SpecterOps · jeff-matthews · Mar 2, 2026 · Mar 2, 2026 · Mar 2, 2026 · Mar 4, 2026
diff --git a/docs/opengraph/extensions/manage.mdx b/docs/opengraph/extensions/manage.mdx
@@ -1,13 +1,98 @@
 ---
-title: Manage Schemas
+title: Extension-Based Data Ingestion
+description: Learn how extension-based data ingestion works and how to manage OpenGraph extensions in BloodHound.
+sidebarTitle: Data Ingestion
 ---
 
-OpenGraph extensions are modular components that enhance the functionality of BloodHound by allowing users to integrate data from various platforms and technologies. These extensions enable users to collect, analyze, and visualize data from a wide range of sources, making it easier to identify relationships and patterns within their environment.
+<img noZoom src="/assets/enterprise-AND-community-edition-pill-tag.svg" alt="Applies to BloodHound Enterprise and CE"/>
 
-- New admin-focused page in OpenGraph section.
+<Callout icon="bullhorn" color="#FFC107">Extension-based data ingestion is available under early access.</Callout>
 
-- Document extension management workflows (upload, validate, search, delete bundles), data deletion guidance, edition-specific features, permissions, early access limitations. 
+When OpenGraph was introduced in BloodHound v8.0.0, it supported a generic data ingestion model that enabled rapid iteration and flexibility for early OpenGraph projects. This model required data payloads to conform to basic node, edge, and metadata schemas only.
 
-- Include UI screenshots, callout for deletion behavior change (moved from Database Management page), and third-party bundle disclaimer. 
+To enable enhanced features and improve consistency across OpenGraph projects, BloodHound now supports an extension-based data ingestion model. This model allows you to register and manage the structures that shape your OpenGraph data in BloodHound. It requires data payloads to conform to an extension schema.
 
-- Add link to OpenGraph Library for obtaining bundles. 
+<Note>BloodHound still supports generic data ingestion. For new OpenGraph projects and updates to existing projects, use extension-based data ingestion to take advantage of enhanced platform capabilities.</Note>
+
+## Key concepts
+
+OpenGraph extensions are defined by a schema that specifies the structure and behavior of OpenGraph data for a specific identity provider, cloud service, or other platform.
+
+Review the following key concepts to understand how extension-based data ingestion works in BloodHound:
+
+| Concept | Description |
+|---|---|
+| **Extension schema** | A schema that defines the structure and behavior of OpenGraph data, including source, custom node and edge definitions, environment identification, and findings. |
+| **Data payload** | The extension-based or generic data generated by an OpenGraph collector that you upload to BloodHound. |
+| **Extension-based data** | Data payloads that conform to an extension schema, enabling enhanced features and support in BloodHound. |
+| **Generic data** | Data payloads that conform to basic OpenGraph node, edge, and metadata schemas only. |
+| **Collector** | A tool that authenticates to a third-party platform and generates a data payload that BloodHound can ingest. |
+
+<Tip>Any OpenGraph collector can leverage extension-based data ingestion by updating its data payloads to conform to an extension schema. See OktaHound for an example. For collectors that have not yet been updated, you can continue to upload generic data payloads while working with the extension author to update your collector and data payloads.</Tip>
+
+## Enhanced features
+
+The extension schema enables enhanced features for OpenGraph data in BloodHound that are not available for generic data.
+
+The following table summarizes the key features enabled by extension-based data ingestion and their availability in Community and Enterprise editions of BloodHound:
+
+| Feature |<img src="/assets/community-edition-pill-tag.svg" alt="BloodHound Community logo" style={{ width: "50%" }}/>|<img src="/assets/enterprise-edition-pill-tag.svg" alt="BloodHound Enterprise logo" style={{ width: "50%" }}/>|
+|---|---|---|
+| Pathfinding | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | <Icon icon="square-check" iconType="solid" color="#22c55e"/> |
+| Environment filtering | <Icon icon="square-check" iconType="solid" color="#22c55e"/> | <Icon icon="square-check" iconType="solid" color="#22c55e"/> |
+| Custom node icons and colors | <Icon icon="square-check" iconType="solid" color="#22c55e"/> (API-only) | <Icon icon="square-check" iconType="solid" color="#22c55e"/> (schema-defined) |
+| Findings and remediation | <Icon icon="square-xmark" iconType="solid" color="#ef4444"/> | <Icon icon="hourglass" iconType="solid" color="#FFC107"/> (coming soon) |
+
+<Tip>BloodHound supports extension-specific [Cypher queries](/analyze-data/explore/cypher-search) that you can import separately. This allows extension authors to provide curated queries that you can use to perform general searches and create [Cypher-based](/analyze-data/privilege-zones/rules#cypher) rules for Privilege Zones.</Tip>
+
+## Workflow
+
+The general workflow for extension-based data ingestion involves three main stages that include different steps.
+
+Not all steps are required (for example, uploading Cypher queries and creating Privilege Zone rules are optional), and the workflow is not strictly linear. However, the following diagram provides a high-level overview of the recommended workflow for extension-based data ingestion in BloodHound:
+
+```mermaid
+flowchart LR
+	subgraph prepare[Install and Configure]
+		a["Download extension<br/>and collector"]
+        a-->b["Register<br/>extension"]
+        b-->c["Configure and<br/>run collector"]
+        c-->d["Generate data<br/>payload"]
+    end
+
+	subgraph upload[Upload and Manage]
+		f["Upload data<br/>payload"]
+        f-->g["Import Cypher<br/>queries"]
+		g-->h["Update Privilege<br/>Zone rules"]
+	end
+
+	subgraph use[Explore and Analyze]
+		i["Explore data in<br/>BloodHound"]
+	end
+    prepare-->upload-->use
+```
+
+## Before you begin
+
+Complete the following steps before registering an extension or uploading extension-based data:
+
+<Steps>
+	<Step title="Get extension artifacts">
+		How you obtain extensions and collectors depends on your edition of BloodHound:
+
+		- **BloodHound Community** users can download and use Community extensions and collectors from public GitHub repositories
+
+		- **BloodHound Enterprise** customers can use both Community and Enterprise extensions and collectors; contact your Technical Account Manager to obtain Enterprise versions
+	</Step>
+	<Step title="Review prerequisites">
+		After you obtain an extension and collector, review the prerequisites in the extension-specific setup documentation.
+
+		For example, review collector permissions and required platform configurations, such as API service application registration.
+	</Step>
+	<Step title="Confirm role access">
+		Confirm that your [role](/manage-bloodhound/auth/users-and-roles#user-role-definitions) includes extension management permissions.
+	</Step>
+	<Step title="Validate version compatibility">
+		Verify the extension and collector versions are compatible with each other and with the version of BloodHound running on your tenant.
+	</Step>
+</Steps>
diff --git a/docs/opengraph/overview.mdx b/docs/opengraph/overview.mdx
@@ -7,7 +7,7 @@ description: "Learn about OpenGraph in BloodHound."
 ## Extensions
 
 <CardGroup cols={2}>
-  <Card title="Schema Management" icon="gears" href="/opengraph/extensions/manage" horizontal iconType="solid">
+  <Card title="Extension-Based Data Ingestion" icon="gears" href="/opengraph/extensions/manage" horizontal iconType="solid">
     Learn how to register and manage the structures that shape your OpenGraph data in BloodHound.
   </Card>