See how Ramp uses ConductorOne
ConductorOne

ConductorOne Docs

Get ready for access review campaigns

Access reviews are a critical compliance and security best practice for any company that has systems with sensitive information.

Why should I run an access review campaign with ConductorOne?

Periodic access reviews are mandated by SOC2, PCI, SOX, and various other compliance programs. Furthermore, from a least privilege and security perspective, ensuring that users only have the access they need, for as long as they need it, reduces the access footprint of your company for sensitive systems and data.

Executing access reviews is a painful process for most companies. It involves scripts, spreadsheets, emails, and lots of manual touchpoints to ensure that the reviews are completed and unneeded access is revoked.

ConductorOne takes the pain out of the access review processes by:

  • Integrating with your business-critical SaaS and IaaS platforms
  • Ingesting access and permission information from those platforms
  • Syncing your corporate directory and organization hierarchy data
  • Delivering access reviews to the correct reviews (such as managers, app owners, and data owners) in a timely fashion through a modern experience
  • Exporting reports that can be quickly consumed by auditors

Before you begin an access review campaign

Here’s a checklist of the prerequisites for creating an access review campaign:

  • Integrations. Set up integrations between ConductorOne and the tools and services accessed by your company’s employees that will be reviewed during the campaign. See the Add integrations section of the documentation for a list of available integrations and setup instructions.
  • Slack. (Optional.) Connect your Slack workspace to ConductorOne to enable notifications of tasks, campaign reminders, and upcoming deadlines. (You can also send notifications by email.)
  • Email. To ensure that notification emails are delivered to each reviewer’s primary inbox, add no-reply@conductorone.com to your company’s email allowlist, or ask users to add the address to their contacts.
  • Users. Make sure all the people who will be assigned access reviews during the campaign are users in ConductorOne. See Add users for information on how to add users based on the method you use to sign into ConductorOne.
  • Review policies. Create or confirm the review policies you’ll use in the access review campaign. See Create review policies for more on setting up customized policies for use in your campaign.

Once these elements are in place, you’re ready to Create an access review campaign.