ConductorOne Docs
π Amazon Web Services (AWS) integration
π Deprecation warning: A newer version of this integration is available. If you’re setting up an AWS integration with ConductorOne for the first time, use the v2 version of the integration.
π Azure Active Directory integration
π Deprecation warning: A newer version of this integration is available. Azure Active Directory is now Microsoft Entra ID. If you’re setting up this integration for the first time, go to Entra ID integration to get started.
π Google Workspace integration
π Deprecation warning: A newer version of this integration is available. If you’re setting up a Google Workspace integration with ConductorOne for the first time, use the v2 version of the integration.
π Celigo integration
Availability π Early access. The Celigo integration is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com to add Celigo to your Integrations page.
π Databricks integration
Availability π Early access. The Databricks integration is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com to add Databricks to your Integrations page.
π Docker Hub integration
Availability π Early access. The Docker Hub integration is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com to add Docker Hub to your Integrations page.
π Elastic integration
Availability π Early access. The Elastic integration is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com to add Elastic to your Integrations page.
π Google Identity Platform
Availability π Early access. The Google Identity Platform integration is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com if you’d like to add Google Identity Platform to your Integrations page.
π Miro integration
Availability π Early access. The Miro integration is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com to add Miro to your Integrations page.
π MongoDB Atlas integration
Availability π Early access. The MongoDB Atlas integration is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com to add MongoDB Atlas to your Integrations page.
π Torq integration
Availability π Early access. The Torq integration is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com to add Torq to your Integrations page.
π Verkada integration
Availability π Early access. The Verkada integration is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com if you’d like to add Verkada to your Integrations page.
Administer and end an active campaign
View campaign progress On the Access reviews tab of any campaign, view a dashboard summarizing the campaign’s progress and outstanding tasks. View and manage individual reviews On the campaign’s Tasks tab, open individual access reviews, view details, and take action:
Amazon Web Services (AWS) v2 integration
This is a new and improved version of the AWS integration! If you’re setting up an AWS integration with ConductorOne for the first time, you’re in the right place.
Application integrations library
Is there an integration for a specific application you’d like to see added to the library? Let us know! Weβre always working on new integrations, and our customersβ needs determine whatβs next on our roadmap.
Asana integration
Availability β General availability. The Asana integration is available to all ConductorOne users. Capabilities Sync user identities from Asana to ConductorOne Resources supported: Teams Workspaces Set up the Asana integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Assign user roles
Roles and their permissions ConductorOne’s user roles let you assign users permissions tailored to the work they do. Permission Basic User Access Request Helpdesk Access Request Admin Campaign Admin Integration Admin Super Admin View dashboard β β β β β β Complete assigned tasks β β β β β β Create access requests for any user β β Manage catalogs β β Create and manage campaigns β β Manage tasks for campaigns β β View integrations β β Manage integrations β β Manage applications β Create and manage policies β Reassign tasks* β Manage users β View security dashboard β View access explorer & access graph β *Note: Tasks can be reassigned only when doing so is allowed by the policy governing the task.
BambooHR integration
Availability β General availability. The BambooHR connector is available to all ConductorOne users. Capabilities Sync user identities from BambooHR to ConductorOne Sync users’ manager information from BambooHR to ConductorOne Set up the BambooHR integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Bitbucket integration
Availability β General availability. The Bitbucket integration is available to all ConductorOne users. Capabilities Sync user identities from Bitbucket to ConductorOne Resources supported: Workspaces Groups Projects Repositories Provisioning supported: Groups Set up the Bitbucket integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Box integration
Availability β General availability. The Box integration is available to all ConductorOne users. Capabilities Sync user identities from Box to ConductorOne Resources supported: Groups Enterprises Set up the Box integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Broadcom SAC integration
Availability β General availability. The Broadcom SAC integration is available to all ConductorOne users. Capabilities Sync user identities from Broadcom SAC to ConductorOne Resources supported: Groups Set up the Broadcom SAC integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Browse your app catalog
Browse access overview Your company uses ConductorOne to manage software access requests. On the Browse access page, you can view a personalized app catalog containing all the apps and resources available for you to request, see what access has been granted to you, and request new access.
Build a custom connector
If you need to connect ConductorOne to a homegrown or backoffice piece of infrastructure, you can build your own connector with the Baton software development kit (SDK). Once built, these connectors can be integrated directly with ConductorOne.
Buildkite integration
Availability β General availability. The Buildkite integration is available to all ConductorOne users. Capabilities Sync team members from Buildkite to ConductorOne Resources supported: Teams Set up the Buildkite integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
CloudAMQP integration
Availability β General availability. The CloudAMQP integration is available to all ConductorOne users. Capabilities Sync user identities from CloudAMQP to ConductorOne Resources supported: Roles Set up the CloudAMQP integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Cloudflare integration
Availability β General availability. The Cloudflare integration is available to all ConductorOne users. Capabilities Sync user identities from Cloudflare to ConductorOne Resources supported: Roles Provisioning supported: Role assignments Accounts Set up the Cloudflare integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Cloudflare Zero Trust integration
Availability β General availability. The Cloudflare Zero Trust integration is available to all ConductorOne users. Capabilities Sync user identities from Cloudflare Zero Trust to ConductorOne Resources supported: Access groups Roles Provisioning supported:
Complete access reviews
Complete a review task Your organization uses ConductorOne to run user access review (UAR) campaigns. You’ll be assigned reviews in ConductorOne to verify that current access is still appropriate and needed.
Complete provisioning and deprovisioning tasks
Complete a provisioning task A request to grant new access has already been reviewed and approved. A provisioning task is now assigned to you because manual provisioning of the new access is required and you are a designated provisioner for the app.
Complete your tasks
Here you’ll find instructions for completing the ConductorOne tasks assigned to you. Use the links below to jump to the relevant docs for each task type. Review tasks: Complete access reviews
Completeness and accuracy
How do application integrations work in ConductorOne? Application data is synced every 1-2 hours (exact duration depends on the size of your tenant). Applications are connected using the required authentication method as described in the integration documentation.
ConductorOne release notes
April 12, 2024 Integrations Now generally available: Entra ID, AWS v2, and Google Workspace v2. Usability improvements Orange indicator dots in the sidebar are now shown whenever you have open assignments or requests.
Cone command reference
Key commands: Run cone help in your terminal to show all available commands. Run cone <command> --help or cone <command> -h for help with a specific command. Overview Cone interacts with the ConductorOne API to manage access to entitlements.
Configure access requests
An application’s Access controls tab is where you can view the current access request settings for all of the application’s entitlements and make changes to how individual entitlements are requested and provisioned.
Configure application details
Rename the application An application’s name is automatically chosen by the connector when the integration is set up. If you want or need to change the application’s name as it appears everywhere in ConductorOne, you can do so.
Configure entitlement details
Where can I see an entitlement’s details? An entitlement’s details page shows the entitlement’s configuration and key settings for how it will be granted, reviewed, and revoked. You can reach a entitlement’s details page by clicking its name on the Entitlements tab of an application’s details page, or by clicking the entitlement name on a resource’s details page.
Configure entitlement request settings
Set a request policy for the entitlement ConductorOne applies request policies using this order of precedence: The entitlement’s configuration The application’s configuration In other words, if a request policy is set on the entitlement, it overrules the policy set on the application.
Configure entitlement review settings
Set a review policy for the entitlement ConductorOne applies review policies using this order of precedence: The entitlement’s configuration The application’s configuration The campaign’s configuration In other words, if an entitlement policy is set, it overrules both the campaign policy and the application policy.
Configure entitlement revocation settings
How revocation happens in ConductorOne An account’s access to an entitlement can be revoked in three ways: When the account owner’s manager, the application owner, or the entitlement owner clicks Revoke on either the resource’s Grants tab or on the entitlement’s Grants tab to create a revocation task.
Configure resource details
A resource’s details page provides an overview of the resource’s configuration and the entitlements it contains. You can reach a resource’s details page by clicking the resource name on the Groups, Roles, or Resources tabs of an application’s details page.
Configure session length
What’s the default session length? By default, ConductorOne sessions are set to 20 hours. You can customize your organization’s session length to adhere to your internal security policies and best practices.
Confluence integration
Availability β General availability. The Confluence integration is available to all ConductorOne users. Capabilities Sync user identities from Confluence to ConductorOne Resources supported: Groups Set up the Confluence integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Connect directory apps and create user accounts
What is a directory app? The applications that hold key information about your organization’s employees are called directories in ConductorOne. Directory apps can include: Your human resources app Your identity provider (IdP) Other apps that contain employee data such as manager, employment status, department, or job title Once directory apps are set, ConductorOne uses their information to create ConductorOne user accounts for everyone in your company.
Cortex XSOAR integration
Availability β General availability. The Cortex XSOAR integration is available to all ConductorOne users. Capabilities Sync user identities from Cortex XSOAR to ConductorOne Resources supported: Roles Set up the XSOAR integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Coupa integration
Availability β General availability. The Coupa integration is available to all ConductorOne users. Capabilities Sync user identities from Coupa to ConductorOne Resources supported: Groups Roles Licenses Set up the Coupa integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Create a campaign Slack channel
Before you begin: A Slack administrator at your company must set up the ConductorOne Slack app by visiting the ConductorOne Integrations page and clicking Slack in the Collaboration integrations section at the top of the page.
Create an access review campaign
Why run an access review campaign? Access review campaigns help Security and IT teams to securely control what software users can access, all while making sure employees can also successfully complete their work.
Create applications
π Your application-creation workflow When setting up applications for your new ConductorOne instance, follow this order of operations: Integrate your identity provider (IdP). This creates the IdP app in ConductorOne, and also automatically creates child apps for all the software that you use your IdP to manage or SSO into.
Create policies
View the available policies ConductorOne provides three default policies to get you started. To view these and any other policies currently saved in your ConductorOne instance: In the navigation panel, open Admin and click Policies.
Create request catalogs
What’s a request catalog? Everyone in your company needs to be able to request access to the software your whole team uses to stay in touch and get your work done.
CrowdStrike integration
Availability β General availability. The CrowdStrike integration is available to all ConductorOne users. Capabilities Sync user identities from CrowdStrike to ConductorOne Resources supported: Roles Set up the CrowdStrike integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Datadog integration
Availability β General availability. The Datadog integration is available to all ConductorOne users. Capabilities Sync user identities from Datadog to ConductorOne Resources supported: Roles Set up the Datadog integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Delegate a user's tasks
When should I set a delegate? In some cases, you might not want to assign ConductorOne tasks or send the corresponding notifications to certain users. For example, if a policy assigns access review or access request tasks to an executive, you might want to automatically redirect those tasks to a lower-level employee.
Detect and manage shadow apps
What are shadow apps? Shadow apps are applications and cloud services not managed or approved by the organization’s IT department that employees sign into using their corporate email. In ConductorOne, you can track the shadow apps that users sign into using their IdP credentials and bring key shadow apps under management.
DocuSign integration
Availability β General availability. The DocuSign connector is available to all ConductorOne users. Capabilities Sync user identities from DocuSign to ConductorOne Resources supported: Groups Signing groups Permission profiles Set up the DocuSign integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Duo integration
Availability β General availability. The Duo integration is available to all ConductorOne users. This integration uses the Duo Admin API, which is available to users on the Duo Beyond, Duo Access, and Duo MFA plans.
Duplicate a past campaign
Step 1: Create a duplicate campaign Only users with the Campaign Administrator or Super Administrator user role in ConductorOne can create and manage campaigns. See User roles for more information.
Email digest notifications
Send digest emails ConductorOne can automatically send notifications to all the users at your company who have open tasks. Each user’s open work is summarized in a digest email, which can be set to a daily or weekly cadence.
Enable emergency access requests
What’s an emergency access request? In emergency situations, some employees might need immediate access to resources and systems that they don’t normally have access to. In order to get these employees the access they need, companies create expedited access review procedures (sometimes called “break glass” procedures in reference to the “break glass in case of fire” signs on alarms and fire safety equipment).
Expensify integration
Availability β General availability. The Expensify integration is available to all ConductorOne users. Capabilities Sync user identities from Expensify to ConductorOne Resources supported: Policies Set up the Expensify integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Fastly integration
Availability β General availability. The Fastly integration is available to all ConductorOne users. Capabilities Sync user identities from Fastly to ConductorOne Resources supported: Roles Services Set up the Fastly integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Frequently asked questions
What’s ConductorOne’s IP address? ConductorOne has these associated IP addresses: 35.85.212.195 35.82.205.32 What happens if the application owner, entitlement owner, or group members change after tasks are assigned? If an entitlement owner, application owner, or group member is added or removed after the task is created but while the task is still open, ConductorOne does not recreate the task, and does not assign it to any new owners or members.
Generate campaign reports
Generate a report Access review campaigns have built-in reports that show the progress and prove the outcomes of the campaign. Reports can be generated at any time after a campaign has started.
Generate grant reports
Depending on the size of the data set, generating a report might take several minutes. In the navigation panel, open Apps and click Applications. Click the name of the application you want to generate a report for.
GitHub Enterprise integration
Availability β General availability. The GitHub Enterprise integration is available to all ConductorOne users. Capabilities Sync user identities from GitHub Enterprise to ConductorOne Resources supported: Repositories Teams Orgs Provisioning supported:
GitHub integration
Availability β General availability. The GitHub integration is available to all ConductorOne users. Capabilities Sync user identities from GitHub to ConductorOne Resources supported: Repositories Teams (including nested teams) Orgs Provisioning supported:
GitLab integration
Availability β General availability. The GitLab integration is available to all ConductorOne users. Capabilities Sync user identities from GitLab to ConductorOne Resources supported: Roles Set up the GitLab integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Glossary
Access Reviews: Enable organizations to efficiently control and manage users’ access to critical applications and role assignments. Access Reviews allow an ADMIN of ConductorOne to assign a task to designated employees (reviewers).
Google Cloud Platform integration
Availability β General availability. The Google Cloud Platform connector is available to all ConductorOne users. Capabilities Sync user identities from Google Cloud Platform to ConductorOne Resources supported: Projects Roles Provisioning supported:
Google Workspace v2 integration
This is a new and improved version of the Google Workspace integration! If you’re setting up an Google Workspace integration with ConductorOne for the first time, you’re in the right place.
Host a Baton connector in service mode
How does service mode work and why should I use it? Integrating your self-hosted connector with ConductorOne creates the most seamless and fully automated method of uploading your application’s data. Once the integration is set up, Baton runs as a service in your environment.
How to run a privileged access review
Why run a privileged access review? Privileged access reviews are essential for maintaining a secure IT environment. They help to ensure that privileged users only have the access they need, when they need it.
How to set up AWS just-in-time access
Why use JIT access? JIT access grants temporary, least-privilege permissions to resources just when needed, reducing attack surfaces and boosting security. JIT access offers a range of security and organizational benefits, including:
How to set up self-service access
Why set up self-service access requests? Self-service access requests automate the access request process, with benefits for everyone involved: For your organization: Enforce security policies and help to achieve least privilege and establish an audit trail
HubSpot integration
Availability β General availability. The HubSpot integration is available to all ConductorOne users. Capabilities Sync user identities from HubSpot to ConductorOne Resources supported: Teams Accounts Set up the HubSpot integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Import data for an application
Prepare data for import Many companies use home-grown or custom software not natively supported by ConductorOne integrations. You can import the key data from this software, then use ConductorOne to conduct access reviews and manage permissions.
Import data from an AWS S3 bucket
ConductorOne automatically syncs with the connected S3 bucket every hour, so data updated in the S3 bucket is reflected in the ConductorOne application. Availability β General availability. The AWS S3 data source integration is available to all ConductorOne users.
Install and authorize Cone
Supported operating systems ConductorOne provides cone binaries for popular operating systems including macOS, Windows, and Linux on the x86 and ARM platforms. If your platform is not listed, please contact us or build from source.
Interact with ConductorOne via Slack
Set up the ConductorOne Slack app Before you begin: A Slack administrator at your company must integrate Slack with ConductorOne by visiting the ConductorOne Integrations page and clicking Slack in the Collaboration integrations section at the top of the page.
Introducing apps, resources, and entitlements
Key terms: Apps, resources, and entitlements Applications are collections of usage data. Applications are set up in ConductorOne to mirror the software your company uses. Applications contain resources, which are groups of permissions.
Introducing ConductorOne
Whatβs new Release notes The latest new features, enhancements, and resolved issues. Published weekly. NEW: Shadow apps Detect and monitor employee logins to shadow apps, then quickly bring shadow apps under management to reduce risk and enhance security.
Introducing Cone, the ConductorOne CLI
What is Cone? A CLI, or command-line interface, is a text-based user interface that allows users to interact with a computer by typing commands. CLIs are popular with developers, system administrators, and security engineers because of the speed, control, and flexibility they offer.
Introducing connectors
An introduction to connectors ConductorOne connectors allow the ConductorOne platform to connect to any SaaS, IaaS, on-prem, or infrastructure tool for the purposes of managing and automating access control. Connectors synchronize data for identities, resources, and access rights, and can orchestrate access changes (such as provisioning accounts) back to the system.
Jamf integration
Availability β General availability. The Jamf Pro integration is available to all ConductorOne users. Capabilities Sync user identities from Jamf Pro to ConductorOne Resources supported: Groups Roles Sites Set up the Jamf Pro integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Jira Cloud integration
Availability β General availability. The Jira Cloud integration is available to all ConductorOne users. Capabilities Sync user identities from Jira Cloud to ConductorOne Resources supported: Projects Groups Provisioning supported: Group membership Known limitations User Email is not currently synchronized Will only list the first 1,000 users of a project Set up the Jira Cloud integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
JumpCloud integration
Availability β General availability. The JumpCloud integration is available to all ConductorOne users. Capabilities Sync user identities from JumpCloud to ConductorOne Resources supported: Groups Apps Roles Provisioning supported: Group membership Set up the JumpCloud integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Linear integration
Availability β General availability. The Linear integration is available to all ConductorOne users. Capabilities Sync user identities from Linear to ConductorOne Resources supported: Organizations Teams Set up the Linear integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Manage application accounts
Key terms: accounts, account owners, and users A user is a ConductorOne account, created when your company’s directory apps were integrated with ConductorOne during the setup process. A user is associated with a specific individual human who can request and review access.
Manually add users
Manually add users from Okta Users added to the application in Okta are synced from the cloud directory to ConductorOne. You must be an Administrator in Okta to add users to the application.
Map user attributes
Why do I need to map user attributes? If your company is like most, you have employee info stored in several different apps. For instance, your human resources (HR) app might hold the data on who everyone’s manager is, while your identity provider (IdP) app has the details on job titles and departments.
Microsoft Entra ID integration
Availability β General availability. The Entra ID integration is available to all ConductorOne users. Capabilities Sync users and managed identities from Entra ID to ConductorOne Resources supported: Groups Enterprise applications Directory roles Provisioning supported:
NetSuite integration
Availability β General availability. The NetSuite integration is available to all ConductorOne users. Capabilities Sync user identities from NetSuite to ConductorOne Resources supported: Roles Set up the NetSuite integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
New Relic integration
Availability β General availability. The New Relic integration is available to all ConductorOne users. Capabilities Sync user identities from New Relic to ConductorOne Resources supported: Organizations Groups Roles Provisioning supported:
Okta integration
Availability β General availability. The Okta integration is available to all ConductorOne users. Capabilities Sync user identities from Okta to ConductorOne Promote identities from application users to ConductorOne users Resources supported:
OneLogin integration
Availability β General availability. The OneLogin integration is available to all ConductorOne users. Capabilities Sync user identities from OneLogin to ConductorOne Resources supported: Roles Application assignments Provisioning supported: Role assignment Set up the OneLogin integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Opsgenie integration
Availability β General availability. The Opsgenie connector is available to all ConductorOne users. Capabilities Sync user identities from Opsgenie to ConductorOne Resources supported: Teams Roles Schedules Set up the Opsgenie integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
PagerDuty integration
Availability β General availability. The PagerDuty integration is available to all ConductorOne users. Capabilities Sync user identities from PagerDuty to ConductorOne Resources supported: Teams Roles Schedules Set up the PagerDuty integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Panther integration
Availability β General availability. The Panther integration is available to all ConductorOne users. Capabilities Sync user identities from Panther to ConductorOne Resources supported: Roles Set up the Panther integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Query access data to gain insight
Available queries On the Access explorer page you’ll find queries to help you explore and understand your organization’s access data so you can mitigate potential security risks. The results of select queries are also summarized on the Security tab of the dashboard.
Ramp integration
Availability β General availability. The Ramp integration is available to all ConductorOne users. Capabilities Sync user identities from Ramp to ConductorOne Resources supported: Roles Set up the Ramp integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Request a new app or permission
Request new access using the ConductorOne app Your company uses ConductorOne to manage software access requests. Whenever you need access to a certain application, or access to a permission like a group, repo, or role within an app (these care called resources), make a request through ConductorOne.
Review access grant requests
Complete a request task Request tasks are assigned to you when a colleague asks for new access and your review of the request is needed. Reviewers are assigned based on the request policy governing the requested app or resource.
Review revocation proposals
Complete a revocation task Revocation tasks are generated when someone (such as the user, their manager, or a reviewer during an access review campaign) decides that access is no longer used, needed, or appropriate, and recommends its removal.
Salesforce integration
Availability β General availability. The Salesforce integration is available to all ConductorOne users. ConductorOne only integrates with Salesforce editions with API access. ConductorOne integrates with Salesforce Enterprise, Unlimited, Developer, and Performance editions.
Scope a campaign
Using custom profile attributes to narrow the scope of a campaign Profile attributes are key/value pairs of data sourced from identities in applications. Set up user key mappings to pull additional profile attributes from your application identities and use this information to narrow the scope of your campaign.
Security architecture
Security at ConductorOne At ConductorOne, our team is composed of long-time experts in security, identity, and infrastructure, who have built products from the ground up with highly secure environments. We understand that our own security and privacy practices are mission-critical to our ability to provide modern privileged access and governance for our customers.
Segment integration
Availability β General availability. The Segment integration is available to all ConductorOne users. Capabilities Sync user identities from Segment to ConductorOne Resources supported: Groups Resources Roles Workspaces Provisioning supported: Groups Set up the Segment integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
SentinelOne integration
Availability β General availability. The SentinelOne integration is available to all ConductorOne users. Capabilities Sync user identities from SentinelOne to ConductorOne Resources supported: Roles Sites Accounts Set up the SentinelOne integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Sentry integration
Availability β General availability. The Sentry integration is available to all ConductorOne users. Capabilities Sync user identities from Sentry to ConductorOne Resources supported: Projects Teams Members Roles Set up the Sentry integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
ServiceNow integration
Availability β General availability. The ServiceNow integration is available to all ConductorOne users. Capabilities Sync user identities from ServiceNow to ConductorOne Resources supported: Roles Groups Set up the ServiceNow integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Set up entitlement bindings
What’s an entitlement binding? Entitlement bindings represent relationships between applications. Some bindings are created automatically by ConductorOne connectors, while others are set up manually. Bindings help you to: Show implicit grants that are created from other entitlements.
Sign up for ConductorOne using Google SSO
Welcome! If you’re a Google SSO user looking to set up ConductorOne for your organization, you’ve come to the right place. Follow the instructions on this page to set up ConductorOne so your colleagues can SSO in with their existing Google credentials.
Sign up for ConductorOne using JumpCloud SSO
Welcome! If you’re a JumpCloud user looking to set up ConductorOne for your organization, you’ve come to the right place. Follow the instructions on this page to set up ConductorOne so your colleagues can SSO in with their existing JumpCloud credentials.
Sign up for ConductorOne using Microsoft SSO
Welcome! If you’re a Microsoft SSO user looking to set up ConductorOne for your organization, you’ve come to the right place. Follow the instructions on this page to set up ConductorOne so your colleagues can SSO in with their existing Microsoft credentials.
Sign up for ConductorOne using Okta
Welcome! If you’re an Okta user looking to set up ConductorOne for your organization, you’ve come to the right place. Follow the instructions on this page to set up ConductorOne so your colleagues can SSO in with their existing Okta credentials.
Sign up for ConductorOne using OneLogin SSO
Welcome! If you’re a OneLogin user looking to set up ConductorOne for your organization, you’ve come to the right place. Follow the instructions on this page to set up ConductorOne so your colleagues can SSO in with their existing OneLogin credentials.
Slack Enterprise Grid integration
Yes, there are TWO kinds of Slack integration! The instructions below integrate a Slack Enterprise Grid account with ConductorOne so that you can view, review, and grant user access to Slack.
Slack integration
Yes, there are TWO kinds of Slack integration! The instructions below integrate a Slack Pro or Business+ workspace with ConductorOne so that you can view, review, and grant user access to Slack.
Snipe-IT integration
Availability β General availability. The Snipe-IT integration is available to all ConductorOne users. Capabilities Sync user identities from Snipe-IT to ConductorOne Resources supported: Groups Permissions Provisioning supported: Group membership Set up the Snipe-IT integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Snowflake integration
Availability β General availability. The Snowflake integration is available to all ConductorOne users. Capabilities Sync user identities from Snowflake to ConductorOne Resources supported: Roles Set up the Snowflake integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Tableau integration
Availability β General availability. The Tableau integration is available to all ConductorOne users. Capabilities Sync user identities from Tableau to ConductorOne Resources supported: Sites Groups Set up the Tableau integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Tailscale integration
Availability β General availability. The Tailscale integration is available to all ConductorOne users. Capabilities Sync user identities from Tailscale to ConductorOne Resources supported: Groups ACL rules SSH rules Provisioning supported:
Twingate integration
Availability β General availability. The Twingate integration is available to all ConductorOne users. Capabilities Sync user identities from Twingate to ConductorOne Resources supported: Groups Roles Provisioning supported: Membership in locally created groups Set up the Twingate integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
UKG integration
Availability β General availability. The UKG integration is available to all ConductorOne users. Capabilities Sync user identities from UKG to ConductorOne Resources supported: Roles Set up the UKG integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Work with self-hosted Baton connectors
π Your deployment workflow To deploy a self-hosted connector, follow this process: Create or obtain the authentication credentials for the application you’re connecting. Install the connector and run a sync to collect and format the application’s access data.
Write conditional policy rules
Need an introduction to conditional policies? Go to Add conditional policy rules in the Create policies documentation. Pre-built policy condition expressions To get you started, here are some basic conditional policy use cases and the corresponding condition expressions to be used in conditional policy rules.
Xero integration
Availability β General availability. The Xero integration is available to all ConductorOne users. Capabilities Sync user identities from Xero to ConductorOne Resources supported: Organizations Roles Set up the Xero integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Zendesk integration
Availability β General availability. The Zendesk integration is available to all ConductorOne users. Capabilities Sync user identities from Zendesk to ConductorOne Resources supported: Groups Organizations Set up the Zendesk integration This task requires either the Integration Administrator or Super Administrator role in ConductorOne.
Zoom integration
Availability β General availability. The Zoom integration is available to all ConductorOne users. Capabilities Sync user identities from Zoom to ConductorOne Resources supported: Groups Contact groups Roles Set up the Zoom integration This integration works with Zoom on the Pro, Business, Business Plus, or Enterprise plan.
π οΈ 1Password integration
Why does this integration look different from most others? Unlike most of the software ConductorOne integrates with, 1Password doesnβt expose APIs that can be used to connect the two systems.
π οΈ LDAP integration
Availability π οΈ The LDAP integration requires use of ConductorOne’s LDAP connector, which was built using the open-source Baton SDK. Capabilities Sync user identities from LDAP to ConductorOne Resources supported: Roles (organizationalRole in LDAP) Groups (groupOfUniqueNames in LDAP) Provisioning supported:
π οΈ Splunk integration
Are you a Splunk Cloud user? This page has instructions for integrating ConductorOne with Splunk Enterprise. If you want to integrate ConductorOne with your Splunk Cloud instance, follow the instructions in the Splunk connector’s README file.