Applies To:
Pinnacle Series Administrators.
Common Causes/Issues:
- You would like to learn about Entra ID Sync Extension Attributes for Pinnacle Series.
Solution Overview:
This guide explains which Entra ID extension attributes Pinnacle can read, how Microsoft Graph fields are selected based on your tenant mapping, and the naming rules that keep provisioning, rule sets, and reporting stable at scale.
Summary
Pinnacle Series can synchronize custom Entra ID attributes (including directory extension attributes like extension_{appId}_*) without a code change, as long as the attribute exists in Entra ID and is mapped in Pinnacle (or referenced in Rule Sets).
Note: Schema extensions and custom security attributes are not supported.
Recommended: Standardize on directory extension attributes that behave like simple key/value pairs (single text values). These are the most reliable for automated group provisioning, assignment targeting, and reporting.
What Extension Attributes Are Supported?
Tip:
If you need consistent group rules and clean reporting, prefer simple text-like attributes (single value).
Supported and Recommended
Directory extension attributes (simple key/value pairs) and standard Entra user fields.
Examples:
extension_{appId}_employeeType = Contractor
extension_{appId}_region = EMEA
department = Civil
How Pinnacle Builds the Microsoft Graph Query
When Pinnacle calls Microsoft Graph /users, the list of selected fields is built from your tenant configuration.
Included in the Graph $select
Email attribute configured in the Entra ID sync settings (e.g., mail)
Display name attribute configured in the Entra ID sync settings (e.g., displayName)
All fields mapped under Map User Attributes
All attribute names referenced in Rule Sets (if not already included)
Impact: If your custom attribute is not mapped (or referenced in rules), it may not be included in the query — which means Pinnacle won’t retrieve it. Mapping is the contract.
Configuration Checklist
Follow these steps to synchronize an extension attribute into Pinnacle Series:
1) Confirm the attribute exists in Entra ID
Example: extension_{appId}_employeeType
Example: extension_{appId}_employeeType
2) Ensure the attribute is populated on user objects
Keep values consistent and human-readable (e.g., Employee / Contractor / Consultant).
Keep values consistent and human-readable (e.g., Employee / Contractor / Consultant).
3) Map the attribute in Pinnacle Series
Admin Portal → Integrations → Entra ID Configuration → Map User Attributes
Admin Portal → Integrations → Entra ID Configuration → Map User Attributes
4) (Optional) Use the attribute in Rule Sets for automated group provisioning
Rule example: employeeType = Contractor → Assign to “Contractors” group
Rule example: employeeType = Contractor → Assign to “Contractors” group
5) Validate with a small pilot group before scaling
Confirm the attribute shows on synced users and that rules behave as intended.
Confirm the attribute shows on synced users and that rules behave as intended.
Best Practice Standard
Standardize on simple “text-like” attributes wherever possible. They are the most predictable input for group rules, assignment automation, and reporting filters.
Naming and Formatting Rules
Use attribute names that are clear, stable, and easy to interpret across teams.
Recommended patterns
extension_{appId}_employeeType
extension_{appId}_region
onPremisesExtensionAttributes.extensionAttribute1
{AttributeName}.{FieldName} (only when needed for object-based attributes)
Avoid
Ambiguous names like custom1 / miscField
Attributes that store arrays or variable nested objects
Values that are inconsistent (e.g., “Contractor”, “contractor”, “Ctr”, “External”)
Common Pitfalls (and How to Avoid Them)
Troubleshooting shortcut
If the attribute doesn’t show in Pinnacle, check (1) Mapping, (2) Population, then (3) Format. Most failures come from one of those three.
Pitfall: Attribute exists in Entra, but is not mapped in Pinnacle.
Fix: Add it to Map User Attributes (or reference it in Rule Sets) so it’s included in Graph $select.
Pitfall: Attribute is mapped, but values are blank for many users.
Fix: Validate Entra population rules and confirm the value is set on real user objects (not only in theory).
Pitfall: Using a complex object attribute without specifying a field.
Fix: Use {AttributeName}.{FieldName} (example: extension_{appId}_employmentInfo.employmentType).
Pitfall: Inconsistent values break rules and reporting filters.
Fix: Standardize a controlled vocabulary (e.g., Employee / Contractor / Consultant) and enforce it across sources.
Related Article(s):
Choosing the Right Entra ID Sync Attributes for Pinnacle Series