See How to Ensure Employees are Ready to Hit the Ground Running on Day 1|29th August 2025
 
Register Now
 
Talk to an Expert
 
Talk to an Expert

Login
  • How To

Use Custom Security Attributes in Hire2Retire for Attribute-Based Azure Access Control

How does your organization store sensitive employee attributes, such as badge numbers, medical IDs, or salary information?
Entra ID custom security attributes are the best way to properly restrict this data through attribute-based Azure access control. And now, these custom security attributes can also be used to dynamically assign access privileges and group memberships.
That’s because Hire2Retire now supports Entra ID custom security attributes for role-based access provisioning as part of the Phase 9.1 release.
After reading this blog, you’ll know:
What separates custom security attributes from extension attributes.
Why custom security attributes are a key part of data security.
How to use custom security attributes in Hire2Retire to keep sensitive data safe.

What Are Custom Security Attributes in Entra ID?

In Entra ID, Custom security attributes are additional employee attributes that store information outside of a default user profile. These business-specific attributes are made up of key-value pairs that define labels and assign them to Microsoft Entra objects. You can also define and group your custom security attributes into attribute sets to easily store similar data.
Custom security attributes are created, stored, and managed in the Azure Portal. You must be assigned the Attribute Assignment Administrator and Attribute Definition Administrator roles to create and edit custom security attributes.

Why are Custom Security Attributes Important?

Custom security attributes and extension attributes serve a similar purpose: extending Entra ID and Microsoft 365 objects. However, unlike extension attributes, custom security attributes use a separate set of permissions to restrict read and write access. These additional security protections make custom security attributes a superior option for storing sensitive data.
Example: custom security attributes could be used to store employee badge numbers or salary information. Access permissions could be set so that only HR team members could view these attributes, keeping employee salaries confidential.

How To Use Custom Security Attributes in Hire2Retire for Azure Access Control

Hire2Retire, RoboMQ’s lightweight IGA product, supports Entra ID custom security attributes for data mapping and automation rulesets. Using custom security attributes makes it easy to implement attribute-based access control while confidently securing sensitive employee data.
When creating an Entra ID integration with Hire2Retire, you will need to add the following permissions to use custom security attributes:
CustomSecAttributeDefinition.Read.All
CustomSecAttributeAssignment.ReadWrite.All
Once your Entra ID has been connected to Hire2Retire, search for your Azure portal’s custom security attributes in the HR to Entra ID profile map step using either attribute names or set names.
A Hire2Retire workflow with custom security attributes set up for Azure access control
From there, custom security attributes will appear under “Entra ID Attributes” and can be used for lifecycle automation workflows, group membership assignments, and access provisioning rulesets. Hire2Retire’s observe page will also show all changes made to employees’ custom security attributes during lifecycle events.

Protect Sensitive Data and Prevent Security Risks with Hire2Retire

With custom security attributes, Hire2Retire makes attribute-based and role-based access control and user provisioning simple, easy, and code-free. That’s more important than ever, because valid credentials have become the most common entry point hackers use to break into company systems.
As IBM puts it: ”Hackers don’t break in, they log in.”
Preventing internal data breaches is especially important for industries that handle sensitive employee and client information, such as the healthcare and finance sectors. A data breach for a healthcare organization could cost more than twice the global average of $4.88 million.
Hire2Retire prevents these security risks by implementing the Principle of Least Privilege (PoLP) and defining strict role-based provisioning rulesets. Hire2Retire also fully automates offboarding, promptly revoking group memberships and access privileges before or on an employee’s last working day.
Instead of risking a security disaster, book a free discovery call now to see how Hire2Retire can keep your organization’s private data safe and secure!


Talk to a Hire2Retire Specialist


Talk to a Hire2Retire Specialist
To dive deeper into the features that have been added to Hire2Retire, read the RoboMQ blog post on Hire2Retire Phase 9.1.
Need to dive even deeper into the Phase 9.1 changes? See every change made in the Hire2Retire Phase 9.1 release notes.
Picture of <strong>Cameron Macaulay</strong>

Cameron Macaulay

Cameron Macaulay is a Marketing Associate with RoboMQ. Cameron graduated from Syracuse University with a major in Broadcast & Digital Journalism, and a minor in Professional & Technical Writing. Cameron combines his skills in technical writing with a passion for storytelling.

Picture of <strong>Cameron Macaulay</strong>

Cameron Macaulay

Cameron Macaulay is a Marketing Associate with RoboMQ. Cameron graduated from Syracuse University with a major in Broadcast & Digital Journalism, and a minor in Professional & Technical Writing. Cameron combines his skills in technical writing with a passion for storytelling.

Read More “How To” Articles
An overhead view of a wooden office desk, with a laptop and glasses in the top left corner.
Features

How To Share an Employee’s Mailbox and OneDrive When They Go on Leave with Hire2Retire

8.5 New Feature Blog: InvGate ITSM Support
Features

Streamline IT Onboarding with InvGate Service Management Integration in Hire2Retire

A road leading to a new destination.
Features

How Hire2Retire Simplifies Group Creation with Automation

With Hire2Retire Phase 8.5's new transition periods, access management for promotions and role changes helps create a smooth road to success.
Features

Streamline Access Management for Role Changes with Transition Periods in Hire2Retire

Hire2retire feature release 8.4 ServiceNow Integration within workflow
Features

Use ServiceNow’s Order Guide & Catalog Item via Hire2Retire

A group of associates discussing the implementation of their new multi factor authentication
Features

Entra ID Multi-Factor Authentication (MFA) Powered by Hire2Retire

About Us
Contact
Become a Partner
Customers
Hire2Retire
Why Hire2Retire
ROI Calculator
 
ADP
Infor HCM
Ceridian
Workday
Oracle HCM
Bamboo HR
isolved
HiBob
Zoho
Paycor
Paycom
Rippling
Paylocity
PayMaster
Deltek Costpoint
UKG Pro (UltiPro)
SAP SuccessFactors
Paychex
Personio
Oracle PeopleSoft
Automotive & Transportation
Aviation & Aerospace
Business Services
Construction
Consumer Services
Education
Energy & Utilities
Finance
Food and Beverages
Health, Wellness and Fitness
Healthcare
Hospitality and Entertainment
Information Technology
Manufacturing
Non Profit Organization
Real Estate
Retail
Social Services and Religious Organization
Telecom
Veterinary and Pets Care
Blogs
Case Studies
Webinars
How To
News & Press
+1 (800) 880-3714
sales@robomq.io
Privacy Policy
Careers
Security Overview
Terms and Conditions
Linkedin Facebook Instagram Twitter Youtube Vimeo

Stay Connected:

sales@robomq.io

+1 (800) 880-3714

Linkedin Facebook Instagram Twitter Youtube Vimeo

Resources

Main Menu

About Us

Main Menu

About Us

Main Menu

Products

Main Menu

Industries

Main Menu
Main Menu

HR Systems

Main Menu
Main Menu

Identity Providers

Main Menu

ATS

Main Menu

Service Desk

Main Menu
Copyright © 2014-2025 RoboMQ. All Rights Reserved.