Sync People Data
In this section, you will synchronize your employee directory to Glean to ensure secure and accurate search results. Glean calls this identity information People Data.
Heads up!
You will not be able to complete this step until your Glean tenant has been provisioned. If you were not able to switch from Magic Links to SSO in the last section, you will need to return to this step later.
About People Data
Synchronizing your employee directory to Glean is a critical part of the setup process, as it allows Glean to:
- Enforce document permissions.
- Apply role-based access controls (RBAC).
- Deliver more relevant search results.
Tip
If you configured SSO using OIDC in the last step, and your directory is the same as your SSO platform (e.g. Azure AD/Entra ID, Okta), then you have already configured people data sync as part of the SSO configuration; in which case, you now need to enable it.
Configure a People Data Source
Navigate to Workspace Settings > Setup > People data.
If your SSO platform supports directory synchronization, it will be listed here with a green checkmark and status Ready to sync. Click the SSO provider's icon to proceed.
If you wish to set up an alternative source, click the appropriate service and follow the setup instructions.
Using SAML or a People Data source not listed?
You will need to manually upload your directory data to Glean using CSV, or leverage Glean's Indexing API.
In some cases, Glean may also be able to pull your people data from a connected datasource such as Workday, or Facebook Workplace. Please contact your Glean engineer or Glean support for more information.
Attribute Mapping
On the next screen, and if your People Data source supports it, you will be able to map attributes from your directory to the required field in Glean. This is useful if you store user information differently than what is standard.
For example, you might want to infer a user’s location from their manager’s location. If they have an Okta field called managerLocation, you could map managerLocation to the Glean attribute location.
If your People Data source does not support custom mapping in the Glean interface, you will not see this option. Please contact Glean support if you require this feature but do not see it for your configured People Data source.
Initiate the sync
Before you start the sync, you can preview what information will included. For example, how many users will be created, and how many departments you have. If this is different from what you expected, check that you have provided the correct permissions within the People Data source.
Click Start sync to begin synchronization. From this point onwards, the sync is automatic: Glean will check your People Data source periodically for any changes.
Verification
The People Data sync will start, and over the next hour, you will start to see your employee directory being populated.
The synchronization is not immediate: Glean needs to crawl your people data first, and then index it so that it is useable in search. This can take 2-3 hours to fully complete.
You can return to this page later to validate that your sync is working.
Having issues?
If you do not see people data start to show up within a few hours, this typically points to a permissions issue: Ensure that you have provided Glean with the correct permissions within your IdP when you configured SSO.
For example, for Azure AD, it is critical to have Directory.Read.All and User.Read.All as Application permissions NOT Delegated Permissions.
If your issues persist, please contact Glean support.
Manual Upload (.csv)
Not recommended
This method should only be used as a last resort, or if you configured SSO via SAML instead of OIDC.
For instances where your directory information cannot be automatically synchronized, Glean also supports the manual upload of people data as a set of comma-separated values .csv.
Because this method is not asynchronous, Glean does not recommend it. Any updates to your directory (new employees, departures, or changes) will require you to re-upload a new CSV.
Why can't Glean get identity information from the SAML token?
- The SAML Assertion Token does not contain all of the identity data required by Glean, and
- Changes to a user account are only reflected in the SAML token when it is refreshed on user re-authentication. This means that Glean would not be aware of any changes to a user's identity attributes or group memberships until after re-authentication occurs; which is not desirable from a permissions enforcement perspective.
CSV Format
The following are mandatory fields:
| Required Field | Description |
|---|---|
first_name |
The user's first name, eg: Ben |
last_name |
The user's last name, eg: Benson |
email |
The user's email, eg: bbenson@domain.com |
title |
The user's job title, eg: Software Engineer |
department |
The user's department, eg: Engineering |
The following are not mandatory, but highly recommended fields to enhance the Glean experience for your organization:
| Recommended Field | Description |
|---|---|
manager_email |
The email of the user's manager. Required for an org chart. |
location |
The working location of the user. Required for location-based personalization. |
start_date |
The start date of the user. To show tenure in the user's profile page. |
A sample CSV is included below:
name,email,first_name,last_name,nickname,title,department,business_unit,manager_email,location,city,country,desk_location,start_date,status,photo_url
Samuel Sample,s.sample@company.com,Sam,Sample,Sam,CEO,Leadership,Leadership Team,,"Sydney, Australia",Sydney,Australia,"Desk 1/25",27/09/22,active,https://i.postimg.cc/rp2Qfkz6/WFH-2.jpg
Ellie Example,e.example@company.com,Ellie,Example,,CFO,Leadership,Leadership Team,s.sample@company.com,"Palo Alto, California",California,USA,,26/10/22,active,https://i.postimg.cc/rp2Qfkz6/WFH-2.jpg
Steve Smith,s.smith@company.com,Steve,Smith,Steve,CTO,Leadership,Leadership Team,s.sample@company.com,"Auckland, New Zealand",Auckland,"New Zealand","Table 1",27/10/22,active,https://i.postimg.cc/rp2Qfkz6/WFH-2.jpg
Benjamin Benson,b.benson@company.com,Benjamin,Benson,Ben,"Software Engineer",Engineering,Engineering,s.smith@company.com,"Tokyo, Japan",Tokyo,Japan,"Level 6, 1/6",03/12/22,deactivated,
Upload the data
To upload your CSV, please contact your Glean engineer or Glean support.