WIP - Push attributes #46
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| --- | ||
| title: Push rules | ||
| og:title: Push rules - ConductorOne docs | ||
| og:description: Automatically sync user attributes from ConductorOne to connected systems. | ||
| description: Automatically sync user attributes from ConductorOne to connected systems. | ||
| sidebarTitle: Push rules | ||
| --- | ||
| {/* Editor Refresh: 2026-01-29 */} | ||
|
|
||
| # Push rules | ||
|
|
||
| Push rules automatically sync user attributes from ConductorOne to your connected systems, keeping user information consistent across all your apps. | ||
|
|
||
| With push rules, you can control which attributes to sync and how values map to each connector. You can pull values directly from directory attributes or write custom expressions to transform data before syncing. | ||
|
|
||
| ## Supported connectors | ||
|
|
||
| Push rules are currently available for: | ||
|
|
||
| - Active Directory | ||
| - Microsoft Entra | ||
|
|
||
| Each connector reports its own supported schema and whether it supports custom attributes. | ||
|
|
||
| ## Create a push rule | ||
|
|
||
| You can create one push rule per connector to avoid conflicts. | ||
|
|
||
| 1. [Navigation path to be added] | ||
| 2. Select the connector you want to configure | ||
| 3. [Additional steps to be added] | ||
|
|
||
| After you create a rule, you'll need to save and enable it before it takes effect. | ||
|
|
||
| ## Map attributes | ||
|
|
||
| For each supported attribute (like email or name), you can configure values in two ways: | ||
|
|
||
| **Pull from directory attributes** - Map directly from existing user attributes in your directory. | ||
|
|
||
| **Use CEL expressions** - Write Common Expression Language expressions with access to: | ||
| - `subject` - The ConductorOne user | ||
| - `app_user` - The app user object | ||
|
|
||
| CEL expressions let you map different values for different app users. For example, you could map different email formats for regular accounts versus privileged accounts. | ||
|
|
||
| ### Add custom attributes | ||
|
|
||
| Some connectors support custom attributes beyond the standard schema. [Details on which connectors support this to be added] | ||
|
Comment on lines
+47
to
+49
Contributor
There was a problem hiding this comment. Placeholder content needs completion. The custom attributes section references connector-specific details that need to be added. 🤖 Prompt for AI Agents |
||
|
|
||
| ## Filter users | ||
|
|
||
| You can configure filters to control which users receive attribute pushes. [Configuration details to be added] | ||
|
|
||
| <Warning> | ||
| Push rules rely on profile type mappings. Users must have the required attributes granted by their profile type for the rule to apply. | ||
| </Warning> | ||
|
Comment on lines
+51
to
+57
Contributor
There was a problem hiding this comment. Filter configuration details pending; Warning component is well-placed. Line 53 needs configuration details. The Warning component appropriately highlights the profile type mapping dependency. 🤖 Prompt for AI Agents |
||
|
|
||
| ## How push rules work | ||
|
|
||
| ### When attributes sync | ||
|
|
||
| Attribute pushes trigger automatically when: | ||
|
|
||
| - You enable a push rule (syncs to all applicable users) | ||
| - A user's attributes change (like a name update) | ||
| - You modify a rule's configuration (syncs to all applicable users) | ||
|
|
||
| Push rules don't currently detect when attributes change directly in the downstream system. Manual changes in connected systems won't be overwritten automatically. | ||
|
|
||
| ## Use cases | ||
|
|
||
| ### Update individual user attributes | ||
|
|
||
| When a single user's attribute changes (for example, a name change), the push rule automatically updates that user's attributes in the connected system. | ||
|
|
||
| ### Bulk attribute updates | ||
|
|
||
| When you need to update many users at once (like changing email addresses after a company acquisition), modifying the push rule triggers updates for all applicable users. | ||
|
|
||
| ### Manage service users | ||
|
|
||
| [Use case details to be added] | ||
|
Comment on lines
+81
to
+83
Contributor
There was a problem hiding this comment. Incomplete use case section. The "Manage service users" section needs content or should be removed if not applicable for initial release. 🤖 Prompt for AI Agents |
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Incomplete placeholder content.
The navigation path and additional steps need to be filled in before this documentation is ready for publication.
Would you like me to help draft these steps once the UI workflow is finalized?
🤖 Prompt for AI Agents