From 9b9c47b269a437dad69ddb384b2ea6b124a60e5b Mon Sep 17 00:00:00 2001
From: Jean-Louis Leysens <jloleysens@gmail.com>
Date: Thu, 24 Jun 2021 14:45:15 +0200
Subject: [PATCH 01/13] [Fleet] Fix double policy header layout (#103076)

* Fix double policy header layout

- Use the default page title without tabs while loading the
  add integration view

* remove unused import

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../fleet/public/applications/fleet/app.tsx   | 30 +++++++++-----
 .../fleet/layouts/{ => default}/default.tsx   | 35 +++-------------
 .../layouts/default/default_page_title.tsx    | 40 +++++++++++++++++++
 .../fleet/layouts/default/index.ts            |  9 +++++
 .../applications/fleet/layouts/index.tsx      |  2 +-
 5 files changed, 75 insertions(+), 41 deletions(-)
 rename x-pack/plugins/fleet/public/applications/fleet/layouts/{ => default}/default.tsx (65%)
 create mode 100644 x-pack/plugins/fleet/public/applications/fleet/layouts/default/default_page_title.tsx
 create mode 100644 x-pack/plugins/fleet/public/applications/fleet/layouts/default/index.ts

diff --git a/x-pack/plugins/fleet/public/applications/fleet/app.tsx b/x-pack/plugins/fleet/public/applications/fleet/app.tsx
index c4cc4d92f5d95..8be6232733def 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/app.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/app.tsx
@@ -5,12 +5,13 @@
  * 2.0.
  */
 
+import type { FunctionComponent } from 'react';
 import React, { memo, useEffect, useState } from 'react';
 import type { AppMountParameters } from 'kibana/public';
 import { EuiCode, EuiEmptyPrompt, EuiErrorBoundary, EuiPanel, EuiPortal } from '@elastic/eui';
 import type { History } from 'history';
 import { createHashHistory } from 'history';
-import { Router, Redirect, Route, Switch } from 'react-router-dom';
+import { Router, Redirect, Route, Switch, useRouteMatch } from 'react-router-dom';
 import { FormattedMessage } from '@kbn/i18n/react';
 import { i18n } from '@kbn/i18n';
 import styled from 'styled-components';
@@ -39,7 +40,7 @@ import { Error, Loading, SettingFlyout, FleetSetupLoading } from './components';
 import type { UIExtensionsStorage } from './types';
 
 import { FLEET_ROUTING_PATHS } from './constants';
-import { DefaultLayout, WithoutHeaderLayout } from './layouts';
+import { DefaultLayout, DefaultPageTitle, WithoutHeaderLayout, WithHeaderLayout } from './layouts';
 import { AgentPolicyApp } from './sections/agent_policy';
 import { DataStreamApp } from './sections/data_stream';
 import { AgentsApp } from './sections/agents';
@@ -48,11 +49,18 @@ import { EnrollmentTokenListPage } from './sections/agents/enrollment_token_list
 
 const FEEDBACK_URL = 'https://ela.st/fleet-feedback';
 
-const ErrorLayout = ({ children }: { children: JSX.Element }) => (
+const ErrorLayout: FunctionComponent<{ isAddIntegrationsPath: boolean }> = ({
+  isAddIntegrationsPath,
+  children,
+}) => (
   <EuiErrorBoundary>
-    <DefaultLayout>
-      <WithoutHeaderLayout>{children}</WithoutHeaderLayout>
-    </DefaultLayout>
+    {isAddIntegrationsPath ? (
+      <WithHeaderLayout leftColumn={<DefaultPageTitle />}>{children}</WithHeaderLayout>
+    ) : (
+      <DefaultLayout>
+        <WithoutHeaderLayout>{children}</WithoutHeaderLayout>
+      </DefaultLayout>
+    )}
   </EuiErrorBoundary>
 );
 
@@ -71,6 +79,8 @@ export const WithPermissionsAndSetup: React.FC = memo(({ children }) => {
   const [isInitialized, setIsInitialized] = useState(false);
   const [initializationError, setInitializationError] = useState<Error | null>(null);
 
+  const isAddIntegrationsPath = !!useRouteMatch(FLEET_ROUTING_PATHS.add_integration_to_policy);
+
   useEffect(() => {
     (async () => {
       setIsPermissionsLoading(false);
@@ -109,7 +119,7 @@ export const WithPermissionsAndSetup: React.FC = memo(({ children }) => {
 
   if (isPermissionsLoading || permissionsError) {
     return (
-      <ErrorLayout>
+      <ErrorLayout isAddIntegrationsPath={isAddIntegrationsPath}>
         {isPermissionsLoading ? (
           <Loading />
         ) : permissionsError === 'REQUEST_ERROR' ? (
@@ -168,7 +178,7 @@ export const WithPermissionsAndSetup: React.FC = memo(({ children }) => {
 
   if (!isInitialized || initializationError) {
     return (
-      <ErrorLayout>
+      <ErrorLayout isAddIntegrationsPath={isAddIntegrationsPath}>
         {initializationError ? (
           <Error
             title={
@@ -314,9 +324,7 @@ export const AppRoutes = memo(
 
           {/* TODO: Move this route to the Integrations app */}
           <Route path={FLEET_ROUTING_PATHS.add_integration_to_policy}>
-            <DefaultLayout>
-              <CreatePackagePolicyPage />
-            </DefaultLayout>
+            <CreatePackagePolicyPage />
           </Route>
 
           <Redirect to={FLEET_ROUTING_PATHS.agents} />
diff --git a/x-pack/plugins/fleet/public/applications/fleet/layouts/default.tsx b/x-pack/plugins/fleet/public/applications/fleet/layouts/default/default.tsx
similarity index 65%
rename from x-pack/plugins/fleet/public/applications/fleet/layouts/default.tsx
rename to x-pack/plugins/fleet/public/applications/fleet/layouts/default/default.tsx
index f312ff374d792..c6ef212b3995e 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/layouts/default.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/layouts/default/default.tsx
@@ -6,12 +6,13 @@
  */
 
 import React from 'react';
-import { EuiText, EuiFlexGroup, EuiFlexItem, EuiTitle } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n/react';
 
-import type { Section } from '../sections';
-import { useLink, useConfig } from '../hooks';
-import { WithHeaderLayout } from '../../../layouts';
+import type { Section } from '../../sections';
+import { useLink, useConfig } from '../../hooks';
+import { WithHeaderLayout } from '../../../../layouts';
+
+import { DefaultPageTitle } from './default_page_title';
 
 interface Props {
   section?: Section;
@@ -24,31 +25,7 @@ export const DefaultLayout: React.FunctionComponent<Props> = ({ section, childre
 
   return (
     <WithHeaderLayout
-      leftColumn={
-        <EuiFlexGroup direction="column" gutterSize="m">
-          <EuiFlexItem>
-            <EuiFlexGroup responsive={false} gutterSize="s" alignItems="center">
-              <EuiFlexItem grow={false}>
-                <EuiTitle size="l">
-                  <h1>
-                    <FormattedMessage id="xpack.fleet.overviewPageTitle" defaultMessage="Fleet" />
-                  </h1>
-                </EuiTitle>
-              </EuiFlexItem>
-            </EuiFlexGroup>
-          </EuiFlexItem>
-          <EuiFlexItem>
-            <EuiText color="subdued">
-              <p>
-                <FormattedMessage
-                  id="xpack.fleet.overviewPageSubtitle"
-                  defaultMessage="Centralized management for Elastic Agents"
-                />
-              </p>
-            </EuiText>
-          </EuiFlexItem>
-        </EuiFlexGroup>
-      }
+      leftColumn={<DefaultPageTitle />}
       tabs={[
         {
           name: (
diff --git a/x-pack/plugins/fleet/public/applications/fleet/layouts/default/default_page_title.tsx b/x-pack/plugins/fleet/public/applications/fleet/layouts/default/default_page_title.tsx
new file mode 100644
index 0000000000000..e525a059b7837
--- /dev/null
+++ b/x-pack/plugins/fleet/public/applications/fleet/layouts/default/default_page_title.tsx
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { FunctionComponent } from 'react';
+import React from 'react';
+
+import { FormattedMessage } from '@kbn/i18n/react';
+import { EuiFlexGroup, EuiFlexItem, EuiTitle, EuiText } from '@elastic/eui';
+
+export const DefaultPageTitle: FunctionComponent = () => {
+  return (
+    <EuiFlexGroup direction="column" gutterSize="m">
+      <EuiFlexItem>
+        <EuiFlexGroup responsive={false} gutterSize="s" alignItems="center">
+          <EuiFlexItem grow={false}>
+            <EuiTitle size="l">
+              <h1>
+                <FormattedMessage id="xpack.fleet.overviewPageTitle" defaultMessage="Fleet" />
+              </h1>
+            </EuiTitle>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </EuiFlexItem>
+      <EuiFlexItem>
+        <EuiText color="subdued">
+          <p>
+            <FormattedMessage
+              id="xpack.fleet.overviewPageSubtitle"
+              defaultMessage="Centralized management for Elastic Agents"
+            />
+          </p>
+        </EuiText>
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  );
+};
diff --git a/x-pack/plugins/fleet/public/applications/fleet/layouts/default/index.ts b/x-pack/plugins/fleet/public/applications/fleet/layouts/default/index.ts
new file mode 100644
index 0000000000000..9b0d3ee06138f
--- /dev/null
+++ b/x-pack/plugins/fleet/public/applications/fleet/layouts/default/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { DefaultLayout } from './default';
+export { DefaultPageTitle } from './default_page_title';
diff --git a/x-pack/plugins/fleet/public/applications/fleet/layouts/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/layouts/index.tsx
index 71cb8d3aeeb36..0c07f1ffecb79 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/layouts/index.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/layouts/index.tsx
@@ -7,4 +7,4 @@
 
 export * from '../../../layouts';
 
-export { DefaultLayout } from './default';
+export { DefaultLayout, DefaultPageTitle } from './default';

From 2a8f3eb2f921cfb1d6a5faaac59cbac5aac24910 Mon Sep 17 00:00:00 2001
From: Jean-Louis Leysens <jloleysens@gmail.com>
Date: Thu, 24 Jun 2021 14:45:35 +0200
Subject: [PATCH 02/13] [Fleet] Fix staleness bug in "Add agent" flyout
 (#103095)

* * Fix stale enrollment api token bug
* Refactored naming

* raise the state of the selected enrollment api key to parent to avoid state sync issues

* removed consts for onKeyChange and selectedApiKeyId

* fix typo

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 ...advanced_agent_authentication_settings.tsx | 38 ++++++++----------
 .../agent_policy_selection.tsx                | 40 ++++++++++---------
 .../managed_instructions.tsx                  | 11 ++---
 .../agent_enrollment_flyout/steps.tsx         | 12 ++++--
 4 files changed, 52 insertions(+), 49 deletions(-)

diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/advanced_agent_authentication_settings.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/advanced_agent_authentication_settings.tsx
index 25602b7e108fd..96fab27a55050 100644
--- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/advanced_agent_authentication_settings.tsx
+++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/advanced_agent_authentication_settings.tsx
@@ -21,20 +21,19 @@ import {
 
 interface Props {
   agentPolicyId?: string;
+  selectedApiKeyId?: string;
   onKeyChange: (key?: string) => void;
 }
 
 export const AdvancedAgentAuthenticationSettings: FunctionComponent<Props> = ({
   agentPolicyId,
+  selectedApiKeyId,
   onKeyChange,
 }) => {
   const { notifications } = useStartServices();
   const [enrollmentAPIKeys, setEnrollmentAPIKeys] = useState<GetEnrollmentAPIKeysResponse['list']>(
     []
   );
-  // TODO: Remove this piece of state since we don't need it here. The currently selected enrollment API key only
-  // needs to live on the form
-  const [selectedEnrollmentApiKey, setSelectedEnrollmentApiKey] = useState<undefined | string>();
   const [isLoadingEnrollmentKey, setIsLoadingEnrollmentKey] = useState(false);
   const [isAuthenticationSettingsOpen, setIsAuthenticationSettingsOpen] = useState<boolean>(false);
 
@@ -51,7 +50,7 @@ export const AdvancedAgentAuthenticationSettings: FunctionComponent<Props> = ({
           return;
         }
         setEnrollmentAPIKeys([res.data.item]);
-        setSelectedEnrollmentApiKey(res.data.item.id);
+        onKeyChange(res.data.item.id);
         notifications.toasts.addSuccess(
           i18n.translate('xpack.fleet.newEnrollmentKey.keyCreatedToasts', {
             defaultMessage: 'Enrollment token created',
@@ -66,15 +65,6 @@ export const AdvancedAgentAuthenticationSettings: FunctionComponent<Props> = ({
     }
   };
 
-  useEffect(
-    function triggerOnKeyChangeEffect() {
-      if (onKeyChange) {
-        onKeyChange(selectedEnrollmentApiKey);
-      }
-    },
-    [onKeyChange, selectedEnrollmentApiKey]
-  );
-
   useEffect(
     function useEnrollmentKeysForAgentPolicyEffect() {
       if (!agentPolicyId) {
@@ -97,9 +87,13 @@ export const AdvancedAgentAuthenticationSettings: FunctionComponent<Props> = ({
             throw new Error('No data while fetching enrollment API keys');
           }
 
-          setEnrollmentAPIKeys(
-            res.data.list.filter((key) => key.policy_id === agentPolicyId && key.active === true)
+          const enrollmentAPIKeysResponse = res.data.list.filter(
+            (key) => key.policy_id === agentPolicyId && key.active === true
           );
+
+          setEnrollmentAPIKeys(enrollmentAPIKeysResponse);
+          // Default to the first enrollment key if there is one.
+          onKeyChange(enrollmentAPIKeysResponse[0]?.id);
         } catch (error) {
           notifications.toasts.addError(error, {
             title: 'Error',
@@ -108,21 +102,21 @@ export const AdvancedAgentAuthenticationSettings: FunctionComponent<Props> = ({
       }
       fetchEnrollmentAPIKeys();
     },
-    [agentPolicyId, notifications.toasts]
+    [onKeyChange, agentPolicyId, notifications.toasts]
   );
 
   useEffect(
     function useDefaultEnrollmentKeyForAgentPolicyEffect() {
       if (
-        !selectedEnrollmentApiKey &&
+        !selectedApiKeyId &&
         enrollmentAPIKeys.length > 0 &&
         enrollmentAPIKeys[0].policy_id === agentPolicyId
       ) {
         const enrollmentAPIKeyId = enrollmentAPIKeys[0].id;
-        setSelectedEnrollmentApiKey(enrollmentAPIKeyId);
+        onKeyChange(enrollmentAPIKeyId);
       }
     },
-    [enrollmentAPIKeys, selectedEnrollmentApiKey, agentPolicyId]
+    [enrollmentAPIKeys, selectedApiKeyId, agentPolicyId, onKeyChange]
   );
   return (
     <>
@@ -139,14 +133,14 @@ export const AdvancedAgentAuthenticationSettings: FunctionComponent<Props> = ({
       {isAuthenticationSettingsOpen && (
         <>
           <EuiSpacer size="m" />
-          {enrollmentAPIKeys.length && selectedEnrollmentApiKey ? (
+          {enrollmentAPIKeys.length && selectedApiKeyId ? (
             <EuiSelect
               fullWidth
               options={enrollmentAPIKeys.map((key) => ({
                 value: key.id,
                 text: key.name,
               }))}
-              value={selectedEnrollmentApiKey || undefined}
+              value={selectedApiKeyId || undefined}
               prepend={
                 <EuiText>
                   <FormattedMessage
@@ -156,7 +150,7 @@ export const AdvancedAgentAuthenticationSettings: FunctionComponent<Props> = ({
                 </EuiText>
               }
               onChange={(e) => {
-                setSelectedEnrollmentApiKey(e.target.value);
+                onKeyChange(e.target.value);
               }}
             />
           ) : (
diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_policy_selection.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_policy_selection.tsx
index f92b2d4825935..d9d1aa2e77f86 100644
--- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_policy_selection.tsx
+++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_policy_selection.tsx
@@ -22,6 +22,7 @@ type Props = {
 } & (
   | {
       withKeySelection: true;
+      selectedApiKeyId?: string;
       onKeyChange?: (key?: string) => void;
     }
   | {
@@ -31,9 +32,9 @@ type Props = {
 
 const resolveAgentId = (
   agentPolicies?: AgentPolicy[],
-  selectedAgentId?: string
+  selectedAgentPolicyId?: string
 ): undefined | string => {
-  if (agentPolicies && agentPolicies.length && !selectedAgentId) {
+  if (agentPolicies && agentPolicies.length && !selectedAgentPolicyId) {
     if (agentPolicies.length === 1) {
       return agentPolicies[0].id;
     }
@@ -44,33 +45,33 @@ const resolveAgentId = (
     }
   }
 
-  return selectedAgentId;
+  return selectedAgentPolicyId;
 };
 
 export const EnrollmentStepAgentPolicy: React.FC<Props> = (props) => {
-  const { withKeySelection, agentPolicies, onAgentPolicyChange, excludeFleetServer } = props;
-  const onKeyChange = props.withKeySelection && props.onKeyChange;
-  const [selectedAgentId, setSelectedAgentId] = useState<undefined | string>(
+  const { agentPolicies, onAgentPolicyChange, excludeFleetServer } = props;
+
+  const [selectedAgentPolicyId, setSelectedAgentPolicyId] = useState<undefined | string>(
     () => resolveAgentId(agentPolicies, undefined) // no agent id selected yet
   );
 
   useEffect(
     function triggerOnAgentPolicyChangeEffect() {
       if (onAgentPolicyChange) {
-        onAgentPolicyChange(selectedAgentId);
+        onAgentPolicyChange(selectedAgentPolicyId);
       }
     },
-    [selectedAgentId, onAgentPolicyChange]
+    [selectedAgentPolicyId, onAgentPolicyChange]
   );
 
   useEffect(
     function useDefaultAgentPolicyEffect() {
-      const resolvedId = resolveAgentId(agentPolicies, selectedAgentId);
-      if (resolvedId !== selectedAgentId) {
-        setSelectedAgentId(resolvedId);
+      const resolvedId = resolveAgentId(agentPolicies, selectedAgentPolicyId);
+      if (resolvedId !== selectedAgentPolicyId) {
+        setSelectedAgentPolicyId(resolvedId);
       }
     },
-    [agentPolicies, selectedAgentId]
+    [agentPolicies, selectedAgentPolicyId]
   );
 
   return (
@@ -90,25 +91,26 @@ export const EnrollmentStepAgentPolicy: React.FC<Props> = (props) => {
           value: agentPolicy.id,
           text: agentPolicy.name,
         }))}
-        value={selectedAgentId || undefined}
-        onChange={(e) => setSelectedAgentId(e.target.value)}
+        value={selectedAgentPolicyId || undefined}
+        onChange={(e) => setSelectedAgentPolicyId(e.target.value)}
         aria-label={i18n.translate('xpack.fleet.enrollmentStepAgentPolicy.policySelectAriaLabel', {
           defaultMessage: 'Agent policy',
         })}
       />
       <EuiSpacer size="m" />
-      {selectedAgentId && (
+      {selectedAgentPolicyId && (
         <AgentPolicyPackageBadges
-          agentPolicyId={selectedAgentId}
+          agentPolicyId={selectedAgentPolicyId}
           excludeFleetServer={excludeFleetServer}
         />
       )}
-      {withKeySelection && onKeyChange && (
+      {props.withKeySelection && props.onKeyChange && (
         <>
           <EuiSpacer />
           <AdvancedAgentAuthenticationSettings
-            onKeyChange={onKeyChange}
-            agentPolicyId={selectedAgentId}
+            selectedApiKeyId={props.selectedApiKeyId}
+            onKeyChange={props.onKeyChange}
+            agentPolicyId={selectedAgentPolicyId}
           />
         </>
       )}
diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/managed_instructions.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/managed_instructions.tsx
index 919f0c3052db9..efae8db377f7f 100644
--- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/managed_instructions.tsx
+++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/managed_instructions.tsx
@@ -62,10 +62,10 @@ export const ManagedInstructions = React.memo<Props>(
   ({ agentPolicy, agentPolicies, viewDataStepContent }) => {
     const fleetStatus = useFleetStatus();
 
-    const [selectedAPIKeyId, setSelectedAPIKeyId] = useState<string | undefined>();
+    const [selectedApiKeyId, setSelectedAPIKeyId] = useState<string | undefined>();
     const [isFleetServerPolicySelected, setIsFleetServerPolicySelected] = useState<boolean>(false);
 
-    const apiKey = useGetOneEnrollmentAPIKey(selectedAPIKeyId);
+    const apiKey = useGetOneEnrollmentAPIKey(selectedApiKeyId);
     const settings = useGetSettings();
     const fleetServerInstructions = useFleetServerInstructions(apiKey?.data?.item?.policy_id);
 
@@ -84,10 +84,11 @@ export const ManagedInstructions = React.memo<Props>(
         !agentPolicy
           ? AgentPolicySelectionStep({
               agentPolicies,
+              selectedApiKeyId,
               setSelectedAPIKeyId,
               setIsFleetServerPolicySelected,
             })
-          : AgentEnrollmentKeySelectionStep({ agentPolicy, setSelectedAPIKeyId }),
+          : AgentEnrollmentKeySelectionStep({ agentPolicy, selectedApiKeyId, setSelectedAPIKeyId }),
       ];
       if (isFleetServerPolicySelected) {
         baseSteps.push(
@@ -101,7 +102,7 @@ export const ManagedInstructions = React.memo<Props>(
           title: i18n.translate('xpack.fleet.agentEnrollment.stepEnrollAndRunAgentTitle', {
             defaultMessage: 'Enroll and start the Elastic Agent',
           }),
-          children: selectedAPIKeyId && apiKey.data && (
+          children: selectedApiKeyId && apiKey.data && (
             <ManualInstructions apiKey={apiKey.data.item} fleetServerHosts={fleetServerHosts} />
           ),
         });
@@ -115,7 +116,7 @@ export const ManagedInstructions = React.memo<Props>(
     }, [
       agentPolicy,
       agentPolicies,
-      selectedAPIKeyId,
+      selectedApiKeyId,
       apiKey.data,
       isFleetServerPolicySelected,
       settings.data?.item?.fleet_server_hosts,
diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps.tsx
index 03cff88e63969..8b12994473e34 100644
--- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps.tsx
+++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps.tsx
@@ -49,14 +49,16 @@ export const DownloadStep = () => {
 
 export const AgentPolicySelectionStep = ({
   agentPolicies,
-  setSelectedAPIKeyId,
   setSelectedPolicyId,
-  setIsFleetServerPolicySelected,
+  selectedApiKeyId,
+  setSelectedAPIKeyId,
   excludeFleetServer,
+  setIsFleetServerPolicySelected,
 }: {
   agentPolicies?: AgentPolicy[];
-  setSelectedAPIKeyId?: (key?: string) => void;
   setSelectedPolicyId?: (policyId?: string) => void;
+  selectedApiKeyId?: string;
+  setSelectedAPIKeyId?: (key?: string) => void;
   setIsFleetServerPolicySelected?: (selected: boolean) => void;
   excludeFleetServer?: boolean;
 }) => {
@@ -99,6 +101,7 @@ export const AgentPolicySelectionStep = ({
       <EnrollmentStepAgentPolicy
         agentPolicies={regularAgentPolicies}
         withKeySelection={setSelectedAPIKeyId ? true : false}
+        selectedApiKeyId={selectedApiKeyId}
         onKeyChange={setSelectedAPIKeyId}
         onAgentPolicyChange={onAgentPolicyChange}
         excludeFleetServer={excludeFleetServer}
@@ -109,9 +112,11 @@ export const AgentPolicySelectionStep = ({
 
 export const AgentEnrollmentKeySelectionStep = ({
   agentPolicy,
+  selectedApiKeyId,
   setSelectedAPIKeyId,
 }: {
   agentPolicy: AgentPolicy;
+  selectedApiKeyId?: string;
   setSelectedAPIKeyId: (key?: string) => void;
 }) => {
   return {
@@ -132,6 +137,7 @@ export const AgentEnrollmentKeySelectionStep = ({
         <EuiSpacer size="l" />
         <AdvancedAgentAuthenticationSettings
           agentPolicyId={agentPolicy.id}
+          selectedApiKeyId={selectedApiKeyId}
           onKeyChange={setSelectedAPIKeyId}
         />
       </>

From a50d94908c3202ba462aac8421b3f9acb333f4d2 Mon Sep 17 00:00:00 2001
From: Scotty Bollinger <scotty.bollinger@elastic.co>
Date: Thu, 24 Jun 2021 07:57:49 -0500
Subject: [PATCH 03/13] [Enterprise Search] Add User management feature
 (#103173)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Rename method to close both flyouts

This is shared with the forthcoming user flyouts

closeRoleMappingFlyout -> closeUsersAndRolesFlyout

* Add logic for elasticsearch users and single user role mappings

* Add logic for various form states

- Showing and hiding flyouts
- Select and text input values
- User created state to turn flyout into a success message state

* Add User server routes

* Add logic for saving a user

* Add User components

* Add User list and User flyout to RoleMappings view

* Fix path

* Rename things

- Users & roles -> Users and roles
- roleId -> roleMappingId (matches other places in code)
- also added a missing prop to the actions col

* Set default group when modal closed

The UI sets the default group on page load but did not cover the case where the user has chosen a group in a previous interaction and the closed the flyout. This commit adds a method that resets that state when the flyout is closed

Part of porting of https://github.com/elastic/ent-search/pull/3865

Specifically:
https://github.com/elastic/ent-search/commit/a4131b95dab7c0df97bd78e660f25e09ac3e7cec

* Adds tooltip for external attribute

This was missed from the design

Part of porting of https://github.com/elastic/ent-search/pull/3865

Specifically:
https://github.com/elastic/ent-search/commit/03aa349cab4fb32069b64ab8c51a7252ba52e805

* Fix invitations link

* Fix incorrect role type

Role-> RoleTypes
🤷🏽‍♀️

* Add EuiPortal to Flyout

Wasn’t needed in ent-search; already done for RomeMappingFlyout. Hide whitespace changes plskthx

* Auth provider deprecation warning in mapping UI

Since we're moving fully into Kibana, we're losing our concept of auth providers. In 8.0, role mappings the specify an auth provider will no
longer work, so this adds a small deprecation warning in the role mappings table.

https://github.com/elastic/ent-search/pull/3885

* Email is no longer required

After a slack discussion, it was determined that email should be optional.

This commit also fixes another instance of the App Search role type being wrong.

* Existing users’ usernames should not be editable

* Use EuiLink instead of anchor

* Add validation tests

* Change URL for users_and_roles

Need to change folder and file names but will punt until after 7.14FF

I did throw in updating the logic file path

* Remove unused import

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../app_search/components/layout/nav.test.tsx |   4 +-
 .../app_search/components/layout/nav.tsx      |   4 +-
 .../components/role_mappings/role_mapping.tsx |   4 +-
 .../role_mappings/role_mappings.test.tsx      |  42 ++-
 .../role_mappings/role_mappings.tsx           |  31 ++
 .../role_mappings/role_mappings_logic.test.ts | 274 +++++++++++++++-
 .../role_mappings/role_mappings_logic.ts      | 181 ++++++++++-
 .../components/role_mappings/user.test.tsx    | 124 +++++++
 .../components/role_mappings/user.tsx         | 106 ++++++
 .../applications/app_search/index.test.tsx    |   2 +-
 .../public/applications/app_search/index.tsx  |   6 +-
 .../public/applications/app_search/routes.ts  |   2 +-
 .../shared/role_mapping/constants.ts          |  18 +-
 .../role_mapping/role_mapping_flyout.test.tsx |   4 +-
 .../role_mapping/role_mapping_flyout.tsx      |  10 +-
 .../role_mapping/role_mappings_table.test.tsx |  12 +-
 .../role_mapping/role_mappings_table.tsx      |  42 ++-
 .../role_mapping/user_added_info.test.tsx     | 100 +++++-
 .../shared/role_mapping/user_added_info.tsx   |   6 +-
 .../shared/role_mapping/user_flyout.tsx       |  39 ++-
 .../role_mapping/user_invitation_callout.tsx  |   2 +-
 .../role_mapping/user_selector.test.tsx       |   3 +-
 .../shared/role_mapping/user_selector.tsx     |   5 +-
 .../shared/role_mapping/users_table.tsx       |   5 +-
 .../components/layout/nav.test.tsx            |   4 +-
 .../components/layout/nav.tsx                 |   6 +-
 .../workplace_search/constants.ts             |   2 +-
 .../applications/workplace_search/index.tsx   |   4 +-
 .../applications/workplace_search/routes.ts   |   2 +-
 .../views/role_mappings/role_mapping.tsx      |   4 +-
 .../role_mappings/role_mappings.test.tsx      |  40 ++-
 .../views/role_mappings/role_mappings.tsx     |  31 ++
 .../role_mappings/role_mappings_logic.test.ts | 302 ++++++++++++++++--
 .../role_mappings/role_mappings_logic.ts      | 192 ++++++++++-
 .../views/role_mappings/user.test.tsx         | 123 +++++++
 .../views/role_mappings/user.tsx              | 103 ++++++
 .../routes/app_search/role_mappings.test.ts   |  49 +++
 .../server/routes/app_search/role_mappings.ts |  26 ++
 .../workplace_search/role_mappings.test.ts    |  49 +++
 .../routes/workplace_search/role_mappings.ts  |  29 ++
 40 files changed, 1868 insertions(+), 124 deletions(-)
 create mode 100644 x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/user.test.tsx
 create mode 100644 x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/user.tsx
 create mode 100644 x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/user.test.tsx
 create mode 100644 x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/user.tsx

diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.test.tsx
index c9f5452e254e1..ce4a118bef095 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.test.tsx
@@ -100,8 +100,8 @@ describe('useAppSearchNav', () => {
           },
           {
             id: 'usersRoles',
-            name: 'Users & roles',
-            href: '/role_mappings',
+            name: 'Users and roles',
+            href: '/users_and_roles',
           },
         ],
       },
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.tsx
index c3b8ec642233b..793a36f48fe82 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/layout/nav.tsx
@@ -13,7 +13,7 @@ import { generateNavLink } from '../../../shared/layout';
 import { ROLE_MAPPINGS_TITLE } from '../../../shared/role_mapping/constants';
 
 import { AppLogic } from '../../app_logic';
-import { ENGINES_PATH, SETTINGS_PATH, CREDENTIALS_PATH, ROLE_MAPPINGS_PATH } from '../../routes';
+import { ENGINES_PATH, SETTINGS_PATH, CREDENTIALS_PATH, USERS_AND_ROLES_PATH } from '../../routes';
 import { CREDENTIALS_TITLE } from '../credentials';
 import { useEngineNav } from '../engine/engine_nav';
 import { ENGINES_TITLE } from '../engines';
@@ -57,7 +57,7 @@ export const useAppSearchNav = () => {
     navItems.push({
       id: 'usersRoles',
       name: ROLE_MAPPINGS_TITLE,
-      ...generateNavLink({ to: ROLE_MAPPINGS_PATH }),
+      ...generateNavLink({ to: USERS_AND_ROLES_PATH }),
     });
   }
 
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mapping.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mapping.tsx
index b6a9dd72cfd05..dbebd8e46a219 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mapping.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mapping.tsx
@@ -28,7 +28,7 @@ export const RoleMapping: React.FC = () => {
     handleAuthProviderChange,
     handleRoleChange,
     handleSaveMapping,
-    closeRoleMappingFlyout,
+    closeUsersAndRolesFlyout,
   } = useActions(RoleMappingsLogic);
 
   const {
@@ -68,7 +68,7 @@ export const RoleMapping: React.FC = () => {
     <RoleMappingFlyout
       disabled={attributeValueInvalid || !hasEngineAssignment}
       isNew={isNew}
-      closeRoleMappingFlyout={closeRoleMappingFlyout}
+      closeUsersAndRolesFlyout={closeUsersAndRolesFlyout}
       handleSaveMapping={handleSaveMapping}
     >
       <EuiForm isInvalid={roleMappingErrors.length > 0} error={roleMappingErrors}>
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.test.tsx
index 308022ccb2e5a..64bf41a50a2f0 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.test.tsx
@@ -12,26 +12,39 @@ import React from 'react';
 
 import { shallow } from 'enzyme';
 
-import { RoleMappingsTable, RoleMappingsHeading } from '../../../shared/role_mapping';
-import { wsRoleMapping } from '../../../shared/role_mapping/__mocks__/roles';
+import {
+  RoleMappingsTable,
+  RoleMappingsHeading,
+  UsersHeading,
+  UsersEmptyPrompt,
+} from '../../../shared/role_mapping';
+import {
+  asRoleMapping,
+  asSingleUserRoleMapping,
+} from '../../../shared/role_mapping/__mocks__/roles';
 
 import { RoleMapping } from './role_mapping';
 import { RoleMappings } from './role_mappings';
+import { User } from './user';
 
 describe('RoleMappings', () => {
   const initializeRoleMappings = jest.fn();
   const initializeRoleMapping = jest.fn();
+  const initializeSingleUserRoleMapping = jest.fn();
   const handleDeleteMapping = jest.fn();
   const mockValues = {
-    roleMappings: [wsRoleMapping],
+    roleMappings: [asRoleMapping],
     dataLoading: false,
     multipleAuthProvidersConfig: false,
+    singleUserRoleMappings: [asSingleUserRoleMapping],
+    singleUserRoleMappingFlyoutOpen: false,
   };
 
   beforeEach(() => {
     setMockActions({
       initializeRoleMappings,
       initializeRoleMapping,
+      initializeSingleUserRoleMapping,
       handleDeleteMapping,
     });
     setMockValues(mockValues);
@@ -50,10 +63,31 @@ describe('RoleMappings', () => {
     expect(wrapper.find(RoleMapping)).toHaveLength(1);
   });
 
-  it('handles onClick', () => {
+  it('renders User flyout', () => {
+    setMockValues({ ...mockValues, singleUserRoleMappingFlyoutOpen: true });
+    const wrapper = shallow(<RoleMappings />);
+
+    expect(wrapper.find(User)).toHaveLength(1);
+  });
+
+  it('handles RoleMappingsHeading onClick', () => {
     const wrapper = shallow(<RoleMappings />);
     wrapper.find(RoleMappingsHeading).prop('onClick')();
 
     expect(initializeRoleMapping).toHaveBeenCalled();
   });
+
+  it('handles UsersHeading onClick', () => {
+    const wrapper = shallow(<RoleMappings />);
+    wrapper.find(UsersHeading).prop('onClick')();
+
+    expect(initializeSingleUserRoleMapping).toHaveBeenCalled();
+  });
+
+  it('handles empty users state', () => {
+    setMockValues({ ...mockValues, singleUserRoleMappings: [] });
+    const wrapper = shallow(<RoleMappings />);
+
+    expect(wrapper.find(UsersEmptyPrompt)).toHaveLength(1);
+  });
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.tsx
index 03e2ae67eca9e..3e692aa48623e 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings.tsx
@@ -9,11 +9,16 @@ import React, { useEffect } from 'react';
 
 import { useActions, useValues } from 'kea';
 
+import { EuiSpacer } from '@elastic/eui';
+
 import { APP_SEARCH_PLUGIN } from '../../../../../common/constants';
 import {
   RoleMappingsTable,
   RoleMappingsHeading,
   RolesEmptyPrompt,
+  UsersTable,
+  UsersHeading,
+  UsersEmptyPrompt,
 } from '../../../shared/role_mapping';
 import { ROLE_MAPPINGS_TITLE } from '../../../shared/role_mapping/constants';
 
@@ -23,6 +28,7 @@ import { AppSearchPageTemplate } from '../layout';
 import { ROLE_MAPPINGS_ENGINE_ACCESS_HEADING } from './constants';
 import { RoleMapping } from './role_mapping';
 import { RoleMappingsLogic } from './role_mappings_logic';
+import { User } from './user';
 
 const ROLES_DOCS_LINK = `${DOCS_PREFIX}/security-and-users.html`;
 
@@ -31,14 +37,17 @@ export const RoleMappings: React.FC = () => {
     enableRoleBasedAccess,
     initializeRoleMappings,
     initializeRoleMapping,
+    initializeSingleUserRoleMapping,
     handleDeleteMapping,
     resetState,
   } = useActions(RoleMappingsLogic);
   const {
     roleMappings,
+    singleUserRoleMappings,
     multipleAuthProvidersConfig,
     dataLoading,
     roleMappingFlyoutOpen,
+    singleUserRoleMappingFlyoutOpen,
   } = useValues(RoleMappingsLogic);
 
   useEffect(() => {
@@ -46,6 +55,8 @@ export const RoleMappings: React.FC = () => {
     return resetState;
   }, []);
 
+  const hasUsers = singleUserRoleMappings.length > 0;
+
   const rolesEmptyState = (
     <RolesEmptyPrompt
       productName={APP_SEARCH_PLUGIN.NAME}
@@ -72,6 +83,23 @@ export const RoleMappings: React.FC = () => {
     </section>
   );
 
+  const usersTable = (
+    <UsersTable
+      accessItemKey="engines"
+      singleUserRoleMappings={singleUserRoleMappings}
+      initializeSingleUserRoleMapping={initializeSingleUserRoleMapping}
+      handleDeleteMapping={handleDeleteMapping}
+    />
+  );
+
+  const usersSection = (
+    <>
+      <UsersHeading onClick={() => initializeSingleUserRoleMapping()} />
+      <EuiSpacer />
+      {hasUsers ? usersTable : <UsersEmptyPrompt />}
+    </>
+  );
+
   return (
     <AppSearchPageTemplate
       pageChrome={[ROLE_MAPPINGS_TITLE]}
@@ -81,7 +109,10 @@ export const RoleMappings: React.FC = () => {
       emptyState={rolesEmptyState}
     >
       {roleMappingFlyoutOpen && <RoleMapping />}
+      {singleUserRoleMappingFlyoutOpen && <User />}
       {roleMappingsSection}
+      <EuiSpacer size="xxl" />
+      {usersSection}
     </AppSearchPageTemplate>
   );
 };
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings_logic.test.ts
index 6985f213d1dd5..16b44e9ec1f11 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings_logic.test.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings_logic.test.ts
@@ -15,11 +15,18 @@ import { engines } from '../../__mocks__/engines.mock';
 
 import { nextTick } from '@kbn/test/jest';
 
-import { asRoleMapping } from '../../../shared/role_mapping/__mocks__/roles';
+import { elasticsearchUsers } from '../../../shared/role_mapping/__mocks__/elasticsearch_users';
+
+import {
+  asRoleMapping,
+  asSingleUserRoleMapping,
+} from '../../../shared/role_mapping/__mocks__/roles';
 import { ANY_AUTH_PROVIDER } from '../../../shared/role_mapping/constants';
 
 import { RoleMappingsLogic } from './role_mappings_logic';
 
+const emptyUser = { username: '', email: '' };
+
 describe('RoleMappingsLogic', () => {
   const { http } = mockHttpValues;
   const { clearFlashMessages, flashAPIErrors, setSuccessMessage } = mockFlashMessageHelpers;
@@ -28,6 +35,8 @@ describe('RoleMappingsLogic', () => {
     attributes: [],
     availableAuthProviders: [],
     elasticsearchRoles: [],
+    elasticsearchUser: emptyUser,
+    elasticsearchUsers: [],
     roleMapping: null,
     roleMappingFlyoutOpen: false,
     roleMappings: [],
@@ -43,6 +52,12 @@ describe('RoleMappingsLogic', () => {
     selectedAuthProviders: [ANY_AUTH_PROVIDER],
     selectedOptions: [],
     roleMappingErrors: [],
+    singleUserRoleMapping: null,
+    singleUserRoleMappings: [],
+    singleUserRoleMappingFlyoutOpen: false,
+    userCreated: false,
+    userFormIsNewUser: true,
+    userFormUserIsExisting: true,
   };
 
   const mappingsServerProps = {
@@ -53,6 +68,8 @@ describe('RoleMappingsLogic', () => {
     availableEngines: engines,
     elasticsearchRoles: [],
     hasAdvancedRoles: false,
+    singleUserRoleMappings: [asSingleUserRoleMapping],
+    elasticsearchUsers,
   };
 
   beforeEach(() => {
@@ -83,7 +100,19 @@ describe('RoleMappingsLogic', () => {
           elasticsearchRoles: mappingsServerProps.elasticsearchRoles,
           selectedEngines: new Set(),
           selectedOptions: [],
+          elasticsearchUsers,
+          elasticsearchUser: elasticsearchUsers[0],
+          singleUserRoleMappings: [asSingleUserRoleMapping],
+        });
+      });
+
+      it('handles fallback if no elasticsearch users present', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData({
+          ...mappingsServerProps,
+          elasticsearchUsers: [],
         });
+
+        expect(RoleMappingsLogic.values.elasticsearchUser).toEqual(emptyUser);
       });
     });
 
@@ -94,6 +123,26 @@ describe('RoleMappingsLogic', () => {
       expect(RoleMappingsLogic.values.dataLoading).toEqual(false);
     });
 
+    describe('setElasticsearchUser', () => {
+      it('sets user', () => {
+        RoleMappingsLogic.actions.setElasticsearchUser(elasticsearchUsers[0]);
+
+        expect(RoleMappingsLogic.values.elasticsearchUser).toEqual(elasticsearchUsers[0]);
+      });
+
+      it('handles fallback if no user present', () => {
+        RoleMappingsLogic.actions.setElasticsearchUser(undefined);
+
+        expect(RoleMappingsLogic.values.elasticsearchUser).toEqual(emptyUser);
+      });
+    });
+
+    it('setSingleUserRoleMapping', () => {
+      RoleMappingsLogic.actions.setSingleUserRoleMapping(asSingleUserRoleMapping);
+
+      expect(RoleMappingsLogic.values.singleUserRoleMapping).toEqual(asSingleUserRoleMapping);
+    });
+
     it('handleRoleChange', () => {
       RoleMappingsLogic.actions.handleRoleChange('dev');
 
@@ -152,6 +201,12 @@ describe('RoleMappingsLogic', () => {
       });
     });
 
+    it('setUserExistingRadioValue', () => {
+      RoleMappingsLogic.actions.setUserExistingRadioValue(false);
+
+      expect(RoleMappingsLogic.values.userFormUserIsExisting).toEqual(false);
+    });
+
     describe('handleAttributeSelectorChange', () => {
       const elasticsearchRoles = ['foo', 'bar'];
 
@@ -174,6 +229,8 @@ describe('RoleMappingsLogic', () => {
           attributeName: 'role',
           elasticsearchRoles,
           selectedEngines: new Set(),
+          elasticsearchUsers,
+          singleUserRoleMappings: [asSingleUserRoleMapping],
         });
       });
 
@@ -260,16 +317,59 @@ describe('RoleMappingsLogic', () => {
       expect(clearFlashMessages).toHaveBeenCalled();
     });
 
-    it('closeRoleMappingFlyout', () => {
+    it('openSingleUserRoleMappingFlyout', () => {
+      mount(mappingsServerProps);
+      RoleMappingsLogic.actions.openSingleUserRoleMappingFlyout();
+
+      expect(RoleMappingsLogic.values.singleUserRoleMappingFlyoutOpen).toEqual(true);
+      expect(clearFlashMessages).toHaveBeenCalled();
+    });
+
+    it('closeUsersAndRolesFlyout', () => {
       mount({
         ...mappingsServerProps,
         roleMappingFlyoutOpen: true,
       });
-      RoleMappingsLogic.actions.closeRoleMappingFlyout();
+      RoleMappingsLogic.actions.closeUsersAndRolesFlyout();
 
       expect(RoleMappingsLogic.values.roleMappingFlyoutOpen).toEqual(false);
       expect(clearFlashMessages).toHaveBeenCalled();
     });
+
+    it('setElasticsearchUsernameValue', () => {
+      const username = 'newName';
+      RoleMappingsLogic.actions.setElasticsearchUsernameValue(username);
+
+      expect(RoleMappingsLogic.values).toEqual({
+        ...DEFAULT_VALUES,
+        elasticsearchUser: {
+          ...RoleMappingsLogic.values.elasticsearchUser,
+          username,
+        },
+      });
+    });
+
+    it('setElasticsearchEmailValue', () => {
+      const email = 'newEmail@foo.cats';
+      RoleMappingsLogic.actions.setElasticsearchEmailValue(email);
+
+      expect(RoleMappingsLogic.values).toEqual({
+        ...DEFAULT_VALUES,
+        elasticsearchUser: {
+          ...RoleMappingsLogic.values.elasticsearchUser,
+          email,
+        },
+      });
+    });
+
+    it('setUserCreated', () => {
+      RoleMappingsLogic.actions.setUserCreated();
+
+      expect(RoleMappingsLogic.values).toEqual({
+        ...DEFAULT_VALUES,
+        userCreated: true,
+      });
+    });
   });
 
   describe('listeners', () => {
@@ -335,6 +435,39 @@ describe('RoleMappingsLogic', () => {
       });
     });
 
+    describe('initializeSingleUserRoleMapping', () => {
+      let setElasticsearchUserSpy: jest.MockedFunction<any>;
+      let setRoleMappingSpy: jest.MockedFunction<any>;
+      let setSingleUserRoleMappingSpy: jest.MockedFunction<any>;
+      beforeEach(() => {
+        setElasticsearchUserSpy = jest.spyOn(RoleMappingsLogic.actions, 'setElasticsearchUser');
+        setRoleMappingSpy = jest.spyOn(RoleMappingsLogic.actions, 'setRoleMapping');
+        setSingleUserRoleMappingSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setSingleUserRoleMapping'
+        );
+      });
+
+      it('should handle the new user state and only set an empty mapping', () => {
+        RoleMappingsLogic.actions.initializeSingleUserRoleMapping();
+
+        expect(setElasticsearchUserSpy).not.toHaveBeenCalled();
+        expect(setRoleMappingSpy).not.toHaveBeenCalled();
+        expect(setSingleUserRoleMappingSpy).toHaveBeenCalledWith(undefined);
+      });
+
+      it('should handle an existing user state and set mapping', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+        RoleMappingsLogic.actions.initializeSingleUserRoleMapping(
+          asSingleUserRoleMapping.roleMapping.id
+        );
+
+        expect(setElasticsearchUserSpy).toHaveBeenCalled();
+        expect(setRoleMappingSpy).toHaveBeenCalled();
+        expect(setSingleUserRoleMappingSpy).toHaveBeenCalledWith(asSingleUserRoleMapping);
+      });
+    });
+
     describe('handleSaveMapping', () => {
       const body = {
         roleType: 'owner',
@@ -430,6 +563,94 @@ describe('RoleMappingsLogic', () => {
       });
     });
 
+    describe('handleSaveUser', () => {
+      it('calls API and refreshes list when new mapping', async () => {
+        const initializeRoleMappingsSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'initializeRoleMappings'
+        );
+        const setUserCreatedSpy = jest.spyOn(RoleMappingsLogic.actions, 'setUserCreated');
+        const setSingleUserRoleMappingSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setSingleUserRoleMapping'
+        );
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+
+        http.post.mockReturnValue(Promise.resolve(mappingsServerProps));
+        RoleMappingsLogic.actions.handleSaveUser();
+
+        expect(http.post).toHaveBeenCalledWith('/api/app_search/single_user_role_mapping', {
+          body: JSON.stringify({
+            roleMapping: {
+              engines: [],
+              roleType: 'owner',
+              accessAllEngines: true,
+            },
+            elasticsearchUser: {
+              username: elasticsearchUsers[0].username,
+              email: elasticsearchUsers[0].email,
+            },
+          }),
+        });
+        await nextTick();
+
+        expect(initializeRoleMappingsSpy).toHaveBeenCalled();
+        expect(setUserCreatedSpy).toHaveBeenCalled();
+        expect(setSingleUserRoleMappingSpy).toHaveBeenCalled();
+      });
+
+      it('calls API and refreshes list when existing mapping', async () => {
+        const initializeRoleMappingsSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'initializeRoleMappings'
+        );
+        RoleMappingsLogic.actions.setSingleUserRoleMapping(asSingleUserRoleMapping);
+        RoleMappingsLogic.actions.handleAccessAllEnginesChange(false);
+
+        http.put.mockReturnValue(Promise.resolve(mappingsServerProps));
+        RoleMappingsLogic.actions.handleSaveUser();
+
+        expect(http.post).toHaveBeenCalledWith('/api/app_search/single_user_role_mapping', {
+          body: JSON.stringify({
+            roleMapping: {
+              engines: [],
+              roleType: 'owner',
+              accessAllEngines: false,
+              id: asSingleUserRoleMapping.roleMapping.id,
+            },
+            elasticsearchUser: {
+              username: '',
+              email: '',
+            },
+          }),
+        });
+        await nextTick();
+
+        expect(initializeRoleMappingsSpy).toHaveBeenCalled();
+      });
+
+      it('handles error', async () => {
+        const setRoleMappingErrorsSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setRoleMappingErrors'
+        );
+
+        http.post.mockReturnValue(
+          Promise.reject({
+            body: {
+              attributes: {
+                errors: ['this is an error'],
+              },
+            },
+          })
+        );
+        RoleMappingsLogic.actions.handleSaveUser();
+        await nextTick();
+
+        expect(setRoleMappingErrorsSpy).toHaveBeenCalledWith(['this is an error']);
+      });
+    });
+
     describe('handleDeleteMapping', () => {
       const roleMappingId = 'r1';
 
@@ -458,5 +679,52 @@ describe('RoleMappingsLogic', () => {
         expect(flashAPIErrors).toHaveBeenCalledWith('this is an error');
       });
     });
+
+    describe('handleUsernameSelectChange', () => {
+      it('sets elasticsearchUser when match found', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+        const setElasticsearchUserSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setElasticsearchUser'
+        );
+        RoleMappingsLogic.actions.handleUsernameSelectChange(elasticsearchUsers[0].username);
+
+        expect(setElasticsearchUserSpy).toHaveBeenCalledWith(elasticsearchUsers[0]);
+      });
+
+      it('does not set elasticsearchUser when no match found', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+        const setElasticsearchUserSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setElasticsearchUser'
+        );
+        RoleMappingsLogic.actions.handleUsernameSelectChange('bogus');
+
+        expect(setElasticsearchUserSpy).not.toHaveBeenCalled();
+      });
+    });
+
+    describe('setUserExistingRadioValue', () => {
+      it('handles existing user', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+        const setElasticsearchUserSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setElasticsearchUser'
+        );
+        RoleMappingsLogic.actions.setUserExistingRadioValue(true);
+
+        expect(setElasticsearchUserSpy).toHaveBeenCalledWith(elasticsearchUsers[0]);
+      });
+
+      it('handles new user', () => {
+        const setElasticsearchUserSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setElasticsearchUser'
+        );
+        RoleMappingsLogic.actions.setUserExistingRadioValue(false);
+
+        expect(setElasticsearchUserSpy).toHaveBeenCalledWith(emptyUser);
+      });
+    });
   });
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings_logic.ts
index e2ef75897528c..0b57e1d08a294 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings_logic.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/role_mappings_logic.ts
@@ -16,7 +16,7 @@ import {
 } from '../../../shared/flash_messages';
 import { HttpLogic } from '../../../shared/http';
 import { ANY_AUTH_PROVIDER } from '../../../shared/role_mapping/constants';
-import { AttributeName } from '../../../shared/types';
+import { AttributeName, SingleUserRoleMapping, ElasticsearchUser } from '../../../shared/types';
 import { ASRoleMapping, RoleTypes } from '../../types';
 import { roleHasScopedEngines } from '../../utils/role/has_scoped_engines';
 import { Engine } from '../engine/types';
@@ -27,20 +27,25 @@ import {
   ROLE_MAPPING_UPDATED_MESSAGE,
 } from './constants';
 
+type UserMapping = SingleUserRoleMapping<ASRoleMapping>;
+
 interface RoleMappingsServerDetails {
   roleMappings: ASRoleMapping[];
   attributes: string[];
   authProviders: string[];
   availableEngines: Engine[];
   elasticsearchRoles: string[];
+  elasticsearchUsers: ElasticsearchUser[];
   hasAdvancedRoles: boolean;
   multipleAuthProvidersConfig: boolean;
+  singleUserRoleMappings: UserMapping[];
 }
 
 const getFirstAttributeName = (roleMapping: ASRoleMapping) =>
   Object.entries(roleMapping.rules)[0][0] as AttributeName;
 const getFirstAttributeValue = (roleMapping: ASRoleMapping) =>
   Object.entries(roleMapping.rules)[0][1] as AttributeName;
+const emptyUser = { username: '', email: '' } as ElasticsearchUser;
 
 interface RoleMappingsActions {
   handleAccessAllEnginesChange(selected: boolean): { selected: boolean };
@@ -53,21 +58,34 @@ interface RoleMappingsActions {
   handleDeleteMapping(roleMappingId: string): { roleMappingId: string };
   handleEngineSelectionChange(engineNames: string[]): { engineNames: string[] };
   handleRoleChange(roleType: RoleTypes): { roleType: RoleTypes };
+  handleUsernameSelectChange(username: string): { username: string };
   handleSaveMapping(): void;
+  handleSaveUser(): void;
   initializeRoleMapping(roleMappingId?: string): { roleMappingId?: string };
+  initializeSingleUserRoleMapping(roleMappingId?: string): { roleMappingId?: string };
   initializeRoleMappings(): void;
   resetState(): void;
   setRoleMapping(roleMapping: ASRoleMapping): { roleMapping: ASRoleMapping };
+  setSingleUserRoleMapping(data?: UserMapping): { singleUserRoleMapping: UserMapping };
   setRoleMappings({
     roleMappings,
   }: {
     roleMappings: ASRoleMapping[];
   }): { roleMappings: ASRoleMapping[] };
   setRoleMappingsData(data: RoleMappingsServerDetails): RoleMappingsServerDetails;
+  setElasticsearchUser(
+    elasticsearchUser?: ElasticsearchUser
+  ): { elasticsearchUser: ElasticsearchUser };
   openRoleMappingFlyout(): void;
-  closeRoleMappingFlyout(): void;
+  openSingleUserRoleMappingFlyout(): void;
+  closeUsersAndRolesFlyout(): void;
   setRoleMappingErrors(errors: string[]): { errors: string[] };
   enableRoleBasedAccess(): void;
+  setUserExistingRadioValue(userFormUserIsExisting: boolean): { userFormUserIsExisting: boolean };
+  setElasticsearchUsernameValue(username: string): { username: string };
+  setElasticsearchEmailValue(email: string): { email: string };
+  setUserCreated(): void;
+  setUserFormIsNewUser(userFormIsNewUser: boolean): { userFormIsNewUser: boolean };
 }
 
 interface RoleMappingsValues {
@@ -79,27 +97,38 @@ interface RoleMappingsValues {
   availableEngines: Engine[];
   dataLoading: boolean;
   elasticsearchRoles: string[];
+  elasticsearchUsers: ElasticsearchUser[];
+  elasticsearchUser: ElasticsearchUser;
   hasAdvancedRoles: boolean;
   multipleAuthProvidersConfig: boolean;
   roleMapping: ASRoleMapping | null;
   roleMappings: ASRoleMapping[];
+  singleUserRoleMapping: UserMapping | null;
+  singleUserRoleMappings: UserMapping[];
   roleType: RoleTypes;
   selectedAuthProviders: string[];
   selectedEngines: Set<string>;
   roleMappingFlyoutOpen: boolean;
+  singleUserRoleMappingFlyoutOpen: boolean;
   selectedOptions: EuiComboBoxOptionOption[];
   roleMappingErrors: string[];
+  userFormUserIsExisting: boolean;
+  userCreated: boolean;
+  userFormIsNewUser: boolean;
 }
 
 export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappingsActions>>({
-  path: ['enterprise_search', 'app_search', 'role_mappings'],
+  path: ['enterprise_search', 'app_search', 'users_and_roles'],
   actions: {
     setRoleMappingsData: (data: RoleMappingsServerDetails) => data,
     setRoleMapping: (roleMapping: ASRoleMapping) => ({ roleMapping }),
+    setElasticsearchUser: (elasticsearchUser: ElasticsearchUser) => ({ elasticsearchUser }),
+    setSingleUserRoleMapping: (singleUserRoleMapping: UserMapping) => ({ singleUserRoleMapping }),
     setRoleMappings: ({ roleMappings }: { roleMappings: ASRoleMapping[] }) => ({ roleMappings }),
     setRoleMappingErrors: (errors: string[]) => ({ errors }),
     handleAuthProviderChange: (value: string) => ({ value }),
     handleRoleChange: (roleType: RoleTypes) => ({ roleType }),
+    handleUsernameSelectChange: (username: string) => ({ username }),
     handleEngineSelectionChange: (engineNames: string[]) => ({ engineNames }),
     handleAttributeSelectorChange: (value: string, firstElasticsearchRole: string) => ({
       value,
@@ -108,13 +137,21 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
     handleAttributeValueChange: (value: string) => ({ value }),
     handleAccessAllEnginesChange: (selected: boolean) => ({ selected }),
     enableRoleBasedAccess: true,
+    openSingleUserRoleMappingFlyout: true,
+    setUserExistingRadioValue: (userFormUserIsExisting: boolean) => ({ userFormUserIsExisting }),
     resetState: true,
     initializeRoleMappings: true,
+    initializeSingleUserRoleMapping: (roleMappingId?: string) => ({ roleMappingId }),
     initializeRoleMapping: (roleMappingId) => ({ roleMappingId }),
     handleDeleteMapping: (roleMappingId: string) => ({ roleMappingId }),
     handleSaveMapping: true,
+    handleSaveUser: true,
     openRoleMappingFlyout: true,
-    closeRoleMappingFlyout: false,
+    closeUsersAndRolesFlyout: false,
+    setElasticsearchUsernameValue: (username: string) => ({ username }),
+    setElasticsearchEmailValue: (email: string) => ({ email }),
+    setUserCreated: true,
+    setUserFormIsNewUser: (userFormIsNewUser: boolean) => ({ userFormIsNewUser }),
   },
   reducers: {
     dataLoading: [
@@ -134,6 +171,13 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
         resetState: () => [],
       },
     ],
+    singleUserRoleMappings: [
+      [],
+      {
+        setRoleMappingsData: (_, { singleUserRoleMappings }) => singleUserRoleMappings,
+        resetState: () => [],
+      },
+    ],
     multipleAuthProvidersConfig: [
       false,
       {
@@ -165,6 +209,14 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
       [],
       {
         setRoleMappingsData: (_, { elasticsearchRoles }) => elasticsearchRoles,
+        closeUsersAndRolesFlyout: () => [ANY_AUTH_PROVIDER],
+      },
+    ],
+    elasticsearchUsers: [
+      [],
+      {
+        setRoleMappingsData: (_, { elasticsearchUsers }) => elasticsearchUsers,
+        resetState: () => [],
       },
     ],
     roleMapping: [
@@ -172,7 +224,7 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
       {
         setRoleMapping: (_, { roleMapping }) => roleMapping,
         resetState: () => null,
-        closeRoleMappingFlyout: () => null,
+        closeUsersAndRolesFlyout: () => null,
       },
     ],
     roleType: [
@@ -188,6 +240,7 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
         setRoleMapping: (_, { roleMapping }) => roleMapping.accessAllEngines,
         handleRoleChange: (_, { roleType }) => !roleHasScopedEngines(roleType),
         handleAccessAllEnginesChange: (_, { selected }) => selected,
+        closeUsersAndRolesFlyout: () => true,
       },
     ],
     attributeValue: [
@@ -198,7 +251,7 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
           value === 'role' ? firstElasticsearchRole : '',
         handleAttributeValueChange: (_, { value }) => value,
         resetState: () => '',
-        closeRoleMappingFlyout: () => '',
+        closeUsersAndRolesFlyout: () => '',
       },
     ],
     attributeName: [
@@ -207,7 +260,7 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
         setRoleMapping: (_, { roleMapping }) => getFirstAttributeName(roleMapping),
         handleAttributeSelectorChange: (_, { value }) => value,
         resetState: () => 'username',
-        closeRoleMappingFlyout: () => 'username',
+        closeUsersAndRolesFlyout: () => 'username',
       },
     ],
     selectedEngines: [
@@ -222,6 +275,7 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
 
           return newSelectedEngineNames;
         },
+        closeUsersAndRolesFlyout: () => new Set(),
       },
     ],
     availableAuthProviders: [
@@ -251,17 +305,68 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
       false,
       {
         openRoleMappingFlyout: () => true,
-        closeRoleMappingFlyout: () => false,
+        closeUsersAndRolesFlyout: () => false,
         initializeRoleMappings: () => false,
         initializeRoleMapping: () => true,
       },
     ],
+    singleUserRoleMappingFlyoutOpen: [
+      false,
+      {
+        openSingleUserRoleMappingFlyout: () => true,
+        closeUsersAndRolesFlyout: () => false,
+        initializeSingleUserRoleMapping: () => true,
+      },
+    ],
+    singleUserRoleMapping: [
+      null,
+      {
+        setSingleUserRoleMapping: (_, { singleUserRoleMapping }) => singleUserRoleMapping || null,
+        closeUsersAndRolesFlyout: () => null,
+      },
+    ],
     roleMappingErrors: [
       [],
       {
         setRoleMappingErrors: (_, { errors }) => errors,
         handleSaveMapping: () => [],
-        closeRoleMappingFlyout: () => [],
+        closeUsersAndRolesFlyout: () => [],
+      },
+    ],
+    userFormUserIsExisting: [
+      true,
+      {
+        setUserExistingRadioValue: (_, { userFormUserIsExisting }) => userFormUserIsExisting,
+        closeUsersAndRolesFlyout: () => true,
+      },
+    ],
+    elasticsearchUser: [
+      emptyUser,
+      {
+        setRoleMappingsData: (_, { elasticsearchUsers }) => elasticsearchUsers[0] || emptyUser,
+        setElasticsearchUser: (_, { elasticsearchUser }) => elasticsearchUser || emptyUser,
+        setElasticsearchUsernameValue: (state, { username }) => ({
+          ...state,
+          username,
+        }),
+        setElasticsearchEmailValue: (state, { email }) => ({
+          ...state,
+          email,
+        }),
+        closeUsersAndRolesFlyout: () => emptyUser,
+      },
+    ],
+    userCreated: [
+      false,
+      {
+        setUserCreated: () => true,
+        closeUsersAndRolesFlyout: () => false,
+      },
+    ],
+    userFormIsNewUser: [
+      true,
+      {
+        setUserFormIsNewUser: (_, { userFormIsNewUser }) => userFormIsNewUser,
       },
     ],
   },
@@ -303,6 +408,17 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
       const roleMapping = values.roleMappings.find(({ id }) => id === roleMappingId);
       if (roleMapping) actions.setRoleMapping(roleMapping);
     },
+    initializeSingleUserRoleMapping: ({ roleMappingId }) => {
+      const singleUserRoleMapping = values.singleUserRoleMappings.find(
+        ({ roleMapping }) => roleMapping.id === roleMappingId
+      );
+      if (singleUserRoleMapping) {
+        actions.setElasticsearchUser(singleUserRoleMapping.elasticsearchUser);
+        actions.setRoleMapping(singleUserRoleMapping.roleMapping);
+      }
+      actions.setSingleUserRoleMapping(singleUserRoleMapping);
+      actions.setUserFormIsNewUser(!singleUserRoleMapping);
+    },
     handleDeleteMapping: async ({ roleMappingId }) => {
       const { http } = HttpLogic.values;
       const route = `/api/app_search/role_mappings/${roleMappingId}`;
@@ -357,11 +473,56 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
     resetState: () => {
       clearFlashMessages();
     },
-    closeRoleMappingFlyout: () => {
+    handleSaveUser: async () => {
+      const { http } = HttpLogic.values;
+      const {
+        roleType,
+        singleUserRoleMapping,
+        accessAllEngines,
+        selectedEngines,
+        elasticsearchUser: { email, username },
+      } = values;
+
+      const body = JSON.stringify({
+        roleMapping: {
+          engines: accessAllEngines ? [] : Array.from(selectedEngines),
+          roleType,
+          accessAllEngines,
+          id: singleUserRoleMapping?.roleMapping?.id,
+        },
+        elasticsearchUser: {
+          username,
+          email,
+        },
+      });
+
+      try {
+        const response = await http.post('/api/app_search/single_user_role_mapping', { body });
+        actions.setSingleUserRoleMapping(response);
+        actions.setUserCreated();
+        actions.initializeRoleMappings();
+      } catch (e) {
+        actions.setRoleMappingErrors(e?.body?.attributes?.errors);
+      }
+    },
+    closeUsersAndRolesFlyout: () => {
       clearFlashMessages();
+      const firstUser = values.elasticsearchUsers[0];
+      actions.setElasticsearchUser(firstUser);
     },
     openRoleMappingFlyout: () => {
       clearFlashMessages();
     },
+    openSingleUserRoleMappingFlyout: () => {
+      clearFlashMessages();
+    },
+    setUserExistingRadioValue: ({ userFormUserIsExisting }) => {
+      const firstUser = values.elasticsearchUsers[0];
+      actions.setElasticsearchUser(userFormUserIsExisting ? firstUser : emptyUser);
+    },
+    handleUsernameSelectChange: ({ username }) => {
+      const user = values.elasticsearchUsers.find((u) => u.username === username);
+      if (user) actions.setElasticsearchUser(user);
+    },
   }),
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/user.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/user.test.tsx
new file mode 100644
index 0000000000000..88103532bd149
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/user.test.tsx
@@ -0,0 +1,124 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import '../../../__mocks__/react_router';
+import '../../../__mocks__/shallow_useeffect.mock';
+import { setMockActions, setMockValues } from '../../../__mocks__/kea_logic';
+import { engines } from '../../__mocks__/engines.mock';
+
+import React from 'react';
+
+import { shallow } from 'enzyme';
+
+import { UserFlyout, UserAddedInfo, UserInvitationCallout } from '../../../shared/role_mapping';
+import { elasticsearchUsers } from '../../../shared/role_mapping/__mocks__/elasticsearch_users';
+import { wsSingleUserRoleMapping } from '../../../shared/role_mapping/__mocks__/roles';
+
+import { EngineAssignmentSelector } from './engine_assignment_selector';
+import { User } from './user';
+
+describe('User', () => {
+  const handleSaveUser = jest.fn();
+  const closeUsersAndRolesFlyout = jest.fn();
+  const setUserExistingRadioValue = jest.fn();
+  const setElasticsearchUsernameValue = jest.fn();
+  const setElasticsearchEmailValue = jest.fn();
+  const handleRoleChange = jest.fn();
+  const handleUsernameSelectChange = jest.fn();
+
+  const mockValues = {
+    availableEngines: [],
+    singleUserRoleMapping: null,
+    userFormUserIsExisting: false,
+    elasticsearchUsers: [],
+    elasticsearchUser: {},
+    roleType: 'admin',
+    roleMappingErrors: [],
+    userCreated: false,
+    userFormIsNewUser: false,
+    hasAdvancedRoles: false,
+  };
+
+  beforeEach(() => {
+    setMockActions({
+      handleSaveUser,
+      closeUsersAndRolesFlyout,
+      setUserExistingRadioValue,
+      setElasticsearchUsernameValue,
+      setElasticsearchEmailValue,
+      handleRoleChange,
+      handleUsernameSelectChange,
+    });
+
+    setMockValues(mockValues);
+  });
+
+  it('renders', () => {
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(UserFlyout)).toHaveLength(1);
+  });
+
+  it('renders engine assignment selector when groups present', () => {
+    setMockValues({ ...mockValues, availableEngines: engines, hasAdvancedRoles: true });
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(EngineAssignmentSelector)).toHaveLength(1);
+  });
+
+  it('renders userInvitationCallout', () => {
+    setMockValues({
+      ...mockValues,
+      singleUserRoleMapping: wsSingleUserRoleMapping,
+    });
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(UserInvitationCallout)).toHaveLength(1);
+  });
+
+  it('renders user added info when user created', () => {
+    setMockValues({
+      ...mockValues,
+      singleUserRoleMapping: wsSingleUserRoleMapping,
+      userCreated: true,
+    });
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(UserAddedInfo)).toHaveLength(1);
+  });
+
+  it('disables form when username value not present', () => {
+    setMockValues({
+      ...mockValues,
+      singleUserRoleMapping: wsSingleUserRoleMapping,
+      elasticsearchUsers,
+      elasticsearchUser: {
+        username: null,
+        email: 'email@user.com',
+      },
+    });
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(UserFlyout).prop('disabled')).toEqual(true);
+  });
+
+  it('enables form when userFormUserIsExisting', () => {
+    setMockValues({
+      ...mockValues,
+      userFormUserIsExisting: true.valueOf,
+      singleUserRoleMapping: wsSingleUserRoleMapping,
+      elasticsearchUsers,
+      elasticsearchUser: {
+        username: null,
+        email: 'email@user.com',
+      },
+    });
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(UserFlyout).prop('disabled')).toEqual(false);
+  });
+});
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/user.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/user.tsx
new file mode 100644
index 0000000000000..df231fac64df7
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/role_mappings/user.tsx
@@ -0,0 +1,106 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+
+import { useActions, useValues } from 'kea';
+
+import { EuiForm } from '@elastic/eui';
+
+import { getAppSearchUrl } from '../../../shared/enterprise_search_url';
+import {
+  UserFlyout,
+  UserSelector,
+  UserAddedInfo,
+  UserInvitationCallout,
+} from '../../../shared/role_mapping';
+import { RoleTypes } from '../../types';
+
+import { EngineAssignmentSelector } from './engine_assignment_selector';
+import { RoleMappingsLogic } from './role_mappings_logic';
+
+const standardRoles = (['owner', 'admin'] as unknown) as RoleTypes[];
+const advancedRoles = (['dev', 'editor', 'analyst'] as unknown) as RoleTypes[];
+
+export const User: React.FC = () => {
+  const {
+    handleSaveUser,
+    closeUsersAndRolesFlyout,
+    setUserExistingRadioValue,
+    setElasticsearchUsernameValue,
+    setElasticsearchEmailValue,
+    handleRoleChange,
+    handleUsernameSelectChange,
+  } = useActions(RoleMappingsLogic);
+
+  const {
+    availableEngines,
+    singleUserRoleMapping,
+    hasAdvancedRoles,
+    userFormUserIsExisting,
+    elasticsearchUsers,
+    elasticsearchUser,
+    roleType,
+    roleMappingErrors,
+    userCreated,
+    userFormIsNewUser,
+  } = useValues(RoleMappingsLogic);
+
+  const roleTypes = hasAdvancedRoles ? [...standardRoles, ...advancedRoles] : standardRoles;
+  const hasEngines = availableEngines.length > 0;
+  const showEngineAssignmentSelector = hasEngines && hasAdvancedRoles;
+  const flyoutDisabled =
+    !userFormUserIsExisting && (!elasticsearchUser.email || !elasticsearchUser.username);
+
+  const userAddedInfo = singleUserRoleMapping && (
+    <UserAddedInfo
+      username={singleUserRoleMapping.elasticsearchUser.username}
+      email={singleUserRoleMapping.elasticsearchUser.email as string}
+      roleType={singleUserRoleMapping.roleMapping.roleType}
+    />
+  );
+
+  const userInvitationCallout = singleUserRoleMapping?.invitation && (
+    <UserInvitationCallout
+      isNew={userCreated}
+      invitationCode={singleUserRoleMapping!.invitation.code}
+      urlPrefix={getAppSearchUrl()}
+    />
+  );
+
+  const createUserForm = (
+    <EuiForm isInvalid={roleMappingErrors.length > 0} error={roleMappingErrors}>
+      <UserSelector
+        isNewUser={userFormIsNewUser}
+        elasticsearchUsers={elasticsearchUsers}
+        handleRoleChange={handleRoleChange}
+        elasticsearchUser={elasticsearchUser}
+        setUserExisting={setUserExistingRadioValue}
+        setElasticsearchEmailValue={setElasticsearchEmailValue}
+        setElasticsearchUsernameValue={setElasticsearchUsernameValue}
+        handleUsernameSelectChange={handleUsernameSelectChange}
+        userFormUserIsExisting={userFormUserIsExisting}
+        roleTypes={roleTypes}
+        roleType={roleType}
+      />
+      {showEngineAssignmentSelector && <EngineAssignmentSelector />}
+    </EuiForm>
+  );
+
+  return (
+    <UserFlyout
+      disabled={flyoutDisabled}
+      isComplete={userCreated}
+      isNew={userFormIsNewUser}
+      closeUserFlyout={closeUsersAndRolesFlyout}
+      handleSaveUser={handleSaveUser}
+    >
+      {userCreated ? userAddedInfo : createUserForm}
+      {userInvitationCallout}
+    </UserFlyout>
+  );
+};
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/index.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/index.test.tsx
index 2402a6ecc6401..00acea945177a 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/index.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/index.test.tsx
@@ -196,6 +196,6 @@ describe('AppSearchNav', () => {
     setMockValues({ myRole: { canViewRoleMappings: true } });
     const wrapper = shallow(<AppSearchNav />);
 
-    expect(wrapper.find(SideNavLink).last().prop('to')).toEqual('/role_mappings');
+    expect(wrapper.find(SideNavLink).last().prop('to')).toEqual('/users_and_roles');
   });
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/index.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/index.tsx
index 191758af26758..d7ddad5683f38 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/index.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/index.tsx
@@ -37,7 +37,7 @@ import {
   SETUP_GUIDE_PATH,
   SETTINGS_PATH,
   CREDENTIALS_PATH,
-  ROLE_MAPPINGS_PATH,
+  USERS_AND_ROLES_PATH,
   ENGINES_PATH,
   ENGINE_PATH,
   LIBRARY_PATH,
@@ -128,7 +128,7 @@ export const AppSearchConfigured: React.FC<Required<InitialAppData>> = (props) =
         </Route>
       )}
       {canViewRoleMappings && (
-        <Route path={ROLE_MAPPINGS_PATH}>
+        <Route path={USERS_AND_ROLES_PATH}>
           <RoleMappings />
         </Route>
       )}
@@ -162,7 +162,7 @@ export const AppSearchNav: React.FC = () => {
         <SideNavLink to={CREDENTIALS_PATH}>{CREDENTIALS_TITLE}</SideNavLink>
       )}
       {canViewRoleMappings && (
-        <SideNavLink shouldShowActiveForSubroutes to={ROLE_MAPPINGS_PATH}>
+        <SideNavLink shouldShowActiveForSubroutes to={USERS_AND_ROLES_PATH}>
           {ROLE_MAPPINGS_TITLE}
         </SideNavLink>
       )}
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/routes.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/routes.ts
index d9d1935c648f7..f086a32bbf590 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/routes.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/routes.ts
@@ -15,7 +15,7 @@ export const LIBRARY_PATH = '/library';
 export const SETTINGS_PATH = '/settings';
 export const CREDENTIALS_PATH = '/credentials';
 
-export const ROLE_MAPPINGS_PATH = '/role_mappings';
+export const USERS_AND_ROLES_PATH = '/users_and_roles';
 
 export const ENGINES_PATH = '/engines';
 export const ENGINE_CREATION_PATH = `${ENGINES_PATH}/new`; // This is safe from conflicting with an :engineName path because new is a reserved name
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts
index 45cab32b67e08..215c76ffb7ef4 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts
@@ -136,7 +136,7 @@ export const FILTER_ROLE_MAPPINGS_PLACEHOLDER = i18n.translate(
 export const ROLE_MAPPINGS_TITLE = i18n.translate(
   'xpack.enterpriseSearch.roleMapping.roleMappingsTitle',
   {
-    defaultMessage: 'Users & roles',
+    defaultMessage: 'Users and roles',
   }
 );
 
@@ -406,3 +406,19 @@ export const FILTER_USERS_LABEL = i18n.translate(
 export const NO_USERS_LABEL = i18n.translate('xpack.enterpriseSearch.roleMapping.noUsersLabel', {
   defaultMessage: 'No matching users found',
 });
+
+export const EXTERNAL_ATTRIBUTE_TOOLTIP = i18n.translate(
+  'xpack.enterpriseSearch.roleMapping.externalAttributeTooltip',
+  {
+    defaultMessage:
+      'External attributes are defined by the identity provider, and varies from service to service.',
+  }
+);
+
+export const AUTH_PROVIDER_TOOLTIP = i18n.translate(
+  'xpack.enterpriseSearch.roleMapping.authProviderTooltip',
+  {
+    defaultMessage:
+      'Provider-specific role mapping is still applied, but configuration is now deprecated.',
+  }
+);
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mapping_flyout.test.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mapping_flyout.test.tsx
index c0973bb2c9504..ffcf5508233fc 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mapping_flyout.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mapping_flyout.test.tsx
@@ -20,13 +20,13 @@ import {
 import { RoleMappingFlyout } from './role_mapping_flyout';
 
 describe('RoleMappingFlyout', () => {
-  const closeRoleMappingFlyout = jest.fn();
+  const closeUsersAndRolesFlyout = jest.fn();
   const handleSaveMapping = jest.fn();
 
   const props = {
     isNew: true,
     disabled: false,
-    closeRoleMappingFlyout,
+    closeUsersAndRolesFlyout,
     handleSaveMapping,
   };
 
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mapping_flyout.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mapping_flyout.tsx
index bae991fef3655..4416a2de28011 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mapping_flyout.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mapping_flyout.tsx
@@ -36,7 +36,7 @@ interface Props {
   children: React.ReactNode;
   isNew: boolean;
   disabled: boolean;
-  closeRoleMappingFlyout(): void;
+  closeUsersAndRolesFlyout(): void;
   handleSaveMapping(): void;
 }
 
@@ -44,13 +44,13 @@ export const RoleMappingFlyout: React.FC<Props> = ({
   children,
   isNew,
   disabled,
-  closeRoleMappingFlyout,
+  closeUsersAndRolesFlyout,
   handleSaveMapping,
 }) => (
   <EuiPortal>
     <EuiFlyout
       ownFocus
-      onClose={closeRoleMappingFlyout}
+      onClose={closeUsersAndRolesFlyout}
       size="s"
       aria-labelledby="flyoutLargeTitle"
     >
@@ -71,7 +71,9 @@ export const RoleMappingFlyout: React.FC<Props> = ({
       <EuiFlyoutFooter>
         <EuiFlexGroup justifyContent="spaceBetween">
           <EuiFlexItem grow={false}>
-            <EuiButtonEmpty onClick={closeRoleMappingFlyout}>{CANCEL_BUTTON_LABEL}</EuiButtonEmpty>
+            <EuiButtonEmpty onClick={closeUsersAndRolesFlyout}>
+              {CANCEL_BUTTON_LABEL}
+            </EuiButtonEmpty>
           </EuiFlexItem>
           <EuiFlexItem grow={false}>
             <EuiButton
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_table.test.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_table.test.tsx
index 81a7c06020165..61043aa6ad9a8 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_table.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_table.test.tsx
@@ -15,8 +15,6 @@ import { EuiInMemoryTable, EuiTableHeaderCell } from '@elastic/eui';
 
 import { engines } from '../../app_search/__mocks__/engines.mock';
 
-import { ANY_AUTH_PROVIDER_OPTION_LABEL } from './constants';
-
 import { RoleMappingsTable } from './role_mappings_table';
 import { UsersAndRolesRowActions } from './users_and_roles_row_actions';
 
@@ -59,11 +57,13 @@ describe('RoleMappingsTable', () => {
   });
 
   it('renders auth provider display names', () => {
-    const wrapper = mount(<RoleMappingsTable {...props} />);
+    const roleMappingWithAuths = {
+      ...wsRoleMapping,
+      authProvider: ['saml', 'native'],
+    };
+    const wrapper = mount(<RoleMappingsTable {...props} roleMappings={[roleMappingWithAuths]} />);
 
-    expect(wrapper.find('[data-test-subj="AuthProviderDisplayValue"]').prop('children')).toEqual(
-      `${ANY_AUTH_PROVIDER_OPTION_LABEL}, other_auth`
-    );
+    expect(wrapper.find('[data-test-subj="ProviderSpecificList"]')).toHaveLength(1);
   });
 
   it('handles manage click', () => {
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_table.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_table.tsx
index eb9621c7a242c..4136d114d3420 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_table.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/role_mappings_table.tsx
@@ -7,14 +7,17 @@
 
 import React from 'react';
 
-import { EuiIconTip, EuiInMemoryTable, EuiBasicTableColumn } from '@elastic/eui';
+import { EuiIconTip, EuiInMemoryTable, EuiBasicTableColumn, EuiLink } from '@elastic/eui';
 
 import { ASRoleMapping } from '../../app_search/types';
 import { WSRoleMapping } from '../../workplace_search/types';
+import { docLinks } from '../doc_links';
 import { RoleRules } from '../types';
 
 import './role_mappings_table.scss';
 
+const AUTH_PROVIDER_DOCUMENTATION_URL = `${docLinks.enterpriseSearchBase}/users-access.html`;
+
 import {
   ANY_AUTH_PROVIDER,
   ANY_AUTH_PROVIDER_OPTION_LABEL,
@@ -25,6 +28,8 @@ import {
   ATTRIBUTE_VALUE_LABEL,
   FILTER_ROLE_MAPPINGS_PLACEHOLDER,
   ROLE_MAPPINGS_NO_RESULTS_MESSAGE,
+  EXTERNAL_ATTRIBUTE_TOOLTIP,
+  AUTH_PROVIDER_TOOLTIP,
 } from './constants';
 import { UsersAndRolesRowActions } from './users_and_roles_row_actions';
 
@@ -46,9 +51,6 @@ interface Props {
   handleDeleteMapping(roleMappingId: string): void;
 }
 
-const getAuthProviderDisplayValue = (authProvider: string) =>
-  authProvider === ANY_AUTH_PROVIDER ? ANY_AUTH_PROVIDER_OPTION_LABEL : authProvider;
-
 export const RoleMappingsTable: React.FC<Props> = ({
   accessItemKey,
   accessHeader,
@@ -69,7 +71,19 @@ export const RoleMappingsTable: React.FC<Props> = ({
 
   const attributeNameCol: EuiBasicTableColumn<SharedRoleMapping> = {
     field: 'attribute',
-    name: EXTERNAL_ATTRIBUTE_LABEL,
+    name: (
+      <span>
+        {EXTERNAL_ATTRIBUTE_LABEL}{' '}
+        <EuiIconTip
+          type="iInCircle"
+          color="subdued"
+          content={EXTERNAL_ATTRIBUTE_TOOLTIP}
+          iconProps={{
+            className: 'eui-alignTop',
+          }}
+        />
+      </span>
+    ),
     render: (_, { rules }: SharedRoleMapping) => getFirstAttributeName(rules),
   };
 
@@ -105,11 +119,19 @@ export const RoleMappingsTable: React.FC<Props> = ({
   const authProviderCol: EuiBasicTableColumn<SharedRoleMapping> = {
     field: 'authProvider',
     name: AUTH_PROVIDER_LABEL,
-    render: (_, { authProvider }: SharedRoleMapping) => (
-      <span data-test-subj="AuthProviderDisplayValue">
-        {authProvider.map(getAuthProviderDisplayValue).join(', ')}
-      </span>
-    ),
+    render: (_, { authProvider }: SharedRoleMapping) => {
+      if (authProvider[0] === ANY_AUTH_PROVIDER) {
+        return ANY_AUTH_PROVIDER_OPTION_LABEL;
+      }
+      return (
+        <span data-test-subj="ProviderSpecificList">
+          {authProvider.join(', ')}{' '}
+          <EuiLink href={AUTH_PROVIDER_DOCUMENTATION_URL} target="_blank">
+            <EuiIconTip type="alert" color="warning" content={AUTH_PROVIDER_TOOLTIP} />
+          </EuiLink>
+        </span>
+      );
+    },
   };
 
   const actionsCol: EuiBasicTableColumn<SharedRoleMapping> = {
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_added_info.test.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_added_info.test.tsx
index 30bdaa0010b58..57200b389591d 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_added_info.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_added_info.test.tsx
@@ -9,8 +9,6 @@ import React from 'react';
 
 import { shallow } from 'enzyme';
 
-import { EuiText } from '@elastic/eui';
-
 import { UserAddedInfo } from './';
 
 describe('UserAddedInfo', () => {
@@ -20,9 +18,103 @@ describe('UserAddedInfo', () => {
     roleType: 'user',
   };
 
-  it('renders', () => {
+  it('renders with email', () => {
     const wrapper = shallow(<UserAddedInfo {...props} />);
 
-    expect(wrapper.find(EuiText)).toHaveLength(6);
+    expect(wrapper).toMatchInlineSnapshot(`
+      <Fragment>
+        <EuiText
+          size="s"
+        >
+          <strong>
+            Username
+          </strong>
+        </EuiText>
+        <EuiText
+          size="s"
+        >
+          user1
+        </EuiText>
+        <EuiSpacer />
+        <EuiText
+          size="s"
+        >
+          <strong>
+            Email
+          </strong>
+        </EuiText>
+        <EuiText
+          size="s"
+        >
+          test@test.com
+        </EuiText>
+        <EuiSpacer />
+        <EuiText
+          size="s"
+        >
+          <strong>
+            Role
+          </strong>
+        </EuiText>
+        <EuiText
+          size="s"
+        >
+          user
+        </EuiText>
+        <EuiSpacer />
+      </Fragment>
+    `);
+  });
+
+  it('renders without email', () => {
+    const wrapper = shallow(<UserAddedInfo {...props} email="" />);
+
+    expect(wrapper).toMatchInlineSnapshot(`
+      <Fragment>
+        <EuiText
+          size="s"
+        >
+          <strong>
+            Username
+          </strong>
+        </EuiText>
+        <EuiText
+          size="s"
+        >
+          user1
+        </EuiText>
+        <EuiSpacer />
+        <EuiText
+          size="s"
+        >
+          <strong>
+            Email
+          </strong>
+        </EuiText>
+        <EuiText
+          size="s"
+        >
+          <EuiTextColor
+            color="subdued"
+          >
+            —
+          </EuiTextColor>
+        </EuiText>
+        <EuiSpacer />
+        <EuiText
+          size="s"
+        >
+          <strong>
+            Role
+          </strong>
+        </EuiText>
+        <EuiText
+          size="s"
+        >
+          user
+        </EuiText>
+        <EuiSpacer />
+      </Fragment>
+    `);
   });
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_added_info.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_added_info.tsx
index a12eae66262a0..37804414a94a9 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_added_info.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_added_info.tsx
@@ -7,7 +7,7 @@
 
 import React from 'react';
 
-import { EuiSpacer, EuiText } from '@elastic/eui';
+import { EuiSpacer, EuiText, EuiTextColor } from '@elastic/eui';
 
 import { USERNAME_LABEL, EMAIL_LABEL } from '../constants';
 
@@ -19,6 +19,8 @@ interface Props {
   roleType: string;
 }
 
+const noItemsPlaceholder = <EuiTextColor color="subdued">&mdash;</EuiTextColor>;
+
 export const UserAddedInfo: React.FC<Props> = ({ username, email, roleType }) => (
   <>
     <EuiText size="s">
@@ -29,7 +31,7 @@ export const UserAddedInfo: React.FC<Props> = ({ username, email, roleType }) =>
     <EuiText size="s">
       <strong>{EMAIL_LABEL}</strong>
     </EuiText>
-    <EuiText size="s">{email}</EuiText>
+    <EuiText size="s">{email || noItemsPlaceholder}</EuiText>
     <EuiSpacer />
     <EuiText size="s">
       <strong>{ROLE_LABEL}</strong>
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_flyout.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_flyout.tsx
index e13a56a716929..a3be5e295ddfe 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_flyout.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_flyout.tsx
@@ -17,6 +17,7 @@ import {
   EuiFlyoutFooter,
   EuiFlyoutHeader,
   EuiIcon,
+  EuiPortal,
   EuiText,
   EuiTitle,
   EuiSpacer,
@@ -92,22 +93,26 @@ export const UserFlyout: React.FC<Props> = ({
   );
 
   return (
-    <EuiFlyout ownFocus onClose={closeUserFlyout} size="s" aria-labelledby="userFlyoutTitle">
-      <EuiFlyoutHeader hasBorder>
-        <EuiTitle size="m">
-          <h2 id="userFlyoutTitle">{isComplete ? IS_COMPLETE_HEADING : IS_EDITING_HEADING}</h2>
-        </EuiTitle>
-        {!isComplete && (
-          <EuiText size="xs">
-            <p>{IS_EDITING_DESCRIPTION}</p>
-          </EuiText>
-        )}
-      </EuiFlyoutHeader>
-      <EuiFlyoutBody>
-        {children}
-        <EuiSpacer />
-      </EuiFlyoutBody>
-      <EuiFlyoutFooter>{isComplete ? completedFooterAction : editingFooterActions}</EuiFlyoutFooter>
-    </EuiFlyout>
+    <EuiPortal>
+      <EuiFlyout ownFocus onClose={closeUserFlyout} size="s" aria-labelledby="userFlyoutTitle">
+        <EuiFlyoutHeader hasBorder>
+          <EuiTitle size="m">
+            <h2 id="userFlyoutTitle">{isComplete ? IS_COMPLETE_HEADING : IS_EDITING_HEADING}</h2>
+          </EuiTitle>
+          {!isComplete && (
+            <EuiText size="xs">
+              <p>{IS_EDITING_DESCRIPTION}</p>
+            </EuiText>
+          )}
+        </EuiFlyoutHeader>
+        <EuiFlyoutBody>
+          {children}
+          <EuiSpacer />
+        </EuiFlyoutBody>
+        <EuiFlyoutFooter>
+          {isComplete ? completedFooterAction : editingFooterActions}
+        </EuiFlyoutFooter>
+      </EuiFlyout>
+    </EuiPortal>
   );
 };
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_invitation_callout.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_invitation_callout.tsx
index 8310077ad6f2e..d6d0ce7b050ab 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_invitation_callout.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_invitation_callout.tsx
@@ -23,7 +23,7 @@ interface Props {
 }
 
 export const UserInvitationCallout: React.FC<Props> = ({ isNew, invitationCode, urlPrefix }) => {
-  const link = urlPrefix + invitationCode;
+  const link = `${urlPrefix}/invitations/${invitationCode}`;
   const label = isNew ? NEW_INVITATION_LABEL : EXISTING_INVITATION_LABEL;
 
   return (
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_selector.test.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_selector.test.tsx
index 08ddc7ba5427f..60bac97d09835 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_selector.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_selector.test.tsx
@@ -13,7 +13,7 @@ import { shallow } from 'enzyme';
 
 import { EuiFormRow } from '@elastic/eui';
 
-import { Role as ASRole } from '../../app_search/types';
+import { RoleTypes as ASRole } from '../../app_search/types';
 
 import { REQUIRED_LABEL, USERNAME_NO_USERS_TEXT } from './constants';
 
@@ -107,6 +107,5 @@ describe('UserSelector', () => {
 
     expect(wrapper.find(EuiFormRow).at(0).prop('helpText')).toEqual(USERNAME_NO_USERS_TEXT);
     expect(wrapper.find(EuiFormRow).at(1).prop('helpText')).toEqual(REQUIRED_LABEL);
-    expect(wrapper.find(EuiFormRow).at(2).prop('helpText')).toEqual(REQUIRED_LABEL);
   });
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_selector.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_selector.tsx
index 70348bf29894a..d65f97265f6a3 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_selector.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/user_selector.tsx
@@ -16,7 +16,7 @@ import {
   EuiSpacer,
 } from '@elastic/eui';
 
-import { Role as ASRole } from '../../app_search/types';
+import { RoleTypes as ASRole } from '../../app_search/types';
 import { ElasticsearchUser } from '../../shared/types';
 import { Role as WSRole } from '../../workplace_search/types';
 
@@ -80,7 +80,7 @@ export const UserSelector: React.FC<Props> = ({
   );
 
   const emailInput = (
-    <EuiFormRow label={EMAIL_LABEL} helpText={!elasticsearchUser.email && REQUIRED_LABEL}>
+    <EuiFormRow label={EMAIL_LABEL}>
       <EuiFieldText
         name={EMAIL_LABEL}
         data-test-subj="EmailInput"
@@ -95,6 +95,7 @@ export const UserSelector: React.FC<Props> = ({
       <EuiFormRow label={USERNAME_LABEL} helpText={!elasticsearchUser.username && REQUIRED_LABEL}>
         <EuiFieldText
           name={USERNAME_LABEL}
+          disabled={!isNewUser}
           data-test-subj="UsernameInput"
           value={elasticsearchUser.username}
           onChange={(e) => setElasticsearchUsernameValue(e.target.value)}
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/users_table.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/users_table.tsx
index 86dc2c2626229..674796775b1d3 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/users_table.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/users_table.tsx
@@ -46,8 +46,8 @@ interface SharedRoleMapping extends ASRoleMapping, WSRoleMapping {
 interface Props {
   accessItemKey: 'groups' | 'engines';
   singleUserRoleMappings: Array<SingleUserRoleMapping<ASRoleMapping | WSRoleMapping>>;
-  initializeSingleUserRoleMapping(roleId: string): string;
-  handleDeleteMapping(roleId: string): string;
+  initializeSingleUserRoleMapping(roleMappingId: string): void;
+  handleDeleteMapping(roleMappingId: string): void;
 }
 
 const noItemsPlaceholder = <EuiTextColor color="subdued">&mdash;</EuiTextColor>;
@@ -110,6 +110,7 @@ export const UsersTable: React.FC<Props> = ({
     {
       field: 'id',
       name: '',
+      align: 'right',
       render: (_, { id, username }: SharedUser) => (
         <UsersAndRolesRowActions
           username={username}
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.test.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.test.tsx
index f2601ff98db1d..04576e981e104 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.test.tsx
@@ -53,8 +53,8 @@ describe('useWorkplaceSearchNav', () => {
           },
           {
             id: 'usersRoles',
-            name: 'Users & roles',
-            href: '/role_mappings',
+            name: 'Users and roles',
+            href: '/users_and_roles',
           },
           {
             id: 'security',
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.tsx
index ce2f8bf7ef7e4..c8d821dcdae2e 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/components/layout/nav.tsx
@@ -15,7 +15,7 @@ import { NAV } from '../../constants';
 import {
   SOURCES_PATH,
   SECURITY_PATH,
-  ROLE_MAPPINGS_PATH,
+  USERS_AND_ROLES_PATH,
   GROUPS_PATH,
   ORG_SETTINGS_PATH,
 } from '../../routes';
@@ -48,7 +48,7 @@ export const useWorkplaceSearchNav = () => {
     {
       id: 'usersRoles',
       name: NAV.ROLE_MAPPINGS,
-      ...generateNavLink({ to: ROLE_MAPPINGS_PATH }),
+      ...generateNavLink({ to: USERS_AND_ROLES_PATH }),
     },
     {
       id: 'security',
@@ -92,7 +92,7 @@ export const WorkplaceSearchNav: React.FC<Props> = ({
     <SideNavLink to={GROUPS_PATH} subNav={groupsSubNav}>
       {NAV.GROUPS}
     </SideNavLink>
-    <SideNavLink shouldShowActiveForSubroutes to={ROLE_MAPPINGS_PATH}>
+    <SideNavLink shouldShowActiveForSubroutes to={USERS_AND_ROLES_PATH}>
       {NAV.ROLE_MAPPINGS}
     </SideNavLink>
     <SideNavLink to={SECURITY_PATH}>{NAV.SECURITY}</SideNavLink>
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/constants.ts b/x-pack/plugins/enterprise_search/public/applications/workplace_search/constants.ts
index aa5419f12c7f3..cf459171a808a 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/constants.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/constants.ts
@@ -40,7 +40,7 @@ export const NAV = {
     defaultMessage: 'Content',
   }),
   ROLE_MAPPINGS: i18n.translate('xpack.enterpriseSearch.workplaceSearch.nav.roleMappings', {
-    defaultMessage: 'Users & roles',
+    defaultMessage: 'Users and roles',
   }),
   SECURITY: i18n.translate('xpack.enterpriseSearch.workplaceSearch.nav.security', {
     defaultMessage: 'Security',
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/index.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/index.tsx
index 8a1e9c0275322..05018be2934b4 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/index.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/index.tsx
@@ -26,7 +26,7 @@ import {
   SOURCE_ADDED_PATH,
   PERSONAL_SOURCES_PATH,
   ORG_SETTINGS_PATH,
-  ROLE_MAPPINGS_PATH,
+  USERS_AND_ROLES_PATH,
   SECURITY_PATH,
   PERSONAL_SETTINGS_PATH,
   PERSONAL_PATH,
@@ -103,7 +103,7 @@ export const WorkplaceSearchConfigured: React.FC<InitialAppData> = (props) => {
       <Route path={GROUPS_PATH}>
         <GroupsRouter />
       </Route>
-      <Route path={ROLE_MAPPINGS_PATH}>
+      <Route path={USERS_AND_ROLES_PATH}>
         <RoleMappings />
       </Route>
       <Route path={SECURITY_PATH}>
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/routes.ts b/x-pack/plugins/enterprise_search/public/applications/workplace_search/routes.ts
index 3c564c1f912ec..b9309ffd94809 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/routes.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/routes.ts
@@ -48,7 +48,7 @@ export const ENT_SEARCH_LICENSE_MANAGEMENT = `${docLinks.enterpriseSearchBase}/l
 
 export const PERSONAL_PATH = '/p';
 
-export const ROLE_MAPPINGS_PATH = '/role_mappings';
+export const USERS_AND_ROLES_PATH = '/users_and_roles';
 
 export const USERS_PATH = '/users';
 export const SECURITY_PATH = '/security';
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mapping.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mapping.tsx
index cc773895bff1c..20211d40d7010 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mapping.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mapping.tsx
@@ -43,7 +43,7 @@ export const RoleMapping: React.FC = () => {
     handleAttributeSelectorChange,
     handleRoleChange,
     handleAuthProviderChange,
-    closeRoleMappingFlyout,
+    closeUsersAndRolesFlyout,
   } = useActions(RoleMappingsLogic);
 
   const {
@@ -70,7 +70,7 @@ export const RoleMapping: React.FC = () => {
     <RoleMappingFlyout
       disabled={attributeValueInvalid || !hasGroupAssignment}
       isNew={isNew}
-      closeRoleMappingFlyout={closeRoleMappingFlyout}
+      closeUsersAndRolesFlyout={closeUsersAndRolesFlyout}
       handleSaveMapping={handleSaveMapping}
     >
       <EuiForm isInvalid={roleMappingErrors.length > 0} error={roleMappingErrors}>
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.test.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.test.tsx
index 308022ccb2e5a..2e13f24a13eee 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.test.tsx
@@ -12,26 +12,39 @@ import React from 'react';
 
 import { shallow } from 'enzyme';
 
-import { RoleMappingsTable, RoleMappingsHeading } from '../../../shared/role_mapping';
-import { wsRoleMapping } from '../../../shared/role_mapping/__mocks__/roles';
+import {
+  RoleMappingsTable,
+  RoleMappingsHeading,
+  UsersHeading,
+  UsersEmptyPrompt,
+} from '../../../shared/role_mapping';
+import {
+  wsRoleMapping,
+  wsSingleUserRoleMapping,
+} from '../../../shared/role_mapping/__mocks__/roles';
 
 import { RoleMapping } from './role_mapping';
 import { RoleMappings } from './role_mappings';
+import { User } from './user';
 
 describe('RoleMappings', () => {
   const initializeRoleMappings = jest.fn();
   const initializeRoleMapping = jest.fn();
+  const initializeSingleUserRoleMapping = jest.fn();
   const handleDeleteMapping = jest.fn();
   const mockValues = {
     roleMappings: [wsRoleMapping],
     dataLoading: false,
     multipleAuthProvidersConfig: false,
+    singleUserRoleMappings: [wsSingleUserRoleMapping],
+    singleUserRoleMappingFlyoutOpen: false,
   };
 
   beforeEach(() => {
     setMockActions({
       initializeRoleMappings,
       initializeRoleMapping,
+      initializeSingleUserRoleMapping,
       handleDeleteMapping,
     });
     setMockValues(mockValues);
@@ -50,10 +63,31 @@ describe('RoleMappings', () => {
     expect(wrapper.find(RoleMapping)).toHaveLength(1);
   });
 
-  it('handles onClick', () => {
+  it('renders User flyout', () => {
+    setMockValues({ ...mockValues, singleUserRoleMappingFlyoutOpen: true });
+    const wrapper = shallow(<RoleMappings />);
+
+    expect(wrapper.find(User)).toHaveLength(1);
+  });
+
+  it('handles RoleMappingsHeading onClick', () => {
     const wrapper = shallow(<RoleMappings />);
     wrapper.find(RoleMappingsHeading).prop('onClick')();
 
     expect(initializeRoleMapping).toHaveBeenCalled();
   });
+
+  it('handles UsersHeading onClick', () => {
+    const wrapper = shallow(<RoleMappings />);
+    wrapper.find(UsersHeading).prop('onClick')();
+
+    expect(initializeSingleUserRoleMapping).toHaveBeenCalled();
+  });
+
+  it('handles empty users state', () => {
+    setMockValues({ ...mockValues, singleUserRoleMappings: [] });
+    const wrapper = shallow(<RoleMappings />);
+
+    expect(wrapper.find(UsersEmptyPrompt)).toHaveLength(1);
+  });
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.tsx
index 01d32bec14ebd..df5d7e4267690 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings.tsx
@@ -9,11 +9,16 @@ import React, { useEffect } from 'react';
 
 import { useActions, useValues } from 'kea';
 
+import { EuiSpacer } from '@elastic/eui';
+
 import { WORKPLACE_SEARCH_PLUGIN } from '../../../../../common/constants';
 import {
   RoleMappingsTable,
   RoleMappingsHeading,
   RolesEmptyPrompt,
+  UsersTable,
+  UsersHeading,
+  UsersEmptyPrompt,
 } from '../../../shared/role_mapping';
 import { ROLE_MAPPINGS_TITLE } from '../../../shared/role_mapping/constants';
 import { WorkplaceSearchPageTemplate } from '../../components/layout';
@@ -23,26 +28,32 @@ import { ROLE_MAPPINGS_TABLE_HEADER } from './constants';
 
 import { RoleMapping } from './role_mapping';
 import { RoleMappingsLogic } from './role_mappings_logic';
+import { User } from './user';
 
 export const RoleMappings: React.FC = () => {
   const {
     enableRoleBasedAccess,
     initializeRoleMappings,
     initializeRoleMapping,
+    initializeSingleUserRoleMapping,
     handleDeleteMapping,
   } = useActions(RoleMappingsLogic);
 
   const {
     roleMappings,
+    singleUserRoleMappings,
     dataLoading,
     multipleAuthProvidersConfig,
     roleMappingFlyoutOpen,
+    singleUserRoleMappingFlyoutOpen,
   } = useValues(RoleMappingsLogic);
 
   useEffect(() => {
     initializeRoleMappings();
   }, []);
 
+  const hasUsers = singleUserRoleMappings.length > 0;
+
   const rolesEmptyState = (
     <RolesEmptyPrompt
       productName={WORKPLACE_SEARCH_PLUGIN.NAME}
@@ -69,6 +80,23 @@ export const RoleMappings: React.FC = () => {
     </section>
   );
 
+  const usersTable = (
+    <UsersTable
+      accessItemKey="groups"
+      singleUserRoleMappings={singleUserRoleMappings}
+      initializeSingleUserRoleMapping={initializeSingleUserRoleMapping}
+      handleDeleteMapping={handleDeleteMapping}
+    />
+  );
+
+  const usersSection = (
+    <>
+      <UsersHeading onClick={() => initializeSingleUserRoleMapping()} />
+      <EuiSpacer />
+      {hasUsers ? usersTable : <UsersEmptyPrompt />}
+    </>
+  );
+
   return (
     <WorkplaceSearchPageTemplate
       pageChrome={[ROLE_MAPPINGS_TITLE]}
@@ -78,7 +106,10 @@ export const RoleMappings: React.FC = () => {
       emptyState={rolesEmptyState}
     >
       {roleMappingFlyoutOpen && <RoleMapping />}
+      {singleUserRoleMappingFlyoutOpen && <User />}
       {roleMappingsSection}
+      <EuiSpacer size="xxl" />
+      {usersSection}
     </WorkplaceSearchPageTemplate>
   );
 };
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings_logic.test.ts
index a4bbddbd23b49..c85e86ebcca2c 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings_logic.test.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings_logic.test.ts
@@ -15,11 +15,18 @@ import { groups } from '../../__mocks__/groups.mock';
 
 import { nextTick } from '@kbn/test/jest';
 
-import { wsRoleMapping } from '../../../shared/role_mapping/__mocks__/roles';
+import { elasticsearchUsers } from '../../../shared/role_mapping/__mocks__/elasticsearch_users';
+
+import {
+  wsRoleMapping,
+  wsSingleUserRoleMapping,
+} from '../../../shared/role_mapping/__mocks__/roles';
 import { ANY_AUTH_PROVIDER } from '../../../shared/role_mapping/constants';
 
 import { RoleMappingsLogic } from './role_mappings_logic';
 
+const emptyUser = { username: '', email: '' };
+
 describe('RoleMappingsLogic', () => {
   const { http } = mockHttpValues;
   const { clearFlashMessages, flashAPIErrors } = mockFlashMessageHelpers;
@@ -28,6 +35,8 @@ describe('RoleMappingsLogic', () => {
     attributes: [],
     availableAuthProviders: [],
     elasticsearchRoles: [],
+    elasticsearchUser: emptyUser,
+    elasticsearchUsers: [],
     roleMapping: null,
     roleMappingFlyoutOpen: false,
     roleMappings: [],
@@ -42,6 +51,12 @@ describe('RoleMappingsLogic', () => {
     selectedAuthProviders: [ANY_AUTH_PROVIDER],
     selectedOptions: [],
     roleMappingErrors: [],
+    singleUserRoleMapping: null,
+    singleUserRoleMappings: [],
+    singleUserRoleMappingFlyoutOpen: false,
+    userCreated: false,
+    userFormIsNewUser: true,
+    userFormUserIsExisting: true,
   };
   const roleGroup = {
     id: '123',
@@ -59,6 +74,8 @@ describe('RoleMappingsLogic', () => {
     authProviders: [],
     availableGroups: [roleGroup, defaultGroup],
     elasticsearchRoles: [],
+    singleUserRoleMappings: [wsSingleUserRoleMapping],
+    elasticsearchUsers,
   };
 
   beforeEach(() => {
@@ -71,23 +88,36 @@ describe('RoleMappingsLogic', () => {
   });
 
   describe('actions', () => {
-    it('setRoleMappingsData', () => {
-      RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+    describe('setRoleMappingsData', () => {
+      it('sets data based on server response from the `mappings` (plural) endpoint', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
 
-      expect(RoleMappingsLogic.values.roleMappings).toEqual([wsRoleMapping]);
-      expect(RoleMappingsLogic.values.dataLoading).toEqual(false);
-      expect(RoleMappingsLogic.values.multipleAuthProvidersConfig).toEqual(true);
-      expect(RoleMappingsLogic.values.dataLoading).toEqual(false);
-      expect(RoleMappingsLogic.values.attributes).toEqual(mappingsServerProps.attributes);
-      expect(RoleMappingsLogic.values.availableGroups).toEqual(mappingsServerProps.availableGroups);
-      expect(RoleMappingsLogic.values.includeInAllGroups).toEqual(false);
-      expect(RoleMappingsLogic.values.elasticsearchRoles).toEqual(
-        mappingsServerProps.elasticsearchRoles
-      );
-      expect(RoleMappingsLogic.values.selectedOptions).toEqual([
-        { label: defaultGroup.name, value: defaultGroup.id },
-      ]);
-      expect(RoleMappingsLogic.values.selectedGroups).toEqual(new Set([defaultGroup.id]));
+        expect(RoleMappingsLogic.values.roleMappings).toEqual([wsRoleMapping]);
+        expect(RoleMappingsLogic.values.dataLoading).toEqual(false);
+        expect(RoleMappingsLogic.values.multipleAuthProvidersConfig).toEqual(true);
+        expect(RoleMappingsLogic.values.dataLoading).toEqual(false);
+        expect(RoleMappingsLogic.values.attributes).toEqual(mappingsServerProps.attributes);
+        expect(RoleMappingsLogic.values.availableGroups).toEqual(
+          mappingsServerProps.availableGroups
+        );
+        expect(RoleMappingsLogic.values.includeInAllGroups).toEqual(false);
+        expect(RoleMappingsLogic.values.elasticsearchRoles).toEqual(
+          mappingsServerProps.elasticsearchRoles
+        );
+        expect(RoleMappingsLogic.values.selectedOptions).toEqual([
+          { label: defaultGroup.name, value: defaultGroup.id },
+        ]);
+        expect(RoleMappingsLogic.values.selectedGroups).toEqual(new Set([defaultGroup.id]));
+      });
+
+      it('handles fallback if no elasticsearch users present', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData({
+          ...mappingsServerProps,
+          elasticsearchUsers: [],
+        });
+
+        expect(RoleMappingsLogic.values.elasticsearchUser).toEqual(emptyUser);
+      });
     });
 
     it('setRoleMappings', () => {
@@ -97,6 +127,26 @@ describe('RoleMappingsLogic', () => {
       expect(RoleMappingsLogic.values.dataLoading).toEqual(false);
     });
 
+    describe('setElasticsearchUser', () => {
+      it('sets user', () => {
+        RoleMappingsLogic.actions.setElasticsearchUser(elasticsearchUsers[0]);
+
+        expect(RoleMappingsLogic.values.elasticsearchUser).toEqual(elasticsearchUsers[0]);
+      });
+
+      it('handles fallback if no user present', () => {
+        RoleMappingsLogic.actions.setElasticsearchUser(undefined);
+
+        expect(RoleMappingsLogic.values.elasticsearchUser).toEqual(emptyUser);
+      });
+    });
+
+    it('setSingleUserRoleMapping', () => {
+      RoleMappingsLogic.actions.setSingleUserRoleMapping(wsSingleUserRoleMapping);
+
+      expect(RoleMappingsLogic.values.singleUserRoleMapping).toEqual(wsSingleUserRoleMapping);
+    });
+
     it('handleRoleChange', () => {
       RoleMappingsLogic.actions.handleRoleChange('user');
 
@@ -133,6 +183,12 @@ describe('RoleMappingsLogic', () => {
       expect(RoleMappingsLogic.values.includeInAllGroups).toEqual(true);
     });
 
+    it('setUserExistingRadioValue', () => {
+      RoleMappingsLogic.actions.setUserExistingRadioValue(false);
+
+      expect(RoleMappingsLogic.values.userFormUserIsExisting).toEqual(false);
+    });
+
     describe('handleAttributeSelectorChange', () => {
       const elasticsearchRoles = ['foo', 'bar'];
 
@@ -228,16 +284,50 @@ describe('RoleMappingsLogic', () => {
       expect(clearFlashMessages).toHaveBeenCalled();
     });
 
-    it('closeRoleMappingFlyout', () => {
+    it('openSingleUserRoleMappingFlyout', () => {
+      mount(mappingsServerProps);
+      RoleMappingsLogic.actions.openSingleUserRoleMappingFlyout();
+
+      expect(RoleMappingsLogic.values.singleUserRoleMappingFlyoutOpen).toEqual(true);
+      expect(clearFlashMessages).toHaveBeenCalled();
+    });
+
+    it('closeUsersAndRolesFlyout', () => {
       mount({
         ...mappingsServerProps,
         roleMappingFlyoutOpen: true,
       });
-      RoleMappingsLogic.actions.closeRoleMappingFlyout();
+      RoleMappingsLogic.actions.closeUsersAndRolesFlyout();
 
       expect(RoleMappingsLogic.values.roleMappingFlyoutOpen).toEqual(false);
       expect(clearFlashMessages).toHaveBeenCalled();
     });
+
+    it('setElasticsearchUsernameValue', () => {
+      const username = 'newName';
+      RoleMappingsLogic.actions.setElasticsearchUsernameValue(username);
+
+      expect(RoleMappingsLogic.values.elasticsearchUser).toEqual({
+        ...RoleMappingsLogic.values.elasticsearchUser,
+        username,
+      });
+    });
+
+    it('setElasticsearchEmailValue', () => {
+      const email = 'newEmail@foo.cats';
+      RoleMappingsLogic.actions.setElasticsearchEmailValue(email);
+
+      expect(RoleMappingsLogic.values.elasticsearchUser).toEqual({
+        ...RoleMappingsLogic.values.elasticsearchUser,
+        email,
+      });
+    });
+
+    it('setUserCreated', () => {
+      RoleMappingsLogic.actions.setUserCreated();
+
+      expect(RoleMappingsLogic.values.userCreated).toEqual(true);
+    });
   });
 
   describe('listeners', () => {
@@ -303,6 +393,39 @@ describe('RoleMappingsLogic', () => {
       });
     });
 
+    describe('initializeSingleUserRoleMapping', () => {
+      let setElasticsearchUserSpy: jest.MockedFunction<any>;
+      let setRoleMappingSpy: jest.MockedFunction<any>;
+      let setSingleUserRoleMappingSpy: jest.MockedFunction<any>;
+      beforeEach(() => {
+        setElasticsearchUserSpy = jest.spyOn(RoleMappingsLogic.actions, 'setElasticsearchUser');
+        setRoleMappingSpy = jest.spyOn(RoleMappingsLogic.actions, 'setRoleMapping');
+        setSingleUserRoleMappingSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setSingleUserRoleMapping'
+        );
+      });
+
+      it('should handle the new user state and only set an empty mapping', () => {
+        RoleMappingsLogic.actions.initializeSingleUserRoleMapping();
+
+        expect(setElasticsearchUserSpy).not.toHaveBeenCalled();
+        expect(setRoleMappingSpy).not.toHaveBeenCalled();
+        expect(setSingleUserRoleMappingSpy).toHaveBeenCalledWith(undefined);
+      });
+
+      it('should handle an existing user state and set mapping', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+        RoleMappingsLogic.actions.initializeSingleUserRoleMapping(
+          wsSingleUserRoleMapping.roleMapping.id
+        );
+
+        expect(setElasticsearchUserSpy).toHaveBeenCalled();
+        expect(setRoleMappingSpy).toHaveBeenCalled();
+        expect(setSingleUserRoleMappingSpy).toHaveBeenCalledWith(wsSingleUserRoleMapping);
+      });
+    });
+
     describe('handleSaveMapping', () => {
       it('calls API and refreshes list when new mapping', async () => {
         const initializeRoleMappingsSpy = jest.spyOn(
@@ -381,6 +504,100 @@ describe('RoleMappingsLogic', () => {
       });
     });
 
+    describe('handleSaveUser', () => {
+      it('calls API and refreshes list when new mapping', async () => {
+        const initializeRoleMappingsSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'initializeRoleMappings'
+        );
+        const setUserCreatedSpy = jest.spyOn(RoleMappingsLogic.actions, 'setUserCreated');
+        const setSingleUserRoleMappingSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setSingleUserRoleMapping'
+        );
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+
+        http.post.mockReturnValue(Promise.resolve(mappingsServerProps));
+        RoleMappingsLogic.actions.handleSaveUser();
+
+        expect(http.post).toHaveBeenCalledWith(
+          '/api/workplace_search/org/single_user_role_mapping',
+          {
+            body: JSON.stringify({
+              roleMapping: {
+                groups: [defaultGroup.id],
+                roleType: 'admin',
+                allGroups: false,
+              },
+              elasticsearchUser: {
+                username: elasticsearchUsers[0].username,
+                email: elasticsearchUsers[0].email,
+              },
+            }),
+          }
+        );
+        await nextTick();
+
+        expect(initializeRoleMappingsSpy).toHaveBeenCalled();
+        expect(setUserCreatedSpy).toHaveBeenCalled();
+        expect(setSingleUserRoleMappingSpy).toHaveBeenCalled();
+      });
+
+      it('calls API and refreshes list when existing mapping', async () => {
+        const initializeRoleMappingsSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'initializeRoleMappings'
+        );
+        RoleMappingsLogic.actions.setSingleUserRoleMapping(wsSingleUserRoleMapping);
+        RoleMappingsLogic.actions.handleAllGroupsSelectionChange(true);
+
+        http.put.mockReturnValue(Promise.resolve(mappingsServerProps));
+        RoleMappingsLogic.actions.handleSaveUser();
+
+        expect(http.post).toHaveBeenCalledWith(
+          '/api/workplace_search/org/single_user_role_mapping',
+          {
+            body: JSON.stringify({
+              roleMapping: {
+                groups: [],
+                roleType: 'admin',
+                allGroups: true,
+                id: wsSingleUserRoleMapping.roleMapping.id,
+              },
+              elasticsearchUser: {
+                username: '',
+                email: '',
+              },
+            }),
+          }
+        );
+        await nextTick();
+
+        expect(initializeRoleMappingsSpy).toHaveBeenCalled();
+      });
+
+      it('handles error', async () => {
+        const setRoleMappingErrorsSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setRoleMappingErrors'
+        );
+
+        http.post.mockReturnValue(
+          Promise.reject({
+            body: {
+              attributes: {
+                errors: ['this is an error'],
+              },
+            },
+          })
+        );
+        RoleMappingsLogic.actions.handleSaveUser();
+        await nextTick();
+
+        expect(setRoleMappingErrorsSpy).toHaveBeenCalledWith(['this is an error']);
+      });
+    });
+
     describe('handleDeleteMapping', () => {
       const roleMappingId = 'r1';
 
@@ -410,5 +627,52 @@ describe('RoleMappingsLogic', () => {
         expect(flashAPIErrors).toHaveBeenCalledWith('this is an error');
       });
     });
+
+    describe('handleUsernameSelectChange', () => {
+      it('sets elasticsearchUser when match found', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+        const setElasticsearchUserSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setElasticsearchUser'
+        );
+        RoleMappingsLogic.actions.handleUsernameSelectChange(elasticsearchUsers[0].username);
+
+        expect(setElasticsearchUserSpy).toHaveBeenCalledWith(elasticsearchUsers[0]);
+      });
+
+      it('does not set elasticsearchUser when no match found', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+        const setElasticsearchUserSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setElasticsearchUser'
+        );
+        RoleMappingsLogic.actions.handleUsernameSelectChange('bogus');
+
+        expect(setElasticsearchUserSpy).not.toHaveBeenCalled();
+      });
+    });
+
+    describe('setUserExistingRadioValue', () => {
+      it('handles existing user', () => {
+        RoleMappingsLogic.actions.setRoleMappingsData(mappingsServerProps);
+        const setElasticsearchUserSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setElasticsearchUser'
+        );
+        RoleMappingsLogic.actions.setUserExistingRadioValue(true);
+
+        expect(setElasticsearchUserSpy).toHaveBeenCalledWith(elasticsearchUsers[0]);
+      });
+
+      it('handles new user', () => {
+        const setElasticsearchUserSpy = jest.spyOn(
+          RoleMappingsLogic.actions,
+          'setElasticsearchUser'
+        );
+        RoleMappingsLogic.actions.setUserExistingRadioValue(false);
+
+        expect(setElasticsearchUserSpy).toHaveBeenCalledWith(emptyUser);
+      });
+    });
   });
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings_logic.ts b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings_logic.ts
index 76b41b2f383eb..7f26c8738786c 100644
--- a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings_logic.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/role_mappings_logic.ts
@@ -16,7 +16,7 @@ import {
 } from '../../../shared/flash_messages';
 import { HttpLogic } from '../../../shared/http';
 import { ANY_AUTH_PROVIDER } from '../../../shared/role_mapping/constants';
-import { AttributeName } from '../../../shared/types';
+import { AttributeName, SingleUserRoleMapping, ElasticsearchUser } from '../../../shared/types';
 import { RoleGroup, WSRoleMapping, Role } from '../../types';
 
 import {
@@ -26,19 +26,24 @@ import {
   DEFAULT_GROUP_NAME,
 } from './constants';
 
+type UserMapping = SingleUserRoleMapping<WSRoleMapping>;
+
 interface RoleMappingsServerDetails {
   roleMappings: WSRoleMapping[];
   attributes: string[];
   authProviders: string[];
   availableGroups: RoleGroup[];
+  elasticsearchUsers: ElasticsearchUser[];
   elasticsearchRoles: string[];
   multipleAuthProvidersConfig: boolean;
+  singleUserRoleMappings: UserMapping[];
 }
 
 const getFirstAttributeName = (roleMapping: WSRoleMapping): AttributeName =>
   Object.entries(roleMapping.rules)[0][0] as AttributeName;
 const getFirstAttributeValue = (roleMapping: WSRoleMapping): string =>
   Object.entries(roleMapping.rules)[0][1] as string;
+const emptyUser = { username: '', email: '' } as ElasticsearchUser;
 
 interface RoleMappingsActions {
   handleAllGroupsSelectionChange(selected: boolean): { selected: boolean };
@@ -51,21 +56,35 @@ interface RoleMappingsActions {
   handleDeleteMapping(roleMappingId: string): { roleMappingId: string };
   handleGroupSelectionChange(groupIds: string[]): { groupIds: string[] };
   handleRoleChange(roleType: Role): { roleType: Role };
+  handleUsernameSelectChange(username: string): { username: string };
   handleSaveMapping(): void;
+  handleSaveUser(): void;
   initializeRoleMapping(roleMappingId?: string): { roleMappingId?: string };
+  initializeSingleUserRoleMapping(roleMappingId?: string): { roleMappingId?: string };
   initializeRoleMappings(): void;
   resetState(): void;
   setRoleMapping(roleMapping: WSRoleMapping): { roleMapping: WSRoleMapping };
+  setSingleUserRoleMapping(data?: UserMapping): { singleUserRoleMapping: UserMapping };
   setRoleMappings({
     roleMappings,
   }: {
     roleMappings: WSRoleMapping[];
   }): { roleMappings: WSRoleMapping[] };
   setRoleMappingsData(data: RoleMappingsServerDetails): RoleMappingsServerDetails;
+  setElasticsearchUser(
+    elasticsearchUser?: ElasticsearchUser
+  ): { elasticsearchUser: ElasticsearchUser };
+  setDefaultGroup(availableGroups: RoleGroup[]): { availableGroups: RoleGroup[] };
   openRoleMappingFlyout(): void;
-  closeRoleMappingFlyout(): void;
+  openSingleUserRoleMappingFlyout(): void;
+  closeUsersAndRolesFlyout(): void;
   setRoleMappingErrors(errors: string[]): { errors: string[] };
   enableRoleBasedAccess(): void;
+  setUserExistingRadioValue(userFormUserIsExisting: boolean): { userFormUserIsExisting: boolean };
+  setElasticsearchUsernameValue(username: string): { username: string };
+  setElasticsearchEmailValue(email: string): { email: string };
+  setUserCreated(): void;
+  setUserFormIsNewUser(userFormIsNewUser: boolean): { userFormIsNewUser: boolean };
 }
 
 interface RoleMappingsValues {
@@ -77,26 +96,37 @@ interface RoleMappingsValues {
   availableGroups: RoleGroup[];
   dataLoading: boolean;
   elasticsearchRoles: string[];
+  elasticsearchUsers: ElasticsearchUser[];
+  elasticsearchUser: ElasticsearchUser;
   multipleAuthProvidersConfig: boolean;
   roleMapping: WSRoleMapping | null;
   roleMappings: WSRoleMapping[];
+  singleUserRoleMapping: UserMapping | null;
+  singleUserRoleMappings: UserMapping[];
   roleType: Role;
   selectedAuthProviders: string[];
   selectedGroups: Set<string>;
   roleMappingFlyoutOpen: boolean;
+  singleUserRoleMappingFlyoutOpen: boolean;
   selectedOptions: EuiComboBoxOptionOption[];
   roleMappingErrors: string[];
+  userFormUserIsExisting: boolean;
+  userCreated: boolean;
+  userFormIsNewUser: boolean;
 }
 
 export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappingsActions>>({
-  path: ['enterprise_search', 'workplace_search', 'role_mappings'],
+  path: ['enterprise_search', 'workplace_search', 'users_and_roles'],
   actions: {
     setRoleMappingsData: (data: RoleMappingsServerDetails) => data,
     setRoleMapping: (roleMapping: WSRoleMapping) => ({ roleMapping }),
+    setElasticsearchUser: (elasticsearchUser: ElasticsearchUser) => ({ elasticsearchUser }),
+    setSingleUserRoleMapping: (singleUserRoleMapping: UserMapping) => ({ singleUserRoleMapping }),
     setRoleMappings: ({ roleMappings }: { roleMappings: WSRoleMapping[] }) => ({ roleMappings }),
     setRoleMappingErrors: (errors: string[]) => ({ errors }),
     handleAuthProviderChange: (value: string[]) => ({ value }),
     handleRoleChange: (roleType: Role) => ({ roleType }),
+    handleUsernameSelectChange: (username: string) => ({ username }),
     handleGroupSelectionChange: (groupIds: string[]) => ({ groupIds }),
     handleAttributeSelectorChange: (value: string, firstElasticsearchRole: string) => ({
       value,
@@ -105,13 +135,22 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
     handleAttributeValueChange: (value: string) => ({ value }),
     handleAllGroupsSelectionChange: (selected: boolean) => ({ selected }),
     enableRoleBasedAccess: true,
+    openSingleUserRoleMappingFlyout: true,
+    setUserExistingRadioValue: (userFormUserIsExisting: boolean) => ({ userFormUserIsExisting }),
     resetState: true,
     initializeRoleMappings: true,
+    initializeSingleUserRoleMapping: (roleMappingId?: string) => ({ roleMappingId }),
     initializeRoleMapping: (roleMappingId?: string) => ({ roleMappingId }),
     handleDeleteMapping: (roleMappingId: string) => ({ roleMappingId }),
     handleSaveMapping: true,
+    handleSaveUser: true,
+    setDefaultGroup: (availableGroups: RoleGroup[]) => ({ availableGroups }),
     openRoleMappingFlyout: true,
-    closeRoleMappingFlyout: false,
+    closeUsersAndRolesFlyout: false,
+    setElasticsearchUsernameValue: (username: string) => ({ username }),
+    setElasticsearchEmailValue: (email: string) => ({ email }),
+    setUserCreated: true,
+    setUserFormIsNewUser: (userFormIsNewUser: boolean) => ({ userFormIsNewUser }),
   },
   reducers: {
     dataLoading: [
@@ -131,6 +170,13 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
         resetState: () => [],
       },
     ],
+    singleUserRoleMappings: [
+      [],
+      {
+        setRoleMappingsData: (_, { singleUserRoleMappings }) => singleUserRoleMappings,
+        resetState: () => [],
+      },
+    ],
     multipleAuthProvidersConfig: [
       false,
       {
@@ -154,6 +200,13 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
       [],
       {
         setRoleMappingsData: (_, { elasticsearchRoles }) => elasticsearchRoles,
+        closeUsersAndRolesFlyout: () => [ANY_AUTH_PROVIDER],
+      },
+    ],
+    elasticsearchUsers: [
+      [],
+      {
+        setRoleMappingsData: (_, { elasticsearchUsers }) => elasticsearchUsers,
       },
     ],
     roleMapping: [
@@ -161,7 +214,14 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
       {
         setRoleMapping: (_, { roleMapping }) => roleMapping,
         resetState: () => null,
-        closeRoleMappingFlyout: () => null,
+        closeUsersAndRolesFlyout: () => null,
+      },
+    ],
+    singleUserRoleMapping: [
+      null,
+      {
+        setSingleUserRoleMapping: (_, { singleUserRoleMapping }) => singleUserRoleMapping || null,
+        closeUsersAndRolesFlyout: () => null,
       },
     ],
     roleType: [
@@ -176,6 +236,7 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
       {
         setRoleMapping: (_, { roleMapping }) => roleMapping.allGroups,
         handleAllGroupsSelectionChange: (_, { selected }) => selected,
+        closeUsersAndRolesFlyout: () => false,
       },
     ],
     attributeValue: [
@@ -186,7 +247,7 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
           value === 'role' ? firstElasticsearchRole : '',
         handleAttributeValueChange: (_, { value }) => value,
         resetState: () => '',
-        closeRoleMappingFlyout: () => '',
+        closeUsersAndRolesFlyout: () => '',
       },
     ],
     attributeName: [
@@ -195,7 +256,7 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
         setRoleMapping: (_, { roleMapping }) => getFirstAttributeName(roleMapping),
         handleAttributeSelectorChange: (_, { value }) => value,
         resetState: () => 'username',
-        closeRoleMappingFlyout: () => 'username',
+        closeUsersAndRolesFlyout: () => 'username',
       },
     ],
     selectedGroups: [
@@ -207,6 +268,12 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
               .filter((group) => group.name === DEFAULT_GROUP_NAME)
               .map((group) => group.id)
           ),
+        setDefaultGroup: (_, { availableGroups }) =>
+          new Set(
+            availableGroups
+              .filter((group) => group.name === DEFAULT_GROUP_NAME)
+              .map((group) => group.id)
+          ),
         setRoleMapping: (_, { roleMapping }) =>
           new Set(roleMapping.groups.map((group: RoleGroup) => group.id)),
         handleGroupSelectionChange: (_, { groupIds }) => {
@@ -215,6 +282,7 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
 
           return newSelectedGroupNames;
         },
+        closeUsersAndRolesFlyout: () => new Set(),
       },
     ],
     availableAuthProviders: [
@@ -244,17 +312,61 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
       false,
       {
         openRoleMappingFlyout: () => true,
-        closeRoleMappingFlyout: () => false,
+        closeUsersAndRolesFlyout: () => false,
         initializeRoleMappings: () => false,
         initializeRoleMapping: () => true,
       },
     ],
+    singleUserRoleMappingFlyoutOpen: [
+      false,
+      {
+        openSingleUserRoleMappingFlyout: () => true,
+        closeUsersAndRolesFlyout: () => false,
+        initializeSingleUserRoleMapping: () => true,
+      },
+    ],
     roleMappingErrors: [
       [],
       {
         setRoleMappingErrors: (_, { errors }) => errors,
         handleSaveMapping: () => [],
-        closeRoleMappingFlyout: () => [],
+        closeUsersAndRolesFlyout: () => [],
+      },
+    ],
+    userFormUserIsExisting: [
+      true,
+      {
+        setUserExistingRadioValue: (_, { userFormUserIsExisting }) => userFormUserIsExisting,
+        closeUsersAndRolesFlyout: () => true,
+      },
+    ],
+    elasticsearchUser: [
+      emptyUser,
+      {
+        setRoleMappingsData: (_, { elasticsearchUsers }) => elasticsearchUsers[0] || emptyUser,
+        setElasticsearchUser: (_, { elasticsearchUser }) => elasticsearchUser || emptyUser,
+        setElasticsearchUsernameValue: (state, { username }) => ({
+          ...state,
+          username,
+        }),
+        setElasticsearchEmailValue: (state, { email }) => ({
+          ...state,
+          email,
+        }),
+        closeUsersAndRolesFlyout: () => emptyUser,
+      },
+    ],
+    userCreated: [
+      false,
+      {
+        setUserCreated: () => true,
+        closeUsersAndRolesFlyout: () => false,
+      },
+    ],
+    userFormIsNewUser: [
+      true,
+      {
+        setUserFormIsNewUser: (_, { userFormIsNewUser }) => userFormIsNewUser,
       },
     ],
   },
@@ -296,6 +408,18 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
       const roleMapping = values.roleMappings.find(({ id }) => id === roleMappingId);
       if (roleMapping) actions.setRoleMapping(roleMapping);
     },
+    initializeSingleUserRoleMapping: ({ roleMappingId }) => {
+      const singleUserRoleMapping = values.singleUserRoleMappings.find(
+        ({ roleMapping }) => roleMapping.id === roleMappingId
+      );
+
+      if (singleUserRoleMapping) {
+        actions.setElasticsearchUser(singleUserRoleMapping.elasticsearchUser);
+        actions.setRoleMapping(singleUserRoleMapping.roleMapping);
+      }
+      actions.setSingleUserRoleMapping(singleUserRoleMapping);
+      actions.setUserFormIsNewUser(!singleUserRoleMapping);
+    },
     handleDeleteMapping: async ({ roleMappingId }) => {
       const { http } = HttpLogic.values;
       const route = `/api/workplace_search/org/role_mappings/${roleMappingId}`;
@@ -349,11 +473,59 @@ export const RoleMappingsLogic = kea<MakeLogicType<RoleMappingsValues, RoleMappi
     resetState: () => {
       clearFlashMessages();
     },
-    closeRoleMappingFlyout: () => {
+    handleSaveUser: async () => {
+      const { http } = HttpLogic.values;
+      const {
+        roleType,
+        singleUserRoleMapping,
+        includeInAllGroups,
+        selectedGroups,
+        elasticsearchUser: { email, username },
+      } = values;
+
+      const body = JSON.stringify({
+        roleMapping: {
+          groups: includeInAllGroups ? [] : Array.from(selectedGroups),
+          roleType,
+          allGroups: includeInAllGroups,
+          id: singleUserRoleMapping?.roleMapping?.id,
+        },
+        elasticsearchUser: {
+          username,
+          email,
+        },
+      });
+
+      try {
+        const response = await http.post('/api/workplace_search/org/single_user_role_mapping', {
+          body,
+        });
+        actions.setSingleUserRoleMapping(response);
+        actions.setUserCreated();
+        actions.initializeRoleMappings();
+      } catch (e) {
+        actions.setRoleMappingErrors(e?.body?.attributes?.errors);
+      }
+    },
+    closeUsersAndRolesFlyout: () => {
       clearFlashMessages();
+      const firstUser = values.elasticsearchUsers[0];
+      actions.setElasticsearchUser(firstUser);
+      actions.setDefaultGroup(values.availableGroups);
     },
     openRoleMappingFlyout: () => {
       clearFlashMessages();
     },
+    openSingleUserRoleMappingFlyout: () => {
+      clearFlashMessages();
+    },
+    setUserExistingRadioValue: ({ userFormUserIsExisting }) => {
+      const firstUser = values.elasticsearchUsers[0];
+      actions.setElasticsearchUser(userFormUserIsExisting ? firstUser : emptyUser);
+    },
+    handleUsernameSelectChange: ({ username }) => {
+      const user = values.elasticsearchUsers.find((u) => u.username === username);
+      if (user) actions.setElasticsearchUser(user);
+    },
   }),
 });
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/user.test.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/user.test.tsx
new file mode 100644
index 0000000000000..32ee1a7f22875
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/user.test.tsx
@@ -0,0 +1,123 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import '../../../__mocks__/react_router';
+import '../../../__mocks__/shallow_useeffect.mock';
+import { setMockActions, setMockValues } from '../../../__mocks__/kea_logic';
+import { groups } from '../../__mocks__/groups.mock';
+
+import React from 'react';
+
+import { shallow } from 'enzyme';
+
+import { UserFlyout, UserAddedInfo, UserInvitationCallout } from '../../../shared/role_mapping';
+import { elasticsearchUsers } from '../../../shared/role_mapping/__mocks__/elasticsearch_users';
+import { wsSingleUserRoleMapping } from '../../../shared/role_mapping/__mocks__/roles';
+
+import { GroupAssignmentSelector } from './group_assignment_selector';
+import { User } from './user';
+
+describe('User', () => {
+  const handleSaveUser = jest.fn();
+  const closeUsersAndRolesFlyout = jest.fn();
+  const setUserExistingRadioValue = jest.fn();
+  const setElasticsearchUsernameValue = jest.fn();
+  const setElasticsearchEmailValue = jest.fn();
+  const handleRoleChange = jest.fn();
+  const handleUsernameSelectChange = jest.fn();
+
+  const mockValues = {
+    availableGroups: [],
+    singleUserRoleMapping: null,
+    userFormUserIsExisting: false,
+    elasticsearchUsers: [],
+    elasticsearchUser: {},
+    roleType: 'admin',
+    roleMappingErrors: [],
+    userCreated: false,
+    userFormIsNewUser: false,
+  };
+
+  beforeEach(() => {
+    setMockActions({
+      handleSaveUser,
+      closeUsersAndRolesFlyout,
+      setUserExistingRadioValue,
+      setElasticsearchUsernameValue,
+      setElasticsearchEmailValue,
+      handleRoleChange,
+      handleUsernameSelectChange,
+    });
+
+    setMockValues(mockValues);
+  });
+
+  it('renders', () => {
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(UserFlyout)).toHaveLength(1);
+  });
+
+  it('renders group assignment selector when groups present', () => {
+    setMockValues({ ...mockValues, availableGroups: groups });
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(GroupAssignmentSelector)).toHaveLength(1);
+  });
+
+  it('renders userInvitationCallout', () => {
+    setMockValues({
+      ...mockValues,
+      singleUserRoleMapping: wsSingleUserRoleMapping,
+    });
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(UserInvitationCallout)).toHaveLength(1);
+  });
+
+  it('renders user added info when user created', () => {
+    setMockValues({
+      ...mockValues,
+      singleUserRoleMapping: wsSingleUserRoleMapping,
+      userCreated: true,
+    });
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(UserAddedInfo)).toHaveLength(1);
+  });
+
+  it('disables form when username value not present', () => {
+    setMockValues({
+      ...mockValues,
+      singleUserRoleMapping: wsSingleUserRoleMapping,
+      elasticsearchUsers,
+      elasticsearchUser: {
+        username: null,
+        email: 'email@user.com',
+      },
+    });
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(UserFlyout).prop('disabled')).toEqual(true);
+  });
+
+  it('enables form when userFormUserIsExisting', () => {
+    setMockValues({
+      ...mockValues,
+      userFormUserIsExisting: true.valueOf,
+      singleUserRoleMapping: wsSingleUserRoleMapping,
+      elasticsearchUsers,
+      elasticsearchUser: {
+        username: null,
+        email: 'email@user.com',
+      },
+    });
+    const wrapper = shallow(<User />);
+
+    expect(wrapper.find(UserFlyout).prop('disabled')).toEqual(false);
+  });
+});
diff --git a/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/user.tsx b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/user.tsx
new file mode 100644
index 0000000000000..bfb32ee31c121
--- /dev/null
+++ b/x-pack/plugins/enterprise_search/public/applications/workplace_search/views/role_mappings/user.tsx
@@ -0,0 +1,103 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+
+import { useActions, useValues } from 'kea';
+
+import { EuiForm } from '@elastic/eui';
+
+import { getWorkplaceSearchUrl } from '../../../shared/enterprise_search_url';
+import {
+  UserFlyout,
+  UserSelector,
+  UserAddedInfo,
+  UserInvitationCallout,
+} from '../../../shared/role_mapping';
+import { Role } from '../../types';
+
+import { GroupAssignmentSelector } from './group_assignment_selector';
+import { RoleMappingsLogic } from './role_mappings_logic';
+
+const roleTypes = (['admin', 'user'] as unknown) as Role[];
+
+export const User: React.FC = () => {
+  const {
+    handleSaveUser,
+    closeUsersAndRolesFlyout,
+    setUserExistingRadioValue,
+    setElasticsearchUsernameValue,
+    setElasticsearchEmailValue,
+    handleRoleChange,
+    handleUsernameSelectChange,
+  } = useActions(RoleMappingsLogic);
+
+  const {
+    availableGroups,
+    singleUserRoleMapping,
+    userFormUserIsExisting,
+    elasticsearchUsers,
+    elasticsearchUser,
+    roleType,
+    roleMappingErrors,
+    userCreated,
+    userFormIsNewUser,
+  } = useValues(RoleMappingsLogic);
+
+  const showGroupAssignmentSelector = availableGroups.length > 0;
+  const hasAvailableUsers = elasticsearchUsers.length > 0;
+  const flyoutDisabled =
+    (!userFormUserIsExisting || !hasAvailableUsers) && !elasticsearchUser.username;
+
+  const userAddedInfo = singleUserRoleMapping && (
+    <UserAddedInfo
+      username={singleUserRoleMapping.elasticsearchUser.username}
+      email={singleUserRoleMapping.elasticsearchUser.email as string}
+      roleType={singleUserRoleMapping.roleMapping.roleType}
+    />
+  );
+
+  const userInvitationCallout = singleUserRoleMapping?.invitation && (
+    <UserInvitationCallout
+      isNew={userCreated}
+      invitationCode={singleUserRoleMapping!.invitation.code}
+      urlPrefix={getWorkplaceSearchUrl()}
+    />
+  );
+
+  const createUserForm = (
+    <EuiForm isInvalid={roleMappingErrors.length > 0} error={roleMappingErrors}>
+      <UserSelector
+        isNewUser={userFormIsNewUser}
+        elasticsearchUsers={elasticsearchUsers}
+        handleRoleChange={handleRoleChange}
+        elasticsearchUser={elasticsearchUser}
+        setUserExisting={setUserExistingRadioValue}
+        setElasticsearchEmailValue={setElasticsearchEmailValue}
+        setElasticsearchUsernameValue={setElasticsearchUsernameValue}
+        handleUsernameSelectChange={handleUsernameSelectChange}
+        userFormUserIsExisting={userFormUserIsExisting}
+        roleTypes={roleTypes}
+        roleType={roleType}
+      />
+      {showGroupAssignmentSelector && <GroupAssignmentSelector />}
+    </EuiForm>
+  );
+
+  return (
+    <UserFlyout
+      disabled={flyoutDisabled}
+      isComplete={userCreated}
+      isNew={userFormIsNewUser}
+      closeUserFlyout={closeUsersAndRolesFlyout}
+      handleSaveUser={handleSaveUser}
+    >
+      {userCreated ? userAddedInfo : createUserForm}
+      {userInvitationCallout}
+    </UserFlyout>
+  );
+};
diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/role_mappings.test.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/role_mappings.test.ts
index 7d9f08627516b..dfb9765f834b6 100644
--- a/x-pack/plugins/enterprise_search/server/routes/app_search/role_mappings.test.ts
+++ b/x-pack/plugins/enterprise_search/server/routes/app_search/role_mappings.test.ts
@@ -11,6 +11,7 @@ import {
   registerEnableRoleMappingsRoute,
   registerRoleMappingsRoute,
   registerRoleMappingRoute,
+  registerUserRoute,
 } from './role_mappings';
 
 const roleMappingBaseSchema = {
@@ -160,4 +161,52 @@ describe('role mappings routes', () => {
       });
     });
   });
+
+  describe('POST /api/app_search/single_user_role_mapping', () => {
+    let mockRouter: MockRouter;
+
+    beforeEach(() => {
+      jest.clearAllMocks();
+      mockRouter = new MockRouter({
+        method: 'post',
+        path: '/api/app_search/single_user_role_mapping',
+      });
+
+      registerUserRoute({
+        ...mockDependencies,
+        router: mockRouter.router,
+      });
+    });
+
+    describe('validates', () => {
+      it('correctly', () => {
+        const request = {
+          body: {
+            roleMapping: {
+              engines: ['foo', 'bar'],
+              roleType: 'admin',
+              accessAllEngines: true,
+              id: '123asf',
+            },
+            elasticsearchUser: {
+              username: 'user2@elastic.co',
+              email: 'user2',
+            },
+          },
+        };
+        mockRouter.shouldValidate(request);
+      });
+
+      it('missing required fields', () => {
+        const request = { body: {} };
+        mockRouter.shouldThrow(request);
+      });
+    });
+
+    it('creates a request handler', () => {
+      expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({
+        path: '/as/role_mappings/upsert_single_user_role_mapping',
+      });
+    });
+  });
 });
diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/role_mappings.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/role_mappings.ts
index da620be2ea950..d90a005cb2532 100644
--- a/x-pack/plugins/enterprise_search/server/routes/app_search/role_mappings.ts
+++ b/x-pack/plugins/enterprise_search/server/routes/app_search/role_mappings.ts
@@ -93,8 +93,34 @@ export function registerRoleMappingRoute({
   );
 }
 
+export function registerUserRoute({ router, enterpriseSearchRequestHandler }: RouteDependencies) {
+  router.post(
+    {
+      path: '/api/app_search/single_user_role_mapping',
+      validate: {
+        body: schema.object({
+          roleMapping: schema.object({
+            engines: schema.arrayOf(schema.string()),
+            roleType: schema.string(),
+            accessAllEngines: schema.boolean(),
+            id: schema.maybe(schema.string()),
+          }),
+          elasticsearchUser: schema.object({
+            username: schema.string(),
+            email: schema.string(),
+          }),
+        }),
+      },
+    },
+    enterpriseSearchRequestHandler.createRequest({
+      path: '/as/role_mappings/upsert_single_user_role_mapping',
+    })
+  );
+}
+
 export const registerRoleMappingsRoutes = (dependencies: RouteDependencies) => {
   registerEnableRoleMappingsRoute(dependencies);
   registerRoleMappingsRoute(dependencies);
   registerRoleMappingRoute(dependencies);
+  registerUserRoute(dependencies);
 };
diff --git a/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.test.ts b/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.test.ts
index aa0e9983166c0..ef8f1bd63f5d3 100644
--- a/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.test.ts
+++ b/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.test.ts
@@ -11,6 +11,7 @@ import {
   registerOrgEnableRoleMappingsRoute,
   registerOrgRoleMappingsRoute,
   registerOrgRoleMappingRoute,
+  registerOrgUserRoute,
 } from './role_mappings';
 
 describe('role mappings routes', () => {
@@ -128,4 +129,52 @@ describe('role mappings routes', () => {
       });
     });
   });
+
+  describe('POST /api/workplace_search/org/single_user_role_mapping', () => {
+    let mockRouter: MockRouter;
+
+    beforeEach(() => {
+      jest.clearAllMocks();
+      mockRouter = new MockRouter({
+        method: 'post',
+        path: '/api/workplace_search/org/single_user_role_mapping',
+      });
+
+      registerOrgUserRoute({
+        ...mockDependencies,
+        router: mockRouter.router,
+      });
+    });
+
+    describe('validates', () => {
+      it('correctly', () => {
+        const request = {
+          body: {
+            roleMapping: {
+              groups: ['foo', 'bar'],
+              roleType: 'admin',
+              allGroups: true,
+              id: '123asf',
+            },
+            elasticsearchUser: {
+              username: 'user2@elastic.co',
+              email: 'user2',
+            },
+          },
+        };
+        mockRouter.shouldValidate(request);
+      });
+
+      it('missing required fields', () => {
+        const request = { body: {} };
+        mockRouter.shouldThrow(request);
+      });
+    });
+
+    it('creates a request handler', () => {
+      expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({
+        path: '/ws/org/role_mappings/upsert_single_user_role_mapping',
+      });
+    });
+  });
 });
diff --git a/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.ts b/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.ts
index cea7bcb311ce8..e6f4919ed2a2f 100644
--- a/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.ts
+++ b/x-pack/plugins/enterprise_search/server/routes/workplace_search/role_mappings.ts
@@ -93,8 +93,37 @@ export function registerOrgRoleMappingRoute({
   );
 }
 
+export function registerOrgUserRoute({
+  router,
+  enterpriseSearchRequestHandler,
+}: RouteDependencies) {
+  router.post(
+    {
+      path: '/api/workplace_search/org/single_user_role_mapping',
+      validate: {
+        body: schema.object({
+          roleMapping: schema.object({
+            groups: schema.arrayOf(schema.string()),
+            roleType: schema.string(),
+            allGroups: schema.boolean(),
+            id: schema.maybe(schema.string()),
+          }),
+          elasticsearchUser: schema.object({
+            username: schema.string(),
+            email: schema.string(),
+          }),
+        }),
+      },
+    },
+    enterpriseSearchRequestHandler.createRequest({
+      path: '/ws/org/role_mappings/upsert_single_user_role_mapping',
+    })
+  );
+}
+
 export const registerRoleMappingsRoutes = (dependencies: RouteDependencies) => {
   registerOrgEnableRoleMappingsRoute(dependencies);
   registerOrgRoleMappingsRoute(dependencies);
   registerOrgRoleMappingRoute(dependencies);
+  registerOrgUserRoute(dependencies);
 };

From 9b56549c6c26a1f86c44e709b12c4e295aaebda3 Mon Sep 17 00:00:00 2001
From: Jonathan Buttner <56361221+jonathan-buttner@users.noreply.github.com>
Date: Thu, 24 Jun 2021 09:05:26 -0400
Subject: [PATCH 04/13] [Cases] Including owner when patching a comment Closes
 #102732 (#103020)

* Including owner when patching a comment

* Fixing tests
---
 .../cases/public/containers/api.test.tsx      | 31 +++++----
 x-pack/plugins/cases/public/containers/api.ts | 26 ++++---
 .../containers/use_update_comment.test.tsx    | 67 +++++++++----------
 .../public/containers/use_update_comment.tsx  | 13 ++--
 4 files changed, 77 insertions(+), 60 deletions(-)

diff --git a/x-pack/plugins/cases/public/containers/api.test.tsx b/x-pack/plugins/cases/public/containers/api.test.tsx
index abdee387a2c42..30a76e28e7485 100644
--- a/x-pack/plugins/cases/public/containers/api.test.tsx
+++ b/x-pack/plugins/cases/public/containers/api.test.tsx
@@ -363,13 +363,14 @@ describe('Case Configuration API', () => {
     });
 
     test('check url, method, signal', async () => {
-      await patchComment(
-        basicCase.id,
-        basicCase.comments[0].id,
-        'updated comment',
-        basicCase.comments[0].version,
-        abortCtrl.signal
-      );
+      await patchComment({
+        caseId: basicCase.id,
+        commentId: basicCase.comments[0].id,
+        commentUpdate: 'updated comment',
+        version: basicCase.comments[0].version,
+        signal: abortCtrl.signal,
+        owner: SECURITY_SOLUTION_OWNER,
+      });
       expect(fetchMock).toHaveBeenCalledWith(`${CASES_URL}/${basicCase.id}/comments`, {
         method: 'PATCH',
         body: JSON.stringify({
@@ -377,19 +378,21 @@ describe('Case Configuration API', () => {
           type: CommentType.user,
           id: basicCase.comments[0].id,
           version: basicCase.comments[0].version,
+          owner: SECURITY_SOLUTION_OWNER,
         }),
         signal: abortCtrl.signal,
       });
     });
 
     test('happy path', async () => {
-      const resp = await patchComment(
-        basicCase.id,
-        basicCase.comments[0].id,
-        'updated comment',
-        basicCase.comments[0].version,
-        abortCtrl.signal
-      );
+      const resp = await patchComment({
+        caseId: basicCase.id,
+        commentId: basicCase.comments[0].id,
+        commentUpdate: 'updated comment',
+        version: basicCase.comments[0].version,
+        signal: abortCtrl.signal,
+        owner: SECURITY_SOLUTION_OWNER,
+      });
       expect(resp).toEqual(basicCase);
     });
   });
diff --git a/x-pack/plugins/cases/public/containers/api.ts b/x-pack/plugins/cases/public/containers/api.ts
index 1a2a92850a4ad..b144a874cfc53 100644
--- a/x-pack/plugins/cases/public/containers/api.ts
+++ b/x-pack/plugins/cases/public/containers/api.ts
@@ -283,14 +283,23 @@ export const postComment = async (
   return convertToCamelCase<CaseResponse, Case>(decodeCaseResponse(response));
 };
 
-export const patchComment = async (
-  caseId: string,
-  commentId: string,
-  commentUpdate: string,
-  version: string,
-  signal: AbortSignal,
-  subCaseId?: string
-): Promise<Case> => {
+export const patchComment = async ({
+  caseId,
+  commentId,
+  commentUpdate,
+  version,
+  signal,
+  owner,
+  subCaseId,
+}: {
+  caseId: string;
+  commentId: string;
+  commentUpdate: string;
+  version: string;
+  signal: AbortSignal;
+  owner: string;
+  subCaseId?: string;
+}): Promise<Case> => {
   const response = await KibanaServices.get().http.fetch<CaseResponse>(getCaseCommentsUrl(caseId), {
     method: 'PATCH',
     body: JSON.stringify({
@@ -298,6 +307,7 @@ export const patchComment = async (
       type: CommentType.user,
       id: commentId,
       version,
+      owner,
     }),
     ...(subCaseId ? { query: { subCaseId } } : {}),
     signal,
diff --git a/x-pack/plugins/cases/public/containers/use_update_comment.test.tsx b/x-pack/plugins/cases/public/containers/use_update_comment.test.tsx
index b936eb126f0d4..14cc4dfab3599 100644
--- a/x-pack/plugins/cases/public/containers/use_update_comment.test.tsx
+++ b/x-pack/plugins/cases/public/containers/use_update_comment.test.tsx
@@ -5,10 +5,13 @@
  * 2.0.
  */
 
+import React from 'react';
 import { renderHook, act } from '@testing-library/react-hooks';
 import { useUpdateComment, UseUpdateComment } from './use_update_comment';
 import { basicCase, basicCaseCommentPatch, basicSubCaseId } from './mock';
 import * as api from './api';
+import { TestProviders } from '../common/mock';
+import { SECURITY_SOLUTION_OWNER } from '../../common';
 
 jest.mock('./api');
 jest.mock('../common/lib/kibana');
@@ -25,6 +28,12 @@ describe('useUpdateComment', () => {
     updateCase,
     version: basicCase.comments[0].version,
   };
+
+  const renderHookUseUpdateComment = () =>
+    renderHook<string, UseUpdateComment>(() => useUpdateComment(), {
+      wrapper: ({ children }) => <TestProviders>{children}</TestProviders>,
+    });
+
   beforeEach(() => {
     jest.clearAllMocks();
     jest.restoreAllMocks();
@@ -32,9 +41,7 @@ describe('useUpdateComment', () => {
 
   it('init', async () => {
     await act(async () => {
-      const { result, waitForNextUpdate } = renderHook<string, UseUpdateComment>(() =>
-        useUpdateComment()
-      );
+      const { result, waitForNextUpdate } = renderHookUseUpdateComment();
       await waitForNextUpdate();
       expect(result.current).toEqual({
         isLoadingIds: [],
@@ -48,21 +55,20 @@ describe('useUpdateComment', () => {
     const spyOnPatchComment = jest.spyOn(api, 'patchComment');
 
     await act(async () => {
-      const { result, waitForNextUpdate } = renderHook<string, UseUpdateComment>(() =>
-        useUpdateComment()
-      );
+      const { result, waitForNextUpdate } = renderHookUseUpdateComment();
       await waitForNextUpdate();
 
       result.current.patchComment(sampleUpdate);
       await waitForNextUpdate();
-      expect(spyOnPatchComment).toBeCalledWith(
-        basicCase.id,
-        basicCase.comments[0].id,
-        'updated comment',
-        basicCase.comments[0].version,
-        abortCtrl.signal,
-        undefined
-      );
+      expect(spyOnPatchComment).toBeCalledWith({
+        caseId: basicCase.id,
+        commentId: basicCase.comments[0].id,
+        commentUpdate: 'updated comment',
+        version: basicCase.comments[0].version,
+        signal: abortCtrl.signal,
+        owner: SECURITY_SOLUTION_OWNER,
+        subCaseId: undefined,
+      });
     });
   });
 
@@ -70,29 +76,26 @@ describe('useUpdateComment', () => {
     const spyOnPatchComment = jest.spyOn(api, 'patchComment');
 
     await act(async () => {
-      const { result, waitForNextUpdate } = renderHook<string, UseUpdateComment>(() =>
-        useUpdateComment()
-      );
+      const { result, waitForNextUpdate } = renderHookUseUpdateComment();
       await waitForNextUpdate();
 
       result.current.patchComment({ ...sampleUpdate, subCaseId: basicSubCaseId });
       await waitForNextUpdate();
-      expect(spyOnPatchComment).toBeCalledWith(
-        basicCase.id,
-        basicCase.comments[0].id,
-        'updated comment',
-        basicCase.comments[0].version,
-        abortCtrl.signal,
-        basicSubCaseId
-      );
+      expect(spyOnPatchComment).toBeCalledWith({
+        caseId: basicCase.id,
+        commentId: basicCase.comments[0].id,
+        commentUpdate: 'updated comment',
+        version: basicCase.comments[0].version,
+        signal: abortCtrl.signal,
+        owner: SECURITY_SOLUTION_OWNER,
+        subCaseId: basicSubCaseId,
+      });
     });
   });
 
   it('patch comment', async () => {
     await act(async () => {
-      const { result, waitForNextUpdate } = renderHook<string, UseUpdateComment>(() =>
-        useUpdateComment()
-      );
+      const { result, waitForNextUpdate } = renderHookUseUpdateComment();
       await waitForNextUpdate();
       result.current.patchComment(sampleUpdate);
       await waitForNextUpdate();
@@ -108,9 +111,7 @@ describe('useUpdateComment', () => {
 
   it('set isLoading to true when posting case', async () => {
     await act(async () => {
-      const { result, waitForNextUpdate } = renderHook<string, UseUpdateComment>(() =>
-        useUpdateComment()
-      );
+      const { result, waitForNextUpdate } = renderHookUseUpdateComment();
       await waitForNextUpdate();
       result.current.patchComment(sampleUpdate);
 
@@ -125,9 +126,7 @@ describe('useUpdateComment', () => {
     });
 
     await act(async () => {
-      const { result, waitForNextUpdate } = renderHook<string, UseUpdateComment>(() =>
-        useUpdateComment()
-      );
+      const { result, waitForNextUpdate } = renderHookUseUpdateComment();
       await waitForNextUpdate();
       result.current.patchComment(sampleUpdate);
 
diff --git a/x-pack/plugins/cases/public/containers/use_update_comment.tsx b/x-pack/plugins/cases/public/containers/use_update_comment.tsx
index 478d7ebf1fc32..3c307d86ac7bc 100644
--- a/x-pack/plugins/cases/public/containers/use_update_comment.tsx
+++ b/x-pack/plugins/cases/public/containers/use_update_comment.tsx
@@ -7,6 +7,7 @@
 
 import { useReducer, useCallback, useRef, useEffect } from 'react';
 import { useToasts } from '../common/lib/kibana';
+import { useOwnerContext } from '../components/owner_context/use_owner_context';
 import { patchComment } from './api';
 import * as i18n from './translations';
 import { Case } from './types';
@@ -72,6 +73,9 @@ export const useUpdateComment = (): UseUpdateComment => {
   const toasts = useToasts();
   const isCancelledRef = useRef(false);
   const abortCtrlRef = useRef(new AbortController());
+  // this hook guarantees that there will be at least one value in the owner array, we'll
+  // just use the first entry just in case there are more than one entry
+  const owner = useOwnerContext()[0];
 
   const dispatchUpdateComment = useCallback(
     async ({
@@ -89,14 +93,15 @@ export const useUpdateComment = (): UseUpdateComment => {
         abortCtrlRef.current = new AbortController();
         dispatch({ type: 'FETCH_INIT', payload: commentId });
 
-        const response = await patchComment(
+        const response = await patchComment({
           caseId,
           commentId,
           commentUpdate,
           version,
-          abortCtrlRef.current.signal,
-          subCaseId
-        );
+          signal: abortCtrlRef.current.signal,
+          subCaseId,
+          owner,
+        });
 
         if (!isCancelledRef.current) {
           updateCase(response);

From 1ef5a6aa05e9b4bd0fb96809b979877e7081f654 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20G=C3=B3mez?=
 <alejandro.fernandez@elastic.co>
Date: Thu, 24 Jun 2021 15:06:07 +0200
Subject: [PATCH 05/13] [Fleet][Logs UI] Prevent double loading of entries in
 `<LogStream />` component. (#102980)

* Use better loading indicator for `useLogSource`

* Use clearer name for the loading entries flag

* Reuse query object if its value persists
---
 .../public/components/log_stream/log_stream.tsx     |  6 +++---
 .../public/containers/logs/log_stream/index.ts      | 13 ++++++++++---
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx b/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx
index 0087d559a42e6..ff9b749911c84 100644
--- a/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx
+++ b/x-pack/plugins/infra/public/components/log_stream/log_stream.tsx
@@ -112,7 +112,7 @@ Read more at https://github.com/elastic/kibana/blob/master/src/plugins/kibana_re
 
   const {
     derivedIndexPattern,
-    isLoadingSourceConfiguration,
+    isLoading: isLoadingSource,
     loadSource,
     sourceConfiguration,
   } = useLogSource({
@@ -138,7 +138,7 @@ Read more at https://github.com/elastic/kibana/blob/master/src/plugins/kibana_re
     hasMoreAfter,
     hasMoreBefore,
     isLoadingMore,
-    isReloading,
+    isReloading: isLoadingEntries,
   } = useLogStream({
     sourceId,
     startTimestamp,
@@ -198,7 +198,7 @@ Read more at https://github.com/elastic/kibana/blob/master/src/plugins/kibana_re
       items={streamItems}
       scale="medium"
       wrap={true}
-      isReloading={isLoadingSourceConfiguration || isReloading}
+      isReloading={isLoadingSource || isLoadingEntries}
       isLoadingMore={isLoadingMore}
       hasMoreBeforeStart={hasMoreBefore}
       hasMoreAfterEnd={hasMoreAfter}
diff --git a/x-pack/plugins/infra/public/containers/logs/log_stream/index.ts b/x-pack/plugins/infra/public/containers/logs/log_stream/index.ts
index 021aa8f79fe59..4cdeb678c432b 100644
--- a/x-pack/plugins/infra/public/containers/logs/log_stream/index.ts
+++ b/x-pack/plugins/infra/public/containers/logs/log_stream/index.ts
@@ -5,8 +5,9 @@
  * 2.0.
  */
 
+import { isEqual } from 'lodash';
 import createContainer from 'constate';
-import { useCallback, useEffect, useMemo, useState } from 'react';
+import { useCallback, useEffect, useMemo, useState, useRef } from 'react';
 import usePrevious from 'react-use/lib/usePrevious';
 import useSetState from 'react-use/lib/useSetState';
 import { esQuery } from '../../../../../../../src/plugins/data/public';
@@ -65,6 +66,12 @@ export function useLogStream({
   const prevStartTimestamp = usePrevious(startTimestamp);
   const prevEndTimestamp = usePrevious(endTimestamp);
 
+  const cachedQuery = useRef(query);
+
+  if (!isEqual(query, cachedQuery)) {
+    cachedQuery.current = query;
+  }
+
   useEffect(() => {
     if (prevStartTimestamp && prevStartTimestamp > startTimestamp) {
       setState({ hasMoreBefore: true });
@@ -82,10 +89,10 @@ export function useLogStream({
       sourceId,
       startTimestamp,
       endTimestamp,
-      query,
+      query: cachedQuery.current,
       columnOverrides: columns,
     }),
-    [columns, endTimestamp, query, sourceId, startTimestamp]
+    [columns, endTimestamp, cachedQuery, sourceId, startTimestamp]
   );
 
   const {

From 0a2042eed55100f46766faefd03aeab2dc3607c3 Mon Sep 17 00:00:00 2001
From: Tim Roes <tim.roes@elastic.co>
Date: Thu, 24 Jun 2021 15:14:48 +0200
Subject: [PATCH 06/13] Prevent showing filter on unfilterable fields (#103241)

---
 .../discover_grid/discover_grid_cell_actions.test.tsx    | 9 ++++++++-
 .../discover_grid/discover_grid_cell_actions.tsx         | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/plugins/discover/public/application/components/discover_grid/discover_grid_cell_actions.test.tsx b/src/plugins/discover/public/application/components/discover_grid/discover_grid_cell_actions.test.tsx
index 965d3cb6a30c4..de3c55ad7a869 100644
--- a/src/plugins/discover/public/application/components/discover_grid/discover_grid_cell_actions.test.tsx
+++ b/src/plugins/discover/public/application/components/discover_grid/discover_grid_cell_actions.test.tsx
@@ -9,14 +9,21 @@
 import React from 'react';
 import { mountWithIntl } from '@kbn/test/jest';
 import { findTestSubject } from '@elastic/eui/lib/test';
-import { FilterInBtn, FilterOutBtn } from './discover_grid_cell_actions';
+import { FilterInBtn, FilterOutBtn, buildCellActions } from './discover_grid_cell_actions';
 import { DiscoverGridContext } from './discover_grid_context';
 
 import { indexPatternMock } from '../../../__mocks__/index_pattern';
 import { esHits } from '../../../__mocks__/es_hits';
 import { EuiButton } from '@elastic/eui';
+import { IndexPatternField } from 'src/plugins/data/common';
 
 describe('Discover cell actions ', function () {
+  it('should not show cell actions for unfilterable fields', async () => {
+    expect(
+      buildCellActions({ name: 'foo', filterable: false } as IndexPatternField)
+    ).toBeUndefined();
+  });
+
   it('triggers filter function when FilterInBtn is clicked', async () => {
     const contextMock = {
       expanded: undefined,
diff --git a/src/plugins/discover/public/application/components/discover_grid/discover_grid_cell_actions.tsx b/src/plugins/discover/public/application/components/discover_grid/discover_grid_cell_actions.tsx
index 4e9218f0881cd..ab80cd3e7b461 100644
--- a/src/plugins/discover/public/application/components/discover_grid/discover_grid_cell_actions.tsx
+++ b/src/plugins/discover/public/application/components/discover_grid/discover_grid_cell_actions.tsx
@@ -79,7 +79,7 @@ export const FilterOutBtn = ({
 };
 
 export function buildCellActions(field: IndexPatternField) {
-  if (!field.aggregatable && !field.searchable) {
+  if (!field.filterable) {
     return undefined;
   }
 

From 4e38dfee1430889667b5333ac25a00a8ef2ce89e Mon Sep 17 00:00:00 2001
From: Tiago Costa <tiagoffcc@hotmail.com>
Date: Thu, 24 Jun 2021 14:15:44 +0100
Subject: [PATCH 07/13] skip flaky suite (#98240)

---
 test/api_integration/apis/ui_counters/ui_counters.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/api_integration/apis/ui_counters/ui_counters.ts b/test/api_integration/apis/ui_counters/ui_counters.ts
index 2be6ea4341fb0..019dcfd621655 100644
--- a/test/api_integration/apis/ui_counters/ui_counters.ts
+++ b/test/api_integration/apis/ui_counters/ui_counters.ts
@@ -56,7 +56,8 @@ export default function ({ getService }: FtrProviderContext) {
     return savedObject;
   };
 
-  describe('UI Counters API', () => {
+  // FLAKY: https://github.com/elastic/kibana/issues/98240
+  describe.skip('UI Counters API', () => {
     const dayDate = moment().format('DDMMYYYY');
     before(async () => await esArchiver.emptyKibanaIndex());
 

From 4266957a0df426cb88e9f8313e18d1f8c26b8652 Mon Sep 17 00:00:00 2001
From: Joe Reuter <johannes.reuter@elastic.co>
Date: Thu, 24 Jun 2021 15:20:28 +0200
Subject: [PATCH 08/13] fix filter input debouncing (#103087)

---
 .../lens/public/indexpattern_datasource/query_input.tsx    | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/query_input.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/query_input.tsx
index a67199a9d3432..1b418ee3b408f 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/query_input.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/query_input.tsx
@@ -7,6 +7,7 @@
 
 import React from 'react';
 import { i18n } from '@kbn/i18n';
+import { isEqual } from 'lodash';
 import { QueryStringInput, Query } from '../../../../../src/plugins/data/public';
 import { useDebouncedValue } from '../shared_components';
 
@@ -36,7 +37,11 @@ export const QueryInput = ({
       bubbleSubmitEvent={false}
       indexPatterns={[indexPatternTitle]}
       query={inputValue}
-      onChange={handleInputChange}
+      onChange={(newQuery) => {
+        if (!isEqual(newQuery, inputValue)) {
+          handleInputChange(newQuery);
+        }
+      }}
       onSubmit={() => {
         if (inputValue.query) {
           onSubmit();

From b1b182bdec007528722d2de5a12c2dde7a09c1d3 Mon Sep 17 00:00:00 2001
From: Joe Reuter <johannes.reuter@elastic.co>
Date: Thu, 24 Jun 2021 15:23:39 +0200
Subject: [PATCH 09/13] [Lens] Add new error case for mixed x axes (#102861)

---
 .../xy_visualization/visualization.test.ts    | 53 +++++++++++++++++++
 .../public/xy_visualization/visualization.tsx | 36 +++++++++++--
 2 files changed, 84 insertions(+), 5 deletions(-)

diff --git a/x-pack/plugins/lens/public/xy_visualization/visualization.test.ts b/x-pack/plugins/lens/public/xy_visualization/visualization.test.ts
index f2840b6d3844b..dee0e5763dee4 100644
--- a/x-pack/plugins/lens/public/xy_visualization/visualization.test.ts
+++ b/x-pack/plugins/lens/public/xy_visualization/visualization.test.ts
@@ -872,6 +872,59 @@ describe('xy_visualization', () => {
         },
       ]);
     });
+
+    it('should return an error if string and date histogram xAccessors (multiple layers) are used together', () => {
+      // current incompatibility is only for date and numeric histograms as xAccessors
+      const datasourceLayers = {
+        first: mockDatasource.publicAPIMock,
+        second: createMockDatasource('testDatasource').publicAPIMock,
+      };
+      datasourceLayers.first.getOperationForColumnId = jest.fn((id: string) =>
+        id === 'a'
+          ? (({
+              dataType: 'date',
+              scale: 'interval',
+            } as unknown) as Operation)
+          : null
+      );
+      datasourceLayers.second.getOperationForColumnId = jest.fn((id: string) =>
+        id === 'e'
+          ? (({
+              dataType: 'string',
+              scale: 'ordinal',
+            } as unknown) as Operation)
+          : null
+      );
+      expect(
+        xyVisualization.getErrorMessages(
+          {
+            ...exampleState(),
+            layers: [
+              {
+                layerId: 'first',
+                seriesType: 'area',
+                splitAccessor: 'd',
+                xAccessor: 'a',
+                accessors: ['b'],
+              },
+              {
+                layerId: 'second',
+                seriesType: 'area',
+                splitAccessor: 'd',
+                xAccessor: 'e',
+                accessors: ['b'],
+              },
+            ],
+          },
+          datasourceLayers
+        )
+      ).toEqual([
+        {
+          shortMessage: 'Wrong data type for Horizontal axis.',
+          longMessage: 'Data type mismatch for the Horizontal axis, use a different function.',
+        },
+      ]);
+    });
   });
 
   describe('#getWarningMessages', () => {
diff --git a/x-pack/plugins/lens/public/xy_visualization/visualization.tsx b/x-pack/plugins/lens/public/xy_visualization/visualization.tsx
index ad2c9fd713985..bd20ed300bf61 100644
--- a/x-pack/plugins/lens/public/xy_visualization/visualization.tsx
+++ b/x-pack/plugins/lens/public/xy_visualization/visualization.tsx
@@ -542,8 +542,15 @@ function checkXAccessorCompatibility(
   datasourceLayers: Record<string, DatasourcePublicAPI>
 ) {
   const errors = [];
-  const hasDateHistogramSet = state.layers.some(checkIntervalOperation('date', datasourceLayers));
-  const hasNumberHistogram = state.layers.some(checkIntervalOperation('number', datasourceLayers));
+  const hasDateHistogramSet = state.layers.some(
+    checkScaleOperation('interval', 'date', datasourceLayers)
+  );
+  const hasNumberHistogram = state.layers.some(
+    checkScaleOperation('interval', 'number', datasourceLayers)
+  );
+  const hasOrdinalAxis = state.layers.some(
+    checkScaleOperation('ordinal', undefined, datasourceLayers)
+  );
   if (state.layers.length > 1 && hasDateHistogramSet && hasNumberHistogram) {
     errors.push({
       shortMessage: i18n.translate('xpack.lens.xyVisualization.dataTypeFailureXShort', {
@@ -560,11 +567,28 @@ function checkXAccessorCompatibility(
       }),
     });
   }
+  if (state.layers.length > 1 && (hasDateHistogramSet || hasNumberHistogram) && hasOrdinalAxis) {
+    errors.push({
+      shortMessage: i18n.translate('xpack.lens.xyVisualization.dataTypeFailureXShort', {
+        defaultMessage: `Wrong data type for {axis}.`,
+        values: {
+          axis: getAxisName('x', { isHorizontal: isHorizontalChart(state.layers) }),
+        },
+      }),
+      longMessage: i18n.translate('xpack.lens.xyVisualization.dataTypeFailureXOrdinalLong', {
+        defaultMessage: `Data type mismatch for the {axis}, use a different function.`,
+        values: {
+          axis: getAxisName('x', { isHorizontal: isHorizontalChart(state.layers) }),
+        },
+      }),
+    });
+  }
   return errors;
 }
 
-function checkIntervalOperation(
-  dataType: 'date' | 'number',
+function checkScaleOperation(
+  scaleType: 'ordinal' | 'interval' | 'ratio',
+  dataType: 'date' | 'number' | 'string' | undefined,
   datasourceLayers: Record<string, DatasourcePublicAPI>
 ) {
   return (layer: XYLayerConfig) => {
@@ -573,6 +597,8 @@ function checkIntervalOperation(
       return false;
     }
     const operation = datasourceAPI?.getOperationForColumnId(layer.xAccessor);
-    return Boolean(operation?.dataType === dataType && operation.scale === 'interval');
+    return Boolean(
+      operation && (!dataType || operation.dataType === dataType) && operation.scale === scaleType
+    );
   };
 }

From b70b34f88417bf0efea5f8979a660bce2dc8dbcc Mon Sep 17 00:00:00 2001
From: Christos Nasikas <christos.nasikas@elastic.co>
Date: Thu, 24 Jun 2021 16:31:18 +0300
Subject: [PATCH 10/13] [Cases] Fix push to external service error when
 connector's mapping does not exists (#102894)

Co-authored-by: Jonathan Buttner <jonathan.buttner@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../plugins/cases/server/client/cases/push.ts | 14 +++--
 .../case_api_integration/common/lib/utils.ts  | 27 +++++++++
 .../tests/trial/cases/push_case.ts            | 59 ++++++++++++++++++-
 3 files changed, 94 insertions(+), 6 deletions(-)

diff --git a/x-pack/plugins/cases/server/client/cases/push.ts b/x-pack/plugins/cases/server/client/cases/push.ts
index 6b4f038871626..9e2066984a9da 100644
--- a/x-pack/plugins/cases/server/client/cases/push.ts
+++ b/x-pack/plugins/cases/server/client/cases/push.ts
@@ -110,20 +110,24 @@ export const push = async (
       alertsInfo,
     });
 
-    const connectorMappings = await casesClientInternal.configuration.getMappings({
+    const getMappingsResponse = await casesClientInternal.configuration.getMappings({
       connector: theCase.connector,
     });
 
-    if (connectorMappings.length === 0) {
-      throw new Error('Connector mapping has not been created');
-    }
+    const mappings =
+      getMappingsResponse.length === 0
+        ? await casesClientInternal.configuration.createMappings({
+            connector: theCase.connector,
+            owner: theCase.owner,
+          })
+        : getMappingsResponse[0].attributes.mappings;
 
     const externalServiceIncident = await createIncident({
       actionsClient,
       theCase,
       userActions,
       connector: connector as ActionConnector,
-      mappings: connectorMappings[0].attributes.mappings,
+      mappings,
       alerts,
       casesConnectors,
     });
diff --git a/x-pack/test/case_api_integration/common/lib/utils.ts b/x-pack/test/case_api_integration/common/lib/utils.ts
index 921589b2341dd..6b59d9780a513 100644
--- a/x-pack/test/case_api_integration/common/lib/utils.ts
+++ b/x-pack/test/case_api_integration/common/lib/utils.ts
@@ -46,6 +46,7 @@ import {
   CasesConfigurationsResponse,
   CaseUserActionsResponse,
   AlertResponse,
+  ConnectorMappings,
   CasesByAlertId,
 } from '../../../../plugins/cases/common/api';
 import { getPostCaseRequest, postCollectionReq, postCommentGenAlertReq } from './mock';
@@ -578,6 +579,32 @@ export const ensureSavedObjectIsAuthorized = (
   entities.forEach((entity) => expect(owners.includes(entity.owner)).to.be(true));
 };
 
+interface ConnectorMappingsSavedObject {
+  'cases-connector-mappings': ConnectorMappings;
+}
+
+/**
+ * Returns connector mappings saved objects from Elasticsearch directly.
+ */
+export const getConnectorMappingsFromES = async ({ es }: { es: KibanaClient }) => {
+  const mappings: ApiResponse<
+    estypes.SearchResponse<ConnectorMappingsSavedObject>
+  > = await es.search({
+    index: '.kibana',
+    body: {
+      query: {
+        term: {
+          type: {
+            value: 'cases-connector-mappings',
+          },
+        },
+      },
+    },
+  });
+
+  return mappings;
+};
+
 export const createCaseWithConnector = async ({
   supertest,
   configureReq = {},
diff --git a/x-pack/test/case_api_integration/security_and_spaces/tests/trial/cases/push_case.ts b/x-pack/test/case_api_integration/security_and_spaces/tests/trial/cases/push_case.ts
index 8a58c59718feb..374053dd3b8b7 100644
--- a/x-pack/test/case_api_integration/security_and_spaces/tests/trial/cases/push_case.ts
+++ b/x-pack/test/case_api_integration/security_and_spaces/tests/trial/cases/push_case.ts
@@ -28,12 +28,19 @@ import {
   deleteAllCaseItems,
   superUserSpace1Auth,
   createCaseWithConnector,
+  createConnector,
+  getServiceNowConnector,
+  getConnectorMappingsFromES,
 } from '../../../../common/lib/utils';
 import {
   ExternalServiceSimulator,
   getExternalServiceSimulatorPath,
 } from '../../../../../alerting_api_integration/common/fixtures/plugins/actions_simulators/server/plugin';
-import { CaseStatuses, CaseUserActionResponse } from '../../../../../../plugins/cases/common/api';
+import {
+  CaseConnector,
+  CaseStatuses,
+  CaseUserActionResponse,
+} from '../../../../../../plugins/cases/common/api';
 import {
   globalRead,
   noKibanaPrivileges,
@@ -95,6 +102,56 @@ export default ({ getService }: FtrProviderContext): void => {
       ).to.equal(true);
     });
 
+    it('should create the mappings when pushing a case', async () => {
+      // create a connector but not a configuration so that the mapping will not be present
+      const connector = await createConnector({
+        supertest,
+        req: {
+          ...getServiceNowConnector(),
+          config: { apiUrl: servicenowSimulatorURL },
+        },
+      });
+
+      actionsRemover.add('default', connector.id, 'action', 'actions');
+
+      const postedCase = await createCase(
+        supertest,
+        {
+          ...getPostCaseRequest(),
+          connector: {
+            id: connector.id,
+            name: connector.name,
+            type: connector.connector_type_id,
+            fields: {
+              urgency: '2',
+              impact: '2',
+              severity: '2',
+              category: 'software',
+              subcategory: 'os',
+            },
+          } as CaseConnector,
+        },
+        200
+      );
+
+      // there should be no mappings initially
+      let mappings = await getConnectorMappingsFromES({ es });
+      expect(mappings.body.hits.hits.length).to.eql(0);
+
+      await pushCase({
+        supertest,
+        caseId: postedCase.id,
+        connectorId: connector.id,
+      });
+
+      // the mappings should now be created after the push
+      mappings = await getConnectorMappingsFromES({ es });
+      expect(mappings.body.hits.hits.length).to.be(1);
+      expect(
+        mappings.body.hits.hits[0]._source?.['cases-connector-mappings'].mappings.length
+      ).to.be.above(0);
+    });
+
     it('pushes a comment appropriately', async () => {
       const { postedCase, connector } = await createCaseWithConnector({
         supertest,

From b8234729854b8d394ea1f6784a3535e6feb82c35 Mon Sep 17 00:00:00 2001
From: Marco Liberati <dej611@users.noreply.github.com>
Date: Thu, 24 Jun 2021 15:32:12 +0200
Subject: [PATCH 11/13] [Lens] Add continuity icons to palette configuration
 (#103240)

---
 .../coloring/palette_configuration.tsx        | 57 ++++++++++++-------
 1 file changed, 36 insertions(+), 21 deletions(-)

diff --git a/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.tsx b/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.tsx
index f71bda986a8bb..ae7204d9f93e7 100644
--- a/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.tsx
+++ b/x-pack/plugins/lens/public/shared_components/coloring/palette_configuration.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React from 'react';
+import React, { FC } from 'react';
 import { PaletteOutput, PaletteRegistry } from 'src/plugins/charts/public';
 import {
   EuiFormRow,
@@ -39,6 +39,17 @@ import {
 } from './utils';
 const idPrefix = htmlIdGenerator()();
 
+const ContinuityOption: FC<{ iconType: string }> = ({ children, iconType }) => {
+  return (
+    <EuiFlexGroup gutterSize="s" alignItems="center" responsive={false}>
+      <EuiFlexItem grow={false}>
+        <EuiIcon type={iconType} />
+      </EuiFlexItem>
+      <EuiFlexItem grow={false}>{children}</EuiFlexItem>
+    </EuiFlexGroup>
+  );
+};
+
 /**
  * Some name conventions here:
  * * `displayStops` => It's an additional transformation of `stops` into a [0, N] domain for the EUIPaletteDisplay component.
@@ -141,41 +152,45 @@ export function CustomizablePalette({
             options={[
               {
                 value: 'above',
-                inputDisplay: i18n.translate(
-                  'xpack.lens.table.dynamicColoring.continuity.aboveLabel',
-                  {
-                    defaultMessage: 'Above range',
-                  }
+                inputDisplay: (
+                  <ContinuityOption iconType="continuityAbove">
+                    {i18n.translate('xpack.lens.table.dynamicColoring.continuity.aboveLabel', {
+                      defaultMessage: 'Above range',
+                    })}
+                  </ContinuityOption>
                 ),
                 'data-test-subj': 'continuity-above',
               },
               {
                 value: 'below',
-                inputDisplay: i18n.translate(
-                  'xpack.lens.table.dynamicColoring.continuity.belowLabel',
-                  {
-                    defaultMessage: 'Below range',
-                  }
+                inputDisplay: (
+                  <ContinuityOption iconType="continuityBelow">
+                    {i18n.translate('xpack.lens.table.dynamicColoring.continuity.belowLabel', {
+                      defaultMessage: 'Below range',
+                    })}
+                  </ContinuityOption>
                 ),
                 'data-test-subj': 'continuity-below',
               },
               {
                 value: 'all',
-                inputDisplay: i18n.translate(
-                  'xpack.lens.table.dynamicColoring.continuity.allLabel',
-                  {
-                    defaultMessage: 'Above and below range',
-                  }
+                inputDisplay: (
+                  <ContinuityOption iconType="continuityAboveBelow">
+                    {i18n.translate('xpack.lens.table.dynamicColoring.continuity.allLabel', {
+                      defaultMessage: 'Above and below range',
+                    })}
+                  </ContinuityOption>
                 ),
                 'data-test-subj': 'continuity-all',
               },
               {
                 value: 'none',
-                inputDisplay: i18n.translate(
-                  'xpack.lens.table.dynamicColoring.continuity.noneLabel',
-                  {
-                    defaultMessage: 'Within range',
-                  }
+                inputDisplay: (
+                  <ContinuityOption iconType="continuityWithin">
+                    {i18n.translate('xpack.lens.table.dynamicColoring.continuity.noneLabel', {
+                      defaultMessage: 'Within range',
+                    })}
+                  </ContinuityOption>
                 ),
                 'data-test-subj': 'continuity-none',
               },

From fdd878410ececb575bebf0575355908ed614059f Mon Sep 17 00:00:00 2001
From: Tim Roes <tim.roes@elastic.co>
Date: Thu, 24 Jun 2021 15:34:57 +0200
Subject: [PATCH 12/13] Add missing i18n (#103245)

---
 .../components/sidebar/discover_field_search.tsx     | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/plugins/discover/public/application/apps/main/components/sidebar/discover_field_search.tsx b/src/plugins/discover/public/application/apps/main/components/sidebar/discover_field_search.tsx
index e11c1716efe6b..4abfa6ecea55a 100644
--- a/src/plugins/discover/public/application/apps/main/components/sidebar/discover_field_search.tsx
+++ b/src/plugins/discover/public/application/apps/main/components/sidebar/discover_field_search.tsx
@@ -204,15 +204,21 @@ export function DiscoverFieldSearch({ onChange, value, types, useNewFieldsApi }:
     return [
       {
         id: `${id}-any`,
-        label: 'any',
+        label: i18n.translate('discover.fieldChooser.filter.toggleButton.any', {
+          defaultMessage: 'any',
+        }),
       },
       {
         id: `${id}-true`,
-        label: 'yes',
+        label: i18n.translate('discover.fieldChooser.filter.toggleButton.yes', {
+          defaultMessage: 'yes',
+        }),
       },
       {
         id: `${id}-false`,
-        label: 'no',
+        label: i18n.translate('discover.fieldChooser.filter.toggleButton.no', {
+          defaultMessage: 'no',
+        }),
       },
     ];
   };

From cc6a64514d9bad6c0ff5dbb9e4c0231939eedde4 Mon Sep 17 00:00:00 2001
From: Patrick Mueller <patrick.mueller@elastic.co>
Date: Thu, 24 Jun 2021 10:06:01 -0400
Subject: [PATCH 13/13] [alerting][actions] add task scheduled date and delay
 to event log - 2 (#103172)

resolves #98634

This adds a new object property to the event log kibana object named
task, with two properties to track the time the task was scheduled to
run, and the delay between when it was supposed to run and when it
actually started. This task property is only added to the appropriate
events.

	task: schema.maybe(
	  schema.object({
	    scheduled: ecsDate(),
	    schedule_delay: ecsNumber(),
	  })
	),

Note that these changes were previously merged to master in https://github.com/elastic/kibana/pull/102252 which had to be reverted - this PR contains the same commits, plus some additional ones to resolve the tests that were broken during the bad merge.
---
 .../server/lib/action_executor.test.ts        |  90 ++
 .../actions/server/lib/action_executor.ts     |  19 +
 .../server/lib/task_runner_factory.test.ts    |  16 +-
 .../actions/server/lib/task_runner_factory.ts |   5 +
 .../create_execution_handler.test.ts          |   1 -
 .../task_runner/create_execution_handler.ts   |   1 -
 .../server/task_runner/task_runner.test.ts    | 187 ++--
 .../server/task_runner/task_runner.ts         |  17 +-
 x-pack/plugins/event_log/README.md            |   4 +
 .../plugins/event_log/generated/mappings.json |  14 +-
 x-pack/plugins/event_log/generated/schemas.ts |   7 +-
 x-pack/plugins/event_log/scripts/mappings.js  |  11 +
 .../plugins/event_log/server/event_logger.ts  |   2 +-
 .../tests/alerting/alerts.ts                  |   1 -
 .../tests/alerting/event_log.ts               |   2 +-
 .../spaces_only/tests/actions/execute.ts      |   2 +
 .../spaces_only/tests/alerting/event_log.ts   | 918 +++++++++---------
 17 files changed, 791 insertions(+), 506 deletions(-)

diff --git a/x-pack/plugins/actions/server/lib/action_executor.test.ts b/x-pack/plugins/actions/server/lib/action_executor.test.ts
index 37d461d6b2a50..440de161490aa 100644
--- a/x-pack/plugins/actions/server/lib/action_executor.test.ts
+++ b/x-pack/plugins/actions/server/lib/action_executor.test.ts
@@ -109,6 +109,96 @@ test('successfully executes', async () => {
   });
 
   expect(loggerMock.debug).toBeCalledWith('executing action test:1: 1');
+  expect(eventLogger.logEvent.mock.calls).toMatchInlineSnapshot(`
+    Array [
+      Array [
+        Object {
+          "event": Object {
+            "action": "execute-start",
+          },
+          "kibana": Object {
+            "saved_objects": Array [
+              Object {
+                "id": "1",
+                "namespace": "some-namespace",
+                "rel": "primary",
+                "type": "action",
+                "type_id": "test",
+              },
+            ],
+          },
+          "message": "action started: test:1: 1",
+        },
+      ],
+      Array [
+        Object {
+          "event": Object {
+            "action": "execute",
+            "outcome": "success",
+          },
+          "kibana": Object {
+            "saved_objects": Array [
+              Object {
+                "id": "1",
+                "namespace": "some-namespace",
+                "rel": "primary",
+                "type": "action",
+                "type_id": "test",
+              },
+            ],
+          },
+          "message": "action executed: test:1: 1",
+        },
+      ],
+    ]
+  `);
+});
+
+test('successfully executes as a task', async () => {
+  const actionType: jest.Mocked<ActionType> = {
+    id: 'test',
+    name: 'Test',
+    minimumLicenseRequired: 'basic',
+    executor: jest.fn(),
+  };
+  const actionSavedObject = {
+    id: '1',
+    type: 'action',
+    attributes: {
+      actionTypeId: 'test',
+      config: {
+        bar: true,
+      },
+      secrets: {
+        baz: true,
+      },
+    },
+    references: [],
+  };
+  const actionResult = {
+    id: actionSavedObject.id,
+    name: actionSavedObject.id,
+    ...pick(actionSavedObject.attributes, 'actionTypeId', 'config'),
+    isPreconfigured: false,
+  };
+  actionsClient.get.mockResolvedValueOnce(actionResult);
+  encryptedSavedObjectsClient.getDecryptedAsInternalUser.mockResolvedValueOnce(actionSavedObject);
+  actionTypeRegistry.get.mockReturnValueOnce(actionType);
+
+  const scheduleDelay = 10000; // milliseconds
+  const scheduled = new Date(Date.now() - scheduleDelay);
+  await actionExecutor.execute({
+    ...executeParams,
+    taskInfo: {
+      scheduled,
+    },
+  });
+
+  const eventTask = eventLogger.logEvent.mock.calls[0][0]?.kibana?.task;
+  expect(eventTask).toBeDefined();
+  expect(eventTask?.scheduled).toBe(scheduled.toISOString());
+  expect(eventTask?.schedule_delay).toBeGreaterThanOrEqual(scheduleDelay * 1000 * 1000);
+  expect(eventTask?.schedule_delay).toBeLessThanOrEqual(2 * scheduleDelay * 1000 * 1000);
 });
 
 test('provides empty config when config and / or secrets is empty', async () => {
diff --git a/x-pack/plugins/actions/server/lib/action_executor.ts b/x-pack/plugins/actions/server/lib/action_executor.ts
index e9e7b17288611..9e62b123951df 100644
--- a/x-pack/plugins/actions/server/lib/action_executor.ts
+++ b/x-pack/plugins/actions/server/lib/action_executor.ts
@@ -25,6 +25,9 @@ import { ActionsClient } from '../actions_client';
 import { ActionExecutionSource } from './action_execution_source';
 import { RelatedSavedObjects } from './related_saved_objects';
 
+// 1,000,000 nanoseconds in 1 millisecond
+const Millis2Nanos = 1000 * 1000;
+
 export interface ActionExecutorContext {
   logger: Logger;
   spaces?: SpacesServiceStart;
@@ -39,11 +42,16 @@ export interface ActionExecutorContext {
   preconfiguredActions: PreConfiguredAction[];
 }
 
+export interface TaskInfo {
+  scheduled: Date;
+}
+
 export interface ExecuteOptions<Source = unknown> {
   actionId: string;
   request: KibanaRequest;
   params: Record<string, unknown>;
   source?: ActionExecutionSource<Source>;
+  taskInfo?: TaskInfo;
   relatedSavedObjects?: RelatedSavedObjects;
 }
 
@@ -71,6 +79,7 @@ export class ActionExecutor {
     params,
     request,
     source,
+    taskInfo,
     relatedSavedObjects,
   }: ExecuteOptions): Promise<ActionTypeExecutorResult<unknown>> {
     if (!this.isInitialized) {
@@ -143,9 +152,19 @@ export class ActionExecutor {
         const actionLabel = `${actionTypeId}:${actionId}: ${name}`;
         logger.debug(`executing action ${actionLabel}`);
 
+        const task = taskInfo
+          ? {
+              task: {
+                scheduled: taskInfo.scheduled.toISOString(),
+                schedule_delay: Millis2Nanos * (Date.now() - taskInfo.scheduled.getTime()),
+              },
+            }
+          : {};
+
         const event: IEvent = {
           event: { action: EVENT_LOG_ACTIONS.execute },
           kibana: {
+            ...task,
             saved_objects: [
               {
                 rel: SAVED_OBJECT_REL_PRIMARY,
diff --git a/x-pack/plugins/actions/server/lib/task_runner_factory.test.ts b/x-pack/plugins/actions/server/lib/task_runner_factory.test.ts
index 2292994e3ccfd..495d638951b56 100644
--- a/x-pack/plugins/actions/server/lib/task_runner_factory.test.ts
+++ b/x-pack/plugins/actions/server/lib/task_runner_factory.test.ts
@@ -133,6 +133,9 @@ test('executes the task by calling the executor with proper parameters', async (
         authorization: 'ApiKey MTIzOmFiYw==',
       },
     }),
+    taskInfo: {
+      scheduled: new Date(),
+    },
   });
 
   const [executeParams] = mockedActionExecutor.execute.mock.calls[0];
@@ -255,6 +258,9 @@ test('uses API key when provided', async () => {
         authorization: 'ApiKey MTIzOmFiYw==',
       },
     }),
+    taskInfo: {
+      scheduled: new Date(),
+    },
   });
 
   const [executeParams] = mockedActionExecutor.execute.mock.calls[0];
@@ -300,6 +306,9 @@ test('uses relatedSavedObjects when provided', async () => {
         authorization: 'ApiKey MTIzOmFiYw==',
       },
     }),
+    taskInfo: {
+      scheduled: new Date(),
+    },
   });
 });
 
@@ -323,7 +332,6 @@ test('sanitizes invalid relatedSavedObjects when provided', async () => {
   });
 
   await taskRunner.run();
-
   expect(mockedActionExecutor.execute).toHaveBeenCalledWith({
     actionId: '2',
     params: { baz: true },
@@ -334,6 +342,9 @@ test('sanitizes invalid relatedSavedObjects when provided', async () => {
         authorization: 'ApiKey MTIzOmFiYw==',
       },
     }),
+    taskInfo: {
+      scheduled: new Date(),
+    },
   });
 });
 
@@ -363,6 +374,9 @@ test(`doesn't use API key when not provided`, async () => {
     request: expect.objectContaining({
       headers: {},
     }),
+    taskInfo: {
+      scheduled: new Date(),
+    },
   });
 
   const [executeParams] = mockedActionExecutor.execute.mock.calls[0];
diff --git a/x-pack/plugins/actions/server/lib/task_runner_factory.ts b/x-pack/plugins/actions/server/lib/task_runner_factory.ts
index 0515963ab82f4..64169de728f75 100644
--- a/x-pack/plugins/actions/server/lib/task_runner_factory.ts
+++ b/x-pack/plugins/actions/server/lib/task_runner_factory.ts
@@ -72,6 +72,10 @@ export class TaskRunnerFactory {
       getUnsecuredSavedObjectsClient,
     } = this.taskRunnerContext!;
 
+    const taskInfo = {
+      scheduled: taskInstance.runAt,
+    };
+
     return {
       async run() {
         const { spaceId, actionTaskParamsId } = taskInstance.params as Record<string, string>;
@@ -118,6 +122,7 @@ export class TaskRunnerFactory {
             actionId,
             request: fakeRequest,
             ...getSourceFromReferences(references),
+            taskInfo,
             relatedSavedObjects: validatedRelatedSavedObjects(logger, relatedSavedObjects),
           });
         } catch (e) {
diff --git a/x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts b/x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts
index 033ffcceb6a0a..1dcd19119b6fd 100644
--- a/x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts
+++ b/x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts
@@ -195,7 +195,6 @@ test('enqueues execution per selected action', async () => {
             "id": "1",
             "license": "basic",
             "name": "name-of-alert",
-            "namespace": "test1",
             "ruleset": "alerts",
           },
         },
diff --git a/x-pack/plugins/alerting/server/task_runner/create_execution_handler.ts b/x-pack/plugins/alerting/server/task_runner/create_execution_handler.ts
index 968fff540dc03..3004ed599128e 100644
--- a/x-pack/plugins/alerting/server/task_runner/create_execution_handler.ts
+++ b/x-pack/plugins/alerting/server/task_runner/create_execution_handler.ts
@@ -209,7 +209,6 @@ export function createExecutionHandler<
           license: alertType.minimumLicenseRequired,
           category: alertType.id,
           ruleset: alertType.producer,
-          ...namespace,
           name: alertName,
         },
       };
diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts b/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts
index 8ab267a5610d3..88d1b1b24a4ec 100644
--- a/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts
+++ b/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts
@@ -282,13 +282,16 @@ describe('Task Runner', () => {
               "type_id": "test",
             },
           ],
+          "task": Object {
+            "schedule_delay": 0,
+            "scheduled": "1970-01-01T00:00:00.000Z",
+          },
         },
         "message": "alert execution start: \\"1\\"",
         "rule": Object {
           "category": "test",
           "id": "1",
           "license": "basic",
-          "namespace": undefined,
           "ruleset": "alerts",
         },
       }
@@ -394,6 +397,10 @@ describe('Task Runner', () => {
         kind: 'alert',
       },
       kibana: {
+        task: {
+          schedule_delay: 0,
+          scheduled: '1970-01-01T00:00:00.000Z',
+        },
         saved_objects: [
           {
             id: '1',
@@ -409,7 +416,6 @@ describe('Task Runner', () => {
         category: 'test',
         id: '1',
         license: 'basic',
-        namespace: undefined,
         ruleset: 'alerts',
       },
     });
@@ -518,6 +524,10 @@ describe('Task Runner', () => {
         alerting: {
           status: 'active',
         },
+        task: {
+          schedule_delay: 0,
+          scheduled: '1970-01-01T00:00:00.000Z',
+        },
         saved_objects: [
           {
             id: '1',
@@ -534,7 +544,6 @@ describe('Task Runner', () => {
         id: '1',
         license: 'basic',
         name: 'alert-name',
-        namespace: undefined,
         ruleset: 'alerts',
       },
     });
@@ -603,6 +612,10 @@ describe('Task Runner', () => {
         kind: 'alert',
       },
       kibana: {
+        task: {
+          schedule_delay: 0,
+          scheduled: '1970-01-01T00:00:00.000Z',
+        },
         saved_objects: [
           {
             id: '1',
@@ -618,7 +631,6 @@ describe('Task Runner', () => {
         category: 'test',
         id: '1',
         license: 'basic',
-        namespace: undefined,
         ruleset: 'alerts',
       },
     });
@@ -700,6 +712,10 @@ describe('Task Runner', () => {
         alerting: {
           status: 'active',
         },
+        task: {
+          schedule_delay: 0,
+          scheduled: '1970-01-01T00:00:00.000Z',
+        },
         saved_objects: [
           {
             id: '1',
@@ -716,7 +732,6 @@ describe('Task Runner', () => {
         id: '1',
         license: 'basic',
         name: 'alert-name',
-        namespace: undefined,
         ruleset: 'alerts',
       },
     });
@@ -854,13 +869,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -897,7 +915,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -926,6 +943,10 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert executed: test:1: 'alert-name'",
             "rule": Object {
@@ -933,7 +954,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1151,13 +1171,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1194,7 +1217,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1231,7 +1253,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1273,7 +1294,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1302,6 +1322,10 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert executed: test:1: 'alert-name'",
             "rule": Object {
@@ -1309,7 +1333,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1433,13 +1456,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1476,7 +1502,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1513,7 +1538,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1555,7 +1579,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1597,7 +1620,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1626,6 +1648,10 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert executed: test:1: 'alert-name'",
             "rule": Object {
@@ -1633,7 +1659,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -1968,13 +1993,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2012,7 +2040,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2049,7 +2076,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2078,6 +2104,10 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert executed: test:1: 'alert-name'",
             "rule": Object {
@@ -2085,7 +2115,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2294,13 +2323,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2333,13 +2365,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution failure: test:1: 'alert-name'",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2397,13 +2432,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2436,13 +2474,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "test:1: execution failed",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2508,13 +2549,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2547,13 +2591,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "test:1: execution failed",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2619,13 +2666,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2658,13 +2708,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "test:1: execution failed",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2729,13 +2782,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -2768,13 +2824,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "test:1: execution failed",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3007,13 +3066,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3050,7 +3112,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3087,7 +3148,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3124,7 +3184,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3161,7 +3220,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3190,6 +3248,10 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert executed: test:1: 'alert-name'",
             "rule": Object {
@@ -3197,7 +3259,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3291,13 +3352,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3334,7 +3398,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3371,7 +3434,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3400,6 +3462,10 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert executed: test:1: 'alert-name'",
             "rule": Object {
@@ -3407,7 +3473,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3493,13 +3558,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3534,7 +3602,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3569,7 +3636,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3598,6 +3664,10 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert executed: test:1: 'alert-name'",
             "rule": Object {
@@ -3605,7 +3675,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3686,13 +3755,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3729,7 +3801,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3766,7 +3837,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3795,6 +3865,10 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert executed: test:1: 'alert-name'",
             "rule": Object {
@@ -3802,7 +3876,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3885,13 +3958,16 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert execution start: \\"1\\"",
             "rule": Object {
               "category": "test",
               "id": "1",
               "license": "basic",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3925,7 +4001,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3959,7 +4034,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
@@ -3988,6 +4062,10 @@ describe('Task Runner', () => {
                   "type_id": "test",
                 },
               ],
+              "task": Object {
+                "schedule_delay": 0,
+                "scheduled": "1970-01-01T00:00:00.000Z",
+              },
             },
             "message": "alert executed: test:1: 'alert-name'",
             "rule": Object {
@@ -3995,7 +4073,6 @@ describe('Task Runner', () => {
               "id": "1",
               "license": "basic",
               "name": "alert-name",
-              "namespace": undefined,
               "ruleset": "alerts",
             },
           },
diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner.ts b/x-pack/plugins/alerting/server/task_runner/task_runner.ts
index b712b6237c8a7..c66c054bc8ac3 100644
--- a/x-pack/plugins/alerting/server/task_runner/task_runner.ts
+++ b/x-pack/plugins/alerting/server/task_runner/task_runner.ts
@@ -54,6 +54,9 @@ import { getEsErrorMessage } from '../lib/errors';
 
 const FALLBACK_RETRY_INTERVAL = '5m';
 
+// 1,000,000 nanoseconds in 1 millisecond
+const Millis2Nanos = 1000 * 1000;
+
 type Event = Exclude<IEvent, undefined>;
 
 interface AlertTaskRunResult {
@@ -489,15 +492,17 @@ export class TaskRunner<
       schedule: taskSchedule,
     } = this.taskInstance;
 
-    const runDate = new Date().toISOString();
-    this.logger.debug(`executing alert ${this.alertType.id}:${alertId} at ${runDate}`);
+    const runDate = new Date();
+    const runDateString = runDate.toISOString();
+    this.logger.debug(`executing alert ${this.alertType.id}:${alertId} at ${runDateString}`);
 
     const namespace = this.context.spaceIdToNamespace(spaceId);
     const eventLogger = this.context.eventLogger;
+    const scheduleDelay = runDate.getTime() - this.taskInstance.runAt.getTime();
     const event: IEvent = {
       // explicitly set execute timestamp so it will be before other events
       // generated here (new-instance, schedule-action, etc)
-      '@timestamp': runDate,
+      '@timestamp': runDateString,
       event: {
         action: EVENT_LOG_ACTIONS.execute,
         kind: 'alert',
@@ -513,13 +518,16 @@ export class TaskRunner<
             namespace,
           },
         ],
+        task: {
+          scheduled: this.taskInstance.runAt.toISOString(),
+          schedule_delay: Millis2Nanos * scheduleDelay,
+        },
       },
       rule: {
         id: alertId,
         license: this.alertType.minimumLicenseRequired,
         category: this.alertType.id,
         ruleset: this.alertType.producer,
-        namespace,
       },
     };
 
@@ -814,7 +822,6 @@ function generateNewAndRecoveredInstanceEvents<
         license: ruleType.minimumLicenseRequired,
         category: ruleType.id,
         ruleset: ruleType.producer,
-        namespace,
         name: rule.name,
       },
     };
diff --git a/x-pack/plugins/event_log/README.md b/x-pack/plugins/event_log/README.md
index ffbd20dd6f2be..682bf2660c78b 100644
--- a/x-pack/plugins/event_log/README.md
+++ b/x-pack/plugins/event_log/README.md
@@ -127,6 +127,10 @@ Below is a document in the expected structure, with descriptions of the fields:
   // Custom fields that are not part of ECS.
   kibana: {
     server_uuid: "UUID of kibana server, for diagnosing multi-Kibana scenarios",
+    task: {
+      scheduled: "ISO date of when the task for this event was supposed to start",
+      schedule_delay: "delay in nanoseconds between when this task was supposed to start and when it actually started",
+    },
     alerting: {
       instance_id: "alert instance id, for relevant documents",
       action_group_id: "alert action group, for relevant documents",
diff --git a/x-pack/plugins/event_log/generated/mappings.json b/x-pack/plugins/event_log/generated/mappings.json
index 3eadcc21257b0..0f5f4af2052ee 100644
--- a/x-pack/plugins/event_log/generated/mappings.json
+++ b/x-pack/plugins/event_log/generated/mappings.json
@@ -214,10 +214,6 @@
                 "version": {
                     "ignore_above": 1024,
                     "type": "keyword"
-                },
-                "namespace": {
-                    "ignore_above": 1024,
-                    "type": "keyword"
                 }
             }
         },
@@ -241,6 +237,16 @@
                     "type": "keyword",
                     "ignore_above": 1024
                 },
+                "task": {
+                    "properties": {
+                        "scheduled": {
+                            "type": "date"
+                        },
+                        "schedule_delay": {
+                            "type": "long"
+                        }
+                    }
+                },
                 "alerting": {
                     "properties": {
                         "instance_id": {
diff --git a/x-pack/plugins/event_log/generated/schemas.ts b/x-pack/plugins/event_log/generated/schemas.ts
index 2a066ca0bd15b..556ddec5a7001 100644
--- a/x-pack/plugins/event_log/generated/schemas.ts
+++ b/x-pack/plugins/event_log/generated/schemas.ts
@@ -91,7 +91,6 @@ export const EventSchema = schema.maybe(
         ruleset: ecsString(),
         uuid: ecsString(),
         version: ecsString(),
-        namespace: ecsString(),
       })
     ),
     user: schema.maybe(
@@ -102,6 +101,12 @@ export const EventSchema = schema.maybe(
     kibana: schema.maybe(
       schema.object({
         server_uuid: ecsString(),
+        task: schema.maybe(
+          schema.object({
+            scheduled: ecsDate(),
+            schedule_delay: ecsNumber(),
+          })
+        ),
         alerting: schema.maybe(
           schema.object({
             instance_id: ecsString(),
diff --git a/x-pack/plugins/event_log/scripts/mappings.js b/x-pack/plugins/event_log/scripts/mappings.js
index f2020e76b46ba..93fe053bd0cdf 100644
--- a/x-pack/plugins/event_log/scripts/mappings.js
+++ b/x-pack/plugins/event_log/scripts/mappings.js
@@ -17,6 +17,17 @@ exports.EcsCustomPropertyMappings = {
         type: 'keyword',
         ignore_above: 1024,
       },
+      // task specific fields
+      task: {
+        properties: {
+          scheduled: {
+            type: 'date',
+          },
+          schedule_delay: {
+            type: 'long',
+          },
+        },
+      },
       // alerting specific fields
       alerting: {
         properties: {
diff --git a/x-pack/plugins/event_log/server/event_logger.ts b/x-pack/plugins/event_log/server/event_logger.ts
index 4af69de0f47a0..b985a173ccdbf 100644
--- a/x-pack/plugins/event_log/server/event_logger.ts
+++ b/x-pack/plugins/event_log/server/event_logger.ts
@@ -88,7 +88,7 @@ export class EventLogger implements IEventLogger {
     try {
       validatedEvent = validateEvent(this.eventLogService, event);
     } catch (err) {
-      this.systemLogger.warn(`invalid event logged: ${err.message}`);
+      this.systemLogger.warn(`invalid event logged: ${err.message}; ${JSON.stringify(event)})`);
       return;
     }
 
diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/alerts.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/alerts.ts
index e9ed14fbcddcd..b3d83ae22f330 100644
--- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/alerts.ts
+++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/alerts.ts
@@ -1304,7 +1304,6 @@ instanceStateValue: true
       license: 'basic',
       category: ruleObject.alertInfo.ruleTypeId,
       ruleset: ruleObject.alertInfo.producer,
-      namespace: spaceId,
       name: ruleObject.alertInfo.name,
     });
 
diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts
index 5d13d641367a4..940203a9b1f8c 100644
--- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts
+++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts
@@ -81,12 +81,12 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
         errorMessage: 'Unable to decrypt attribute "apiKey"',
         status: 'error',
         reason: 'decrypt',
+        shouldHaveTask: true,
         rule: {
           id: alertId,
           category: response.body.rule_type_id,
           license: 'basic',
           ruleset: 'alertsFixture',
-          namespace: spaceId,
         },
       });
     });
diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/actions/execute.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/actions/execute.ts
index d494c99c80e8f..38f3a17f317c2 100644
--- a/x-pack/test/alerting_api_integration/spaces_only/tests/actions/execute.ts
+++ b/x-pack/test/alerting_api_integration/spaces_only/tests/actions/execute.ts
@@ -406,6 +406,8 @@ export default function ({ getService }: FtrProviderContext) {
       expect(startExecuteEvent?.message).to.eql(startMessage);
     }
 
+    expect(executeEvent?.kibana?.task).to.eql(undefined);
+
     if (errorMessage) {
       expect(executeEvent?.error?.message).to.eql(errorMessage);
     }
diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts
index fae5958d7827a..9bf7baf95d8d2 100644
--- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts
+++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts
@@ -24,476 +24,512 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
 
     after(() => objectRemover.removeAll());
 
-    it('should generate expected events for normal operation', async () => {
-      const { body: createdAction } = await supertest
-        .post(`${getUrlPrefix(Spaces.space1.id)}/api/actions/connector`)
-        .set('kbn-xsrf', 'foo')
-        .send({
-          name: 'MY action',
-          connector_type_id: 'test.noop',
-          config: {},
-          secrets: {},
-        })
-        .expect(200);
-
-      // pattern of when the alert should fire
-      const pattern = {
-        instance: [false, true, true],
-      };
-
-      const response = await supertest
-        .post(`${getUrlPrefix(Spaces.space1.id)}/api/alerting/rule`)
-        .set('kbn-xsrf', 'foo')
-        .send(
-          getTestAlertData({
-            rule_type_id: 'test.patternFiring',
-            schedule: { interval: '1s' },
-            throttle: null,
-            params: {
-              pattern,
-            },
-            actions: [
-              {
-                id: createdAction.id,
-                group: 'default',
-                params: {},
-              },
-            ],
-          })
-        );
-
-      expect(response.status).to.eql(200);
-      const alertId = response.body.id;
-      objectRemover.add(Spaces.space1.id, alertId, 'rule', 'alerting');
-
-      // get the events we're expecting
-      const events = await retry.try(async () => {
-        return await getEventLog({
-          getService,
-          spaceId: Spaces.space1.id,
-          type: 'alert',
-          id: alertId,
-          provider: 'alerting',
-          actions: new Map([
-            // make sure the counts of the # of events per type are as expected
-            ['execute-start', { gte: 4 }],
-            ['execute', { gte: 4 }],
-            ['execute-action', { equal: 2 }],
-            ['new-instance', { equal: 1 }],
-            ['active-instance', { gte: 1 }],
-            ['recovered-instance', { equal: 1 }],
-          ]),
-        });
-      });
-
-      // get the filtered events only with action 'new-instance'
-      const filteredEvents = await retry.try(async () => {
-        return await getEventLog({
-          getService,
-          spaceId: Spaces.space1.id,
-          type: 'alert',
-          id: alertId,
-          provider: 'alerting',
-          actions: new Map([['new-instance', { equal: 1 }]]),
-          filter: 'event.action:(new-instance)',
-        });
-      });
+    for (const space of [Spaces.default, Spaces.space1]) {
+      describe(`in space ${space.id}`, () => {
+        it('should generate expected events for normal operation', async () => {
+          const { body: createdAction } = await supertest
+            .post(`${getUrlPrefix(space.id)}/api/actions/connector`)
+            .set('kbn-xsrf', 'foo')
+            .send({
+              name: 'MY action',
+              connector_type_id: 'test.noop',
+              config: {},
+              secrets: {},
+            })
+            .expect(200);
+
+          // pattern of when the alert should fire
+          const pattern = {
+            instance: [false, true, true],
+          };
+
+          const response = await supertest
+            .post(`${getUrlPrefix(space.id)}/api/alerting/rule`)
+            .set('kbn-xsrf', 'foo')
+            .send(
+              getTestAlertData({
+                rule_type_id: 'test.patternFiring',
+                schedule: { interval: '1s' },
+                throttle: null,
+                params: {
+                  pattern,
+                },
+                actions: [
+                  {
+                    id: createdAction.id,
+                    group: 'default',
+                    params: {},
+                  },
+                ],
+              })
+            );
 
-      expect(getEventsByAction(filteredEvents, 'execute').length).equal(0);
-      expect(getEventsByAction(filteredEvents, 'execute-action').length).equal(0);
-      expect(getEventsByAction(events, 'new-instance').length).equal(1);
-
-      const executeEvents = getEventsByAction(events, 'execute');
-      const executeStartEvents = getEventsByAction(events, 'execute-start');
-      const executeActionEvents = getEventsByAction(events, 'execute-action');
-      const newInstanceEvents = getEventsByAction(events, 'new-instance');
-      const recoveredInstanceEvents = getEventsByAction(events, 'recovered-instance');
-
-      // make sure the events are in the right temporal order
-      const executeTimes = getTimestamps(executeEvents);
-      const executeStartTimes = getTimestamps(executeStartEvents);
-      const executeActionTimes = getTimestamps(executeActionEvents);
-      const newInstanceTimes = getTimestamps(newInstanceEvents);
-      const recoveredInstanceTimes = getTimestamps(recoveredInstanceEvents);
-
-      expect(executeTimes[0] < newInstanceTimes[0]).to.be(true);
-      expect(executeTimes[1] <= newInstanceTimes[0]).to.be(true);
-      expect(executeTimes[2] > newInstanceTimes[0]).to.be(true);
-      expect(executeTimes[1] <= executeActionTimes[0]).to.be(true);
-      expect(executeTimes[2] > executeActionTimes[0]).to.be(true);
-      expect(executeStartTimes.length === executeTimes.length).to.be(true);
-      executeStartTimes.forEach((est, index) => expect(est === executeTimes[index]).to.be(true));
-      expect(recoveredInstanceTimes[0] > newInstanceTimes[0]).to.be(true);
-
-      // validate each event
-      let executeCount = 0;
-      const executeStatuses = ['ok', 'active', 'active'];
-      for (const event of events) {
-        switch (event?.event?.action) {
-          case 'execute-start':
-            validateEvent(event, {
-              spaceId: Spaces.space1.id,
-              savedObjects: [
-                { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
-              ],
-              message: `alert execution start: "${alertId}"`,
-              rule: {
-                id: alertId,
-                category: response.body.rule_type_id,
-                license: 'basic',
-                ruleset: 'alertsFixture',
-                namespace: Spaces.space1.id,
-              },
+          expect(response.status).to.eql(200);
+          const alertId = response.body.id;
+          objectRemover.add(space.id, alertId, 'rule', 'alerting');
+
+          // get the events we're expecting
+          const events = await retry.try(async () => {
+            return await getEventLog({
+              getService,
+              spaceId: space.id,
+              type: 'alert',
+              id: alertId,
+              provider: 'alerting',
+              actions: new Map([
+                // make sure the counts of the # of events per type are as expected
+                ['execute-start', { gte: 4 }],
+                ['execute', { gte: 4 }],
+                ['execute-action', { equal: 2 }],
+                ['new-instance', { equal: 1 }],
+                ['active-instance', { gte: 1 }],
+                ['recovered-instance', { equal: 1 }],
+              ]),
             });
-            break;
-          case 'execute':
-            validateEvent(event, {
-              spaceId: Spaces.space1.id,
-              savedObjects: [
-                { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
-              ],
-              outcome: 'success',
-              message: `alert executed: test.patternFiring:${alertId}: 'abc'`,
-              status: executeStatuses[executeCount++],
-              rule: {
-                id: alertId,
-                category: response.body.rule_type_id,
-                license: 'basic',
-                ruleset: 'alertsFixture',
-                namespace: Spaces.space1.id,
-                name: response.body.name,
-              },
+          });
+
+          // get the filtered events only with action 'new-instance'
+          const filteredEvents = await retry.try(async () => {
+            return await getEventLog({
+              getService,
+              spaceId: space.id,
+              type: 'alert',
+              id: alertId,
+              provider: 'alerting',
+              actions: new Map([['new-instance', { equal: 1 }]]),
+              filter: 'event.action:(new-instance)',
             });
-            break;
-          case 'execute-action':
+          });
+
+          expect(getEventsByAction(filteredEvents, 'execute').length).equal(0);
+          expect(getEventsByAction(filteredEvents, 'execute-action').length).equal(0);
+          expect(getEventsByAction(events, 'new-instance').length).equal(1);
+
+          const executeEvents = getEventsByAction(events, 'execute');
+          const executeStartEvents = getEventsByAction(events, 'execute-start');
+          const executeActionEvents = getEventsByAction(events, 'execute-action');
+          const newInstanceEvents = getEventsByAction(events, 'new-instance');
+          const recoveredInstanceEvents = getEventsByAction(events, 'recovered-instance');
+
+          // make sure the events are in the right temporal order
+          const executeTimes = getTimestamps(executeEvents);
+          const executeStartTimes = getTimestamps(executeStartEvents);
+          const executeActionTimes = getTimestamps(executeActionEvents);
+          const newInstanceTimes = getTimestamps(newInstanceEvents);
+          const recoveredInstanceTimes = getTimestamps(recoveredInstanceEvents);
+
+          expect(executeTimes[0] < newInstanceTimes[0]).to.be(true);
+          expect(executeTimes[1] <= newInstanceTimes[0]).to.be(true);
+          expect(executeTimes[2] > newInstanceTimes[0]).to.be(true);
+          expect(executeTimes[1] <= executeActionTimes[0]).to.be(true);
+          expect(executeTimes[2] > executeActionTimes[0]).to.be(true);
+          expect(executeStartTimes.length === executeTimes.length).to.be(true);
+          executeStartTimes.forEach((est, index) =>
+            expect(est === executeTimes[index]).to.be(true)
+          );
+          expect(recoveredInstanceTimes[0] > newInstanceTimes[0]).to.be(true);
+
+          // validate each event
+          let executeCount = 0;
+          const executeStatuses = ['ok', 'active', 'active'];
+          for (const event of events) {
+            switch (event?.event?.action) {
+              case 'execute-start':
+                validateEvent(event, {
+                  spaceId: space.id,
+                  savedObjects: [
+                    { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
+                  ],
+                  message: `alert execution start: "${alertId}"`,
+                  shouldHaveTask: true,
+                  rule: {
+                    id: alertId,
+                    category: response.body.rule_type_id,
+                    license: 'basic',
+                    ruleset: 'alertsFixture',
+                  },
+                });
+                break;
+              case 'execute':
+                validateEvent(event, {
+                  spaceId: space.id,
+                  savedObjects: [
+                    { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
+                  ],
+                  outcome: 'success',
+                  message: `alert executed: test.patternFiring:${alertId}: 'abc'`,
+                  status: executeStatuses[executeCount++],
+                  shouldHaveTask: true,
+                  rule: {
+                    id: alertId,
+                    category: response.body.rule_type_id,
+                    license: 'basic',
+                    ruleset: 'alertsFixture',
+                    name: response.body.name,
+                  },
+                });
+                break;
+              case 'execute-action':
+                validateEvent(event, {
+                  spaceId: space.id,
+                  savedObjects: [
+                    { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
+                    { type: 'action', id: createdAction.id, type_id: 'test.noop' },
+                  ],
+                  message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup: 'default' action: test.noop:${createdAction.id}`,
+                  instanceId: 'instance',
+                  actionGroupId: 'default',
+                  rule: {
+                    id: alertId,
+                    category: response.body.rule_type_id,
+                    license: 'basic',
+                    ruleset: 'alertsFixture',
+                    name: response.body.name,
+                  },
+                });
+                break;
+              case 'new-instance':
+                validateInstanceEvent(event, `created new instance: 'instance'`, false);
+                break;
+              case 'recovered-instance':
+                validateInstanceEvent(event, `instance 'instance' has recovered`, true);
+                break;
+              case 'active-instance':
+                validateInstanceEvent(
+                  event,
+                  `active instance: 'instance' in actionGroup: 'default'`,
+                  false
+                );
+                break;
+              // this will get triggered as we add new event actions
+              default:
+                throw new Error(`unexpected event action "${event?.event?.action}"`);
+            }
+          }
+
+          const actionEvents = await retry.try(async () => {
+            return await getEventLog({
+              getService,
+              spaceId: space.id,
+              type: 'action',
+              id: createdAction.id,
+              provider: 'actions',
+              actions: new Map([['execute', { gte: 1 }]]),
+            });
+          });
+
+          for (const event of actionEvents) {
+            switch (event?.event?.action) {
+              case 'execute':
+                validateEvent(event, {
+                  spaceId: space.id,
+                  savedObjects: [
+                    { type: 'action', id: createdAction.id, rel: 'primary', type_id: 'test.noop' },
+                  ],
+                  message: `action executed: test.noop:${createdAction.id}: MY action`,
+                  outcome: 'success',
+                  shouldHaveTask: true,
+                  rule: undefined,
+                });
+                break;
+            }
+          }
+
+          function validateInstanceEvent(
+            event: IValidatedEvent,
+            subMessage: string,
+            shouldHaveEventEnd: boolean
+          ) {
             validateEvent(event, {
-              spaceId: Spaces.space1.id,
+              spaceId: space.id,
               savedObjects: [
                 { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
-                { type: 'action', id: createdAction.id, type_id: 'test.noop' },
               ],
-              message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup: 'default' action: test.noop:${createdAction.id}`,
+              message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`,
               instanceId: 'instance',
               actionGroupId: 'default',
+              shouldHaveEventEnd,
               rule: {
                 id: alertId,
                 category: response.body.rule_type_id,
                 license: 'basic',
                 ruleset: 'alertsFixture',
-                namespace: Spaces.space1.id,
                 name: response.body.name,
               },
             });
-            break;
-          case 'new-instance':
-            validateInstanceEvent(event, `created new instance: 'instance'`, false);
-            break;
-          case 'recovered-instance':
-            validateInstanceEvent(event, `instance 'instance' has recovered`, true);
-            break;
-          case 'active-instance':
-            validateInstanceEvent(
-              event,
-              `active instance: 'instance' in actionGroup: 'default'`,
-              false
-            );
-            break;
-          // this will get triggered as we add new event actions
-          default:
-            throw new Error(`unexpected event action "${event?.event?.action}"`);
-        }
-      }
-
-      function validateInstanceEvent(
-        event: IValidatedEvent,
-        subMessage: string,
-        shouldHaveEventEnd: boolean
-      ) {
-        validateEvent(event, {
-          spaceId: Spaces.space1.id,
-          savedObjects: [
-            { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
-          ],
-          message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`,
-          instanceId: 'instance',
-          actionGroupId: 'default',
-          shouldHaveEventEnd,
-          rule: {
-            id: alertId,
-            category: response.body.rule_type_id,
-            license: 'basic',
-            ruleset: 'alertsFixture',
-            namespace: Spaces.space1.id,
-            name: response.body.name,
-          },
+          }
         });
-      }
-    });
-
-    it('should generate expected events for normal operation with subgroups', async () => {
-      const { body: createdAction } = await supertest
-        .post(`${getUrlPrefix(Spaces.space1.id)}/api/actions/connector`)
-        .set('kbn-xsrf', 'foo')
-        .send({
-          name: 'MY action',
-          connector_type_id: 'test.noop',
-          config: {},
-          secrets: {},
-        })
-        .expect(200);
-
-      // pattern of when the alert should fire
-      const [firstSubgroup, secondSubgroup] = [uuid.v4(), uuid.v4()];
-      const pattern = {
-        instance: [false, firstSubgroup, secondSubgroup],
-      };
-
-      const response = await supertest
-        .post(`${getUrlPrefix(Spaces.space1.id)}/api/alerting/rule`)
-        .set('kbn-xsrf', 'foo')
-        .send(
-          getTestAlertData({
-            rule_type_id: 'test.patternFiring',
-            schedule: { interval: '1s' },
-            throttle: null,
-            params: {
-              pattern,
-            },
-            actions: [
-              {
-                id: createdAction.id,
-                group: 'default',
-                params: {},
-              },
-            ],
-          })
-        );
-
-      expect(response.status).to.eql(200);
-      const alertId = response.body.id;
-      objectRemover.add(Spaces.space1.id, alertId, 'rule', 'alerting');
-
-      // get the events we're expecting
-      const events = await retry.try(async () => {
-        return await getEventLog({
-          getService,
-          spaceId: Spaces.space1.id,
-          type: 'alert',
-          id: alertId,
-          provider: 'alerting',
-          actions: new Map([
-            // make sure the counts of the # of events per type are as expected
-            ['execute-start', { gte: 4 }],
-            ['execute', { gte: 4 }],
-            ['execute-action', { equal: 2 }],
-            ['new-instance', { equal: 1 }],
-            ['active-instance', { gte: 2 }],
-            ['recovered-instance', { equal: 1 }],
-          ]),
-        });
-      });
 
-      const executeEvents = getEventsByAction(events, 'execute');
-      const executeStartEvents = getEventsByAction(events, 'execute-start');
-      const executeActionEvents = getEventsByAction(events, 'execute-action');
-      const newInstanceEvents = getEventsByAction(events, 'new-instance');
-      const recoveredInstanceEvents = getEventsByAction(events, 'recovered-instance');
-
-      // make sure the events are in the right temporal order
-      const executeTimes = getTimestamps(executeEvents);
-      const executeStartTimes = getTimestamps(executeStartEvents);
-      const executeActionTimes = getTimestamps(executeActionEvents);
-      const newInstanceTimes = getTimestamps(newInstanceEvents);
-      const recoveredInstanceTimes = getTimestamps(recoveredInstanceEvents);
-
-      expect(executeTimes[0] < newInstanceTimes[0]).to.be(true);
-      expect(executeTimes[1] <= newInstanceTimes[0]).to.be(true);
-      expect(executeTimes[2] > newInstanceTimes[0]).to.be(true);
-      expect(executeTimes[1] <= executeActionTimes[0]).to.be(true);
-      expect(executeTimes[2] > executeActionTimes[0]).to.be(true);
-      expect(executeStartTimes.length === executeTimes.length).to.be(true);
-      executeStartTimes.forEach((est, index) => expect(est === executeTimes[index]).to.be(true));
-      expect(recoveredInstanceTimes[0] > newInstanceTimes[0]).to.be(true);
-
-      // validate each event
-      let executeCount = 0;
-      const executeStatuses = ['ok', 'active', 'active'];
-      for (const event of events) {
-        switch (event?.event?.action) {
-          case 'execute-start':
-            validateEvent(event, {
-              spaceId: Spaces.space1.id,
-              savedObjects: [
-                { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
-              ],
-              message: `alert execution start: "${alertId}"`,
-              rule: {
-                id: alertId,
-                category: response.body.rule_type_id,
-                license: 'basic',
-                ruleset: 'alertsFixture',
-                namespace: Spaces.space1.id,
-              },
-            });
-            break;
-          case 'execute':
-            validateEvent(event, {
-              spaceId: Spaces.space1.id,
-              savedObjects: [
-                { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
-              ],
-              outcome: 'success',
-              message: `alert executed: test.patternFiring:${alertId}: 'abc'`,
-              status: executeStatuses[executeCount++],
-              rule: {
-                id: alertId,
-                category: response.body.rule_type_id,
-                license: 'basic',
-                ruleset: 'alertsFixture',
-                namespace: Spaces.space1.id,
-                name: response.body.name,
-              },
+        it('should generate expected events for normal operation with subgroups', async () => {
+          const { body: createdAction } = await supertest
+            .post(`${getUrlPrefix(space.id)}/api/actions/connector`)
+            .set('kbn-xsrf', 'foo')
+            .send({
+              name: 'MY action',
+              connector_type_id: 'test.noop',
+              config: {},
+              secrets: {},
+            })
+            .expect(200);
+
+          // pattern of when the alert should fire
+          const [firstSubgroup, secondSubgroup] = [uuid.v4(), uuid.v4()];
+          const pattern = {
+            instance: [false, firstSubgroup, secondSubgroup],
+          };
+
+          const response = await supertest
+            .post(`${getUrlPrefix(space.id)}/api/alerting/rule`)
+            .set('kbn-xsrf', 'foo')
+            .send(
+              getTestAlertData({
+                rule_type_id: 'test.patternFiring',
+                schedule: { interval: '1s' },
+                throttle: null,
+                params: {
+                  pattern,
+                },
+                actions: [
+                  {
+                    id: createdAction.id,
+                    group: 'default',
+                    params: {},
+                  },
+                ],
+              })
+            );
+
+          expect(response.status).to.eql(200);
+          const alertId = response.body.id;
+          objectRemover.add(space.id, alertId, 'rule', 'alerting');
+
+          // get the events we're expecting
+          const events = await retry.try(async () => {
+            return await getEventLog({
+              getService,
+              spaceId: space.id,
+              type: 'alert',
+              id: alertId,
+              provider: 'alerting',
+              actions: new Map([
+                // make sure the counts of the # of events per type are as expected
+                ['execute-start', { gte: 4 }],
+                ['execute', { gte: 4 }],
+                ['execute-action', { equal: 2 }],
+                ['new-instance', { equal: 1 }],
+                ['active-instance', { gte: 2 }],
+                ['recovered-instance', { equal: 1 }],
+              ]),
             });
-            break;
-          case 'execute-action':
-            expect(
-              [firstSubgroup, secondSubgroup].includes(event?.kibana?.alerting?.action_subgroup!)
-            ).to.be(true);
+          });
+
+          const executeEvents = getEventsByAction(events, 'execute');
+          const executeStartEvents = getEventsByAction(events, 'execute-start');
+          const executeActionEvents = getEventsByAction(events, 'execute-action');
+          const newInstanceEvents = getEventsByAction(events, 'new-instance');
+          const recoveredInstanceEvents = getEventsByAction(events, 'recovered-instance');
+
+          // make sure the events are in the right temporal order
+          const executeTimes = getTimestamps(executeEvents);
+          const executeStartTimes = getTimestamps(executeStartEvents);
+          const executeActionTimes = getTimestamps(executeActionEvents);
+          const newInstanceTimes = getTimestamps(newInstanceEvents);
+          const recoveredInstanceTimes = getTimestamps(recoveredInstanceEvents);
+
+          expect(executeTimes[0] < newInstanceTimes[0]).to.be(true);
+          expect(executeTimes[1] <= newInstanceTimes[0]).to.be(true);
+          expect(executeTimes[2] > newInstanceTimes[0]).to.be(true);
+          expect(executeTimes[1] <= executeActionTimes[0]).to.be(true);
+          expect(executeTimes[2] > executeActionTimes[0]).to.be(true);
+          expect(executeStartTimes.length === executeTimes.length).to.be(true);
+          executeStartTimes.forEach((est, index) =>
+            expect(est === executeTimes[index]).to.be(true)
+          );
+          expect(recoveredInstanceTimes[0] > newInstanceTimes[0]).to.be(true);
+
+          // validate each event
+          let executeCount = 0;
+          const executeStatuses = ['ok', 'active', 'active'];
+          for (const event of events) {
+            switch (event?.event?.action) {
+              case 'execute-start':
+                validateEvent(event, {
+                  spaceId: space.id,
+                  savedObjects: [
+                    { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
+                  ],
+                  message: `alert execution start: "${alertId}"`,
+                  shouldHaveTask: true,
+                  rule: {
+                    id: alertId,
+                    category: response.body.rule_type_id,
+                    license: 'basic',
+                    ruleset: 'alertsFixture',
+                  },
+                });
+                break;
+              case 'execute':
+                validateEvent(event, {
+                  spaceId: space.id,
+                  savedObjects: [
+                    { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
+                  ],
+                  outcome: 'success',
+                  message: `alert executed: test.patternFiring:${alertId}: 'abc'`,
+                  status: executeStatuses[executeCount++],
+                  shouldHaveTask: true,
+                  rule: {
+                    id: alertId,
+                    category: response.body.rule_type_id,
+                    license: 'basic',
+                    ruleset: 'alertsFixture',
+                    name: response.body.name,
+                  },
+                });
+                break;
+              case 'execute-action':
+                expect(
+                  [firstSubgroup, secondSubgroup].includes(
+                    event?.kibana?.alerting?.action_subgroup!
+                  )
+                ).to.be(true);
+                validateEvent(event, {
+                  spaceId: space.id,
+                  savedObjects: [
+                    { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
+                    { type: 'action', id: createdAction.id, type_id: 'test.noop' },
+                  ],
+                  message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup(subgroup): 'default(${event?.kibana?.alerting?.action_subgroup})' action: test.noop:${createdAction.id}`,
+                  instanceId: 'instance',
+                  actionGroupId: 'default',
+                  rule: {
+                    id: alertId,
+                    category: response.body.rule_type_id,
+                    license: 'basic',
+                    ruleset: 'alertsFixture',
+                    name: response.body.name,
+                  },
+                });
+                break;
+              case 'new-instance':
+                validateInstanceEvent(event, `created new instance: 'instance'`, false);
+                break;
+              case 'recovered-instance':
+                validateInstanceEvent(event, `instance 'instance' has recovered`, true);
+                break;
+              case 'active-instance':
+                expect(
+                  [firstSubgroup, secondSubgroup].includes(
+                    event?.kibana?.alerting?.action_subgroup!
+                  )
+                ).to.be(true);
+                validateInstanceEvent(
+                  event,
+                  `active instance: 'instance' in actionGroup(subgroup): 'default(${event?.kibana?.alerting?.action_subgroup})'`,
+                  false
+                );
+                break;
+              // this will get triggered as we add new event actions
+              default:
+                throw new Error(`unexpected event action "${event?.event?.action}"`);
+            }
+          }
+
+          function validateInstanceEvent(
+            event: IValidatedEvent,
+            subMessage: string,
+            shouldHaveEventEnd: boolean
+          ) {
             validateEvent(event, {
-              spaceId: Spaces.space1.id,
+              spaceId: space.id,
               savedObjects: [
                 { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
-                { type: 'action', id: createdAction.id, type_id: 'test.noop' },
               ],
-              message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup(subgroup): 'default(${event?.kibana?.alerting?.action_subgroup})' action: test.noop:${createdAction.id}`,
+              message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`,
               instanceId: 'instance',
               actionGroupId: 'default',
+              shouldHaveEventEnd,
               rule: {
                 id: alertId,
                 category: response.body.rule_type_id,
                 license: 'basic',
                 ruleset: 'alertsFixture',
-                namespace: Spaces.space1.id,
                 name: response.body.name,
               },
             });
-            break;
-          case 'new-instance':
-            validateInstanceEvent(event, `created new instance: 'instance'`, false);
-            break;
-          case 'recovered-instance':
-            validateInstanceEvent(event, `instance 'instance' has recovered`, true);
-            break;
-          case 'active-instance':
-            expect(
-              [firstSubgroup, secondSubgroup].includes(event?.kibana?.alerting?.action_subgroup!)
-            ).to.be(true);
-            validateInstanceEvent(
-              event,
-              `active instance: 'instance' in actionGroup(subgroup): 'default(${event?.kibana?.alerting?.action_subgroup})'`,
-              false
-            );
-            break;
-          // this will get triggered as we add new event actions
-          default:
-            throw new Error(`unexpected event action "${event?.event?.action}"`);
-        }
-      }
-
-      function validateInstanceEvent(
-        event: IValidatedEvent,
-        subMessage: string,
-        shouldHaveEventEnd: boolean
-      ) {
-        validateEvent(event, {
-          spaceId: Spaces.space1.id,
-          savedObjects: [
-            { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
-          ],
-          message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`,
-          instanceId: 'instance',
-          actionGroupId: 'default',
-          shouldHaveEventEnd,
-          rule: {
-            id: alertId,
-            category: response.body.rule_type_id,
-            license: 'basic',
-            ruleset: 'alertsFixture',
-            namespace: Spaces.space1.id,
-            name: response.body.name,
-          },
-        });
-      }
-    });
-
-    it('should generate events for execution errors', async () => {
-      const response = await supertest
-        .post(`${getUrlPrefix(Spaces.space1.id)}/api/alerting/rule`)
-        .set('kbn-xsrf', 'foo')
-        .send(
-          getTestAlertData({
-            rule_type_id: 'test.throw',
-            schedule: { interval: '1s' },
-            throttle: null,
-          })
-        );
-
-      expect(response.status).to.eql(200);
-      const alertId = response.body.id;
-      objectRemover.add(Spaces.space1.id, alertId, 'rule', 'alerting');
-
-      const events = await retry.try(async () => {
-        return await getEventLog({
-          getService,
-          spaceId: Spaces.space1.id,
-          type: 'alert',
-          id: alertId,
-          provider: 'alerting',
-          actions: new Map([
-            ['execute-start', { gte: 1 }],
-            ['execute', { gte: 1 }],
-          ]),
+          }
         });
-      });
 
-      const startEvent = events[0];
-      const executeEvent = events[1];
-
-      expect(startEvent).to.be.ok();
-      expect(executeEvent).to.be.ok();
-
-      validateEvent(startEvent, {
-        spaceId: Spaces.space1.id,
-        savedObjects: [
-          { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
-        ],
-        message: `alert execution start: "${alertId}"`,
-        rule: {
-          id: alertId,
-          category: response.body.rule_type_id,
-          license: 'basic',
-          ruleset: 'alertsFixture',
-          namespace: Spaces.space1.id,
-        },
-      });
+        it('should generate events for execution errors', async () => {
+          const response = await supertest
+            .post(`${getUrlPrefix(space.id)}/api/alerting/rule`)
+            .set('kbn-xsrf', 'foo')
+            .send(
+              getTestAlertData({
+                rule_type_id: 'test.throw',
+                schedule: { interval: '1s' },
+                throttle: null,
+              })
+            );
+
+          expect(response.status).to.eql(200);
+          const alertId = response.body.id;
+          objectRemover.add(space.id, alertId, 'rule', 'alerting');
+
+          const events = await retry.try(async () => {
+            return await getEventLog({
+              getService,
+              spaceId: space.id,
+              type: 'alert',
+              id: alertId,
+              provider: 'alerting',
+              actions: new Map([
+                ['execute-start', { gte: 1 }],
+                ['execute', { gte: 1 }],
+              ]),
+            });
+          });
 
-      validateEvent(executeEvent, {
-        spaceId: Spaces.space1.id,
-        savedObjects: [{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.throw' }],
-        outcome: 'failure',
-        message: `alert execution failure: test.throw:${alertId}: 'abc'`,
-        errorMessage: 'this alert is intended to fail',
-        status: 'error',
-        reason: 'execute',
-        rule: {
-          id: alertId,
-          category: response.body.rule_type_id,
-          license: 'basic',
-          ruleset: 'alertsFixture',
-          namespace: Spaces.space1.id,
-        },
+          const startEvent = events[0];
+          const executeEvent = events[1];
+
+          expect(startEvent).to.be.ok();
+          expect(executeEvent).to.be.ok();
+
+          validateEvent(startEvent, {
+            spaceId: space.id,
+            savedObjects: [
+              { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
+            ],
+            message: `alert execution start: "${alertId}"`,
+            shouldHaveTask: true,
+            rule: {
+              id: alertId,
+              category: response.body.rule_type_id,
+              license: 'basic',
+              ruleset: 'alertsFixture',
+            },
+          });
+
+          validateEvent(executeEvent, {
+            spaceId: space.id,
+            savedObjects: [{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.throw' }],
+            outcome: 'failure',
+            message: `alert execution failure: test.throw:${alertId}: 'abc'`,
+            errorMessage: 'this alert is intended to fail',
+            status: 'error',
+            reason: 'execute',
+            shouldHaveTask: true,
+            rule: {
+              id: alertId,
+              category: response.body.rule_type_id,
+              license: 'basic',
+              ruleset: 'alertsFixture',
+            },
+          });
+        });
       });
-    });
+    }
   });
 }
 
@@ -510,12 +546,13 @@ interface ValidateEventLogParams {
   outcome?: string;
   message: string;
   shouldHaveEventEnd?: boolean;
+  shouldHaveTask?: boolean;
   errorMessage?: string;
   status?: string;
   actionGroupId?: string;
   instanceId?: string;
   reason?: string;
-  rule: {
+  rule?: {
     id: string;
     name?: string;
     version?: string;
@@ -529,7 +566,7 @@ interface ValidateEventLogParams {
 }
 
 export function validateEvent(event: IValidatedEvent, params: ValidateEventLogParams): void {
-  const { spaceId, savedObjects, outcome, message, errorMessage, rule } = params;
+  const { spaceId, savedObjects, outcome, message, errorMessage, rule, shouldHaveTask } = params;
   const { status, actionGroupId, instanceId, reason, shouldHaveEventEnd } = params;
 
   if (status) {
@@ -587,6 +624,16 @@ export function validateEvent(event: IValidatedEvent, params: ValidateEventLogPa
 
   expect(event?.rule).to.eql(rule);
 
+  if (shouldHaveTask) {
+    const task = event?.kibana?.task;
+    expect(task).to.be.ok();
+    expect(typeof Date.parse(typeof task?.scheduled)).to.be('number');
+    expect(typeof task?.schedule_delay).to.be('number');
+    expect(task?.schedule_delay).to.be.greaterThan(-1);
+  } else {
+    expect(event?.kibana?.task).to.be(undefined);
+  }
+
   if (errorMessage) {
     expect(event?.error?.message).to.eql(errorMessage);
   }
@@ -602,12 +649,13 @@ function getTimestamps(events: IValidatedEvent[]) {
 
 function isSavedObjectInEvent(
   event: IValidatedEvent,
-  namespace: string,
+  spaceId: string,
   type: string,
   id: string,
   rel?: string
 ): boolean {
   const savedObjects = event?.kibana?.saved_objects ?? [];
+  const namespace = spaceId === 'default' ? undefined : spaceId;
 
   for (const savedObject of savedObjects) {
     if (