Announcing Identity Lifecycle Management

ConductorOne docs

Get started with user access reviews

This quick start guide will get you quickly up and running on access reviews.

In this guide, we’ll demonstrate how to run an access review … of ConductorOne! You don’t need to have any applications connected to ConductorOne for this demo. We’ll run a review of everyone with the Super Administrator role in ConductorOne.

Before you begin

To complete this guide, you’ll need:

  • ConductorOne Super Administrator or Campaign Administrator role

Estimated time: 10 minutes

Step 1: Create a campaign

First, we’ll set up the campaign we’ll use to run our access reviews.

  1. In the navigation panel, click Campaigns.

  2. Click New campaign and fill out the form as follows:

    • Campaign name: “C1 Super Admin UAR”
    • Description: Leave this blank
    • Campaign type: Single instance
    • Target completion date: Use the auto-selected date
    • Owner: Use the auto-selected user, that’s you!
    • Review policy: Choose App Owner Review
  3. Click Continue.

Step 2: Scope the campaign

We now need to set the scope of the campaign. We’re going to scope this campaign to reviewing anyone who has Super Administrator access to the ConductorOne console.

  1. On the Scope tab of the campaign, find the Apps and Resources section of the page and click Edit.

  2. Click Review specific resources.

  3. Search for the term “super” and find the Super Administrator role listed for the ConductorOne application.

  4. Select the Super Administrator role and click Save.

Step 3: Prepare & start the campaign

Before a campaign can be started, it must be prepared. Preparing a campaign takes a snapshot of current grants and populates the campaign with the corresponding access reviews.

  1. Click Prepare campaign.

    We now have our access reviews prepared for the campaign. Because we selected App Owner Review as the policy for this campaign, when the campaign begins these reviews will be assigned to the application owner of the ConductorOne application.

  2. When you’re ready, click Start campaign and decide whether to send out campaign notifications.

    If you check Yes, send out notifications when starting the campaign, reviewers will be notified by email (and Slack, if enabled) that a new campaign is underway and they have reviews to complete.

  3. Click Start campaign.

Your campaign is underway!

Step 4: Manage the campaign

ConductorOne provides a deep bench of tools for managing the successful completion of user access reviews in a timely fashion. These include:

  • Sending reminders
  • Canceling reviews
  • Reassigning reviews
  • Restarting reviews
  • Revoking or changing access if not certified

These tools are available from the campaign management screen.

Step 5: End the campaign

Once the reviews are in, end the campaign. If any access reviews are incomplete when the campaign ends, you’ll be asked what you want to do:

  • Skip: these reviews will be skipped, meaning no decision was recorded
  • Revoke: these reviews are marked with a revoke decision

Step 6: Generate audit reports

At any point during or after the campaign, generate an auditor-ready campaign report on the Reports tab.

Success!

By following these steps, you’ve completed a successful certification campaign using ConductorOne … for ConductorOne!