title: ChatHub Advanced Features category: ChatHub tags: chat, alerts, saved-queries, chaining, advanced priority: Normal
ChatHub Advanced Features
Beyond basic slash commands and natural language queries, ChatHub includes a set of advanced capabilities that enhance productivity for power users and administrators. This article covers alert subscriptions, saved queries, command chaining, fuzzy matching, proactive issue detection, contextual tips, and rate limiting.
Alert Subscriptions
The ChatAlertService allows you to subscribe to specific events and receive notifications directly in the chat interface when those events occur.
Subscribable Event Types
| Event Type | Description | Example Notification |
|---|---|---|
| Sync Failure | A sync project fails or completes with errors | "Full AD Sync failed at 06:02 AM - 3 errors encountered" |
| New Violation | A policy violation is created | "New Critical violation: admin-svc-01 has password never expires" |
| Access Request | An access request is submitted | "New access request: jane.doe requests VPN-Access-Group" |
| Review Due | An access review approaches its SLA deadline | "Access review Q1-2026 has 12 items due within 24 hours" |
| Account Lockout | A user account is locked out | "Account john.smith locked out at 09:14 AM" |
| Privileged Change | Membership change in an administrative group | "user temp-admin added to Domain Admins" |
Managing Subscriptions
To subscribe to events, use natural language in ChatHub:
Subscribe me to sync failure alerts
Notify me when new critical violations are created
Alert me when accounts get locked out
To view your current subscriptions:
Show my alert subscriptions
What am I subscribed to?
To unsubscribe:
Unsubscribe me from sync failure alerts
Remove all my alert subscriptions
How Alerts Are Delivered
When a subscribed event occurs, ChatHub delivers a notification in real time through the SignalR connection. If you have the chat open, the alert appears immediately. Alerts are also stored so you can review them when you next open ChatHub.
Tip: Combine alert subscriptions with the /briefing command for a comprehensive awareness strategy -- alerts for real-time events, briefings for periodic summaries.
Saved Queries
The SavedQueryCommand lets you save frequently used queries for quick re-execution. Instead of retyping complex queries, save them once and run them by name.
Creating a Saved Query
Save query "stale-admins" as "Show members of Domain Admins who haven't logged in for 90 days"
Save query "empty-groups" as "List groups with no members"
Save query "expiring-passwords" as "Find users with passwords expiring in 7 days"
Running a Saved Query
Use the /query command to execute a saved query by name:
/query stale-admins
/query empty-groups
/query expiring-passwords
Managing Saved Queries
| Action | Command |
|---|---|
| List all saved queries | "Show my saved queries" or /query list |
| Delete a saved query | "Delete saved query stale-admins" |
| Rename a saved query | "Rename query stale-admins to inactive-privileged-accounts" |
| Share a saved query | "Share query stale-admins with the security team" |
Shared Queries
Saved queries can be shared with other IdentityCenter users. Shared queries appear in the recipient's query list and can be executed by anyone who has been granted access. This is useful for standardizing common investigations across your team.
Command Chaining
The CommandChainService enables you to execute multiple commands in sequence, with results flowing from one command to the next.
Chain Syntax
Use the word "then" or a semicolon to chain commands:
Search for IT department users then show their groups
/list users department=Finance; /insights
Find disabled admin accounts then show their audit history
How Chaining Works
- The first command executes and produces its result set
- The chain service passes context (object names, IDs) to the next command
- The second command operates on or references the first command's output
- Results are displayed sequentially in the chat
Practical Chain Examples
| Chain | What It Does |
|---|---|
/members Domain Admins then /insights |
Lists Domain Admins members, then provides risk insights for the group |
/search john.smith then /groups |
Finds the user, then shows all their group memberships |
/list users disabled then /audit |
Lists disabled users, then shows related audit events |
/briefing then "show me the critical violations" |
Runs a briefing, then drills into the critical items |
Fuzzy Matching
The FuzzyMatcher service enables ChatHub to tolerate typos, abbreviations, and name variations when processing your input.
What Fuzzy Matching Handles
| Input Variation | Matched To |
|---|---|
| "jhon.smith" | john.smith |
| "Domain Admin" | Domain Admins |
| "jon smith" | John Smith |
| "SRV-SQL" | SRV-SQL-01, SRV-SQL-02 (returns multiple matches) |
| "VPN group" | VPN-Access-Group |
Matching Behavior
- Exact match is always preferred when available
- Case-insensitive matching is applied automatically
- Partial matches are returned with a confidence score
- Multiple matches are presented as a disambiguation list -- you choose the correct one
- Threshold: Matches below 60% confidence are rejected, and the system asks you to clarify
Tip: When fuzzy matching returns multiple results, click on the correct one or type the exact name to proceed.
Issue Detection
The IssueDetectionService proactively identifies problems in query results and highlights them in the response. You do not need to ask for issue detection -- it happens automatically.
Detected Issue Types
| Issue | Detection Logic | Displayed As |
|---|---|---|
| Stale privileged accounts | Admin group members with no login >90 days | Warning flag on the member entry |
| Orphaned accounts | User accounts with no manager assigned | Note in search results |
| Empty groups | Groups with zero members | Cleanup recommendation |
| Excessive group membership | Users with >50 group memberships | Risk indicator |
| Password policy gaps | Accounts with "password never expires" in sensitive groups | Security alert |
| Broken manager chains | Manager references pointing to disabled or deleted accounts | Data quality warning |
Example
When you run /members Domain Admins, the response might include:
Members of Domain Admins (8 members):
Name Last Login Status
admin 2026-02-20 Active
john.smith 2026-02-19 Active
svc-backup 2025-08-14 Active [!] Inactive 190 days
temp-contractor 2025-11-02 Active [!] Inactive 110 days
...
Issues Detected:
- 2 members have not logged in for >90 days (security risk)
- 1 member has "password never expires" set
Chat Tips
The ChatTipsService provides contextual help that appears based on your current activity. Tips are non-intrusive suggestions that help you discover features and improve your workflow.
When Tips Appear
| Context | Tip Example |
|---|---|
| First time using ChatHub | "You can type /help to see all available commands" |
| After a search with many results | "Tip: Add filters to narrow your results, e.g., 'disabled users in IT'" |
| After viewing a user | "Tip: Try /insights to see the risk analysis for this user" |
| After a briefing | "Tip: Click any follow-up suggestion to investigate further" |
| After repeated similar queries | "Tip: Save this query with 'Save query name as ...'" |
Disabling Tips
If you prefer not to see tips, you can disable them:
Disable chat tips
Turn off tips
Tips can be re-enabled at any time:
Enable chat tips
Rate Limiting
The RateLimitingService enforces fair usage limits to maintain system performance and prevent accidental or intentional overuse of resources.
Rate Limits
| Resource | Limit | Window |
|---|---|---|
| Messages per minute | 30 | 1 minute |
| Write operations per minute | 10 | 1 minute |
| Bulk operations per hour | 5 | 1 hour |
| Report generation per hour | 10 | 1 hour |
What Happens When Limits Are Reached
When you exceed a rate limit, ChatHub responds with a message indicating:
- Which limit was reached
- How long until the limit resets
- A suggestion to use the web UI for bulk operations if applicable
Rate limits are applied per user session and reset on a rolling window basis.
Note: Administrators can adjust rate limits in the application settings. See Security Hardening for configuration guidance.
Combining Advanced Features
These features work best in combination. Here is an example of a power-user workflow:
- Subscribe to sync failure and critical violation alerts
- Start the day by opening ChatHub and reviewing the proactive greeting
- Run /briefing for a full overview
- Chain commands to investigate flagged items: "Show inactive admin accounts then check their audit history"
- Save your investigation query for tomorrow: "Save query daily-admin-check as ..."
- Receive alerts throughout the day as events occur
- Act on alerts immediately through ChatHub commands
Next Steps
- ChatHub Slash Commands Reference -- Complete command syntax and examples
- Natural Language Queries -- How the AI interprets your intent
- The /briefing Command -- Executive summary deep dive
- Risk Scoring -- How risk scores are calculated for the insights you see
- Contextual Insights -- Understanding the AI analysis behind /insights
- Directory Browser -- Visual object browsing as an alternative to chat
- Security Hardening -- Configuring rate limits and security settings