesShowCityToGuestUsers boolean Indicates the visibility of the city field in the user’s contact information. When true, city is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowCityToExternalUsers, making the user’s city visible to external members. The default value is false.
SmallPhotoUrl string The URL for a thumbnail of the user's profile photo. This field is available even if Chatter is disabled. The URL is updated every time a photo is uploaded and reflects the most recent photo. If a newer photo is uploaded, the URL returned for an older photo isn’t guaranteed to return a photo. Query this field for the URL of the most recent photo.
UserPreferencesShowTitleToGuestUsers boolean Indicates the visibility of the business title field in the user’s contact information. When true, title is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site.When true, this field overrides the value false in UserPreferencesShowTitleToExternalUsers, making the user’s title visible to external members. The default value is false.
EmailPreferencesAutoBcc boolean Determines whether the user receives copies of sent emails. This option applies only if compliance BCC emails aren’t enabled.
IsPartner boolean Indicates whether the user is a partner who has access to the partner portal (true) or not (false). This field isn’t available for release 9.0 and later. Instead, use UserType with the value Partner or Power Partner.
IsActive boolean Indicates whether the user has access to log in (true) or not (false). You can modify a User's active status from the user interface or via the API.
IsProfilePhotoActive boolean Indicates whether a user has a profile photo (true) or not (false).
ManagerId string User The Id of the user who manages this user.
Phone string The user’s phone number.
UserPermissionsSiteforceContributorUser boolean Indicates whether the user is allocated one Site.com Contributor feature license (true) or not (false). Label is Site.com Contributor User. The Site.com Contributor feature license grants the user access to the Site.com application. Users with a Contributor license can use Site.com Studio to edit site content only.
UserPreferencesDisableWorkEmail boolean When false, the user receives emails related to WDC feedback, goals, and coaching. The user must also sign up for individual emails listed on the WDC email settings page. When true, the user doesn’t receive any emails related to WDC feedback, goals, or coaching even if they’re signed up for individual emails.
SystemModstamp number The time when the User was last modified by a user or an automated process (such as a trigger)
DelegatedApproverId string Id of the user who is a delegated approver for this user.
UserPreferencesShowStateToExternalUsers boolean Indicates the visibility of the state field in the user’s contact information. State is visible only to internal members of the user’s organization when this field is false. State is visible to external members in an Experience Cloud site when this field is true, or this field is false but UserPreferencesShowStateToGuestUsers is true, which overrides this field’s value. External users are users with Community, Customer Portal, or partner portal licenses. The default value is false.
UserPreferencesEventRemindersCheckboxDefault boolean When true, a reminder popup is automatically set on the user's events. Corresponds to the By default, set reminder on Events to... checkbox on the Reminders page in the user interface. This field is related to UserPreference and customizing activity reminders.
UserPreferencesSortFeedByComment boolean Specifies the data value used in sorting a user’s feed. When true, the feed is sorted by most recent comment activity. When false, the feed is sorted by post date.
AboutMe string Information about the user, such as areas of interest or skills. This field is available even if Chatter is disabled.
CompanyName string The name of the user’s company.
GeocodeAccuracy string The level of accuracy of a location’s geographical coordinates compared with its physical address. A geocoding service typically provides this value based on the address’s latitude and longitude coordinates.
UserPreferencesDisableLikeEmail boolean When false, the user automatically receives email every time someone likes their post or comment.
BadgeText string The Experience Cloud site role, displayed on the user profile page just below the user name.
Email string The user’s email address.
UserPreferencesDisableMentionsPostEmail boolean When false, the user automatically receives email every time they’re mentioned in posts.
PortalRole string The role of the user in the Customer Portal (either "Executive", "Manager", "User", or "PersonAcount")
UserPreferencesApexPagesDeveloperMode boolean When true, indicates that the user has enabled developer mode for editing Visualforce pages and controllers.
UserPreferencesShowWorkPhoneToExternalUsers boolean Indicates the visibility of the work phone number field in the user’s contact information. The number is visible only to internal members of the user’s organization when this field is false. The number is visible to external members in an Experience Cloud site when this field is true. External users are users with Community, Customer Portal, or partner portal licenses.The default value is false.
Longitude number Used with Latitude to specify the geolocation of an address. Acceptable values are numbers between –180 and 180 up to 15 decimal places.
UserPreferencesShowStreetAddressToGuestUsers boolean Indicates the visibility of the street address field in the user’s contact information. When true, the street address field is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value ​false in UserPreferencesShowStreetAddressToExternalUsers, making the user’s street address visible to guests. The default value is false.
UserPreferencesHideCSNGetChatterMobileTask boolean When true, the Chatter recommendations panel never displays the recommendation to install Chatter Mobile.
UserPreferencesUserDebugModePref boolean When true, the Lightning Component framework executes in debug mode for the user. Corresponds to the Debug Mode checkbox on the Advanced User Details page of personal settings in the user interface.
Country string The country associated with the user.
Name string Concatenation of FirstName and LastName.
UserPreferencesActivityRemindersPopup boolean When true, a reminder window automatically opens when an activity reminder is due. Corresponds to the Trigger alert when reminder comes due checkbox at the Reminders page in the personal settings in the user interface.
UserPreferencesPathAssistantCollapsed boolean When true, Sales Path appears collapsed or hidden to the user.
UserPreferencesReminderSoundOff boolean When true, a sound automatically plays when an activity reminder is due. Corresponds to the Play a reminder sound checkbox on the Reminders page in the user interface.
UserPreferencesShowManagerToExternalUsers boolean Indicates the visibility of the manager field in the user’s contact information. Manager is visible only to internal members of the user’s organization when this field is false. Manager is visible to external members in an Experience Cloud site when this field is true. External users are users with Community, Customer Portal, or partner portal licenses. The default value is false.
LastReferencedDate number The timestamp for when the current user last viewed a record related to this record.
UserPermissionsOfflineUser boolean Indicates whether the user is enabled to use Offline Edition (true) or not (false). Label is Offline User.
LastLoginDate number The date and time when the user last successfully logged in. This value is updated if 60 seconds elapses since the user’s last login.
StateCode string The ISO state code associated with the user.
UserPreferencesDisableChangeCommentEmail boolean When false, the user automatically receives email every time someone comments on a change the user has made, such as an update to their profile.
UserPreferencesShowCityToExternalUsers boolean Indicates the visibility of the city field in the user’s contact information. City is visible only to internal members of the user’s organization when this field is false. City is visible to external members in an Experience Cloud site when this field is true, or this field is false but UserPreferencesShowCityToGuestUsers is true, which overrides this field’s value. External users are users with Community, Customer Portal, or partner portal licenses.
UserPreferencesShowEmailToGuestUsers boolean Indicates the visibility of the email address field in the user’s contact information. When true, the email address is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value ​false in UserPreferencesShowEmailToExternalUsers, making the user’s email address visible to guests. The default value is false.
UserPreferencesShowPostalCodeToGuestUsers boolean Indicates the visibility of the postal or ZIP code field in the user’s contact information. When true, postal code is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value​false in UserPreferencesShowPostalCodeToExternalUsers, making the user’s postal code visible to external members. The default value is false.
Extension string The user’s phone extension number.
ForecastEnabled boolean Indicates whether the user is enabled as a forecast manager (true) or not (false). Forecast managers see forecast rollups from users below them in the forecast hierarchy.
Suffix string The user’s name suffix.
UserPermissionsSupportUser boolean When true, the user can use the Salesforce console.
UserPreferencesEnableAutoSubForFeeds boolean When true, the user automatically subscribes to feeds for any objects that the user creates.
UserPreferencesDisableLaterCommentEmail boolean When false, the user automatically receives email every time someone comments on a feed item after the user has commented on the feed item.
UserPreferencesHideSecondChatterOnboardingSplash boolean When true, the secondary Chatter onboarding prompts don’t appear.
UserPreferencesJigsawListUser boolean When true, the user is a Data.com List user so shares record additions from a pool. UserPermissionsJigsawProspectingUser must also be set to true. Label is Data.com List User.
EmployeeNumber string The user’s employee number.
ReceivesAdminInfoEmails boolean Indicates whether the user receives email for administrators from Salesforce (true) or not (false).
UserPreferencesReceiveNotificationsAsDelegatedApprover boolean Controls email notifications from the approval process for delegated approvers. If true, emails are enabled. If false, emails are disabled. The default value is false.
UserPreferencesDisableRewardEmail boolean When false, the user automatically receives emails related to WDC rewards. The user receives these emails when someone gives a reward to the user.
NumberOfFailedLogins number The number of failed login attempts for the user’s account. When the maximum number of failed login attempts is reached, the counter resets and the user’s account is locked. If there’s a successful login before the maximum number of failed login attempts is reached, the counter resets and the user’s account remains unlocked.
Title string The user’s business title, such as Vice President.
UserPreferencesShowManagerToGuestUsers boolean Indicates the visibility of the manager field in the user’s contact information. When true, the manager field is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value ​false in UserPreferencesShowManagerToExternalUsers, making the user’s manager visible to guests. The default value is false.
LastModifiedById string User The unique identifier (id) for the User who modified the User recently.
AccountId string ID of the Account associated with a Customer Portal user. This field is null for Salesforce users.
LastName string The user’s last name.
MediumBannerPhotoUrl string The URL for the medium-sized user profile banner photo.
DefaultGroupNotificationFrequency string The default frequency for sending the user's Chatter group email notifications when the user joins groups. The valid values are "P" (Email on every post), "D" (Daily digests), "W" (Weekly digests), "N" (Never). The default value is "N". For Professional, Enterprise, Unlimited, and Developer Edition organizations that existed before API version 22.0, the default value remains "D".
IsPrmSuperUser boolean Available for partner portal users only. Indicates whether the user has super user access in the partner portal (true) or not (false).
UserPreferencesDisableFollowersEmail boolean When false, the user automatically receives email every time someone starts following the user in Chatter.
UserPreferencesOptOutOfTouch boolean When false, the user automatically accesses the Salesforce Touch app when logging in to Salesforce from an iPad. If true, automatic access to the Salesforce Touch app is turned off and the user’s iPad is directed to the full Salesforce site instead. The default value is false.
UserType string The category of user license. Each UserType is associated with one or more UserLicense records. Each UserLicense is associated with one or more profiles. The valid values are "Standard" (user license. This user type also includes Salesforce Platform and Salesforce Platform One user licenses. Label is Standard), "PowerPartner" (User whose access is limited because they’re a partner and typically access the application through a partner portal or Experience Cloud site. Label is Partner), "CSPLitePortal" (user whose access is limited because they’re an org's customer and access the application through a Customer Portal or Experience Cloud site. Label is High Volume Portal), "CustomerSuccess" (user whose access is limited because they’re an org's customer and access the application through a Customer Portal. Label is Customer Portal User.), "PowerCustomerSuccess" (user whose access is limited because they’re an org's customer and access the application through a Customer Portal. Label is Customer Portal Manager). Users with this license type can view and edit data they directly own or data owned by or shared with users below them in the Customer Portal role hierarchy: "CsnOnly" (user whose access to the application is limited to Chatter. This user type includes Chatter Free and Chatter moderator users. Label is Chatter Free), "Guest" (user whose access is limited because they’re an unauthenticated user without login credentials. Label is Guest)
CommunityNickname string Name used to identify this user in the Experience Cloud site.
SenderName string The name used as the email sender when the user sends emails. This name is the same value shown in Setup on the My Email Settings page.
UserPermissionsInteractionUser boolean Indicates whether the user can run flows or not. Label is Flow User.
UserPermissionsWorkDotComUserFeature boolean Indicates whether the WDC feature is enabled for the user (true) or not (false).
UserPreferencesDisableFileShareNotificationsForApi boolean When false, email notifications are sent from the person who shared the file to the users that the file is shared with.
UserPreferencesHideEndUserOnboardingAssistantModal boolean Reserved for future use.
UserPreferencesHideLightningMigrationModal boolean Reserved for future use.
UserPreferencesShowCountryToExternalUsers boolean Indicates the visibility of the country field in the user’s contact information. Country is visible only to internal members of the user’s organization when this field is false. Country is visible to external members in an Experience Cloud site when this field is true, or this field is false but UserPreferencesShowCountryToGuestUsers is true, which overrides this field’s value. External users are users with Community, Customer Portal, or partner portal licenses. The default value is false.
CurrentStatus string Text that describes what the user is working on.
UserPermissionsChatterAnswersUser boolean Indicates whether the portal user is enabled to use the Chatter Answers feature (true) or not (false). This field defaults to false when a Customer Portal user is created from the API.
UserPreferencesShowStreetAddressToExternalUsers boolean Indicates the visibility of the street address field in the user’s contact information. The address is visible only to internal members of the user’s organization when this field is false. The address is visible to external members in an Experience Cloud site when this field is true. External users are users with Community, Customer Portal, or partner portal licenses.The default value is false.
UserPreferencesSuppressEventSFXReminders boolean When true, event reminders don’t appear. Corresponds to the Show event reminders in Lightning Experience checkbox on the Activity Reminders page in the user interface. This field is related to UserPreference and customizing activity reminders.
UserPreferencesDisableBookmarkEmail boolean When false, the user automatically receives email every time someone comments on a Chatter feed item after the user has bookmarked it.
UserPreferencesDisableProfilePostEmail boolean When false, the user automatically receives email every time someone posts to the user’s profile.
LanguageLocaleKey string The user’s language, such as French or Chinese (Traditional). Label is Language.
ProfileId string ID of the user’s Profile. Use this value to cache metadata based on profile.
Street string The street address associated with the User.
UserPreferencesContentNoEmail boolean When false, a user with Salesforce CRM Content subscriptions receives email notifications if activity occurs on the subscribed content, libraries, tags, or authors. To receive real-time email alerts, set this field to false and set the UserPreferencesContentEmailAsAndWhen field to true. The default value is false.
EmailEncodingKey string The email encoding for the user, such as ISO-8859-1 or UTF-8.
JigsawImportLimitOverride number The Data.com user’s monthly addition limit. The value must be between zero and the organization’s monthly addition limit. Label is Data.com Monthly Addition Limit.
DefaultCurrencyIsoCode string The user's default currency setting for new records. For example, if a user in France sets DefaultCurrencyIsoCode to euros, then that’s their default currency. Only applicable for organizations that use multiple currencies.
State string The state associated with the User.
UserPermissionsCallCenterAutoLogin boolean Required if Salesforce CRM Call Center is enabled. Indicates whether the user is enabled to use the auto login feature of the call center (true) or not (false).
UserPreferencesShowMobilePhoneToGuestUsers boolean Indicates the visibility of the mobile phone field in the user’s contact information. When true, the mobile phone field is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value ​false in UserPreferencesShowMobilePhoneToExternalUsers, making the user’s mobile phone visible to guests. The default value is false.
BannerPhotoUrl string The URL for the user's banner photo. This field is available in API version 36.0 and later.
ContactId string ID of the Contact associated with this account. The contact must have a value in the AccountId field or an error occurs.
FirstName string The user’s first name.
UserPreferencesShowStateToGuestUsers boolean Indicates the visibility of the state field in the user’s contact information. When true, state is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site.When true, this field overrides the value false in UserPreferencesShowStateToExternalUsers, making the user’s state visible to external members. The default value is false.
UserPreferencesSuppressTaskSFXReminders boolean When true, task reminders don’t appear. Corresponds to the Show task reminders in Lightning Experience. checkbox on the Activity Reminders page in the user interface. This field is related to UserPreference and customizing activity reminders.
DefaultDivision string This record’s default division. Only applicable if divisions are enabled.
DigestFrequency string The send frequency of the user’s Chatter personal email digest. The valid values are: "D" (Daily), "W" (Weekly), "N" (Never). The default value is "D".
UserPreferencesDisableSharePostEmail boolean When false, the user automatically receives email every time their post is shared.
UserPreferencesDisProfPostCommentEmail boolean When false, the user automatically receives email every time someone comments on posts on the user’s profile.
LastModifiedDate number The time when the User was last modified by a user
UserPreferencesDisableAllFeedsEmail boolean When false, the user automatically receives email for all updates to Chatter feeds, based on the types of feed emails and digests the user has enabled.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
restrictedProfileCloning boolean When enabled (true), only permissions accessible to your org are enabled when you clone profiles. When disabled (false), all permissions currently enabled in the source profile are also enabled for the cloned profile, even if your org can't currently access them. This field is available in API version 50.0 and later.
enableEnhancedConcealPersonalInfo boolean Indicates if personal information fields in user records are hidden from external users (true) or not (false). When this field is set to true, you can choose which fields are classified as personal information and hidden on the User Management Settings Setup page. The default value is false. This field is available in API version 53.0 and later. Before you set the enableEnhancedConcealPersonalInfo field to true, make sure that enableConcealPersonalInfo is set to false.
enableConcealPersonalInfo boolean Indicates if personal information fields in user records are hidden from external users (true) or not (false). When this field is set to true, 10 personal information fields are hidden. The default value is false. This field is unavailable for orgs created in Winter ’22 or later. Salesforce recommends that you use the enableEnhancedConcealPersonalInfo field instead of enableConcealPersonalInfo. Before you set the enableEnhancedConcealPersonalInfo field to true, make sure that enableConcealPersonalInfo is set to false.
enableContactlessExternalIdentityUsers boolean If true and your org has the External Identity license, you can create contactless users. Having users without contact information reduces the overhead of managing customers. Purchase the External Identity license to access the Customer 360 Identity product. The default is false. Available in API version 47.0 and later.
enableNewProfileUI boolean If you enable Enhanced Profile User Interface (true), you can use the streamlined, enhanced profile user interface to browse, search, and modify settings. You can use only one user interface at a time.
enableProfileFiltering boolean With profile filtering enabled (true), you can restrict who sees profile names to the users who require the access for their job roles. If profile filtering is disabled (false), users can see all profiles in a Salesforce org, regardless of which permissions they have.
enableScrambleUserData boolean If you enable Let Users Scramble Their User Data (true), users can request that Salesforce remove all their personal data. Because Salesforce can’t delete information, it scrambles their data. Scrambling a user’s data is unrecoverable. So this org-wide setting serves as an extra precaution. If a user requests it, you scramble the data programmatically with the obfuscateUser Apex method. You can use the method, for example, in a custom Apex trigger, workflow, or the Developer Console. This field is available in API version 47.0 and later.
enableUserSelfDeactivate boolean If you enable User Self Deactivate (true), users can deactivate their Experience Cloud site or Chatter accounts.
enableEnhancedPermsetMgmt boolean If you enable Enhanced Permission Set Component Views (true), you can work with permission sets more easily. For example, when you have large numbers of Apex class assignments for permission sets, you can enable a paginated result set, standard filtering, and sorting.
enableEnhancedProfileMgmt boolean If you enable Enhanced Profile Lists Views (true), you can quickly view, customize, and edit list data.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
DeveloperName string The unique name of the object in the API. This name can contain only underscores and alphanumeric characters, and must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores.
NamespacePrefix string The namespace prefix that is associated with this object. Each Developer Edition org that creates a managed package has a unique namespace prefix. Limit: 15 characters. You can refer to a component in a managed package by using the namespacePrefix__componentName notation.
ConnectedAppId string ConnectedApplication The 18-digit application ID for the connected app.
LastModifiedById string User The unique identifier (id) for the User who modified the UserProvisioningConfig recently.
NamedCredentialId string Salesforce ID of the named credential that’s used for a request. The named credential identifies the third-party system and the third-party authentication settings.
UserAccountMapping string Stores the attributes used to link the Salesforce user to the account on the third-party system, in JSON format.
Id string The unique identifier of UserProvisioningConfig.
LastModifiedDate number The time when the UserProvisioningConfig was last modified by a user
approvalRequired string Denotes whether approvals are required for provisioning users for the associated connected app. If the value is null, no approval is required.
EnabledOperations string Lists the operations, as comma-separated values, that create a user provisioning request for the associated connected app. Allowed values are: Create, Update, EnableAndDisable (activation and deactivation), SuspendAndRestore (freeze and unfreeze).
Language string The two- to five-character code that represents the language and locale ISO. This code controls the language for labels displayed in an application.
MasterLabel string The primary label for this object. This value is the internal label that doesn’t get translated.
OnUpdateAttributes string Lists the user attributes, as comma-separated values, that generate a UserProvisioningRequest object during an update.
ReconFilter string When collecting and analyzing users on a third-party system, the plug-in uses this filter to limit the scope of the collection.
CreatedById string User The unique identifier (id) for the User who created the UserProvisioningConfig.
SystemModstamp number The time when the UserProvisioningConfig was last modified by a user or an automated process (such as a trigger)
Enabled boolean Indicates whether user provisioning is enabled for the associated connected app (true) or not (false).
LastReconDateTime number The date and time when user accounts were last reconciled between Salesforce and the target system.
Notes string A utility field for administrators to add any additional information about the configuration. This field is for internal reference only, and is not used by any process.
CreatedDate number The time when the UserProvisioningConfig was created
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION