Announcing Conditional Access Policies in ConductorOne


After getting basic visibility, setting up access policy guardrails and approval workflows is one of the first steps to securing identity in the enterprise. At ConductorOne, our mission is to help our customers secure identity through control and automation, so we’ve provided the ability to define multi-step policies for fine-grained resources from day one. For even more flexibility, those policies can be applied to the entitlement, application, or review campaign within an inheritance model – so that the approval flow will always default to the most granular policy available.

We also believe that including context about the user or account in the approval process leads to better access decisions, which is why we surface details such as risk insights, employment data, usage, and more. But our customers need even more automation when it comes to the context of the user or account, which is why we’re excited to announce the availability of conditional access policies within ConductorOne.

Conditional policies take the context of a request or review and automatically build this into the approval workflow for more flexibility without compromising on security. For example, you may want to automate providing on-call engineers with quick access to sensitive resources. Or you may want to send contractors through a different review process. Let’s dive into some of the most common use cases!  

On-Call Access

Limiting standing access to your most sensitive resources has a significant impact on data security. But in order to implement it, you have to be able to easily grant that access to those who need it in a timely and efficient manner. Submitting tickets, triaging decision making, and manual provisioning are not going to cut it. With ConductorOne’s conditional policies, you can automatically approve ephemeral access to a sensitive resource, such as production infrastructure or specific database, for any on-call users and automatically remove that access at the end of the on-call period.

Pre Approved Access

Removing manual steps and building in automation helps improve efficiency and productivity. Conditional policies can also be used to set default approvals in situations that warrant it. For example, you can automatically approve access if the user already has standing access to another similar resource, has a specific job title, or is part of a specific department. Or, you can auto approve low risk access to resources that the entire company can access, such as collaboration tools.

Policies Based on Attribute

The options for conditions used in policies are endless, but another example of a common use case is making a reviewer decision based on the user’s attributes, such as whether they are a contractor or not. In this case, the request can be automatically routed to a group approval that always handles contractor access.

What Customers are Saying

“Our driving principle as a security team is to constantly improve our program in alignment with business priorities. ConductorOne’s conditional policies, where we are able to create rules that, if met, will route to specific workflows for execution, has helped us uphold this principle by saving our stakeholders time and providing value. It’s a frictionless experience that allows our reviewers to be more productive and more secure.”
 - Lindsey Lowe, Security Assurance @ Ramp

Try it Out Today

Conditional access policies are just another way ConductorOne is helping our customers reduce risk, secure data, and govern access with automation. We know not everything can be automated – but we are committed to finding ways to make access governance more efficient and easier to manage with an enjoyable user experience. Conditional policies are available today and you can get started by learning more in our documentation.