ConductorOne Docs

Create applications

Applications mirror the many tools and services your company uses. Applications provide visibility and management of accounts, entitlements, and permissions.

Application types

There are three types of applications in ConductorOne:

  1. Applications created via integration with an identity provider (IdP). When ConductorOne is integrated with IdPs such as Okta, which are in turn integrated with third-party tools, those integrations are passed through the IdP to ConductorOne, creating applications of this type.

    The integration is shown in the IdP section of the Data sources area on the application’s details page.

    A screenshot of a DocuSign SCIM application's Details page in ConductorOne with the IdP and Connectors areas highlighted.

    See Add connectors to applications created by an IdP integration for more on setting up this type of application.

  2. Applications created by individual integrations. These applications are created when ConductorOne is integrated directly with another piece of software. You’ll integrate with your IdP this way.

    The integration is shown in the Connectors section of the Data sources area on the application’s details page.

    A screenshot of an Asana application's Details page in ConductorOne with the Connectors area highlighted.

    See Create applications from integrations for more on setting up this type of application.

  3. Custom applications. These applications are built inside ConductorOne and used to manage the access and permissions for the tools that your company hosts or has built in-house, as well as tools that aren’t yet part of our growing list of integrations.

    The source of the application’s data is shown in the File imports section of the Data sources area on the application’s details page.

    A screenshot of a Merchant Portals application's Details page in ConductorOne with the File Imports area highlighted.

    See Create a custom application for more on setting up this type of application.

πŸ“‹ Your application-creation workflow

When setting up applications for your new ConductorOne instance, follow this order of operations:

  1. Integrate your identity provider (IdP). This creates the IdP app in ConductorOne, and also automatically creates apps for all the SCIMed software that you use your IdP to SSO into.

  2. Add connectors or file uploads between the auto-created SCIMed apps and the software, so that the software’s usage data is pulled into the app.

  3. Create new applications for any software your company uses that isn’t SCIMed. These might use integrations, or might be custom applications that use a file upload or a data source to pull in usage data.

Add connectors to applications created by an IdP integration

When you integrate with an identity provider (IdP) that your company uses to SSO into lots of other software, ConductorOne automatically creates applications for each one (these are your SCIMed apps). This is done so that you can review and track your employees’ ability to SSO into that software via the IdP.

However, it’s important to understand that in these auto-created apps, the only resource pulled in is the ability to SSO into the app.

To get the full picture of the usage data for that app, you need to set up an integration, adding the connector to the existing app when prompted, rather than creating a new one. If no integration for the software is available, you can upload the usage data or build a custom connector.

Create new applications from integrations

ConductorOne integrations use a connector to pull account and usage data from a software instance into ConductorOne. This lets you do things like review access, approve new access requests, and (in cases where the integration connector also supports provisioning) create new accounts.

πŸ’‘ Visit the Integrations library to see a list of all available integrations.

When you set up a new integration, ConductorOne asks if you want to create a new application, or to add the data stream you’re integrating to an existing application. This lets you design how you want to group and configure the access data you’re pulling in.

When to add multiple connectors to one application

In most cases, you’ll have one integration hooked up to one application. But it’s not uncommon to need or want to have multiple data sources feeding into one application in ConductorOne.

Here’s an example. Let’s say your company uses an expenses-tracking app called PayDough, and ConductorOne offers a PayDough integration. The company uses one PayDough instance for the executive team, and a different PayDough instance for the sales team. But in ConductorOne you’ll want to run access reviews on all the PayDough access for both instances.

In this case, you’d set up your PayDough integration using two connectors, one pulling the exec team’s usage data, and the other pulling the sales team’ usage data. BOTH connectors will pull that data into a single PayDough application in ConductorOne, so you can review and manage all the PayDough usage in one place.

Create custom applications

You also have the option to create a new application without setting up an integration. This type of application is useful when you want to pull data into ConductorOne with a spreadsheet or CSV file, or through regular uploads from an S3 bucket.

Create custom applications to manage access and permissions for on-prem, home-grown, and other tools that aren’t directly integrated with ConductorOne.

  1. In the navigation panel, open Manage and click Applications.

  2. Click Create application.

  3. Enter a name and description for the new application.

  4. In the Owners field, select one or more users who will be responsible for the application.

  5. Click Create application.

To upload identity and entitlement data to the new application, see the instructions in Import app data from an S3 bucket.