ConductorOne Docs

Complete access reviews

Review tasks are assigned to you when your expertise is needed to review access to applications and specific resources as part of a user access review (UAR) campaign.

Complete a review task

Your company uses ConductorOne to run its periodic access review campaigns. You are assigned review tasks in ConductorOne when your input is required to verify that current access to applications and specific resources is still appropriate and needed.

You might be asked to review your own access, the access of people you manage, or your colleagues’ access to an application you own. Reviewers are assigned based on the review policy used for the campaign.

Step 1: Receive a notification and go to the task

ConductorOne sends you notifications by email and Slack (if enabled) whenever a task is assigned to you. Make sure that notification emails can reach your inbox by adding to your email contacts list.

๐Ÿ’ก Go to Interact with ConductorOne via Slack for instructions on setting up our Slack app.

  1. Log into ConductorOne by clicking the link in your email or Slack notification.

  2. If the link in your notification does not direct you to the task list automatically, locate it by clicking on Reviews in the My work section of the navigation panel.

Step 2: Select how to view your reviews

There are three options for how you will view and complete your review tasks, and you can switch between them at any time.

  • By application: review each resource for an application in a separate review list.

  • By user: review each userโ€™s access in a guided format.

  • Unstructured: all your assigned reviews together in one list.

Step 3: Review the access and provide your decision

Each line in the table is a task assigned to you. For each task, complete these steps:

  1. Review the access

    • Look at the account and the resource. Is this access needed for the userโ€™s work and appropriate to the userโ€™s role in the company?
  2. (Optional) Find more information

    If you need more information, click the task number to open the details view, where you’ll find additional information to help you make your decision:

    • Click the arrow next to the account name to open the Account attributes panel. Here you’ll see all attributes associated with the application account. Note that this panel isn’t present on tasks where access is being granted to a user rather than an account, such as a request for access to a new application.

    • The Context & analysis section gives details on how many other users in the organization have this access, the risk level of the access (if known), and other details.

    • The Comments section shows any notes other members of your organization have made about this task.

    • The Task details section shows the task’s workflow, highlighting the role you play, and the policy being applied to this task. In this section you’ll also find controls to reassign the task, if reassignment is allowed.

  3. Provide your decision

    • If the access looks correct, click Certify. This means you’re certifying the correctness of this access, and giving your approval for this access to continue.

    • If the access doesnโ€™t look correct, click Remove. This means you believe the access isnโ€™t needed or isnโ€™t appropriate, and youโ€™re recommending its removal.

    Will the access be removed immediately? Maybe. Depending on the revocation policy governing the resource, the revocation might require review and approval before the access is removed from the account.

Step 4: Repeat the process

Repeat these steps to review and take action on each review task assigned to you. Click Completed tasks to see everything you’ve finished so far.

Reassign a review task

In some cases, such as when an employee has moved to a new position in the company or when a colleague is out of the office on an extended vacation or leave, the task cannot be completed by its assigned reviewer and must be reassigned.

  1. In the task list, click Reassign. Alternatively, from a task’s details view, click Reassign in the Assigned to area.

  2. Select the new assignee and provide a reason for the reassignment.

The newly assigned reviewer will receive email and Slack (if enabled) notifications about their new review task assignment.