Accessing User Profile properties (custom and built-in) using Query User Profile action

Blog Post created by tposzytek Champion on Apr 24, 2017

I’ve seen it quite often recently – questions about getting data from User Profiles using office 365 query user profileaction. In the end it is quite easy, but you must be familiar with some prerequisites


SharePoint Online User Profile properties

Basically, there are two approaches:

  1. If you have an on-premise #activedirectory or an AD set in azure, then you can synchronize properties from that locations into azure active directory (AAD) using Azure AD Sync (AAD Sync – it replaces DirSync).
  2. If you are working in the Office 365 tenant exclusively, the properties can be managed and their value set using https://[tenant_name] SharePoint administration page.


For the first approach adding new attributes into SharePoint Online is… quite hard. Although using AAD Connect tool you can synchronize your custom properties with AAD, but adding them to SPO User Profile is not that straightforward. The approach is described for example here: and as well I found that this can be somehow done using the Office Graph API 2.0, ex.:


The second approach is far a lot easier and I will focus on it. You just need to go to the link in SPO admin center and from there to the “User Profiles” --> “Manage User Properties” page – you will notice a list of currently used attributes. Click the “New Property”:

The form for a new property creation will be displayed. The most important setting here, to be sure that the new property is available for the office 365 query user profile action, is to set the “Default Privacy Setting” to “Everyone”:

If you scroll down the form, you will notice a set of fields, some of you might be familiar from the on-premises SharePoint: the mapping. This is not supported so far in SPO, however the interface for Online has “daemons” left from on-premise version.


Once you add the new property, go back to “User profiles” homepage and then to “Manage User Profiles” page (https://[tenant_name] For test purposes find your profile and then “Edit My Profile”:

At the end of the form you should notice your custom field. Set it's value and then “Save and Close” the form:

Do the same for any other profile and remember it's account name.


Checking if the value is available

Before going to the Workflow, check if the value is already available for Everyone in the profile. Execute the following URLs (UserProfile REST API: in your browser (Chrome preferably) and check if the new attribute is present:

  1. To get your profile: https://[tenant_name]
  2. To get the other profile: https://[tenant_name]'i%3A0%23.f%7Cmembership%7C[login]%40[tenant_name]'


At the end of the listed XML data, you will notice your custom property, along with its type and value:

<d:element m:type="SP.KeyValue">
  <d:Value>Another Test Value</d:Value>

Obtaining property’s value using a workflow

Open the Nintex Workflow Designer. In the workflow add the action “Office 365 Query User Profile”. Configure it as following:

  1. SharePoint Online URL – the “root” URL to your tenant.
  2. Username and Password – credentials of the account on which behalf a query of the profile will be made. Particularly it can be any account having at least “Read” access to the tenant in that case, as the “User Profile” data is available to read for everyone.
  3. Property – use the same “Name” as you defined for your property.
  4. Store property in – use the same datatype as the property have.


If you log the values, you will notice, that the access to the value of the property is possible:

How to access other properties?

If you have access to the SharePoint admin center, then it is quite easy. Just go to the “User Profiles” --> “Manage User Properties” page and then open the property which value you’d like to obtain in your workflow. Check it’s “Name” and double-check if it has “Default Privacy Setting” to “Everyone”. Notice, that for some predefined properties it is impossible to change this setting.


On the other hand, if you don’t have an access to the SharePoint admin center, the easiest way is to open the URL https://[tenant_name] and check property names displayed there. To be even more sure, that the property you are looking for is available for “Everyone”, use the second URL to opens other user’s profile and check properties there  


What about on-premise?

Frankly speaking it’s even easier. Possibility to map custom attributes from AD DS is simple – you just need to open SharePoint Central Administration and from there open “User Profile Service Application”, then “Manage User Profiles” and when creating new property – map it with the Active Directory attribute. After that, trigger “Full Profile Synchronization”, so that the new property will get populated with the data from your local AD (


After doing that, you can simply use “Query User Profile” ( action that will allow you to use a drop-down field, to select required property.


Good luck with Nintexing!