Rule mappings allow provisioned users to be generated with varying levels of specificity within the application. Each series of rule options is different based upon the nature of the application, and will provide certain access options inherent to the app in question. You can also generate your own rules to suit purposes specific to your account.
To create an app rule, edit the app and go to the Rules tab.
Click New Rule to open the New Mapping dialog, where you can set the conditions and actions that determine how user attributes will be provisioned from OneLogin to the app.
You can, for instance, determine how users in a particular Active Directory security group are provisioned to an application, instead of having to manually configure these settings in the app. In the example above, any user that is a MemberOf the AD security group that contains the term "ADMIN" has their status set to the administrator role in the app.
For more information about creating provisioning rules for your apps, see the app-specific provisioning documentation in the App Integration section.
By selecting Show affected users, you can see which users are affected by your mapping changes, which helps ensure correct mappings before committing the changes. And as always, don't forget to Reapply provisioning mappings from the More Actions menu every time you edit or make a new rule.
An app can have multiple rules, and they are applied in the order that they appear on the Rules tab, with the top (#1) rule applied first, and the bottom (highest number) rule applied last. In other words, if two rules conflict the higher-numbered rule wins. The order in which the rules are displayed on the Rules tab can therefore determine whether or not they give you the results you want. To change the order in which OneLogin runs your rules, you can drag and drop any rule row on the Rules tab.