Complete access reviews
Complete a review task
Your company uses ConductorOne to run its periodic access review campaigns. You are assigned review tasks in ConductorOne when your input is required to verify that current access to applications and specific resources is still appropriate and needed.
You might be asked to review your own access, the access of people you manage, or your colleagues’ access to an application you own. Reviewers are assigned based on the review policy used for the campaign.
Step 1: Receive a notification and go to the task
ConductorOne sends you notifications by email and Slack (if enabled) whenever a task is assigned to you. Make sure that notification emails can reach your inbox by adding no-reply@conductorone.com to your email contacts list.
๐ก Go to Interact with ConductorOne via Slack for instructions on setting up our Slack app.
Log into ConductorOne by clicking the link in your email or Slack notification.
If the link in your notification does not direct you to the task list automatically, locate it by clicking on Reviews in the My work section of the navigation panel.
Step 2: Select how to view your reviews
There are three options for how you will view and complete your review tasks, and you can switch between them at any time.
By application: review each resource for an application in a separate review list.
By user: review each userโs access in a guided format.
Unstructured: all your assigned reviews together in one list.
Step 3: Review the access and provide your decision
Each line in the table is a task assigned to you. For each task, complete these steps:
Review the access
- Look at the account and the resource. Is this access needed for the userโs work and appropriate to the userโs role in the company?
(Optional) Find more information
If you need more information, click the task number to open the details view, where you’ll find additional information to help you make your decision:
Click the arrow next to the account name to open the Account attributes panel. Here you’ll see all attributes associated with the application account. Note that this panel isn’t present on tasks where access is being granted to a user rather than an account, such as a request for access to a new application.
The Context & analysis section gives details on how many other users in the organization have this access, the risk level of the access (if known), and other details.
The Comments section shows any notes other members of your organization have made about this task.
The Task details section shows the task’s workflow, highlighting the role you play, and the policy being applied to this task. In this section you’ll also find controls to reassign the task, if reassignment is allowed.
Provide your decision
If the access looks correct, click Certify. This means you’re certifying the correctness of this access, and giving your approval for this access to continue.
If the access doesnโt look correct, click Remove. This means you believe the access isnโt needed or isnโt appropriate, and youโre recommending its removal.
Will the access be removed immediately? Maybe. Depending on the revocation policy governing the resource, the revocation might require review and approval before the access is removed from the account.
Step 4: Repeat the process
Repeat these steps to review and take action on each review task assigned to you. Click Completed tasks to see everything you’ve finished so far.
Reassign a review task
In some cases, such as when an employee has moved to a new position in the company or when a colleague is out of the office on an extended vacation or leave, the task cannot be completed by its assigned reviewer and must be reassigned.
In the task list, click Reassign. Alternatively, from a task’s details view, click Reassign in the Assigned to area.
Select the new assignee and provide a reason for the reassignment.
The newly assigned reviewer will receive email and Slack (if enabled) notifications about their new review task assignment.