ConductorOne Raises $79M Series B

Map user attributes

Pull key user data from the apps you integrate with ConductorOne into the platform with user attribute mapping.

Creating and managing user attributes requires the Super Administrator role in ConductorOne.

Why are user attributes useful?

If your company is like most, you have employee info stored in several different apps. For instance, your human resources (HR) app might hold the data on who everyone’s manager is, while your identity provider (IdP) app has the details on job titles and departments.

To make sure all this critical employee data is imported and organized correctly, tell ConductorOne which app to pull what data from, and how that data is labeled in the source app. This lets ConductorOne build a single complete and accurate index of your company’s employees using the data from one or multiple apps.

Once mapped, user attributes can also be used across ConductorOne, such as when refining the scope of access reviews, defining C1 groups, and forming policies.

What’s the difference between standard and custom user attributes?

Standard user attributes are pre-defined by C1 (the list of these is shown below). This data is shown in the User details section of the user’s page.

Standard attribute data is displayed on each user’s details page and on the summary tooltip that’s shown when you hover over a user’s name. It’s useful for giving reviewers, admins, and managers a complete picture of who a user is when making decisions about access.

Custom user attributes are defined by your organization. This data is shown in the Profile attributes section of the user’s page.

Custom user attributes can be used across ConductorOne, such as when refining the scope of access reviews, defining C1 groups, and forming policies. It’s important to understand that only custom user attributes can be referenced across C1 and in CEL expressions, so if you want to use data that’s captured in a standard user attribute, you must create a custom user attribute that references the same data.

Map standard user attributes

If needed, you can configure which attributes are pulled in by connectors and available for use in mapping.

Tell ConductorOne where to find key pieces of employee data, which will be associated with every user account in C1. This is where you can specify that (for instance) an employee’s ID should be pulled from the HR app, but job title and department should be read from the IdP. You’ll then map the info types ConductorOne looks for to the way that information is labeled in the source app.

  1. Navigate to Admin > Directory > User data sources and select the Attribute manager tab.

  2. Click Add attribute.

  3. Select the Standard attribute type.

  4. Select one of the pre-loaded standard user attributes from the Attribute name dropdown. These are:

    • Manager Email*
    • Directory Status (the employee’s status in the IdP, such as active, suspended, or deleted)
    • Employment Type (such as full-time employee, contractor, intern)
    • Employment Status (the employees’s status in the HR system, such as active, suspended, or deleted)
    • Department
    • Job Title
    • Additional Username*
    • Employee ID
    • Additional Email*

    *These attributes accept multiple values (more on this below).

    If you select an attribute that has already been mapped, you’ll see an error.

  5. Select how you’ll tell C1 where to find the source of data for this attribute. Your options are direct mapping or using a CEL expression.

    • If you choose Direct mapping:

      1. In the Application box, select the app from which ConductorOne should source the selected user attribute data. All the apps you have integrated with ConductorOne are shown as options; you’re not limited to only reading user attribute data from your directory.

      2. In the Application attribute box, select the label used in your selected app for the user attribute.

        Don’t see the attribute you need? Check to make sure that the application you’ve selected is connected and syncing data correctly. A sync error might be the cause of missing attributes.

      3. Optional. Click Add fallback source or Add additional source (for manager email, additional username, and additional email) and add additional mappings as fallback or additional sources of the user attribute data.

        In the case of fallback sources, ConductorOne will iterate through the list you create here until it finds a source with the data it’s looking for.

        In the case of additional sources, multiple values are accepted, and ConductorOne will attempt to capture the data from each source you list.

      4. Click Preview data to see a preview of the info pulled by your attribute mapping.

    • If you choose CEL expression:

      1. Enter a CEL expression that tells ConductorOne how to locate the data for this attribute mapping. See the CEL expressions reference for help on forming CEL expressions.

      2. Click Preview data to see a preview of the info pulled by your attribute mapping.

  6. Click Create.

  7. Repeat this process for each of the standard user attributes in the list that’s relevant to your organization.

    The connectors for the applications the data is pulled from must each complete a sync before newly added user attribute data is populated to user details pages. You can wait for a scheduled sync, or navigate to the application’s details page and click Sync now.

Create and map custom user attributes

Custom attributes are used to construct profile types. It’s important to understand that only custom user attributes can be referenced across C1 and in CEL expressions, so if you want to use data that’s captured in a standard user attribute, you must create a custom user attribute that references the same data.

To create a custom user attribute:

  1. Navigate to Admin > Directory > User data sources and select the Attribute manager tab.

  2. Click Add attribute.

  3. Select the Custom attribute type.

  4. In the Attribute name box, type the name of the custom user attribute you’re creating. This is the name that will be used to reference this attribute across C1. Attribute names must be globally unique.

  5. Select how you’ll tell C1 where to find the source of data for this attribute. Your options are direct mapping or using a CEL expression.

    • If you choose Direct mapping:

      1. In the Application box, select the app from which ConductorOne should source the selected user attribute data. All the apps you have integrated with ConductorOne are shown as options; you’re not limited to only reading user attribute data from your directory.

      2. In the Application attribute box, select the label used in your selected app for the user attribute.

        Don’t see the attribute you need? Check to make sure that the application you’ve selected is connected and syncing data correctly. A sync error might be the cause of missing attributes.

      3. Optional. Click Add fallback source and add additional mappings as fallback sources of the user attribute data. ConductorOne will iterate through the list you create here until it finds a source with the data it’s looking for.

      4. Click Preview data to see a preview of the info pulled by your attribute mapping.

    • If you choose CEL expression:

      1. Enter a CEL expression that tells ConductorOne how to locate the data for this attribute mapping. See the CEL expressions reference for help on forming CEL expressions.

      2. Click Preview data to see a preview of the info pulled by your attribute mapping.

  6. Click Create.

  7. Repeat this process to add additional custom attributes. Remember that only custom user attributes can be referenced across C1 and in CEL expressions, so if you want to use data that’s captured in a standard user attribute, you must create a custom user attribute that references the same data.