Map user attributes
Why do I need to map user attributes?
If your company is like most, you have employee info stored in several different apps. For instance, your human resources (HR) app might hold the data on who everyone’s manager is, while your identity provider (IdP) app has the details on job titles and departments.
To make sure all this critical employee data is imported and organized correctly, tell ConductorOne which app to pull what data from, and how that data is labeled in the source app. This lets ConductorOne build a single complete and accurate index of your company’s employees using the data from one or multiple apps.
๐ Before you begin
Follow the instructions to connect your directory apps.
Map key user attributes
This task requires the Super Administrator role in ConductorOne.
Tell ConductorOne where to find key pieces of employee data. This is where you can specify that (for instance) an employee’s manager should be pulled from the HR app, but job title and department should be read from the IdP. You’ll then map the info types ConductorOne looks for to the way that information is labeled in the source app.
In the ConductorOne navigation panel, open Admin and click Settings.
In the User data sources area of the page, click Edit.
In the User attribute box, select one of the pre-loaded key user attributes. These are:
- Manager
- Department
- Job Title
- Directory Status (the employee’s status in the IdP, such as active, suspended, or deleted)
- Employment Type (such as full-time employee, contractor, intern)
- Employment Status (the employees’s status in the HR system, such as active, suspended, or deleted)
- Additional Username
In the Application box, select the app from which ConductorOne should source the selected user attribute data. All the apps you have integrated with ConductorOne are shown as options; you’re not limited to only reading user attribute data from your directories.
In the Application attribute box, select the label used in your selected app for the user attribute.
The Manager attribute is special. When adding the Manager user attribute, you do not need to select an application attribute. ConductorOne will find the relevant field for you.
Click Add.
Repeat the process to add the remaining key user attributes.
Now that the key user attributes are mapped, you can use them to refine the scope of access review campaigns by setting them as campaign parameters.
Create and map custom user attributes
This task requires the Super Administrator role in ConductorOne.
You can also add your own custom user attributes to ConductorOne. If you want to add additional fields such as a secondary email, business unit, or location.
The custom user attributes you create are added to each user’s details in ConductorOne, and you can use this data to refine the scope of access reviews.
In the ConductorOne navigation panel, open Admin and click Settings.
In the User data sources area of the page, click Edit.
In the User attribute box, type in the name of the custom user attribute as you want it to appear on each user’s profile.
In the Application box, select the app from which ConductorOne should source the selected user attribute data. All the apps you have integrated with ConductorOne are shown as options; you’re not limited to only reading user attribute data from your directories.
In the Application attribute box, select the label used in your selected app for the user attribute.
I don’t see the application attribute I need. Check to make sure that the application you’ve selected is connected and syncing data correctly. A sync error might be the cause of missing attributes.
- Click Add.
The custom user attribute you’ve added is now shown on each user’s details page.
What’s next?
Continue configuring your user’s ConductorOne accounts by setting their user roles. New user accounts created by ConductorOne are automatically granted the Basic User role. You can adjust individual users’ roles to reflect the work they’ll do in ConductorOne.