Add user attribute push rules documentation #65
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,113 @@ | ||||||
| --- | ||||||
| title: "User attribute push rules" | ||||||
| description: "User attribute push rules allow you to automatically sync user attributes from ConductorOne to your connected applications. This ensures that user data stays consistent across your integrated systems." | ||||||
| --- | ||||||
|
|
||||||
| ## Overview | ||||||
|
|
||||||
| Attribute push rules give you control over which user attributes are synchronized to specific applications and how they're mapped. With these rules, you can sync ConductorOne attributes to application user profiles and transform attribute values using expressions. You can also target specific users based on conditions and map to both standard and custom attributes when supported by the connector. | ||||||
|
|
||||||
| ## When to use attribute push rules | ||||||
|
|
||||||
| Use attribute push rules when you need to keep user profile data synchronized across applications or populate custom user fields in connected applications. They're also helpful for maintaining consistent user attributes for compliance or operational purposes, as well as transforming or deriving attribute values before syncing to applications. | ||||||
|
|
||||||
| ## How attribute push works | ||||||
|
|
||||||
| When you create a push rule configuration: | ||||||
|
|
||||||
| 1. Select the connector you want to push attributes to | ||||||
| 2. Map ConductorOne attributes to the target application's user attributes | ||||||
| 3. Optionally, use CEL expressions to transform values | ||||||
| 4. Choose which users to target (all users or specific users) | ||||||
| 5. Enable the configuration to begin syncing | ||||||
|
|
||||||
| Attributes are pushed to the connected application automatically when: | ||||||
|
|
||||||
| - The push configuration is created or updated | ||||||
| - A user's attribute values change in ConductorOne | ||||||
| - You manually trigger a push | ||||||
|
|
||||||
| ## Configure attribute push rules | ||||||
|
|
||||||
| ### Prerequisites | ||||||
|
|
||||||
| - Admin permissions in ConductorOne | ||||||
| - A configured connector for the target application | ||||||
| - User attribute mappings defined in ConductorOne (Admin \> Settings \> User data sources) | ||||||
|
Contributor
There was a problem hiding this comment. Clarify the "User attribute mappings defined" prerequisite. This prerequisite mentions "User attribute mappings defined in ConductorOne" but doesn't explain what this means or how users can verify it's met. Consider adding a brief explanation or a link to relevant documentation. 💡 Suggested improvement-- User attribute mappings defined in ConductorOne (Admin \> Settings \> User data sources)
+- User attributes configured in ConductorOne (Admin \> Settings \> User data sources \> Attributes tab). These are the source attributes you'll map from.📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||
|
|
||||||
| ### Create a push rule | ||||||
|
|
||||||
| 1. Navigate to **Admin \> Settings \> User data sources** | ||||||
| 2. Select the **Push rules** tab | ||||||
| 3. Click **Add push rule** | ||||||
| 4. Select the connector you want to push attributes to | ||||||
| 5. For each attribute you want to sync: | ||||||
| - Choose the target attribute name from the connector's available attributes | ||||||
| - Select a ConductorOne attribute to map, or write a CEL expression for custom logic | ||||||
| - If the connector supports custom attributes, you can specify a custom name | ||||||
| 6. Under **User targeting**, choose: | ||||||
| - **All users**: Push attributes for all users in your tenant | ||||||
| - **Specific users**: Use a CEL expression to target users matching specific criteria | ||||||
| 7. Enable the push rule | ||||||
| 8. Click **Save** | ||||||
|
|
||||||
| ### Edit or disable a push rule | ||||||
|
|
||||||
| 1. Navigate to **Admin \> Settings \> User data sources \> Push rules** | ||||||
| 2. Find the push rule in the list | ||||||
| 3. Click the menu button (...) and select: | ||||||
| - **Edit**: Modify attribute mappings or user targeting | ||||||
| - **Enable** or **Disable**: Turn the push rule on or off | ||||||
| - **Delete**: Remove the push rule completely | ||||||
|
|
||||||
| ## Attribute mappings | ||||||
|
|
||||||
| ### Map to ConductorOne attributes | ||||||
|
|
||||||
| Select a ConductorOne attribute from the dropdown to sync its value directly to the target application. | ||||||
|
|
||||||
| **Example**: Map the `Department` attribute in ConductorOne to the `department` field in the target application. | ||||||
|
|
||||||
| ### Use CEL expressions | ||||||
|
|
||||||
| For more advanced scenarios, you can use CEL (Common Expression Language) expressions to transform or derive attribute values. | ||||||
|
|
||||||
| **Example**: Combine first and last name into a display name | ||||||
|
|
||||||
| ```cel | ||||||
| user.first_name + " " + user.last_name | ||||||
| ``` | ||||||
|
|
||||||
| **Example**: Set a value based on a condition | ||||||
|
|
||||||
| ```cel | ||||||
| user.department == "Engineering" ? "tech@company.com" : "general@company.com" | ||||||
| ``` | ||||||
|
|
||||||
| ## User targeting | ||||||
|
|
||||||
| ### All users | ||||||
|
|
||||||
| Syncs attributes for all users in your ConductorOne tenant. | ||||||
|
|
||||||
| ### Specific users (CEL expression) | ||||||
|
|
||||||
| Use a CEL expression to target specific users based on their attributes. | ||||||
|
|
||||||
| **Example**: Target only active employees | ||||||
|
|
||||||
| ```cel | ||||||
| user.status == "active" && user.employment_type == "full_time" | ||||||
| ``` | ||||||
|
|
||||||
| **Example**: Target users in specific departments | ||||||
|
|
||||||
| ```cel | ||||||
| user.department in ["Engineering", "Product", "Design"] | ||||||
| ``` | ||||||
|
|
||||||
| ## Custom attributes | ||||||
|
|
||||||
| Some connectors support pushing to custom attributes that aren't part of the standard user schema. When configuring a push rule for these connectors, you can specify custom attribute names. | ||||||
|
|
||||||
| Check the connector's schema to see if custom attributes are supported. | ||||||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Clarify how to manually trigger a push.
The documentation mentions that attributes are pushed when "you manually trigger a push," but doesn't explain how to perform this action. Users may be unclear about where to find this capability.
Would you like me to help draft instructions for manually triggering a push, or should this capability be documented in a separate section?
🤖 Prompt for AI Agents