ConductorOne Docs
π Azure Active Directory integration
π Deprecation warning: A newer version of this integration is available. Azure Active Directory is now Microsoft Entra ID. If you’re setting up this integration for the first time, go to Entra ID integration to get started.
π Set up a Formal connector
Availability π Early access. The Formal connector is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com to add Formal to your Connectors page.
π Set up a Google Identity Platform connector
Availability π Early access. The Google Identity Platform connector is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com if you’d like to add Google Identity Platform to your Connectors page.
π Set up a Litmos connector
Availability π Early access. The Litmos connector is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com to add Litmos to your Connectors page.
π Set up a Snyk connector
Availability π Early access. The Snyk connector is currently in early access as we gather more feedback from users. Reach out to support@conductorone.com to add Snyk to your Connectors page.
Administer and end an active campaign
View campaign progress On the Access reviews tab of any campaign, view a dashboard summarizing the campaign’s progress and outstanding tasks. View and manage individual reviews On the campaign’s Tasks tab, open individual access reviews, view details, and take action:
Assign user roles
Roles and their permissions ConductorOne’s user roles let you assign users permissions tailored to the work they do. Permission Basic User Access Request Helpdesk Access Request Admin Campaign Admin Connector Admin Super Admin View dashboard β β β β β β Complete assigned tasks β β β β β β Create access requests for any user β β β Manage catalogs β β Create and manage campaigns β β Manage tasks for campaigns β β View connectors β β Manage connectors β β Manage applications β Create and manage policies β Reassign tasks* β Manage users β View security dashboard β View access explorer & access graph β View access conflicts β *Note: Tasks can be reassigned only when doing so is allowed by the policy governing the task.
Browse your app catalog
Browse access overview Your company uses ConductorOne to manage software access requests. On the Browse access page you’ll find a personalized app catalog containing all the apps and resources available for you to request.
Build a custom Baton connector
If you need to connect ConductorOne to a homegrown or backoffice piece of infrastructure, you can build your own connector with the Baton software development kit (SDK). Once built, these Baton connectors can be integrated directly with ConductorOne.
Clarify complex entitlement relationships
Choosing the right tool ConductorOne offers three tools to help you create relationships between entitlements. Use bound, custom, or linked entitlements when you have a complex relationship between entitlements that you need to model within ConductorOne or want to present to your colleagues in a simplified way.
Cloud connector library
Is there a connector you’d like to see added to the library? Let us know! Connectors marked with a π are in early access while we gather feedback and fine-tune their details.
Complete access reviews
Complete a review task Your organization uses ConductorOne to run user access review (UAR) campaigns. You’ll be assigned reviews in ConductorOne to verify that current access is still appropriate and needed.
Complete provisioning and deprovisioning tasks
Complete a provisioning task A request to grant new access has already been reviewed and approved. A provisioning task is now assigned to you because manual provisioning of the new access is required and you are a designated provisioner for the app.
Complete your tasks
Here you’ll find instructions for completing the ConductorOne tasks assigned to you. Use the links below to jump to the relevant docs for each task type. Review tasks: Complete access reviews
Completeness and accuracy
How do application integrations work in ConductorOne? Application data is synced every 1-2 hours (exact duration depends on the size of your tenant). Applications are connected using the required authentication method as described in the integration documentation.
ConductorOne release notes
July 26, 2024 ConductorOne groups. You can now create custom groups that dynamically adjust their membership based on adherence to a membership rule. These special groups can be used to manage who can access a catalog, to assign reviews in a policy step, and more.
Cone command reference
Key commands: Run cone help in your terminal to show all available commands. Run cone <command> --help or cone <command> -h for help with a specific command. Overview Cone interacts with the ConductorOne API to manage access to entitlements.
Configure access requests
Your access request configuration workflow ConductorOne applies access request settings using this order of precedence: The entitlement’s configuration The application’s configuration In other words, if you specify the configuration (such as the catalog, policy, and max grant duration) for a specific entitlement, these settings overrule the configuration set for the application as a whole.
Configure application details
Rename the application An application’s name is automatically chosen by the connector when the integration is set up. If you want or need to change the application’s name as it appears everywhere in ConductorOne, you can do so.
Configure entitlement details
Where can I see an entitlement’s details? An entitlement’s details page shows the entitlement’s configuration and key settings for how it will be granted, reviewed, and revoked. You can reach a entitlement’s details page by clicking its name on the Entitlements tab of an application’s details page, or by clicking the entitlement name on a resource’s details page.
Configure entitlement request settings
Set a request policy for the entitlement ConductorOne applies request policies using this order of precedence: The entitlement’s configuration The application’s configuration In other words, if a request policy is set on the entitlement, it overrules the policy set on the application.
Configure entitlement review settings
Set a review policy for the entitlement ConductorOne applies review policies using this order of precedence: The entitlement’s configuration The application’s configuration The campaign’s configuration In other words, if an entitlement policy is set, it overrules both the campaign policy and the application policy.
Configure entitlement revocation settings
How revocation happens in ConductorOne An account’s access to an entitlement can be revoked in three ways: When the account owner’s manager, the application owner, or the entitlement owner clicks Revoke on either the resource’s Grants tab or on the entitlement’s Grants tab to create a revocation task.
Configure resource details
A resource’s details page provides an overview of the resource’s configuration and the entitlements it contains. You can reach a resource’s details page by clicking the resource name on the Groups, Roles, or Resources tabs of an application’s details page.
Configure session length
What’s the default session length? By default, ConductorOne sessions are set to 20 hours. You can customize your organization’s session length to adhere to your internal security policies and best practices.
Configure webhooks
Add a new webhook Set up a webhook in ConductorOne to extend your access control workflows across multiple tools. Navigate to Admin > Settings and click the Webhooks tab. Click Add webhook.
Connect directory apps and create user accounts
What is a directory app? The applications that hold key information about your organization’s employees are called directories in ConductorOne. Directory apps can include: Your human resources app Your identity provider (IdP) Other apps that contain employee data such as manager, employment status, department, or job title Once directory apps are set, ConductorOne uses their information to create ConductorOne user accounts for everyone in your company.
Create a campaign Slack channel
Before you begin: A Slack administrator at your company must install the ConductorOne app on your Slack workspace. Go to the Notifications tab of the ConductorOne Settings page to get started.
Create an access review campaign
Why run an access review campaign? Access review campaigns help Security and IT teams to securely control what software users can access, all while making sure employees can also successfully complete their work.
Create applications
π Your application-creation workflow When setting up applications for your new ConductorOne instance, follow this order of operations: Integrate your identity provider (IdP). This creates the IdP app in ConductorOne, and also automatically creates child apps for all the software that you use your IdP to manage or SSO into.
Create policies
View the available policies ConductorOne provides three built-in policies to get you started. To view these and any other policies currently saved in your ConductorOne instance: In the navigation panel, open Admin and click Policies.
Create request catalogs and bundles
What’s a request catalog? Everyone in your organization needs access to the software your whole team uses to stay in touch and get work done. But an employee in the Accounting department probably doesn’t need access to the specialized tools the Product Design team uses, or vice versa.
Delegate a user's tasks
When should I set a delegate? In some cases, you might not want to assign ConductorOne tasks or send the corresponding notifications to certain users. For example, if a policy assigns access review or access request tasks to an executive, you might want to automatically redirect those tasks to a lower-level employee.
Detect and manage shadow apps
What are shadow apps? Shadow apps are applications and cloud services not managed or approved by the organization’s IT department that employees sign into using their corporate email. In ConductorOne, you can track the shadow apps that users sign into using their IdP credentials and bring key shadow apps under management.
Duplicate a past campaign
Step 1: Create a duplicate campaign Only users with the Campaign Administrator or Super Administrator user role in ConductorOne can create and manage campaigns. See User roles for more information.
Email digest notifications
Send digest emails ConductorOne can automatically send notifications to all the users at your company who have open tasks. Each user’s open work is summarized in a digest email, which can be set to a daily or weekly cadence.
Enable emergency access requests
What’s an emergency access request? In emergency situations, some employees might need immediate access to resources and systems that they don’t normally have access to. In order to get these employees the access they need, companies create expedited access review procedures (sometimes called “break glass” procedures in reference to the “break glass in case of fire” signs on alarms and fire safety equipment).
Frequently asked questions
What’s ConductorOne’s IP address? ConductorOne has these associated IP addresses: 35.85.212.195 35.82.205.32 What happens if the application owner, entitlement owner, or group members change after tasks are assigned? If an entitlement owner, application owner, or group member is added or removed after the task is created but while the task is still open, ConductorOne does not recreate the task, and does not assign it to any new owners or members.
Generate access requests through a service desk
ConductorOne currently supports Jira Service Management. Additional service desk integrations are coming soon. How does ConductorOne’s helpdesk automation work? If your organization’s IT helpdesk wants to keep its current processes and toolchain, but needs to automate approval and provisioning workflows on the backend, ConductorOneβs AI-powered Copilot can manage approval routing and provisioning behind the scenes.
Generate campaign reports
Generate a report Access review campaigns have built-in reports that show the progress and prove the outcomes of the campaign. Reports can be generated at any time after a campaign has started.
Generate grant reports
Depending on the size of the data set, generating a report might take several minutes. In the navigation panel, open Apps and click Applications. Click the name of the application you want to generate a report for.
Get alerts about conflicting access
What’s an access conflict? An access conflict is two entitlements assigned to the same user that violate a separation of duties (SoD) policy or other regulation. Ensuring SoD is enforced across your organization is an important part of adhering to standards such as SOX, FDA 21 CFR Part 11, and ISO 27001.
Glossary
Access Reviews: Enable organizations to efficiently control and manage users’ access to critical applications and role assignments. Access Reviews allow an ADMIN of ConductorOne to assign a task to designated employees (reviewers).
Host a Baton connector in service mode
How does service mode work and why should I use it? Integrating your self-hosted Baton connector with ConductorOne creates the most seamless and fully automated method of uploading your application’s data.
How to run a privileged access review
Why run a privileged access review? Privileged access reviews are essential for maintaining a secure IT environment. They help to ensure that privileged users only have the access they need, when they need it.
How to set up AWS just-in-time access
Why use JIT access? JIT access grants temporary, least-privilege permissions to resources just when needed, reducing attack surfaces and boosting security. JIT access offers a range of security and organizational benefits, including:
How to set up self-service access
Why set up self-service access requests? Self-service access requests automate the access request process, with benefits for everyone involved: For your organization: Enforce security policies and help to achieve least privilege and establish an audit trail
Import data for an application
Prepare data for import Many companies use home-grown or custom software not natively supported by ConductorOne connectors. You can import the key data from this software, then use ConductorOne to conduct access reviews and manage permissions.
Import data from an AWS S3 bucket
ConductorOne automatically syncs with the connected S3 bucket every hour, so data updated in the S3 bucket is reflected in the ConductorOne application. Availability β General availability. The AWS S3 data source connector is available to all ConductorOne users.
Install and authorize Cone
Supported operating systems ConductorOne provides cone binaries for popular operating systems including macOS, Windows, and Linux on the x86 and ARM platforms. If your platform is not listed, please contact us or build from source.
Interact with ConductorOne via Slack
What can I do with the ConductorOne Slack app? Use the ConductorOne Slack app to interact directly with ConductorOne without leaving Slack. Once the ConductorOne Slack app is installed for your workspace, you and your colleagues can:
Introducing apps, resources, and entitlements
Key terms: Apps, resources, and entitlements Applications are collections of usage data. Applications are set up in ConductorOne to mirror the software your company uses. Applications contain resources, which are groups of permissions.
Introducing ConductorOne
Whatβs new Release notes The latest new features, enhancements, and resolved issues. Published weekly. NEW: Access conflicts Monitor access for violations of your separation of duties policies and get alerts when new access conflicts arise.
Introducing Cone, the ConductorOne CLI
What is Cone? A CLI, or command-line interface, is a text-based user interface that allows users to interact with a computer by typing commands. CLIs are popular with developers, system administrators, and security engineers because of the speed, control, and flexibility they offer.
Introducing connectors
An introduction to connectors Connectors allow the ConductorOne platform to connect to any SaaS, IaaS, on-prem, or infrastructure tool for the purposes of managing and automating access control. Connectors synchronize data for identities, resources, and access rights, and can orchestrate access changes (such as provisioning accounts) back to the system.
Manage application accounts
Key terms: accounts, account owners, and users A user is a ConductorOne account, created when your company’s directory apps were integrated with ConductorOne during the setup process. A user is associated with a specific individual human who can request and review access.
Manually add users
Manually add users from Okta Users added to the application in Okta are synced from the cloud directory to ConductorOne. You must be an Administrator in Okta to add users to the application.
Map user attributes
Why do I need to map user attributes? If your company is like most, you have employee info stored in several different apps. For instance, your human resources (HR) app might hold the data on who everyone’s manager is, while your identity provider (IdP) app has the details on job titles and departments.
Query access data to gain insight
Available queries On the Access explorer page you’ll find queries to help you explore and understand your organization’s access data so you can mitigate potential security risks. The results of select queries are also summarized on the Security tab of the dashboard.
Request a new app or permission
Request new access using the ConductorOne app Your company uses ConductorOne to manage software access requests. Whenever you need access to a certain application, or access to a permission like a group, repo, or role within an app (these care called resources), make a request through ConductorOne.
Review access grant requests
Complete a request task Request tasks are assigned to you when a colleague asks for new access and your review of the request is needed. Reviewers are assigned based on the request policy governing the requested app or resource.
Review revocation proposals
Complete a revocation task Revocation tasks are generated when someone (such as the user, their manager, or a reviewer during an access review campaign) decides that access is no longer used, needed, or appropriate, and recommends its removal.
Scope a campaign
Using custom profile attributes to narrow the scope of a campaign Profile attributes are key/value pairs of data sourced from identities in applications. Set up user key mappings to pull additional profile attributes from your application identities and use this information to narrow the scope of your campaign.
Security architecture
Security at ConductorOne At ConductorOne, our team is composed of long-time experts in security, identity, and infrastructure, who have built products from the ground up with highly secure environments. We understand that our own security and privacy practices are mission-critical to our ability to provide modern privileged access and governance for our customers.
Set up a BambooHR connector
Availability β General availability. The BambooHR connector is available to all ConductorOne users. Capabilities Sync user identities from BambooHR to ConductorOne Sync users’ manager information from BambooHR to ConductorOne Add a new BambooHR connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Bitbucket connector
Availability β General availability. The Bitbucket connector is available to all ConductorOne users. Capabilities Sync user identities from Bitbucket to ConductorOne Resources supported: Workspaces Groups Projects Repositories Provisioning supported: Groups Add a new Bitbucket connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Box connector
Availability β General availability. The Box connector is available to all ConductorOne users. Capabilities Sync user identities from Box to ConductorOne Resources supported: Groups Enterprises Add a new Box connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Broadcom SAC connector
Availability β General availability. The Broadcom SAC connector is available to all ConductorOne users. Capabilities Sync user identities from Broadcom SAC to ConductorOne Resources supported: Groups Add a new Broadcom SAC connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Buildkite connector
Availability β General availability. The Buildkite connector is available to all ConductorOne users. Capabilities Sync team members from Buildkite to ConductorOne Resources supported: Teams Add a new Buildkite connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Celigo connector
Availability β General availability. The Celigo connector is available to all ConductorOne users. Capabilities Sync user identities from Celigo to ConductorOne Resources supported: Integrations Roles Provisioning supported: Role assignment Add a new Celigo connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a CloudAMQP connector
Availability β General availability. The CloudAMQP connector is available to all ConductorOne users. Capabilities Sync user identities from CloudAMQP to ConductorOne Resources supported: Roles Add a new CloudAMQP connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Cloudflare connector
Availability β General availability. The Cloudflare connector is available to all ConductorOne users. Capabilities Sync user identities from Cloudflare to ConductorOne Resources supported: Roles Provisioning supported: Role assignments Accounts Add a new Cloudflare connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Cloudflare Zero Trust connector
Availability β General availability. The Cloudflare Zero Trust connector is available to all ConductorOne users. Capabilities Sync user identities from Cloudflare Zero Trust to ConductorOne Resources supported: Access groups Roles Provisioning supported:
Set up a Confluence connector
Availability β General availability. The Confluence connector is available to all ConductorOne users. Capabilities Sync user identities from Confluence to ConductorOne Resources supported: Groups Add a new Confluence connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Cortex XSOAR connector
Availability β General availability. The Cortex XSOAR connector is available to all ConductorOne users. Capabilities Sync user identities from Cortex XSOAR to ConductorOne Resources supported: Roles Add a new XSOAR connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Coupa connector
Availability β General availability. The Coupa connector is available to all ConductorOne users. Capabilities Sync user identities from Coupa to ConductorOne Resources supported: Groups Roles Licenses Add a new Coupa connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a CrowdStrike connector
Availability β General availability. The CrowdStrike connector is available to all ConductorOne users. Capabilities Sync user identities from CrowdStrike to ConductorOne Resources supported: Roles Add a new CrowdStrike connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Databricks connector
Availability β General availability. The Databricks connector is available to all ConductorOne users. Capabilities Sync user identities from Databricks to ConductorOne Resources supported: Accounts Groups Roles Service principals Workspaces Provisioning supported:
Set up a Datadog connector
π Deprecation warning: A newer version of this integration is available. If you’re setting up a Datadog integration with ConductorOne for the first time, use the v2 version of the integration.
Set up a Datadog v2 connector
This is an updated and improved version of the Datadog connector! If you’re setting up Datadog with ConductorOne for the first time, you’re in the right place. Availability π Early access.
Set up a Docker Hub connector
Availability β General availability. The Docker Hub connector is available to all ConductorOne users. Capabilities Sync user identities from Docker Hub to ConductorOne Resources supported: Organizations Teams Repositories Add a new Docker Hub connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Docusign connector
Availability β General availability. The DocuSign connector is available to all ConductorOne users. Capabilities Sync user identities from DocuSign to ConductorOne Resources supported: Groups Signing groups Permission profiles Add a new DocuSign connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Duo connector
Availability β General availability. The Duo connector is available to all ConductorOne users. This connector uses the Duo Admin API, which is available to users on the Duo Beyond, Duo Access, and Duo MFA plans.
Set up a Fastly connector
Availability β General availability. The Fastly connector is available to all ConductorOne users. Capabilities Sync user identities from Fastly to ConductorOne Resources supported: Roles Services Add a new Fastly connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a GitHub Enterprise connector
GitHub versus GitHub Enterprise: which integration should I use? Follow the instructions on this page if your organization accesses GitHub at a custom domain. If you at access GitHub at github.
Set up a GitHub v2 connector
This is an updated and improved version of the GitHub integration! The v2 version of the GitHub integration adds provisioning support for repositories and modernizes the underlying architecture. If you’re setting up a GitHub integration with ConductorOne for the first time, you’re in the right place.
Set up a GitLab connector
Availability β General availability. The GitLab connector is available to all ConductorOne users. Capabilities Sync user identities from GitLab to ConductorOne Resources supported: Roles Add a new GitLab connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Google Cloud Platform connector
Availability β General availability. The Google Cloud Platform connector is available to all ConductorOne users. Capabilities Sync user identities from Google Cloud Platform to ConductorOne Resources supported: Projects Roles Provisioning supported:
Set up a Google Workspace v2 connector
This is an updated and improved version of the Google Workspace integration! If you’re setting up a Google Workspace integration with ConductorOne for the first time, you’re in the right place.
Set up a HubSpot connector
Availability β General availability. The HubSpot connector is available to all ConductorOne users. Capabilities Sync user identities from HubSpot to ConductorOne Resources supported: Teams Accounts Add a new HubSpot connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Jamf connector
Availability β General availability. The Jamf Pro connector is available to all ConductorOne users. Capabilities Sync user identities from Jamf Pro to ConductorOne Resources supported: Groups Roles Sites Add a new Jamf Pro connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Jira Cloud connector
Yes, there are TWO kinds of Jira integration! The instructions below connect a Jira Cloud instance with ConductorOne so that you can review access data and grant user access to Jira.
Set up a JumpCloud connector
Availability β General availability. The JumpCloud connector is available to all ConductorOne users. Capabilities Sync user identities from JumpCloud to ConductorOne Resources supported: Groups Apps Roles Provisioning supported: Group membership Add a new JumpCloud connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Linear connector
Availability β General availability. The Linear connector is available to all ConductorOne users. Capabilities Sync user identities from Linear to ConductorOne Resources supported: Organizations Teams Add a new Linear connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Microsoft Entra ID connector
Availability β General availability. The Entra ID connector is available to all ConductorOne users. Capabilities Sync users and managed identities from Entra ID to ConductorOne Resources supported: Groups Enterprise applications Directory roles Provisioning supported:
Set up a Miro connector
Availability β General availability. The Miro connector is available to all ConductorOne users. Capabilities Sync user identities from Miro to ConductorOne Resources supported: Teams Add a new Miro connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a MongoDB Atlas connector
Availability β General availability. The MongoDB Atlas connector is available to all ConductorOne users. Capabilities Sync user identities from MongoDB Atlas to ConductorOne Resources supported: Organizations Teams Projects Provisioning supported:
Set up a NetSuite connector
Availability β General availability. The NetSuite connector is available to all ConductorOne users. Capabilities Sync user identities from NetSuite to ConductorOne Resources supported: Roles Add a new NetSuite connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a New Relic connector
Availability β General availability. The New Relic connector is available to all ConductorOne users. Capabilities Sync user identities from New Relic to ConductorOne Resources supported: Organizations Groups Roles Provisioning supported:
Set up a PagerDuty connector
Availability β General availability. The PagerDuty connector is available to all ConductorOne users. Capabilities Sync user identities from PagerDuty to ConductorOne Resources supported: Teams Roles Schedules Add a new PagerDuty connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Panther connector
Availability β General availability. The Panther connector is available to all ConductorOne users. Capabilities Sync user identities from Panther to ConductorOne Resources supported: Roles Add a new Panther connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Ramp connector
Availability β General availability. The Ramp connector is available to all ConductorOne users. Capabilities Sync user identities from Ramp to ConductorOne Resources supported: Roles Add a new Ramp connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Salesforce connector
Availability β General availability. The Salesforce connector is available to all ConductorOne users. ConductorOne only integrates with Salesforce editions with API access. ConductorOne integrates with Salesforce Enterprise, Unlimited, Developer, and Performance editions.
Set up a Segment connector
Availability β General availability. The Segment connector is available to all ConductorOne users. Capabilities Sync user identities from Segment to ConductorOne Resources supported: Groups Resources Roles Workspaces Provisioning supported: Groups Add a new Segment connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a SentinelOne connector
Availability β General availability. The SentinelOne connector is available to all ConductorOne users. Capabilities Sync user identities from SentinelOne to ConductorOne Resources supported: Roles Sites Accounts Add a new SentinelOne connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Sentry connector
Availability β General availability. The Sentry connector is available to all ConductorOne users. Capabilities Sync user identities from Sentry to ConductorOne Resources supported: Projects Teams Members Roles Add a new Sentry connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a ServiceNow connector
Availability β General availability. The ServiceNow connector is available to all ConductorOne users. Capabilities Sync user identities from ServiceNow to ConductorOne Resources supported: Roles Groups Add a new ServiceNow connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Slack connector
Yes, there are TWO kinds of Slack integration! The instructions below connect a Slack Pro or Business+ workspace with ConductorOne so that you can review access data and grant user access to Slack.
Set up a Slack Enterprise Grid connector
Yes, there are TWO kinds of Slack integration! The instructions below integrate a Slack Enterprise Grid account with ConductorOne so that you can review access data and grant user access to Slack.
Set up a Snipe-IT connector
Availability β General availability. The Snipe-IT connector is available to all ConductorOne users. Capabilities Sync user identities from Snipe-IT to ConductorOne Resources supported: Groups Permissions Provisioning supported: Group membership Add a new Snipe-IT connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Snowflake connector
Availability β General availability. The Snowflake connector is available to all ConductorOne users. Capabilities Sync user identities from Snowflake to ConductorOne Resources supported: Roles Add a new Snowflake connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Tableau connector
Availability β General availability. The Tableau connector is available to all ConductorOne users. Capabilities Sync user identities from Tableau to ConductorOne Resources supported: Sites Groups Add a new Tableau connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Tailscale connector
Availability β General availability. The Tailscale connector is available to all ConductorOne users. Capabilities Sync user identities from Tailscale to ConductorOne Resources supported: Groups ACL rules SSH rules Provisioning supported:
Set up a Torq connector
Availability β General availability. The Torq connector is available to all ConductorOne users. Capabilities Sync user identities from Torq to ConductorOne Resources supported: Roles Add a new Torq connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Twingate connector
Availability β General availability. The Twingate connector is available to all ConductorOne users. Capabilities Sync user identities from Twingate to ConductorOne Resources supported: Groups Roles Provisioning supported: Membership in locally created groups Add a new Twingate connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a UKG connector
Availability β General availability. The UKG connector is available to all ConductorOne users. Capabilities Sync user identities from UKG to ConductorOne Resources supported: Roles Add a new UKG connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Verkada connector
Availability β General availability. The Verkada connector is available to all ConductorOne users. Capabilities Sync user identities from Verkada to ConductorOne Resources supported: Access users Access groups Provisioning supported: Access group membership Add a new Verkada connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Xero connector
Availability The Xero connector is temporarily unavailable. We are working out an authentication flow issue with this connector, and will add it back to the library as soon as we can.
Set up a Zendesk connector
Availability β General availability. The Zendesk connector is available to all ConductorOne users. Capabilities Sync user identities from Zendesk to ConductorOne Resources supported: Groups Organizations Add a new Zendesk connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up a Zoom connector
Availability β General availability. The Zoom connector is available to all ConductorOne users. Capabilities Sync user identities from Zoom to ConductorOne Resources supported: Groups Contact groups Roles Add a new Zoom connector This connector works with Zoom on the Pro, Business, Business Plus, or Enterprise plan.
Set up an Amazon Web Services (AWS) v2 connector
This is an updated and improved version of the AWS connector! If you’re setting up AWS with ConductorOne for the first time, you’re in the right place. Availability β General availability.
Set up an Asana connector
Availability β General availability. The Asana connector is available to all ConductorOne users. Capabilities Sync user identities from Asana to ConductorOne Resources supported: Teams Workspaces Add a new Asana connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up an Elastic connector
Availability β General availability. The Databricks connector is available to all ConductorOne users. Capabilities Sync user identities from Elastic to ConductorOne Resources supported: Organizations Deployment users (optional) Deployment roles (optional) Provisioning supported:
Set up an Expensify connector
Availability β General availability. The Expensify connector is available to all ConductorOne users. Capabilities Sync user identities from Expensify to ConductorOne Resources supported: Policies Add a new Expensify connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up an Okta connector
Availability β General availability. The Okta connector is available to all ConductorOne users. Capabilities Sync user identities from Okta to ConductorOne Promote identities from application users to ConductorOne users Resources supported:
Set up an OneLogin connector
Availability β General availability. The OneLogin connector is available to all ConductorOne users. Capabilities Sync user identities from OneLogin to ConductorOne Resources supported: Roles Application assignments Provisioning supported: Role assignment Add a new OneLogin connector This task requires either the Connector Administrator or Super Administrator role in ConductorOne.
Set up an OpsGenie v2 connector
This is an updated and improved version of the Opsgenie integration! If you’re setting up an Opsgenie integration with ConductorOne for the first time, you’re in the right place.
Sign up for ConductorOne using Google SSO
Welcome! If you’re a Google SSO user looking to set up ConductorOne for your organization, you’ve come to the right place. Follow the instructions on this page to set up ConductorOne so your colleagues can SSO in with their existing Google credentials.
Sign up for ConductorOne using JumpCloud SSO
Welcome! If you’re a JumpCloud user looking to set up ConductorOne for your organization, you’ve come to the right place. Follow the instructions on this page to set up ConductorOne so your colleagues can SSO in with their existing JumpCloud credentials.
Sign up for ConductorOne using Microsoft SSO
Welcome! If you’re a Microsoft SSO user looking to set up ConductorOne for your organization, you’ve come to the right place. Follow the instructions on this page to set up ConductorOne so your colleagues can SSO in with their existing Microsoft credentials.
Sign up for ConductorOne using Okta
Welcome! If you’re an Okta user looking to set up ConductorOne for your organization, you’ve come to the right place. Follow the instructions on this page to set up ConductorOne so your colleagues can SSO in with their existing Okta credentials.
Sign up for ConductorOne using OneLogin SSO
Welcome! If you’re a OneLogin user looking to set up ConductorOne for your organization, you’ve come to the right place. Follow the instructions on this page to set up ConductorOne so your colleagues can SSO in with their existing OneLogin credentials.
Work with self-hosted Baton connectors
π Your deployment workflow To deploy a self-hosted Baton connector, follow this process: Create or obtain the authentication credentials for the application you’re connecting. Install the connector and run a sync to collect and format the application’s access data.
Work with the ConductorOne app
The ConductorOne application The ConductorOne application contains current data on user access to ConductorOne and user permissions within ConductorOne. It lets you review and manage access to ConductorOne … with ConductorOne.
Write conditional expressions
Need an introduction to conditional policies? Go to Add conditional policy rules in the Create policies documentation. You can add condition expressions to two places in your policy: Policy condition expressions determine what action the policy will take.
π οΈ Set up 1Password connector
Why does this connector look different from most others? Unlike most of the software ConductorOne integrates with, 1Password doesnβt expose APIs that can be used to connect the two systems.
π οΈ Set up a Splunk connector
Are you a Splunk Cloud user? This page has instructions for integrating ConductorOne with Splunk Enterprise. If you want to integrate ConductorOne with your Splunk Cloud instance, follow the instructions in the Splunk connector’s README file.
π οΈ Set up an LDAP connector
Availability π οΈ The Baton connector for LDAP is an open-source connector developed by ConductorOne. Capabilities Sync user identities from LDAP to ConductorOne Resources supported: Roles (organizationalRole in LDAP) Groups (groupOfUniqueNames in LDAP) Provisioning supported: