ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableAccountOwnerReport boolean Indicates whether Account Owner Report can (true) or can't (false) be run by all users.
enableAccountHistoryTracking boolean Indicates whether history tracking is enabled for accounts (true) or not (false). The default value is false. If history tracking is disabled, the History related list is removed from account page layouts. However, history data is still available for reporting up to the date and time when tracking was disabled. Available in API version 47.0 and later.
enableContactHistoryTracking boolean Indicates whether history tracking is enabled for contacts (true) or not (false). Available in API version 46.0 and later.
showViewHierarchyLink boolean Indicates whether the default View Hierarchy link on all business account detail pages is visible (true) or hidden (false).
enableAccountTeams boolean Indicates whether account teams are enabled (true) or not (false). The Metadata API can't be used to disable account teams.
enableRelateContactToMultipleAccounts boolean Indicates whether users can relate a contact to multiple accounts (true) or only one account (false). The default value is false. If this feature (Contacts to Multiple Accounts) is disabled, secondary contact-account relationships created while the feature was enabled are deleted. Available in API version 47.0 and later. Avoid using the Metadata API to enable this feature. Use the Account Settings page in Setup to enable Contacts to Multiple Accounts.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableUserListViewCalendars boolean Allows users to create and view user list view calendars in Lightning Experience. Available in API versions 47.0 and later
showCustomLogoMeetingRequests boolean Displays a custom logo in meeting request emails and on a meeting's Web page. Invitees see the logo when a user either invites them to an event or requests a meeting. Admins control this field on the Activity Settings page.
enableDragAndDropScheduling boolean Lets users create events associated with records by dragging a record from a list view onto a calendar view and entering the details of the event in an overlay. Hovering over an event displays an overlay where users can view the event details or delete the event without leaving the page. Admins use a mini page layout to configure the fields shown in the overlays. Admins control this field on the User Interface settings page.
enableSidebarCalendarShortcut boolean In the sidebar, displays a shortcut link to a user's last-used calendar view. Admins control this field on the Activity Settings page.
enableUNSTaskDelegatedToNotifications boolean On the Activity Settings page, exposes a setting for Admins to hide or show a user setting that lets individual users enable or disable email notifications when tasks are assigned to them.
showHomePageHoverLinksForEvents boolean In the calendar section of the Home tab. When a user hovers over the subject of an event, a hover link displays an overlay with selected event details. (Hover links are always available in other calendar views.) When a user clicks the subject of an event, displays the event detail page. Admins use a mini page layout to configure the fields shown in the overlay. Admins control this field on the User Interface settings page.
showMyTasksHoverLinks boolean In the My Tasks section of the Home tab and on the calendar day view. When a user hovers over the subject of a task, a hover link displays an overlay with selected task details. When a user clicks the subject of a task, displays the task detail page. Admins use a mini page layout to configure the fields shown in the overlay. Admins control this field on the User Interface settings page.
enableClickCreateEvents boolean Lets users create events in day and weekly calendar views by double-clicking a specific time slot and entering the details of the event in an overlay. Hovering over an event displays an overlay where users can view the event details or delete the event without leaving the page. Admins use a mini page layout to configure the fields shown in the overlays. Does not support recurring events or multi-person events. Admins control this field on the User Interface settings page.
enableRecurringEvents boolean Enables creation of events that repeat at specified intervals. Admins control this field on the Activity Settings page.
enableSimpleTaskCreateUI boolean Allows admins to specify whether tapping New Task in Salesforce opens a regular task record edit page or a page that displays key task fields first. Admins control this field on the Activity Settings page.
enableMultidayEvents boolean Enables creation of events that end more than 24 hours after they start. Admins control this field on the Activity Settings page.
enableRecurringTasks boolean Enables creation of tasks that repeat at specified intervals. Admins control this field on the Activity Settings page.
showEventDetailsMultiUserCalendar boolean Displays event details on-screen rather than in hover text. Admins control this field on the Activity Settings page.
enableEmailTracking boolean Enables tracking of outbound HTML emails if an organization uses HTML email templates. Admins control this field on the Activity Settings page.
allowUsersToRelateMultipleContactsToTasksAndEvents boolean This field indicates whether Shared Activities is enabled. When the value is true, allows users to relate multiple contacts to a task or event.
enableListViewScheduling boolean Extends the functionality of enableDragAndDropScheduling and enableClickCreateEvents to list view calendars. Admins control this field on the User Interface settings page.
enableRollUpActivToContactsAcct boolean Enables a contact's activities to be rolled up and displayed on the contact's primary account. Default value is true. Available in API versions 47.0 and later.
autoRelateEventAttendees boolean When users add attendees to events, events are automatically related to up to 50 contacts or one lead. An attendee is matched by their email address to a contact or lead. Admins control this field on the Activity Settings page. Available in API version 42.0 and later.
enableActivityReminders boolean Enables popup activity reminders for an organization. Admins control this field on the Activity Settings page.
enableGroupTasks boolean Lets users assign independent copies of a new task to multiple users. Admins control this field on the Activity Settings page.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableDisableParallelApexTesting boolean Indicates whether Apex tests are serially executed (true) or not (false). The default value is false.
enableNonCertifiedApexMdCrud boolean Indicates whether Apex classes can access metadata, public or protected, through classes in the Metadata namespace (true) or not (false). The default value is false.
enableSecureNoArgConstructorPref boolean Indicates whether Apex type visibility rules are strictly enforced for the Type.newInstance method (true) or not (false). The default value is false. When enabled, regardless of API version, you can instantiate only Apex classes with a no-arguments constructor that is visible to the code running Type.newInstance. Available in API version 48.0 and later.
enableDoNotEmailDebugLog boolean Indicates whether Apex debug log details are suppressed in unhandled exception emails (true) or not (false). The default value is false.
enableAggregateCodeCoverageOnly boolean Indicates whether aggregate (not detailed) totals are tracked for Apex test coverage data (true) or not (false). The default value is false.
enableApexApprovalLockUnlock boolean Indicates whether approval process lock and unlock operations from Apex code are allowed (true) or not (false). The default value is false.
enableAuraApexCtrlGuestUserAccessCheckPref boolean Indicates whether the Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile critical update is activated (true) or not (false).
enableGaplessTestAutoNum boolean Indicates whether autonumbering gaps are prevented by Apex test executions not incrementing autonumber fields for non-test records (true) or not (false). The default value is true.
enableMngdCtrlActionAccessPref boolean Indicates whether the Disable Access to Non-global Apex Controller Methods in Managed Packages critical update is activated (true) or not (false).
enableApexCtrlImplicitWithSharingPref boolean Indicates whether the Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing critical update is activated (true) or not (false)
enableCompileOnDeploy boolean Indicates whether Apex code is automatically recompiled (true) or not (false). When set to true, code is recompiled before completing a metadata deployment, change set deployment, package installation, or package upgrade. The default value is true for production orgs and false for others.
enableApexPropertyGetterPref boolean Indicates whether the Enforce Access Modifiers on Apex Properties in Lightning Component Markup critical update is activated (true) or not (false).
enableAuraApexCtrlAuthUserAccessCheckPref boolean Indicates whether the Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile critical update is activated (true) or not (false).
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
fullName string Unique identifier for the certificate
expirationDate number The date the certificate expires and is no longer usable.
keySize number The size of the key in bits.
caSigned boolean Required. Indicates whether this certificate is signed by the issuer (true) or not (false).
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableFeedEdit boolean Indicates whether qualified users can edit feed posts and comments (true) or not (false). Qualified users include. The author of the post or comment. The person who owns the record that was posted to or commented on. The Chatter or site moderator. In Setup, enableFeedEdit equates to the Chatter setting Allow users to edit posts and comments.
enableInviteCsnUsers boolean Indicates whether a licensed user can invite customers to private groups that the licensed user owns or manages (true) or not (false). When the value is set to true, licensed users can invite customers who are from outside org email domains. Invited customers can see information only in the groups that they're invited to. They can interact only with members of those groups. In Setup, enableInviteCsnUsers equates to the Chatter setting Allow customer invitations.
enableTodayRecsInFeed boolean Indicates whether to allow the posting of recommendations for using the Salesforce Today app in users' feeds (true) or not (false). When set to true, automatically posts recommendations for using the Salesforce Today app in users' feeds. In Setup, enableTodayRecsInFeed equates to the Chatter setting Allow Today Recommendations.
enableCaseFeedRelativeTimestamps boolean In Case feeds, indicates whether to use relative (true) or absolute (false) date and time stamp formats on Case feed items. When the value is true, Case feed items show a relative timestamp (for example, 10m ago). When the value is true, users can hover over the relative timestamp to see the absolute. When the value is false, Case feed items show an absolute timestamp (for example, January 7, 2020 at 12:15PM). When you change this setting, all timestamps in Case feeds reflect that change. The default value is true. This field is available in API version 48.0 and later. In Setup, enableCaseFeedRelativeTimestamps equates to the Chatter setting Show relative timestamp
enableFeedPinning boolean Indicates whether to allow the pinning of posts in a feed (true) or not (false). When set to true. Authorized users can pin posts to the top of the feed. The feed supports up to three pinned posts. Pinned posts stay pinned until they're unpinned. After post pinning is enabled, authorized users include admins and group owners and managers. Admins can also assign post pinning permission through permission sets or user profiles. In Setup, enableFeedPinning equates to the Chatter setting Allow post pinning.
allowChatterGroupArchiving boolean Indicates whether manual and automatic group archiving are allowed on all Chatter groups (true) or aren't allowed (false).
allowRecordsInChatterGroup boolean Indicates whether records can be associated with groups (true), or not (false). If groups already have record data, setting this field to false doesn't delete it. In Setup, allowRecordsInChatterGroup equates to the Chatter setting Allow Records in Groups.
enableChatterEmoticons boolean Indicates whether the automatic conversion of text characters, such as :), into a graphic emoticon is allowed in Chatter (true) or isn't allowed (false). In Setup, enableChatter equates to the Chatter setting Allow Emoticons.
enableFeedsRichText boolean Indicates whether to use the Rich Text Editor in the Chatter Publisher (true) or not (false). The rich text editor supports text formats, inline images, hyperlinks, and, when enabled for the org, code snippets. In Setup, enableFeedsRichText equates to the Chatter setting Allow users to compose rich text posts.
enableRichLinkPreviewsInFeed boolean Indicates whether to convert links in posts into embedded videos, images, and article previews (true) or not to convert the links (false). In Setup, enableRichLinkPreviewsInFeed equates to the Chatter setting Allow Rich Link Previews.
enableChatter boolean Indicates whether Chatter is enabled for your org (true) or not (false).
enableFeedsDraftPosts boolean Indicates whether draft posts are automatically saved every seven seconds (true) or not (false). When set to true. Adds the My Drafts feed to the Chatter tab. Saves draft posts automatically every seven seconds. Makes drafts available in the My Drafts feed. When the user posts the entry, the draft is automatically removed from the My Drafts feed. In Setup, enableFeedsDraftPosts equates to the Chatter setting Allow draft posts.
enableOutOfOfficeEnabledPref boolean Indicates whether to add an Out of Office setting to a user profile page (true), or to omit it (false). When the value is set to true, this option adds a control to user profile pages for setting a personal out-of-office message. In Setup, enableOutOfOfficeEnabledPref equates to the Chatter setting Users can set Out of Office message.
unlistedGroupsEnabled boolean Indicates whether to allow the creation of unlisted groups (true) or to prevent their creation (false). When the value is set to true, users can create unlisted groups. Unlisted groups don't appear on the Groups list page. Membership in unlisted groups is by invitation only. In Setup, unlistedGroupsEnabled equates to the Chatter setting Enable Unlisted Groups.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableCspNotesOnAccConPref boolean When true, allows customer users to access notes and attachments associated with accounts and contacts. Available in API version 48.0 and later.
enableNetPortalUserReportOpts boolean When true, allows external users in Experience Cloud sites, with permission, to run reports. Available in API version 48.0 and later.
enableGuestRecordReassignOrgPref boolean When true, allows admins to set a default owner for records created by guest users. Available in API version 48.0 and later.
enableOotbProfExtUserOpsEnable boolean When true, allows use of standard external profiles for self-registration and user creation. Available in API version 48.0 and later.
enablePRMAccRelPref boolean When true, enables Account Relationship object and Account Relationship Data Sharing Rule setup options. Available in API version 48.0 and later.
enableRelaxPartnerAccountFieldPref boolean When true, allows editing for partner account fields on and opportunities and leads. Available in API version 48.0 and later.
enableCspContactVisibilityPref boolean When true, allows users to see contacts from private accounts that they have read access to, when the contact is controlled by the parent record. Available in API version 48.0 and later.
applyLoginPageTypeToEmbeddedLogin boolean When true, applies the Experience Cloud site login page type (default, Login Discovery, Experience Builder, or Visualforce) to all Embedded Login implementations. When false, applies the username and password login page type to all Embedded Login implementations. For orgs created before the Salesforce Summer '20 release, the default setting is false. For new orgs, the default setting is true. Available in API version 49.0 and later.
enableEnablePRM boolean When true, allows admins to enable partner users. Available in API version 48.0 and later.
enableExternalAccHierPref boolean When true, enables the External Account Hierarchy object. Available in API version 48.0 and later.
enableInviteChatterGuestEnabled boolean When true, allows guest users to be invited to use Chatter. Available in API version 48.0 and later.
enableNetworksEnabled boolean When true, allows users to enable digital experiences. Available in API version 47.0 and later.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
id string id is the unique identifier of the connected app.
oauthConfig object Represents the field names that configure how your connected app communicates with Salesforce.
 assetTokenConfig object Specifies an OAuth asset token configuration for the connected app OAuth settings.
 assetIncludeCustomPerms boolean If set to true (default setting), custom permissions associated with the connected app are included in the asset token payload. If set to false, these permissions aren't included.
 assetSigningCertId string The ID of the JWT certificate's signing secret.
 assetValidityPeriod number The asset token's validity period. The validity must be the expiration time of the assertion within 3 minutes, expressed as the epoch number.
 assetAudiences string The audience claim associated with the asset token payload. This claim identifies who the JWT is intended for.
 assetIncludeAttributes boolean If set to true (default setting), custom attributes associated with the connected app are included in the asset token payload. If set to false, these attributes aren't included.
 certificate string The PEM-encoded certificate string, if the app uses a certificate.
 consumerKey string A value used by the consumer for identification to Salesforce.
 isCodeCredentialEnabled boolean Determines whether the app can use the Authorization Code and Credentials Flow to provide identity services to headless, off-platform apps. The Authorization Code and Credentials Flow is the foundation of headless login, headless registration, headless passwordless login, and headless guest identity. If set to true, the connected app can use the Authorization Code and Credentials Flow and all associated Headless Identity features. The default value is false. This field is available in API version 57.0 and later
 isIntrospectAllTokens boolean If set to true, authorizes the connected app to introspect all access and refresh tokens within the entire org. If set to false (default), the connected app can introspect its own tokens.
 isSecretRequiredForRefreshToken boolean If set to true (default), the app's client secret is required in the authorization request of a refresh token and hybrid refresh token flow. If set to false and an app sends the client secret in the authorization request, Salesforce still validates it.
 callbackUrl string The endpoint that Salesforce calls back to your connected app during OAuth; it's the OAuth redirect_uri.
 idTokenConfig object Specifies the ID token configuration for the connected app OAuth settings.
 idTokenIncludeStandardClaims boolean Indicates whether standard claims about the authentication event are included in the ID token.
 idTokenValidity number The length of time that the ID token is valid for after it's issued. The value can be from 1 to 720 minutes. The default is 2 minutes.
 idTokenAudience string The audiences that this ID token is intended for.
 idTokenIncludeAttributes boolean Indicates whether attributes are included in the ID token.
 idTokenIncludeCustomPerms boolean Indicates whether custom permissions are included in the ID token.
 isAdminApproved boolean If set to false (default setting), anyone in the org can authorize the app. Users must approve the app the first time they access it. If set to true, only users with the appropriate profile or permission set can access the app. These users don't have to approve the app before they can access it.
 isPkceRequired boolean Determines whether the Proof Key for Code Exchange (PKCE) extension is required for variations of the OAuth 2.0 authorization code flow configured for the connected app, including the web server flow and Authorization Code and Credentials Flow. For public client apps that can't keep the consumer secret confidential, such as mobile apps, the PKCE extension helps ensure that the client that initiates an authorization flow is the same client that completes it. For this reason, we always recommend implementing PKCE for public clients. We also strongly recommend that you implement PKCE for private clients. If set to true, the PKCE extension is required and any authorization code flow variations that don't implement it fail. If set to false, you can still implement PKCE but it isn't required. The default value is false. This field is available in API version 59.0 and later.
 isClientCredentialEnabled boolean If set to true, the connected app can use the OAuth 2.0 client credentials flow. To use the client credentials flow, you must also specify a user for oauthClientCredentialUser. If set to false (default), the connected app can't use the client credentials flow.
 singleLogoutUrl string The single logout endpoint. This URL is the endpoint where Salesforce sends a logout request when users log out of Salesforce.
 consumerSecret string A value that is combined with the consumerKey and used by the consumer for identification to Salesforce.
 isCodeCredentialPostOnly boolean For the Authorization Code and Credentials Flow, determines whether the user's credentials must be sent in the body of the initial HTTPS POST request to the Salesforce authorization endpoint. Requiring the credentials in the POST body instead of in the header improves security. If set to true, the user's credentials must be included in the POST body. The default value is false.
 isNamedUserJwtEnabled boolean If set to true, the connected app is enabled to issue JSON Web Token (JWT)-based access tokens. For installed apps, JWT-based access tokens must also be enabled in your connected app policies. This field is generally available in API version 59.0 and later.
 isConsumerSecretOptional boolean If set to false (default setting), the connected app's client secret is required in exchange for an access token in the OAuth 2.0 web server flow.
 scopes list<object> A list of scopes associated with the connected app. The scopes refer to permissions given by the user running the connected app.
 scope string The name of the scope.
plugin string The name of a custom Apex class that extends Auth.ConnectedAppPlugin to customize the behavior of the app.
canvasConfig object The configuration options of the connected app if it's exposed as a canvas app.
 samlInitiationMethod string If you're using SAML single sign-on (SSO), indicates which provider initiates the SSO flow.
 accessMethod string Indicates how the canvas app initiates the OAuth authentication flow.
 canvasUrl string The URL of the third-party app that's exposed as a canvas app.
 lifecycleClass string The name of the Canvas.CanvasLifecycleHandler Apex class.
 locations string Indicates where the canvas app can appear to the user.
 options string Indicates whether to hide the share button and header in the publisher for your canvas app, and whether the app is a canvas personal app.
mobileStartUrl string Users are directed to this URL after they've authenticated when the app is accessed from a mobile device. If you don't give a URL, the user is sent to the app's default start page after authentication completes. If the connected app that you're creating is a canvas app, then you can leave this field blank. The Canvas App URL field contains the URL that gets called for the connected app.
oauthPolicy object Specifies Oauth access policies associated with your connected app.
 ipRelaxation string Specifies whether a user's access to the connected app is restricted by IP ranges.
 refreshTokenPolicy string Specifies how long a refresh token is valid for.
 singleLogoutUri string If single logout is enabled, specify the single logout URL.
pluginExecutionUser string Specifies the user to run the plugin as.
samlConfig object Specifies how an app uses single sign-on.
 samlSloUrl string The SAML single-logout endpoint of the connected app service provider (SP). This endpoint is where SAML LogoutRequests and LogoutResponses are sent when users log out of Salesforce. The SP provides this endpoint.
 entityUrl string The entity ID from your service provider.
 encryptionType string When Salesforce is the identity provider, the SAML configuration can specify the encryption method used for encrypting SAML assertions to the service provider. The service provider detects the encryption method in the SAML assertion for decryption.
 encryptionCertificate string The name of the certificate to use for encrypting SAML assertions to the service provider. This certificate is saved in the organization's Certificate and Key Management list.
 issuer string A URI that sends the SAML response. A service provider can use this URI to determine which identity provider sent the response.
 samlIdpSLOBinding string The SAML HTTP binding type from the service provider used for single logout.
 samlNameIdFormat string Indicates the format the service provider (SP) requires for the user's single sign-on identifier.
 samlSigningAlgoType string Indicates the signing algorithm applied to SAML requests and responses when Salesforce is the identity provider.
 samlSubjectCustomAttr string If the samlSubjectType is CustomAttr, include that custom value here; otherwise, leave empty.
 acsUrl string The assertion consumer service URL from the service provider.
 certificate string The PEM-encoded certificate string, if the app uses a certificate.
 samlSubjectType string The single sign-on identifier for the user.
sessionPolicy object Specifies the configuration options for a connected app's session policies. Use these policies to define how long a user's session can last before reauthenticating, to block user access to the connected app, or to require multi-factor authentication (MFA) to access the app.
 policyAction string If the High Assurance session security level is applied to the connected app, specify associated high assurance action.
 sessionLevel string Applies the High Assurance session security level to the connected app. This session level requires users to verify their identity with multi-factor authentication when they log in to the connected app.
 sessionTimeout number The length of time the connected app's session lasts.
contactEmail string Required. The email address Salesforce uses for contacting you or your support team.
contactPhone string The phone number for Salesforce to use to contact you.
description string An optional description for your app.
iconUrl string Reserved for future use.
infoUrl string An optional URL for a web page with more information about your app.
label string Required. The name of the app.
startUrl string If the app isn't accessed from a mobile device, users are directed to this URL after they've authenticated.
attributes object A custom attribute of the connected app. Represents the field names that make up a custom attribute when using SAML with a ConnectedApp. Tailor these values to a specific service provider.
 key string The attribute's identifier.
 formula string The value of the attribute.
ipRanges list<object> Specifies the ranges of IP addresses that can access the app without requiring the user to authenticate with the connected app.
 startAddress string The first address in the IP range, inclusive.
 endAddress string The last address in the IP range, inclusive.
 description string Use this field to identify the purpose of the range, such as which part of a network corresponds to this range.
logoUrl string An optional logo for the app. The logo appears with the app's entry in the list of apps and on the consent page the user sees when authenticating. The URL must use HTTPS, and the logo can't be larger than 125 pixels high or 200 pixels wide. The default logo is a cloud.
permissionSetName string Specifies the permissions required to perform different functions with the connected app.
profileName string Specifies the profile (base-level user permissions) required to perform different functions with the connected app.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
appID string The unique identifier of Connected Application
riskLevel string The risk level associated with the Connected Application.
permissions list<string> The permissions associated with the Connected Application.
connectedAppName string Name of the Connected Application.
riskScore number The risk score associated with the Connected Application.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableAdminApprovedAppsOnlyForExternalUser boolean If false (default), authenticated customers or partners can use any unblocked connected app to access the Salesforce API. If true, authenticated customers and partners can't access the Salesforce API unless they use a connected app that is installed in the org and unblocked. Install and unblock connected apps on the Connected Apps OAuth Usage page. To access this field, you must contact Salesforce Customer Support to enable API Access Control.
enableSkipUserProvisioningWizardWelcomePage boolean If false (default), the User Provisioning Wizard Welcome page shows up when you access the wizard. To skip the welcome page in the future, you can select Do not show me this next time. If true, the Welcome page doesn't show up the next time that you access the wizard.
enableAdminApprovedAppsOnly boolean If false (default), any connected app can call the Salesforce API. If true, only apps that have been approved or installed by the admin can call the Salesforce API. To access this field, you must contact Salesforce Customer Support to enable API Access Control.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
LastModifiedById string User The unique identifier (id) for the User who modified the Connected Application recently.
SystemModstamp number The time when the Connected Application was last modified by a user or an automated process (such as a trigger)
MobileSessionTimeout string Length of time after which the system logs out inactive mobile users
OptionsHasSessionLevelPolicy boolean Specifies whether the connected app requires a High Assurance level session.
PinLength number For mobile apps, this field is the PIN length requirement for users of the connected app. Valid values are 4, 5, 6, 7, or 8.
Id string The unique identifier of Connected Application
MobileStartUrl string Users are directed to this URL after they've authenticated when the app is accessed from a mobile device.
OptionsAllowAdminApprovedUsersOnly boolean Indicates whether access is limited to users granted approval to use the connected app by an administrator. Manage profiles for the app by editing each profile's Access list.
OptionsRefreshTokenValidityMetric boolean Specifies whether the refresh token validity is based on duration or inactivity. If true, the token validity is measured based on the last use of the token; otherwise, it is based on the token duration.
RefreshTokenValidityPeriod number The duration of an authorization token until it expires in hours, months, or days as set in the connected app management page.
StartUrl string If the app is not accessed from a mobile device, users are directed to this URL after they've authenticated.
CreatedDate number The time when the Connected Application was created
LastModifiedDate number The time when the Connected Application was last modified by a user
Name string The unique name for this object.
CreatedById string User The unique identifier (id) for the User who created the Connected Application.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
groups list<string> The groups with users assigned by delegated administrators.
label string Required. The delegated group's non-API name.
loginAccess boolean Required. Allows users in this group to log in as users in the role hierarchy that they administer (true) or not (false). Depending on your organization settings, individual users must grant login access to allow their administrators to log in as them.
roles list<string> The roles and subordinates for which delegated administrators of the group can create and edit users.
id string Unique identifier for the DelegateGroup
fullName string Name of the DelegateGroup
customObjects list<string> The custom objects associated with the group. Delegated administrators can customize nearly every aspect of each of those custom objects, including creating a custom tab. However, they cannot create or modify relationships on the objects or set organization-wide sharing defaults. Delegated administrators must have access to custom objects to access the merge fields on those objects from formulas.
permissionSets list<string> The permission sets assignable to users in specified roles and all subordinate roles by delegated administrators.
profiles list<string> The profiles assignable to users by delegated administrators.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
CreatedDate number The time when the DelegateGroupMember was created.
UserOrGroupId string User The reference indicating the user id of the delegated administrator for the delegate group currently. Group is reserved for future development by Salesforce.
Id string The unique identifier of DelegateGroupMember.
DelegateGroupId string DelegateGroup The id of the associated delegate group.
SystemModstamp number The time when the DelegateGroupMember was last modified by a user or an automated process (such as a trigger).
CreatedById string User The unique identifier (id) for the User who assigned the user to DelegateGroup.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableComplianceBcc boolean Indicates whether a copy of each outbound email message is sent to an email address you specify (true) or not (false). This field has a default value of false.
enableEmailWorkflowApproval boolean Indicates whether users can respond to email approval requests directly from their email (true) or not (false). This field has a default value of false.
enableEnhancedEmailEnabled boolean Indicates whether Enhanced Email is enabled (true) or not (false). Default value is true.
enableSendViaExchangePref boolean Indicates whether users can use Office 365 to send emails (true) or not (false). Default value is false.
enableUseOrgFootersForExtTrans boolean Indicates whether emails sent through external email services (such as Gmail or Office 365) include the Salesforce footer (true) or not (false). This field has a default value of false.
sendMassEmailNotification boolean Indicates whether users receive an auto-generated status email from Salesforce for each mass email they send (true) or not (false). This field has a default value of true.
enableRestrictTlsToDomains boolean Indicates whether the selected Transport Layer Security (TLS) setting applies only to specific domains (true) or applies to all domains (false). This field has a default value of false.
enableEmailSpfCompliance boolean Indicates whether outgoing emails comply with Sender Policy Framework (SPF) email authentication (true) or not (false). This field has a default value of true.
enableListEmailLogActivities boolean Indicates whether Salesforce logs sent list emails as activities (true) or not (false). Default value is true.
enableResendBouncedEmails boolean Indicates whether the system forwards a copy of each bounced email message to the sender (true) or only displays the bounce alert (false). This field has a default value of false. To enable this preference, enableHandleBouncedEmails must be set to true.
enableSendViaGmailPref boolean Indicates whether users can use Gmail to send emails (true) or not (false). Default value is false.
enableEmailConsentManagement boolean Indicates whether Enforce Email Privacy Settings is enabled (true) or not (false). When enabled, Salesforce respects each recipient's email privacy preferences. Default value is false.
enableEmailSenderIdCompliance boolean Indicates whether outgoing emails comply with Sender ID email protocols (true) or not (false). This field has a default value of false. To enable this preference, enableEmailSpfCompliance must be set to true.
enableEmailToSalesforce boolean Indicates whether Email to Salesforce is enabled (true) or disabled (false). This field has a default value of false.
enableHtmlEmail boolean Indicates whether users receive Email-To-Case emails in HTML format (true) or receive a text version instead (false). This field has a default value of false. When this field is set to true, users receive a warning message about potential malicious HTML before they view incoming HTML email content.
enableInternationalEmailAddresses boolean Indicates whether non-Latin-based characters are allowed in email addresses (true) or not (false) when sending emails to and from Salesforce. This field has a default value of true in orgs created in Summer '20 or later. In orgs created in Spring '20 or earlier, the default value is false. Available in API version 49.0 and later.
enableHandleBouncedEmails boolean Indicates whether emails sent from Salesforce to an invalid email address bounce back to Salesforce (true) or not (false) . This field has a default value of true. With bounce handling enabled, reps know which lead, contact, or person account has a bad email address, and they know which specific email wasn't delivered.
sendTextOnlySystemEmails boolean Indicates whether all system emails are sent via text only (true) or allow other formats (false). This field has a default value of false.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Username string Specifies the username for relay host STMP authentication. When IsRequireAuth is set to true, this field is required.
AuthType string Specifies which SASL mechanism Salesforce uses for SMTP authentication. This field is available when Enable SMTP Auth is selected. Possible values include: PLAIN, LOGIN.
Port string Indicates the port number of your company's SMTP server. Possible values include: 25, 587, 10025, 11025.
Host string Indicates the host name or IP address of your company's SMTP server
IsRequireAuth boolean Indicates whether (true) or not (false) authentication is required. When setting this field to true, the TlsSetting must be set to RequiredVerify.
TlsSetting string Specifies whether Salesforce uses TLS for SMTP sessions. Possible values include: Off, Preferred, Required, PreferredVerify, RequiredVerify.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
canOptOutOfDerivationWithBYOK boolean Indicates that users can opt out of key derivation processes on a key-by-key basis when they upload key material (true) or can't (false). The default value is false.
enableCacheOnlyKeys boolean Indicates whether the Cache-Only Key Service is available (true) or not (false). The default value is false. If set to true, users can configure a cache-only key callout connection and apply key material stored outside of Salesforce to data on demand.
enableReplayDetection boolean Indicates whether cache-only key callouts are protected from replay attacks by a nonce (true) or not (false). Requires enableCacheOnlyKeys='true' before setting enableReplayDetection to true.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableDeleteMonitoringData boolean Allows (true) or disallows (false) users to delete event log files and LoginEvent data. Users require the Delete Event Monitoring Records user permission, which is available when this setting is enabled. Default value is false.
enableTransactionSecurityPolicies boolean Enables (true) or disables (false) the ability to create and use transaction security policies in the Salesforce UI. Default value is false.
enableDynamicStreamingChannel boolean Enables (true) or disables (false) the dynamic creation of a streaming channel when you subscribe to generic streaming. Default value is false.
enableLoginForensics boolean Enables (true) or disables (false) the Login Forensics feature. Login Forensics helps you track and audit your org's user login activity. Default value is false. Available in API versions 47.0-49.0.
enableStreamingApi boolean Enables (true) or disables (false) Streaming API in the org. Default value is true.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
dispositions object Represents the metadata used to manage file type behavior.
 behavior string File download behavior
 filetype string The file type that this disposition applies to
 securityRiskFiletype boolean Indicates file types that cannot have behavior set to EXECUTE, due to security risks.
noHtmlUploadAsAttachment boolean Indicates whether to allow HTML uploads as attachments or document records.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
CreatedById string User The unique identifier (id) for the User who created the Group.
CreatedDate number The time when the Group was created.
LastModifiedDate number The time when the Group was last modified by a user
Email boolean Email address for a group of type Case. Applies only for a case queue.
DoesSendEmailToMembers string Indicates whether the email is sent (true) or not sent (false) to the group members. The email is sent to queue members as well.
Name string Required. Name of the group. Corresponds to Label on the user interface.
OwnerId string ID of the user who owns the group.
Type string Required. Type of the group. One of the following values: ["AllCustomerPortal", "ChannelProgramGroup", "CollaborationGroup", "Manager", "ManagerAndSubordinatesInternal", "Organization","Participant","PRMOrganization","Queue","Regular","Role","RoleAndSubordinates","RoleAndSubordinatesInternal","Territory","TerritoryAndSubordinates"]
SystemModstamp number The time when the Group was last modified by a user or an automated process (such as a trigger).
LastModifiedById string User The unique identifier (id) for the User who modified the Group.
DeveloperName string The name of the object in the API. This name is unique by group type and corresponds to Group Name in the user interface.
DoesIncludeBosses string Indicates whether the managers have access (true) or do not have access (false) to records shared with members of the group.
Id string The unique identifier of Group.
RelatedId string Represents the ID of the associated groups. For groups of type "Role" the ID of the associated UserRole. The RelatedId field is polymorphic.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
GroupId string Group ID of the Group.
UserOrGroupId string User Group ID of the User or Group that is a direct member of the group.
SystemModstamp number The time when the GroupMember was created.
MemberType string Custom field added by SPM product to identify Type of member.
Id string The unique identifier of GroupMember.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableAuraCDNPref boolean Indicates whether Lightning Experience and other apps use a content delivery network (CDN) to serve the static content for Lightning Component framework.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableS1EncryptedStoragePref2 boolean Indicates whether the Salesforce mobile web uses secure and persistent browser caching to improve performance (true) or not (false).
ATTRIBUTE TYPE REFERS TO DESCRIPTION
useStabilizedMyDomainHostnames boolean Indicates whether the instance name is hidden in My Domain URLs for Visualforce, Experience Builder, Site.com Studio, and content files (true) or not (false). This field has a default value of true. For example, MyDomainName--PackageName.na44.visual.force.com becomes MyDomainName--PackageName.visualforce.com when this field is set to true.
useStabilizedSandboxMyDomainHostnames boolean This field corresponds to the Stabilize the Hostname for My Domain URLs in Sandboxes release update, which was enforced in Summer '20. When true, the instance name is hidden in My Domain URLs for sandboxes orgs. For example, MyDomainName--test.cs5.my.salesforce.com became MyDomainName--test.my.salesforce.com. As of API version 49.0, this field's value is always true, regardless of the value that you set. Changing its value has no effect on Salesforce, even if it reads false. This change applies retroactively back to API version 47.0, when this field was first introduced. Previously, in API version 47.0 to 49.0, this field indicated whether the instance name was hidden in My Domain URLs for sandboxes orgs (true) or not (false), and the field's default value was false. Now, in all API versions, this field's value is always true, even if it reads false.
canOnlyLoginWithMyDomainUrl boolean If true, users must use the org's My Domain login URL to log in. If false (default), users can also log in using the org's instance Salesforce URL, https://InstanceName.salesforce.com, and through the login URL https://login.salesforce.com.
doesApiLoginRequireOrgDomain boolean If true, users must use the org's My Domain login URL to access the Salesforce API. If false (default), users can also access the Salesforce API using the generic Salesforce page, https://InstanceName.salesforce.com and through the login URL https://login.salesforce.com.
enableNativeBrowserForAuthOnAndroid boolean If true, use the native browser for authentication of Android mobile apps. Default is false.
enableNativeBrowserForAuthOnIos boolean If true, use the native browser for authentication of iOS mobile apps. Default is false.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
CreatedDate number The time when the OauthToken was created
AppMenuItemId string The unique ID for the App Picker menu item that's associated with this OAuth token.
Id string Reserved for future use. Currently, the value is always null.
UseCount number How often the token has been used.
AccessToken string The refresh token for authorization.
AppName string The label for the connected app that's associated with this OAuth token.
LastUsedDate number The most recent date when the OAuth token was used.
RequestToken string The authorization code that was used to request the corresponding AccessToken. With this authorization code, you can revoke the corresponding AccessToken by passing the DeleteToken.
UserId string User The owner of the token.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
CreatedById string User The unique identifier (id) for the User who created the ObjectPermission.
CreatedDate number The time when the ObjectPermission was created for Parent PermissionSet.
PermissionsModifyAllRecords boolean If true, users assigned to the parent PermissionSet can edit all records for this object, regardless of sharing settings. Requires PermissionsRead, PermissionsDelete, PermissionsEdit, and PermissionsViewAllRecords for the same object to be true.
LastModifiedDate number The time when the User was last modified by a user
PermissionsDelete boolean If true, users assigned to the parent PermissionSet can delete records for this object. Requires PermissionsRead and PermissionsEdit for the same object to be true.
SystemModstamp number The time when the ObjectPermission was last modified by a user or an automated process (such as a trigger).
Id string The unique identifier of ObjectPermission.
LastModifiedById string User The unique identifier (id) for the User who modified the ObjectPermission associated with PermissionSet.
ParentId string PermissionSet The Id of this object's parent PermissionSet.
PermissionsEdit boolean If true, users assigned to the parent PermissionSet can edit records for this object. Requires PermissionsRead for the same object to be true.
SobjectType string The object's API name.
PermissionsCreate boolean If true, users assigned to the parent PermissionSet can create records for this object. Requires PermissionsRead for the same object to be true.
PermissionsRead boolean If true, users assigned to the parent PermissionSet can view records for this object.
PermissionsViewAllRecords boolean If true, users assigned to the parent PermissionSet can view all records for this object, regardless of sharing settings. Requires PermissionsRead for the same object to be true.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
questionRestriction string The restriction on whether the answer to the password hint question can contain the password itself. Valid values are None, DoesNotContainPassword
maxLoginAttempts string The number of login failures allowed for a user before the user is locked out. Valid values are NoLimit, ThreeAttempts, FiveAttempts, TenAttempts. This value is the default value.
minimumPasswordLength number The minimum number of characters required for a password. The number can contain from 5 to 50 characters (default is 8). Available in API version 35.0 and later. Before API version 35.0, specify minimum password length with the enumeration minPasswordLength, with valid values FiveCharacters, EightCharacters (default), TenCharacters, TwelveCharacters (API version 31.0 and later), and FifteenCharacters (API version 34.0 and later).
minimumPasswordLifetime boolean If enabled (true), passwords can't be changed more than one time during a 24-hour period.
obscureSecretAnswer boolean If enabled (true), hide answers to security questions as the user types.
complexity string The types of characters that must be used in a user's password. Valid values are NoRestriction, AlphaNumeric, SpecialCharacters, UpperLowerCaseNumeric, UpperLowerCaseNumericSpecialCharacters, Any3UpperLowerCaseNumericSpecialCharacters
expiration string The length of time until a user password expires and must be changed. Valid values are Never, ThirtyDays, SixtyDays, NinetyDays, SixMonths, OneYear
historyRestriction number The number of previous passwords saved for users so that they must always reset a new, unique password. Valid values are 0 through 24 passwords remembered. The maximum value of 24 applies to API version 31.0 and later. In earlier versions, the maximum value is 16.
lockoutInterval string The duration of the login lockout. Valid values are FifteenMinutes (this value is the default value), ThirtyMinutes, SixtyMinutes, Forever (must be reset by admin)
ATTRIBUTE TYPE REFERS TO DESCRIPTION
IsOwnedByProfile boolean If true, the permission set is owned by a profile. Available in API version 25.0 and later.
LastModifiedDate number The time when the User was last modified by a user
PermissionSetGroupId string If the permission set is owned by a permission set group, this field returns the ID of the permission set group. If the permission set isn't owned by a permission set group, this field returns a null value.
Permissions list<object> One field for each permission. The number of fields varies depending on the permissions for the organization and license type.
 PermissionName string The name of the Permission.
 isEnabled boolean If true, users assigned to this permission set have the named permission.
ProfileId string Profile If the permission set is owned by a profile, this field returns the ID of the Profile. If the permission set isn't owned by a profile, this field returns a null value.
NamespacePrefix string The namespace prefix for a permission set that's been installed as part of a managed package. If the permission set isn't packaged or is part of an unmanaged package, this value is empty.
Type string Permission Set Type.
Description string A description of the permission set. Limit: 255 characters.
HasActivationRequired boolean Indicates whether the permission set requires an associated active session (true) or not (false).
Id string The unique identifier of PermissionSet.
Label string The permission set label, which corresponds to Label in the user interface. Limit: 80 characters.
LastModifiedById string User The unique identifier (id) for the User who modified the PermissionSet.
LicenseId string The ID of either the related PermissionSetLicense or UserLicense associated with this permission set.
Name string The unique name of the object in the API. This name can contain only underscores and alphanumeric characters, and must be unique in your organization. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores. Corresponds to API Name in the user interface. Limit: 80 characters.
SystemModstamp number The time when the ObjectPermission was last modified by a user or an automated process (such as a trigger).
CreatedById string User The unique identifier (id) for the User who created the PermissionSet.
CreatedDate number The time when the PermissionSet.
IsCustom boolean If true, the permission set is custom (created by an admin); if false, the permission set is standard and related to a specific permission set license.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
PermissionSetId string PermissionSet Unique Identifier of PermissionSet
SystemModstamp number The time when the ObjectPermission was last modified by a user or an automated process (such as a trigger).
AssigneeId string User ID of the User to assign the permission set specified in PermissionSetId.
ExpirationDate number The date that the assignment of the permission set expires for the specified user.
Id string The unique identifier of PermissionSetAssignment.
IsActive boolean Indicates whether the permission set assignment is active (true) or not (false). Defaults to false.
PermissionSetGroupId string If the permission set is owned by a permission set group, this field returns the ID of the permission set group. If the permission set isn't owned by a permission set group, this field returns a null value.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
canEncryptManagedPackageFields boolean Indicates whether users can enable encryption on custom fields in installed managed packages (true) or not (false).
enableDeterministEncryption boolean Indicates whether customers apply the deterministic encryption scheme to supported fields (true) or not (false). The deterministic encryption scheme lets customers filter on encrypted data.
enableEventBusEncryption boolean Indicates whether events are encrypted at rest in the event bus (true) or not (false). The events include change data capture events and platform events. The default value is false. If false, events aren't encrypted and are stored in clear text in the event bus.
enableEncryptFieldHistory boolean Indicates whether the background encryption process applies the customer's active key material to field history and feed tracking values (true) or not (false). The default value is false. If false, background encryption processes apply active key material to all encrypted data except duplicates of that data stored in field history or feed tracking.
isMEKForEncryptionRequired boolean Indicates whether encryption policy tasks, such as enabling encryption on fields, also require the Manage Encryption Keys permission (true) or not (false), in addition to those tasks' baseline permissions.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
UserLicenseId string ID of the UserLicense associated with this profile..
CreatedById string User The unique identifier (id) for the User who created the Profile.
Id string The unique identifier of Profile.
LastReferencedDate number The timestamp for when the current user last viewed a record related to this profile.
LastViewedDate number The timestamp for when the current user last viewed this profile.
Name string The unique name of the object in the API. This name can contain only underscores and alphanumeric characters, and must be unique in your organization. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores. Corresponds to API Name in the user interface. Limit: 80 characters.
Permissions list<object> One field for each permission. The number of fields varies depending on the permissions for the organization and license type.
 PermissionName string The name of the Permission.
 isEnabled boolean If true, users assigned to this permission set have the named permission.
CreatedDate number The time when the Profile was created.
Description string A description of the Profile.
LastModifiedById string User The unique identifier (id) for the User who modified the Profile.
LastModifiedDate number The time when the Profile was last modified by a user
SystemModstamp number The time when the ObjectPermission was last modified by a user or an automated process (such as a trigger).
UserType string The category of user license. Each UserType is associated with one or more UserLicense records. Each UserLicense is associated with one or more profiles.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
RealTimeEvents list<object> A list of Real-Time Event entities
 entityName string The name of the storage or streaming entity to be modified. For example, ApiEvent or ApiEventStream.
 isEnabled boolean Indicates whether to enable storage or streaming capability.
StreamingApiConcurrentClients object The number of Concurrent CometD clients (subscribers) across all channels and for all event types
 Max number The maximum number of Concurrent CometD clients (subscribers) across all channels and for all event types
 Remaining number The remaining number of Concurrent CometD clients (subscribers) across all channels and for all event types that can subscribe
ATTRIBUTE TYPE REFERS TO DESCRIPTION
disableProtocolSecurity boolean Indicates whether code within Salesforce can access the remote site regardless of whether the user's connection is over HTTP or HTTPS (true) or not (false). When true, code within Salesforce can pass data from an HTTPS session to an HTTP session, and vice versa.
fullName string The name can only contain characters, letters, and the underscore (_) character, must start with a letter, and cannot end with an underscore or contain two consecutive underscore characters.
isActive boolean Indicates if the remote site setting is active (true) or not (false).
url string The URL for the remote site.
description string The description explaining what this remote site setting is used for.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableSOSLOnCustomSettings boolean Indicates whether custom settings values are returned in Salesforce Object Search language (SOSL) queries (true) or not (false). This field has a default value of false.
enableAdvancedCMTSecurity boolean Indicates whether custom metadata type values are available only to Apex, flow, and formula operations (true) or exposed in other contexts such as through the Enterprise WSDL or SOAP API (false). This field has a default value of false.
enableAdvancedCSSecurity boolean Indicates whether custom settings type values are available only to Apex, flow, and formula operations (true) or exposed in other contexts such as through the Enterprise WSDL or SOAP API (false). This field has a default value of false.
enableListCustomSettingCreation boolean Indicates whether you can create custom settings when using application-level data definitions (true) or not (false). This field has a default value of false.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableAuraSecureEvalPref boolean If true, this setting prevents the creation of function expressions in dynamically created Aura components. The default is false. This field is available in API version 47.0 and later.
enableCoepHeader boolean Indicates whether the Cross-Origin Embedder Policy (COEP) response header is applied to this org's custom Visualforce pages (true) or not (false). If true, externally sourced embedded content loads only when the external origin allows it via CORS or CORP. The default value is false.
enableCoopHeader boolean Indicates whether the Cross-Origin Opener Policy (COOP) response header is applied to this org's custom Visualforce pages (true) or not (false). If true, each custom Visualforce page opens in a new browsing context group. The default value is false.
enableCrossOrgRedirects boolean Indicates whether redirections to other Salesforce orgs are allowed (true) or blocked (false). In orgs that got Winter '24 before October 2023, the default value is false. In all other orgs, the default value is true. This setting applies to user redirections via a direct link, a post-action URL, or a post-login URL in Salesforce. An example of a direct link is <a href='https://www.example.com'>example.com</a>. Post-action URLs and post-login URLs use a protected URL redirect parameter, such as retURL, startURL, saveURL, cancelURL, and targetURL. Subsequent redirections can't be verified because they occur outside Salesforce. When this field is set to true, no warning is displayed to the user upon redirection to another Salesforce org. For better security, add the URLs for the Salesforce orgs that you own to RedirectWhitelistUrl and set this field to true.
enablePermissionsPolicy boolean Indicates whether the pages that Salesforce serves for this org include the Permissions-Policy HTTP header. This HTTP header controls access to browser features such as cameras and microphones. When this field is false, access to the browser features is always permitted. The default value is false
sendCspForUncommonClients boolean In rare cases, Salesforce can't identify whether the requesting app or specialized browser supports the Content-Security-Policy: frame-ancestors HTTP header directive. In those cases, this field indicates whether that directive is included in (true) or omitted from (false) the HTTP response header for pages that Salesforce serves for this org. The default value is false. When sendCspForUncommonClients is true, users who access Salesforce via an app or browser that doesn't support the Content-Security-Policy: frame-ancestors HTTP header directive can experience errors if that lack of support is unclear.
canUsersGrantLoginAccess boolean If true, users can grant login access to Support. If false, only an admin can grant login access.
enableAdminLoginAsAnyUser boolean If true, the "Administrator Can Log in as Any User" field is enabled
enableAuditFieldsInactiveOwner boolean If true, this setting enables audit fields and updating the owner for records that are owned by inactive users. The default value is false. This field is available in API version 47.0 and later.
enforceUserDeviceRevoked boolean If enabled, and a UserDevice's status is set to revoked, that device can't log in from a Salesforce app. Logins from browsers aren't affected. This field is available in API version 50.0 and later.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableCSRFOnPost boolean Indicates whether Cross-Site Request Forgery (CSRF) protection on POST requests on non-setup pages is enabled (true) or disabled (false).
enableClickjackNonsetupUser boolean Indicates whether clickjack protection for customer Visualforce pages with standard headers turned on is enabled (true) or disabled (false).
referrerPolicy boolean Indicates whether the referer header hides sensitive information that could be present in the full URL. If true, then the referer header displays only salesforce.com. If false, then the header displays the entire URL. For a Visualforce user, if referrerPolicy is set to true, then the referer header displays only force.com. If false, then the header displays the entire URL. Available in API version 42.0 and later.
referrerPolicyDirective string The HTTP referrer policy directive for pages served by Salesforce. The default is origin-when-cross-origin. If referrerPolicy is false, this value has no effect. Valid values are: origin-when-cross-origin, no-referrer, no-referrer-when-downgrade, origin, same-origin, strict-origin, strict-origin-when-cross-origin, and unsafe-url
disableTimeoutWarning boolean Indicates whether the session timeout warning popup is disabled (true) or enabled (false).
enableCSPOnEmail boolean Indicates whether a content security policy is enabled for the email template. A content security policy helps prevent cross-site scripting attacks by listing allowed sources of images and other content.
enablePostForSessions boolean Indicates whether cross-domain session information is exchanged using a POST request instead of a GET request, such as when a user is using a Visualforce page. In this context, POST requests are more secure than GET requests. Available in API version 31.0 and later.
lockerServiceNextControl boolean Reserved for internal use
canConfirmEmailChangeInLightningCommunities boolean When users change their email address, they receive an email at the new address with a link. After they click the link, their new email address takes effect.
enableClickjackNonsetupUserHeaderless boolean Indicates whether clickjack protection for customer Visualforce pages with standard headers turned off is enabled (true) or disabled (false).
enableClickjackSetup boolean Indicates whether clickjack protection for setup pages is enabled (true) or disabled (false).
hasUserSwitching boolean If 'Enable user switching' is true (default), users can log in to other orgs by selecting their profile picture and using the Switcher. You must also enable the 'Enable caching and autocomplete on login page' setting. If false, the Switcher isn't enabled and your org doesn't appear in Switchers on other orgs.
forceLogoutOnSessionTimeout boolean If enabled (true), the default, when sessions time out for inactive users, current sessions become invalid. The browser refreshes and returns to the login page. To access the organization, the user must log in again.
lockSessionsToDomain boolean Indicates whether the current UI session for a user is associated with a specific domain. This check helps prevent unauthorized use of the session ID in another domain. The value is true by default for orgs created with the Spring '15 release or later. Available in API version 33.0 and later.
lockSessionsToIp boolean Indicates whether user sessions are locked to the IP address from which the user logged in (true) or not (false).
sessionTimeout string The length of time after which users without activity are prompted to log out or continue working. Valid values are FifteenMinutes, ThirtyMinutes, SixtyMinutes, TwoHours, FourHours, EightHours, TwelveHours
allowUserAuthenticationByCertificate boolean If enabled (true), users can authenticate with a PEM-encoded X.509 digital certificate. Not enabled by default. Available in API version 47.0 and later.
redirectionWarning boolean Indicates whether users see an alert when they click a link in a web tab that redirects them outside the saleforce.com domain. Available in API version 42.0 and later.
enforceIpRangesEveryRequest boolean If true, the IP addresses in Login IP Ranges are enforced when a user accesses Salesforce (on every page request), including access from a client app. If false, the IP addresses in Login IP Ranges are enforced only when a user logs in. This field affects all user profiles that have login IP restrictions. Available in API version 34.0 and later.
enforceUserDeviceRevoked boolean If enabled, and a UserDevice's status is set to revoked, that device can't log in from a Salesforce app. Logins from browsers aren't affected. This field is available in API version 50.0 and later.
identityConfirmationOnEmailChange boolean Indicates if a user's identity is confirmed when changing their email address, instead of requiring a re-login. This field is available in API version 42.0 and later.
redirectBlockModeEnabled boolean If true, users can't access untrusted URLs outside the salesforce.com domain via links in a web tab. When a user clicks the link, a message informs the user that they can't access the page because the external site isn't trusted. The default is false.
enableLightningLogin boolean If enabled (true), users can use Lightning Login (Salesforce Authenticator) to log in instead of a password. Available in API Version 47.0 and later.
enableOauthCorsPolicy boolean If set to true, enables Cross-Origin Resource Sharing (CORS) for these OAuth endpoints: /services/oauth2/token /services/oauth2/revoke /services/oauth2/introspect Default setting is false. Available in API version 50.0 and later.
enableSMSIdentity boolean If enabled (true), the default, users can receive a one-time password in a text message (SMS) to verify their identity. Users must verify their mobile phone number before they can receive SMS messages.
enableU2F boolean If enabled (true), users can use a physical U2F-compatible security key for multi-factor authentication (MFA) and identity verification. The default is false. Available in API version 47.0 and later.
hasRetainedLoginHints boolean If you enable 'Remember me until logout' (true), usernames (login hints) are cached until the user logs out. If a session times out, usernames appear on the Switcher as inactive. If false (default), usernames aren't cached for SSO sessions.
lockerServiceCSP boolean If true, a stricter Content Security Policy is enabled to disallow the unsafe-inline source for the script-src CSP directive. Script tags can't be used to load JavaScript, and event handlers can't use inline JavaScript. Lightning Locker and Lightning Web Security depend on this setting to be enabled to protect Lightning components.
forceRelogin boolean If true, an admin who is logged in as another user must log in again to their original session, after logging out as the secondary user. If false, the admin isn't required to log in again.
requireHttpOnly boolean Sets the HttpOnly attribute on session cookies, making them inaccessible via JavaScript. If true, session ID cookie access is restricted.
enableCSRFOnGet boolean Indicates whether Cross-Site Request Forgery (CSRF) protection on GET requests on non-setup pages is enabled (true) or disabled (false).
enableContentSniffingProtection boolean Indicates if the browser is prevented from inferring the MIME type from the document content and from executing malicious files (JavaScript, Stylesheet) as dynamic content. This field is available in API version 39.0 and later.
allowUserCertBasedAuthenticationWithOcspValidation boolean If enabled (true), authentication certificates are validated using the Online Certificate Status Protocol (OCSP) or a Certificate Revocation List (CRL).
enableMFADirectUILoginOptIn boolean Requires all users in your Salesforce org to provide an additional verification method when logging in directly to the UI with their username and password. Users who are already enabled via the Multi-Factor Authentication for User Interface Logins user permission experience no change. The Waive Multi-Factor Authentication for Exempt Users user permission overrides this setting.
lockerServiceNext boolean If true, Lightning Web Security is used instead of Lightning Locker to protect Lightning web components. Lightning Locker continues to protect Aura components. If false, Lightning Locker protects Lightning web components and Aura components.
canConfirmIdentityBySmsOnly boolean Prevents identity verification by email for users who have registered other verification methods, such as SMS or Salesforce Authenticator. If no other verification methods are configured, users are verified by email. By default, this setting is disabled (false) for existing orgs. For new orgs, this setting is enabled (true) by default. Available in API version 48.0 and later.
enableCacheAndAutocomplete boolean Indicates whether the user's browser is allowed to store usernames and auto-fill the User Name field on the login page (true) or not (false).
enableClickjackNonsetupSFDC boolean Indicates whether clickjack protection for non-setup Salesforce pages is enabled (true) or disabled (false).
enableLightningLoginOnlyWithUserPerm boolean If enabled (true), only users with the Lightning Login User permission can log in with Salesforce Authenticator instead of a password. Available in API version 47.0 and later.
FileUploadAndDownloadSecurityRules list<object> A list of rules representing the security settings for uploading and downloading files.
 noHtmlUploadAsAttachment boolean Indicates whether to allow HTML uploads as attachments or document records.
 dispositions string Represents the metadata used to manage file type behavior.
identityConfirmationOnTwoFactorRegistrationEnabled boolean Indicates if users are required to confirm their identities when adding a verification method such as Salesforce Authenticator for multi-factor authentication (MFA), instead of requiring a re-login. (Multi-factor authentication was formerly called two-factor authentication.) This field is available in API version 40.0 and later.
enableBuiltInAuthenticator boolean Indicates whether users can verify their identity with a built-in authenticator that's already on their device (true), such as Touch ID or Windows Hello, or not (false). The default value is false
sidToken3rdPartyAuraApp boolean If true, a Lightning app replaces the authentication cookie with a session token when the Lightning app is in a third-party context, such as Lightning Out. Browsers are restricting the use of third-party cookies. This org setting is an alternative for the authentication cookie to requiring that users disable browser settings, such as Safari's Prevent cross-site tracking setting
useLocalStorageForLogoutUrl boolean Redirects all expired tabs in your browser to your custom logout URL (true). By default, this option is enabled for all new orgs and is available in API version 52.0 and later. For orgs created prior to the Summer '21 release, the default setting is false.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableSecureGuestAccess boolean When true, guest users have organization-wide defaults set to Private. To share records with them, guest user sharing rules must be used.
deferGroupMembership boolean Indicates whether group membership calculations are suspended (true) or not (false). This field has a default value of false. This field is available in API version 49.0 and later.
enableManualUserRecordSharing boolean Indicates whether users can share their own user record (true) or not (false). This field has a default value of false.
enableStandardReportVisibility boolean Indicates whether users can view reports based on standard report types that may expose data of users to whom they don't have access (true) or not (false). This field has a default value of false.
enableAccountRoleOptimization boolean Indicates whether person roles are assigned to new site users in accounts without existing users (true) or if regular site roles are created for new users (false). This field has a default value of false.
enableAssetSharing boolean Indicates whether sharing is enabled for assets (true) or asset access is determined by the parent object's sharing rules (false). This field has a default value of false.
enableManagerGroups boolean Indicates whether users can share records with their managers and manager subordinates groups (true) or not (false). This field has a default value of false. To use this field, you need the 'View and Manage Users' permission.
enablePortalUserVisibility boolean Indicates whether portal users in the same customer or partner portal account can see each other regardless of the organization-wide defaults (true) or not (false). This field has a default value of false. To enable this field, contact Salesforce Support.
enableRemoveTMGroupMembership boolean Removes group membership info for the original territory management feature after migrating to Enterprise Territory Management when set to true. This field has a default value of false. Once this field is set to true, it can't be set to false again.
enableRestrictAccessLookupRecords boolean Indicates whether users must have read access to a record to see the record's name in lookup and system fields (true) or not (false). This field has a default value of true in Salesforce orgs created in Spring '20 or later and a default value of false in all other orgs. This field is available in API version 48.0 and later.
enableTerritoryForecastManager boolean Indicates whether forecast managers can act as delegated administrators for territories below them in the hierarchy (true) or not (false). This field has a default value of false.
deferSharingRules boolean Indicates whether sharing rule calculations are suspended (true) or not (false). This field has a default value of false. This field is available in API version 49.0 and later.
enableCommunityUserVisibility boolean Indicates whether site users in the same site can see each other regardless of the organization-wide defaults (true) or not (false). This field has a default value of false. In orgs created in API version 47.0 and later, this setting doesn't apply to guest users.
enablePartnerSuperUserAccess boolean Indicates whether you can grant super user access to partners in sites (true) or not (false). This field has a default value of false. To use this field, you need the 'Customize Application' permission.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableSamlLogin boolean If you enable 'SAML Enabled' (true), users can SSO into Salesforce from providers via SAML. The default isn't enabled (false).
enableMultipleSamlConfigs boolean If true (default), you can configure multiple SAML providers. After enabling the setting, it can't be disabled.
enableSamlJitProvisioning boolean If you enable User Provisioning Enabled (true), you can provision users through a SAML assertion (called just-in-time provisioning). Requires EnableSamlLogin to be true and enableMultipleSamlConfigs to be false. The default is enabled (false).
enableForceDelegatedCallout boolean If you enable Force Delegated Authentication Callout (true), a callout to the SSO endpoint occurs regardless of login restriction failures. If disabled (false), the default, and if a user's first login attempt fails due to login restrictions within the Salesforce org, a call isn't made to the SSO endpoint.
enableCaseInsensitiveFederationID boolean If you enable Make Federation ID case-insensitive (true), the Federation ID field on a user object isn't case-sensitive. If disabled (false), the Federation ID field remains case-sensitive. The default is false.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableTopicsInSites boolean Indicates whether guest and authenticated external users can view topics in Salesforce Sites and Salesforce portals (true) or not (false). The default value is false.
enableSitesRecordReassignOrgPref boolean When true, indicates when the org assigns records created by guest users of a site to a default owner in the org. When false, the guest user remains the owner of the record. The default value is false. Available in API version 48.0 and later.
enableProxyLoginICHeader boolean Indicates whether security tokens for API logins from callouts (in API version 31.0 and earlier) are required (true) or not (false). The default value is true.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Email string The user's email address.
LocaleSidKey string This field is a restricted picklist field. The value of the field affects formatting and parsing of values, especially numeric values, in the user interface. It doesn't affect the API. The field values are named according to the language, and the country if necessary, using two-letter ISO codes. The set of names is based on the ISO standard. You can also manually set a user's locale in the user interface, and then use that value for inserting or updating other users via the API.
StateCode string The ISO state code associated with the user.
UserPreferencesShowMobilePhoneToGuestUsers boolean Indicates the visibility of the mobile phone field in the user's contact information. When true, the mobile phone field is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowMobilePhoneToExternalUsers, making the user's mobile phone visible to guests. The default value is false.
LastModifiedById string User The unique identifier (id) for the User who modified the User recently.
UserPreferencesDisableRewardEmail boolean When false, the user automatically receives emails related to WDC rewards. The user receives these emails when someone gives a reward to the user.
UserPreferencesReceiveNoNotificationsAsApprover boolean Controls email notifications from the approval process for approvers. If true, emails are disabled. If false, emails are enabled. The default value is false.
UserPreferencesTaskRemindersCheckboxDefault boolean When true, a reminder popup is automatically set on the user's tasks. Corresponds to the By default, set reminder on Tasks to... checkbox on the Reminders page in the user interface. This field is related to UserPreference and customizing activity reminders.
Title string The user's business title, such as Vice President.
UserPermissionsInteractionUser boolean Indicates whether the user can run flows or not. Label is Flow User.
UserPreferencesShowStreetAddressToGuestUsers boolean Indicates the visibility of the street address field in the user's contact information. When true, the street address field is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowStreetAddressToExternalUsers, making the user's street address visible to guests. The default value is false.
UserPreferencesShowStreetAddressToExternalUsers boolean Indicates the visibility of the street address field in the user's contact information. The address is visible only to internal members of the user's organization when this field is false. The address is visible to external members in an Experience Cloud site when this field is true. External users are users with Community, Customer Portal, or partner portal licenses.The default value is false.
Address object Address of the user.
 Accuracy string Accuracy level of the geocode for the mailing address.
 City string The city detail for the address.
 Street string The street detail for the address.
 PostalCode string The postal code for the address.
 State string The state detail for the address.
 StateCode string The ISO state code for the address.
 Country string The country detail for the address.
 CountryCode string The ISO country code for the address.
 Latitude number Used with Longitude to specify the precise geolocation of the address.
 Longitude number Used with Latitude to specify the precise geolocation of the address.
EmailEncodingKey string The email encoding for the user, such as ISO-8859-1 or UTF-8.
GeocodeAccuracy string The level of accuracy of a location's geographical coordinates compared with its physical address. A geocoding service typically provides this value based on the address's latitude and longitude coordinates.
UserPermissionsJigsawProspectingUser boolean Indicates whether the user is allocated one Data.com user license (true) or not (false). The Data.com user license lets the user add Data.com contact and lead records to Salesforce in supported editions. Label is Data.com User.
UserPreferencesDisableFileShareNotificationsForApi boolean When false, email notifications are sent from the person who shared the file to the users that the file is shared with.
UserPreferencesEventRemindersCheckboxDefault boolean When true, a reminder popup is automatically set on the user's events. Corresponds to the By default, set reminder on Events to... checkbox on the Reminders page in the user interface. This field is related to UserPreference and customizing activity reminders.
DefaultGroupNotificationFrequency string The default frequency for sending the user's Chatter group email notifications when the user joins groups. The valid values are "P" (Email on every post), "D" (Daily digests), "W" (Weekly digests), "N" (Never). The default value is "N". For Professional, Enterprise, Unlimited, and Developer Edition organizations that existed before API version 22.0, the default value remains "D".
LastReferencedDate number The timestamp for when the current user last viewed a record related to this record.
MobilePhone string The user's mobile device number.
UserPreferencesHideS1BrowserUI boolean Controls the interface that the user sees when logging in to Salesforce from a supported mobile browser. If false, the user is automatically redirected to the Salesforce mobile web. If true, the user sees the full Salesforce site. The default value is false. Label is Salesforce User.
UserPreferencesReceiveNotificationsAsDelegatedApprover boolean Controls email notifications from the approval process for delegated approvers. If true, emails are enabled. If false, emails are disabled. The default value is false.
BadgeText string The Experience Cloud site role, displayed on the user profile page just below the user name.
IsPortalSelfRegistered boolean Indicates whether the user is a Customer Portal user who self-registered for your organization's Customer Portal (true) or not (false).
UserPermissionsSFContentUser boolean Indicates whether the user is allocated one Salesforce CRM Content User License (true) or not (false). Label is Salesforce CRM Content User. The Salesforce CRM Content User license grants the user access to the Salesforce CRM Content application.
UserPreferencesSortFeedByComment boolean Specifies the data value used in sorting a user's feed. When true, the feed is sorted by most recent comment activity. When false, the feed is sorted by post date.
UserType string The category of user license. Each UserType is associated with one or more UserLicense records. Each UserLicense is associated with one or more profiles. The valid values are "Standard" (user license. This user type also includes Salesforce Platform and Salesforce Platform One user licenses. Label is Standard), "PowerPartner" (User whose access is limited because they're a partner and typically access the application through a partner portal or Experience Cloud site. Label is Partner), "CSPLitePortal" (user whose access is limited because they're an org's customer and access the application through a Customer Portal or Experience Cloud site. Label is High Volume Portal), "CustomerSuccess" (user whose access is limited because they're an org's customer and access the application through a Customer Portal. Label is Customer Portal User.), "PowerCustomerSuccess" (user whose access is limited because they're an org's customer and access the application through a Customer Portal. Label is Customer Portal Manager). Users with this license type can view and edit data they directly own or data owned by or shared with users below them in the Customer Portal role hierarchy: "CsnOnly" (user whose access to the application is limited to Chatter. This user type includes Chatter Free and Chatter moderator users. Label is Chatter Free), "Guest" (user whose access is limited because they're an unauthenticated user without login credentials. Label is Guest)
IsPartner boolean Indicates whether the user is a partner who has access to the partner portal (true) or not (false). This field isn't available for release 9.0 and later. Instead, use UserType with the value Partner or Power Partner.
MediumBannerPhotoUrl string The URL for the medium-sized user profile banner photo.
Username string Contains the name that a user enters to log in to the API or the user interface. The value for this field must be in the form of an email address, using all lowercase characters. It must also be unique across all organizations. If you try to create or update a User with a duplicate value for this field, the operation is rejected.
UserPreferencesDisMentionsCommentEmail boolean When false, the user automatically receives email every time the user is mentioned in comments.
UserPreferencesReminderSoundOff boolean When true, a sound automatically plays when an activity reminder is due. Corresponds to the Play a reminder sound checkbox on the Reminders page in the user interface.
UserPreferencesShowEmailToExternalUsers boolean Indicates the visibility of the email address field in the user's contact information. Email address is visible only to internal members of the user's organization when this field is false. Email address is visible to external members in an Experience Cloud site when this field is true. External users are users with Community, Customer Portal, or partner portal licenses. When false, this field returns the value #N/A. The default value is false.
UserPreferencesShowManagerToExternalUsers boolean Indicates the visibility of the manager field in the user's contact information. Manager is visible only to internal members of the user's organization when this field is false. Manager is visible to external members in an Experience Cloud site when this field is true. External users are users with Community, Customer Portal, or partner portal licenses. The default value is false.
DefaultDivision string This record's default division. Only applicable if divisions are enabled.
Division string The division associated with this user, similar to Department, and unrelated to DefaultDivision.
FederationIdentifier string Indicates the value that must be listed in the Subject element of a Security Assertion Markup Language (SAML) IDP certificate to authenticate the user for a client application using single sign-on. This value must be specified if the SAML User ID Type is Assertion contains Federation ID from the User record. Otherwise, this field can't be edited.
PostalCode string The user's postal or ZIP code. Label is Zip/Postal Code.
UserPreferencesDisableBookmarkEmail boolean When false, the user automatically receives email every time someone comments on a Chatter feed item after the user has bookmarked it.
UserPreferencesShowFaxToGuestUsers boolean Indicates the visibility of the fax number field in the user's contact information. When true, the fax number field is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowFaxToExternalUsers, making the user's fax number visible to guests. The default value is false.
UserPreferencesSuppressEventSFXReminders boolean When true, event reminders don't appear. Corresponds to the Show event reminders in Lightning Experience checkbox on the Activity Reminders page in the user interface. This field is related to UserPreference and customizing activity reminders.
ContactId string ID of the Contact associated with this account. The contact must have a value in the AccountId field or an error occurs.
DigestFrequency string The send frequency of the user's Chatter personal email digest. The valid values are: "D" (Daily), "W" (Weekly), "N" (Never). The default value is "D".
MiddleName string The user's middle name.
UserPreferencesDisableFollowersEmail boolean When false, the user automatically receives email every time someone starts following the user in Chatter.
UserPreferencesHideCSNDesktopTask boolean When true, the Chatter recommendations panel never displays the recommendation to install Chatter Desktop.
UserPreferencesHideLightningMigrationModal boolean Reserved for future use.
AccountId string ID of the Account associated with a Customer Portal user. This field is null for Salesforce users.
DefaultCurrencyIsoCode string The user's default currency setting for new records. For example, if a user in France sets DefaultCurrencyIsoCode to euros, then that's their default currency. Only applicable for organizations that use multiple currencies.
SenderName string The name used as the email sender when the user sends emails. This name is the same value shown in Setup on the My Email Settings page.
UserPermissionsMarketingUser boolean Indicates whether the user is enabled to manage campaigns in the user interface (true) or not (false). Label is Marketing User.
UserPreferencesHideSfxWelcomeMat boolean Controls whether a user sees the Lightning Experience new user message. That message welcomes users to the new interface and provides step-by-step instructions that describe how to return to Salesforce Classic.
SmallPhotoUrl string The URL for a thumbnail of the user's profile photo. This field is available even if Chatter is disabled. The URL is updated every time a photo is uploaded and reflects the most recent photo. If a newer photo is uploaded, the URL returned for an older photo isn't guaranteed to return a photo. Query this field for the URL of the most recent photo.
UserPermissionsWorkDotComUserFeature boolean Indicates whether the WDC feature is enabled for the user (true) or not (false).
Id string The unique identifier of User
BannerPhotoUrl string The URL for the user's banner photo. This field is available in API version 36.0 and later.
IsPortalEnabled boolean Indicates whether an active, external, user has access to Experience Cloud sites or portals (true) or not (false). This field is only available if one of these conditions is true: Digital experiences is enabled and you have community or portal user licenses, Portals are enabled.
JigsawImportLimitOverride number The Data.com user's monthly addition limit. The value must be between zero and the organization's monthly addition limit. Label is Data.com Monthly Addition Limit.
Latitude number Used with Longitude to specify the geolocation of an address. Acceptable values are numbers between -90 and 90 up to 15 decimal places.
SenderEmail string The email address used as the From address when the user sends emails. This address is the same value shown in Setup on the My Email Settings page.
UserPreferencesContentEmailAsAndWhen boolean When false, a user with Salesforce CRM Content subscriptions receives a once-daily email summary if activity occurs on the subscribed content, libraries, tags, or authors. To receive email, the UserPreferencesContentNoEmail field must also be false. The default value is false.
UserPreferencesDisableAllFeedsEmail boolean When false, the user automatically receives email for all updates to Chatter feeds, based on the types of feed emails and digests the user has enabled.
City string The city associated with the user.
Extension string The user's phone extension number.
UserPermissionsChatterAnswersUser boolean Indicates whether the portal user is enabled to use the Chatter Answers feature (true) or not (false). This field defaults to false when a Customer Portal user is created from the API.
UserPermissionsSiteforceContributorUser boolean Indicates whether the user is allocated one Site.com Contributor feature license (true) or not (false). Label is Site.com Contributor User. The Site.com Contributor feature license grants the user access to the Site.com application. Users with a Contributor license can use Site.com Studio to edit site content only.
UserPreferencesDisableMessageEmail boolean When false, the user automatically receives email for Chatter messages sent to the user.
UserPreferencesSuppressTaskSFXReminders boolean When true, task reminders don't appear. Corresponds to the Show task reminders in Lightning Experience. checkbox on the Activity Reminders page in the user interface. This field is related to UserPreference and customizing activity reminders.
AboutMe string Information about the user, such as areas of interest or skills. This field is available even if Chatter is disabled.
DelegatedApproverId string Id of the user who is a delegated approver for this user.
UserPermissionsLiveAgentUser boolean Indicates whether the user is enabled to use Chat (true) or not (false). Label is Live Agent User.
UserPreferencesOptOutOfTouch boolean When false, the user automatically accesses the Salesforce Touch app when logging in to Salesforce from an iPad. If true, automatic access to the Salesforce Touch app is turned off and the user's iPad is directed to the full Salesforce site instead. The default value is false.
UserPreferencesHideSecondChatterOnboardingSplash boolean When true, the secondary Chatter onboarding prompts don't appear.
UserPreferencesNativeEmailClient boolean Use this field to set a default email preference for the user's native email client. This field is available in API version 47.0 and later. The default value is false, corresponding to the Salesforce docked email composer.
CallCenterId string If Salesforce CRM Call Center is enabled, represents the call center that this user is assigned to.
Country string The country associated with the user.
Department string The company department associated with the user.
SmallBannerPhotoUrl string The URL for the small user profile banner photo.
UserPreferencesHideBiggerPhotoCallout boolean When true, users can choose to hide the callout text below the large profile photo.
UserPreferencesHideCSNGetChatterMobileTask boolean When true, the Chatter recommendations panel never displays the recommendation to install Chatter Mobile.
UserPreferencesShowCountryToGuestUsers boolean Indicates the visibility of the country field in the user's contact information. When true, country is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowCountryToExternalUsers, making the user's country visible to external members. The default value is false.
ManagerId string The Id of the user who manages this user.
TimeZoneSidKey string This field is a restricted picklist field. A User time zone affects the offset used when displaying or entering times in the user interface. But the API doesn't use a User time zone when querying or setting values. Values for this field are named using region and key city, according to ISO standards. You can also manually set one User time zone in the user interface, and then use that value for creating or updating other User records via the API.
UserPreferencesShowFaxToExternalUsers boolean Indicates the visibility of the fax number field in the user's contact information. Fax number is visible only to internal members of the user's organization when this field is false. Fax number is visible to external members in an Experience Cloud site when this field is true. External users are users with Community, Customer Portal, or partner portal licenses. The default value is false.
UserPreferencesShowPostalCodeToGuestUsers boolean Indicates the visibility of the postal or ZIP code field in the user's contact information. When true, postal code is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowPostalCodeToExternalUsers, making the user's postal code visible to external members. The default value is false.
UserPreferencesUserDebugModePref boolean When true, the Lightning Component framework executes in debug mode for the user. Corresponds to the Debug Mode checkbox on the Advanced User Details page of personal settings in the user interface.
CreatedById string User The unique identifier (id) for the User who created the User.
FirstName string The user's first name.
UserPermissionsKnowledgeUser boolean Indicates whether the user is enabled to use Salesforce Knowledge (true) or not (false). Label is Knowledge User.
UserPermissionsOfflineUser boolean Indicates whether the user is enabled to use Offline Edition (true) or not (false). Label is Offline User.
UserPermissionsWirelessUser boolean Required if the Wireless permission is enabled. Indicates whether the user is enabled to use Wireless Edition (true) or not (false). Label is Wireless User.
SystemModstamp number The time when the User was last modified by a user or an automated process (such as a trigger)
LastViewedDate number The timestamp for when the current user last viewed this record. If this value is null, it's possible that this record was referenced (LastReferencedDate) but not viewed.
UserPreferencesDisProfPostCommentEmail boolean When false, the user automatically receives email every time someone comments on posts on the user's profile.
UserPreferencesShowCityToExternalUsers boolean Indicates the visibility of the city field in the user's contact information. City is visible only to internal members of the user's organization when this field is false. City is visible to external members in an Experience Cloud site when this field is true, or this field is false but UserPreferencesShowCityToGuestUsers is true, which overrides this field's value. External users are users with Community, Customer Portal, or partner portal licenses.
Phone string The user's phone number.
UserPreferencesHideChatterOnboardingSplash boolean When true, the initial Chatter onboarding prompts don't appear.
UserPreferencesShowEmailToGuestUsers boolean Indicates the visibility of the email address field in the user's contact information. When true, the email address is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowEmailToExternalUsers, making the user's email address visible to guests. The default value is false.
EmailPreferencesAutoBcc boolean Determines whether the user receives copies of sent emails. This option applies only if compliance BCC emails aren't enabled.
ReceivesAdminInfoEmails boolean Indicates whether the user receives email for administrators from Salesforce (true) or not (false).
UserPreferencesPathAssistantCollapsed boolean When true, Sales Path appears collapsed or hidden to the user.
IndividualId string ID of the data privacy record associated with this user. This field is available if Data Protection and Privacy is enabled.
Name string Concatenation of FirstName and LastName.
UserPreferencesApexPagesDeveloperMode boolean When true, indicates that the user has enabled developer mode for editing Visualforce pages and controllers.
UserPreferencesContentNoEmail boolean When false, a user with Salesforce CRM Content subscriptions receives email notifications if activity occurs on the subscribed content, libraries, tags, or authors. To receive real-time email alerts, set this field to false and set the UserPreferencesContentEmailAsAndWhen field to true. The default value is false.
UserPreferencesDisableFeedbackEmail boolean When false, the user automatically receives emails related to WDC feedback. The user receives these emails when someone requests or offers feedback, shares feedback with the user, or reminds the user to answer a feedback request.
PortalRole string The role of the user in the Customer Portal (either "Executive", "Manager", "User", or "PersonAcount")
ReceivesInfoEmails boolean Indicates whether the user receives informational email from Salesforce (true) or not (false).
UserPreferencesDisCommentAfterLikeEmail boolean When false, the user automatically receives email every time someone comments on a post that the user liked. This field is available in API version 24.0 and later.
UserPreferencesShowCountryToExternalUsers boolean Indicates the visibility of the country field in the user's contact information. Country is visible only to internal members of the user's organization when this field is false. Country is visible to external members in an Experience Cloud site when this field is true, or this field is false but UserPreferencesShowCountryToGuestUsers is true, which overrides this field's value. External users are users with Community, Customer Portal, or partner portal licenses. The default value is false.
WirelessEmail string Wireless email address associated with this user. For use with Salesforce Wireless Edition. This field is available only if the Wireless and Email permissions are enabled for your organization.
UserPreferencesHideEndUserOnboardingAssistantModal boolean Reserved for future use.
UserPreferencesShowStateToGuestUsers boolean Indicates the visibility of the state field in the user's contact information. When true, state is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site.When true, this field overrides the value false in UserPreferencesShowStateToExternalUsers, making the user's state visible to external members. The default value is false.
CompanyName string The name of the user's company.
EmployeeNumber string The user's employee number.
IsPrmSuperUser boolean Available for partner portal users only. Indicates whether the user has super user access in the partner portal (true) or not (false).
LastName string The user's last name.
Street string The street address associated with the User.
Suffix string The user's name suffix.
UserPreferencesShowManagerToGuestUsers boolean Indicates the visibility of the manager field in the user's contact information. When true, the manager field is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowManagerToExternalUsers, making the user's manager visible to guests. The default value is false.
CurrentStatus string Text that describes what the user is working on.
ForecastEnabled boolean Indicates whether the user is enabled as a forecast manager (true) or not (false). Forecast managers see forecast rollups from users below them in the forecast hierarchy.
Longitude number Used with Latitude to specify the geolocation of an address. Acceptable values are numbers between -180 and 180 up to 15 decimal places.
ProfileId string Profile ID of the user's Profile. Use this value to cache metadata based on profile.
UserPreferencesActivityRemindersPopup boolean When true, a reminder window automatically opens when an activity reminder is due. Corresponds to the Trigger alert when reminder comes due checkbox at the Reminders page in the personal settings in the user interface.
UserPreferencesDisableMentionsPostEmail boolean When false, the user automatically receives email every time they're mentioned in posts.
UserPreferencesShowProfilePicToGuestUsers boolean Indicates the visibility of the user's profile photo. When true, the photo is visible to guest users in an Experience Cloud site. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When false, this field returns the stock photo. The default value is false.
UserPreferencesShowWorkPhoneToExternalUsers boolean Indicates the visibility of the work phone number field in the user's contact information. The number is visible only to internal members of the user's organization when this field is false. The number is visible to external members in an Experience Cloud site when this field is true. External users are users with Community, Customer Portal, or partner portal licenses.The default value is false.
CreatedDate number The time when the User was created
CountryCode string The ISO country code associated with the user.
Fax string The user's fax number.
LanguageLocaleKey string The user's language, such as French or Chinese (Traditional). Label is Language.
UserPreferencesDisableChangeCommentEmail boolean When false, the user automatically receives email every time someone comments on a change the user has made, such as an update to their profile.
UserPreferencesDisableWorkEmail boolean When false, the user receives emails related to WDC feedback, goals, and coaching. The user must also sign up for individual emails listed on the WDC email settings page. When true, the user doesn't receive any emails related to WDC feedback, goals, or coaching even if they're signed up for individual emails.
LastModifiedDate number The time when the User was last modified by a user
CommunityNickname string Name used to identify this user in the Experience Cloud site.
UserPreferencesDisableEndorsementEmail boolean When false, the member automatically receives email every time someone endorses them for a topic.
UserPreferencesDisableSharePostEmail boolean When false, the user automatically receives email every time their post is shared.
UserPreferencesLightningExperiencePreferred boolean When true, redirects the user to the Lightning Experience interface. Label is Switch to Lightning Experience.
UserPreferencesShowTitleToExternalUsers boolean Indicates the visibility of the business title field in the user's contact information. Title is visible only to internal members of the user's organization when this field is false. Title is visible to external members in an Experience Cloud site when this field is true, or this field is false but UserPreferencesShowTitleToGuestUsers is true, which overrides this field's value. External users are users with Community, Customer Portal, or partner portal licenses. The default value is true.
IsProfilePhotoActive boolean Indicates whether a user has a profile photo (true) or not (false).
UserPermissionsCallCenterAutoLogin boolean Required if Salesforce CRM Call Center is enabled. Indicates whether the user is enabled to use the auto login feature of the call center (true) or not (false).
UserPreferencesShowTitleToGuestUsers boolean Indicates the visibility of the business title field in the user's contact information. When true, title is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site.When true, this field overrides the value false in UserPreferencesShowTitleToExternalUsers, making the user's title visible to external members. The default value is false.
IsActive boolean Indicates whether the user has access to log in (true) or not (false). You can modify a User's active status from the user interface or via the API.
Manager string User lookup field used to select the user's manager. This field establishes a hierarchical relationship, preventing you from selecting a user that directly or indirectly reports to themselves.
UserPermissionsSupportUser boolean When true, the user can use the Salesforce console.
UserPreferencesDisableLikeEmail boolean When false, the user automatically receives email every time someone likes their post or comment.
UserPreferencesShowPostalCodeToExternalUsers boolean Indicates the visibility of the postal or ZIP code field in the user's contact information. Postal code is visible only to internal members of the user's organization when this field is false. Postal code is visible to external members in an Experience Cloud site when this field is true, or this field is false but UserPreferencesShowPostalCodeToGuestUsers is true, which overrides this field's value External users are users with Community, Customer Portal, or partner portal licenses. The default value is false.
UserPreferencesShowWorkPhoneToGuestUsers boolean Indicates the visibility of the work phone field in the user's contact information. When true, the work phone field is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowWorkPhoneToExternalUsers, making the user's work phone visible to guests. The default value is false.
FullPhotoUrl string The URL for the user's profile photo. This field is available even if Chatter is disabled. The URL is updated every time a photo is uploaded and reflects the most recent photo. If a newer photo is uploaded, the URL returned for an older photo isn't guaranteed to return a photo. Query this field for the URL of the most recent photo.
NumberOfFailedLogins number The number of failed login attempts for the user's account. When the maximum number of failed login attempts is reached, the counter resets and the user's account is locked. If there's a successful login before the maximum number of failed login attempts is reached, the counter resets and the user's account remains unlocked.
UserPermissionsSiteforcePublisherUser boolean Indicates whether the user is allocated one Site.com Publisher feature license (true) or not (false). Label is Site.com Publisher User. The Site.com Publisher feature license grants the user access to the Site.com application. Users with a Publisher license can build and style websites, control the layout and functionality of pages and page elements, and add and edit content.
UserPreferencesDisableLaterCommentEmail boolean When false, the user automatically receives email every time someone comments on a feed item after the user has commented on the feed item.
UserPreferencesDisableProfilePostEmail boolean When false, the user automatically receives email every time someone posts to the user's profile.
UserPreferencesShowStateToExternalUsers boolean Indicates the visibility of the state field in the user's contact information. State is visible only to internal members of the user's organization when this field is false. State is visible to external members in an Experience Cloud site when this field is true, or this field is false but UserPreferencesShowStateToGuestUsers is true, which overrides this field's value. External users are users with Community, Customer Portal, or partner portal licenses. The default value is false.
Signature string The signature text added to emails. This text is the same value shown in Setup on the My Email Settings page.
UserPreferencesEnableAutoSubForFeeds boolean When true, the user automatically subscribes to feeds for any objects that the user creates.
Alias string The user's alias. For example, jsmith.
State string The state associated with the User.
UserPreferencesShowCityToGuestUsers boolean Indicates the visibility of the city field in the user's contact information. When true, city is visible to guest users. Guest users can access public Site.com and Salesforce sites, and public pages in Experience Cloud sites, via the Guest User license associated with each site. When true, this field overrides the value false in UserPreferencesShowCityToExternalUsers, making the user's city visible to external members. The default value is false.
LastLoginDate number The date and time when the user last successfully logged in. This value is updated if 60 seconds elapses since the user's last login.
OfflineTrialExpirationDate number The date and time when the user's Connect Offline trial expires.
UserPreferencesJigsawListUser boolean When true, the user is a Data.com List user so shares record additions from a pool. UserPermissionsJigsawProspectingUser must also be set to true. Label is Data.com List User.
UserRoleId string ID of the user's UserRole. Label is Role ID.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
enableUserSelfDeactivate boolean If you enable User Self Deactivate (true), users can deactivate their Experience Cloud site or Chatter accounts.
restrictedProfileCloning boolean When enabled (true), only permissions accessible to your org are enabled when you clone profiles. When disabled (false), all permissions currently enabled in the source profile are also enabled for the cloned profile, even if your org can't currently access them. This field is available in API version 50.0 and later.
enableEnhancedConcealPersonalInfo boolean Indicates if personal information fields in user records are hidden from external users (true) or not (false). When this field is set to true, you can choose which fields are classified as personal information and hidden on the User Management Settings Setup page. The default value is false. This field is available in API version 53.0 and later. Before you set the enableEnhancedConcealPersonalInfo field to true, make sure that enableConcealPersonalInfo is set to false.
enableEnhancedPermsetMgmt boolean If you enable Enhanced Permission Set Component Views (true), you can work with permission sets more easily. For example, when you have large numbers of Apex class assignments for permission sets, you can enable a paginated result set, standard filtering, and sorting.
enableProfileFiltering boolean With profile filtering enabled (true), you can restrict who sees profile names to the users who require the access for their job roles. If profile filtering is disabled (false), users can see all profiles in a Salesforce org, regardless of which permissions they have.
enableNewProfileUI boolean If you enable Enhanced Profile User Interface (true), you can use the streamlined, enhanced profile user interface to browse, search, and modify settings. You can use only one user interface at a time.
enableScrambleUserData boolean If you enable Let Users Scramble Their User Data (true), users can request that Salesforce remove all their personal data. Because Salesforce can't delete information, it scrambles their data. Scrambling a user's data is unrecoverable. So this org-wide setting serves as an extra precaution. If a user requests it, you scramble the data programmatically with the obfuscateUser Apex method. You can use the method, for example, in a custom Apex trigger, workflow, or the Developer Console. This field is available in API version 47.0 and later.
enableConcealPersonalInfo boolean Indicates if personal information fields in user records are hidden from external users (true) or not (false). When this field is set to true, 10 personal information fields are hidden. The default value is false. This field is unavailable for orgs created in Winter '22 or later. Salesforce recommends that you use the enableEnhancedConcealPersonalInfo field instead of enableConcealPersonalInfo. Before you set the enableEnhancedConcealPersonalInfo field to true, make sure that enableConcealPersonalInfo is set to false.
enableContactlessExternalIdentityUsers boolean If true and your org has the External Identity license, you can create contactless users. Having users without contact information reduces the overhead of managing customers. Purchase the External Identity license to access the Customer 360 Identity product. The default is false. Available in API version 47.0 and later.
enableEnhancedProfileMgmt boolean If you enable Enhanced Profile Lists Views (true), you can quickly view, customize, and edit list data.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
approvalRequired string Denotes whether approvals are required for provisioning users for the associated connected app. If the value is null, no approval is required.
ConnectedAppId string ConnectedApplication The 18-digit application ID for the connected app.
LastModifiedDate number The time when the UserProvisioningConfig was last modified by a user
SystemModstamp number The time when the UserProvisioningConfig was last modified by a user or an automated process (such as a trigger)
EnabledOperations string Lists the operations, as comma-separated values, that create a user provisioning request for the associated connected app. Allowed values are: Create, Update, EnableAndDisable (activation and deactivation), SuspendAndRestore (freeze and unfreeze).
Language string The two- to five-character code that represents the language and locale ISO. This code controls the language for labels displayed in an application.
UserAccountMapping string Stores the attributes used to link the Salesforce user to the account on the third-party system, in JSON format.
Id string The unique identifier of UserProvisioningConfig.
CreatedDate number The time when the UserProvisioningConfig was created
DeveloperName string The unique name of the object in the API. This name can contain only underscores and alphanumeric characters, and must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores.
NamespacePrefix string The namespace prefix that is associated with this object. Each Developer Edition org that creates a managed package has a unique namespace prefix. Limit: 15 characters. You can refer to a component in a managed package by using the namespacePrefix__componentName notation.
ReconFilter string When collecting and analyzing users on a third-party system, the plug-in uses this filter to limit the scope of the collection.
OnUpdateAttributes string Lists the user attributes, as comma-separated values, that generate a UserProvisioningRequest object during an update.
CreatedById string User The unique identifier (id) for the User who created the UserProvisioningConfig.
LastModifiedById string User The unique identifier (id) for the User who modified the UserProvisioningConfig recently.
Enabled boolean Indicates whether user provisioning is enabled for the associated connected app (true) or not (false).
LastReconDateTime number The date and time when user accounts were last reconciled between Salesforce and the target system.
MasterLabel string The primary label for this object. This value is the internal label that doesn't get translated.
NamedCredentialId string Salesforce ID of the named credential that's used for a request. The named credential identifies the third-party system and the third-party authentication settings.
Notes string A utility field for administrators to add any additional information about the configuration. This field is for internal reference only, and is not used by any process.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
PortalAccountId string The ID of the role's associated portal account.
ForecastUserId string The ID of the forecast manager associated with this role.
MayForecastManagerShare boolean Indicates whether the forecast manager can manually share their own forecast.
Name string Name of the role.
OpportunityAccessForAccountOwner string The opportunity access level for the account owner. Note that you can't set a user role with an opportunity access less than that specified in organization-wide defaults.
ParentRoleId string The ID of the parent role.
CaseAccessForAccountOwner string The case access level for the account owner.
ContactAccessForAccountOwner string The contact access level for the account owner.
LastModifiedById string User The unique identifier (id) for the User who modified the UserRole.
PortalAccountOwnerId string The ID of the role's associated portal account's owner.
SystemModstamp number The time when the ObjectPermission was last modified by a user or an automated process (such as a trigger).
DeveloperName string The unique name of the object in the API. This name can contain only underscores and alphanumeric characters, and must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores.
Id string The unique identifier of UserRole.
LastModifiedDate number The time when the User was last modified by a user
PortalType string This value indicates the type of portal for the role: None, CustomerPortal, Partner.
RollupDescription string Description of the forecast rollup
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION