Skip to main content

Identity schema

The identity schema implements the JSON Schema Standard and allows you to adjust Ory specifically to your requirements. The identity schema specifies the types of data the system can store for users, such as their names, email addresses, phone numbers, or birthdays. Through schemas, you can also define additional fields that can be added to user profiles, such as a job titles, company names, or locales.

The identity schema not only defines the data model of your identities, but also controls business logic and allows you to:

  • Define which field is used as the identifier when logging in: username, email, phone number, or a combination of those.
  • Define fields which are used to verify or recover the user's identity: email, phone number, or a combination of those.

Depending on your setup, you can benefit from defining different identity schemas for different groups of users, such as customer support and end users. This allows to tailor the user experience and security measures to the specific needs and requirements of each group.

The Ory Network provides default presets to help users get started with creating and managing identity schemas for their systems.

info

Identity schemas are a powerful tool with a learning curve. When getting started, use one of the presets Ory provides to make your life easier. Use the preset as a starting point and customize the identity schema to your needs later.

Presets

The Ory Network provides three basic identity schema presets.

Email and password

With this preset, identities have a single trait, the email. The email is the login identifier and is used for email verification and for account recovery:

// Identity example
{
id: "6e9d3d30-f93e-4630-901f-c2096953723d",
traits: {
email: "foo@bar.com",
},
}

Username and password

This preset is useful for applications that don't need the user's email address and don't prioritize a high degree of user anonymity.

info

Without an email, users can not send recovery links to their email. They will not be able to regain access to their account.

With this preset, every identity has a single trait - the username. The username is the login identifier:

// Identity example
{
id: "6e9d3d30-f93e-4630-901f-c2096953723d",
traits: {
username: "some-username",
},
}

Example with name and newsletter opt-in

This preset has an email field, a first name, last name, and a newsletter checkbox.

// Identity example
{
id: "6e9d3d30-f93e-4630-901f-c2096953723d",
traits: {
email: "foo@bar.com",
name: {
first: "Foo",
last: "Bar",
},
newsletter: true,
},
}