Create automations
Early access: This new feature is in early access while we gather feedback and fine-tune its details. Let us know if you’re eager to give it a try!
Automations in ConductorOne empower you to build custom workflows for repetitive tasks, significantly streamlining your operational processes. Automations are ideal for kicking off critical processes when an employee’s status changes, providing seamless onboarding, secure offboarding, efficient role transfers, and timely access reviews. Automations ensure consistency, reduce manual effort, and improve compliance.
Find and manage all your automations on the Automations page.
Automation structure
Here’s a sample automation’s details page:
Let’s break down the structure:
Automation trigger: This determines what causes an automation to run. This automation’s trigger is turned on, so it will run automatically. You can also manually start an automation run at any time by clicking Run at the top of the page.
Automation steps: These are the actions your automation performs. This automation has only one step, but you can add as many as you need.
Publication status: Each automation is in either a draft or published state. Here, the Publish button is greyed out to indicate that this automation is published.
Version number: Automations are versioned (this one is v2), and you can restore a previous version of an automation if necessary.
Create a new automation
A user with the Super Admin role in ConductorOne must complete this task.
Navigate to Admin > Automations and click New automation.
Give your automation a name and add a description, if desired.
Click Set automation trigger and choose the event that will trigger this automation. Refer to the [automation triggers reference] below for details on the available triggers.
Set the Automation toggle to On if you want to start triggering the automation when the event you’ve selected occurs as soon as the automation is published. You can also leave the toggle off for now, if desired.
Automations in their draft state do not run automatically, even if this toggle is enabled.
Click Add step and select the first step for the automation. Refer to the [automation steps reference] below for details on the available automation steps.
Fill out the automation step form and click Save.
Click + Add step again and repeat the process to add additional steps, as needed.
If you need to reorder the automation steps, hover over the step and use the arrow keys.
To delete a step entirely, hover over the step and click the trash can icon.
To test your automation, click Run draft at the top of the page.
You’ll be asked to provide context for the test run, and will see a panel showing the details of the execution as it proceeds.
When you’re ready, click Publish to put the automation into use.
Make sure to check on the status of the automation trigger, and turn it to On if you want to start triggering the automation when the event you’ve selected occurs.
That’s it! The automation is now ready for use. To see all executions of this automation, click the … (more actions) menu and select Show execution history.
Fine-tuning your automation
On the Advanced tab of each automation step’s setup drawer, you can add a CEL expression that instructs the automation to skip the step if a condition is met. This section also displays the step’s Step ID, which is used to reference the current step’s output in later steps.
On the Available data tab, you’ll find data gathered from previous steps in the automations, which can be used to write CEL expressions to refine or define conditions in later steps.
Editing an automation
When first published, new automations are marked v1. If you make edits to the automation, it will create a new draft version of the automation, which you can test and publish (as v2) when you’re ready.
To see all versions of the automation, click the … (more actions) menu and select Show version history. You can restore a different version of the automation from this list.
Automation triggers reference
Each automation can be triggered by an event such as the creation of a new application account or a change in a user or account’s status. Alternatively, you can skip adding an automation trigger and instead run the automation manually.
| Trigger | Requires | Example |
|---|---|---|
| User updated | User attribute (Optional) Conditional expression | Trigger on a change to a user’s employment status |
| Account created | App name (Optional) Conditional expression | Trigger on the creation of a new GitHub account |
| Account updated | App name Account attribute (Optional) Conditional expression | Trigger on a change to the email address associated with an Okta account |
| Unused access | App name Days since last login (Optional) Type of account (Optional) Whether to include accounts with no login activity (Optional) Conditions for inclusion/exclusion Cold start behavior (see below) | Trigger when a user has not logged into GitHub for 45 days |
| User created | (Optional) Conditional expression | Trigger when a new user is created |
Automation steps reference
An automation needs at least one step, and can have as many steps as you need. You can reorder steps if needed by using the arrow controls.
| Step | Requires | Example |
|---|---|---|
| Send email | Recipient Email title Email subject Email message | Send an email to three IT admins |
| Wait for duration | Time to wait before proceeding | Wait 30 minutes |
| Create campaign | Access review template User whose access will be reviewed | Create a new UAR campaign to review a departed user’s access |
| Revoke entitlements | Target user Entitlements to revoke | Create a revoke task for AWS prod access |
| Modify delegate | Target user | Remove this user as a delegate |
| Remove access profiles | Target user Access profiles to unenroll from (or check the box to unenroll from all) | Unenroll the user from three key access profiles |
| Modify user status | Target user New user status | Change a user’s status to Disabled in ConductorOne |
| Run automation | Automation name (Optional) Context in JSON format | Trigger a run of the Secondary Offboarding Tasks automation |
| Perform task action | Action to take on tasks User to reassign tasks to, if relevant Subject user | Assign all the user’s open tasks to the head of Security |
| Run webhook | Webhook name Payload | Trigger a webhook that creates a ticket to deprovision Figma access |
| Perform connector action (see below) | Connector name Action name Additional fields as determined by the connector action’s format | Lock an Active Directory account |
| Create account (see below) | Connector name Creation method Additional values, depending on method | Create a new Greenhouse account |
Connector actions are custom capabilities set up on a connector. Let our Customer Success team know if you’re interested in learning more or need help setting up a connector action.
Account creation with the Custom user creation method uses the same connector-specific schema described in the automatic account provisioning documentation. If you select the From ConductorOne user creation method, ConductorOne will attempt to use the information it has about the user to create the new account.