Manage application accounts
Key terms: accounts, account owners, and users
A user is a ConductorOne account, created when your company’s directory apps were integrated with ConductorOne during the setup process. A user is associated with a specific individual human who can request and review access. The user’s email address is the unique identifier ConductorOne uses to match a single human with their many accounts across various applications.
An account is an individual’s account in an application integrated with ConductorOne. When the application is set up in ConductorOne, data about the application’s accounts is pulled in and listed on the application’s Accounts tab.
An account owner is the user who is associated with the account. ConductorOne attempts to automatically match accounts and users by looking for common email addresses. If this isn’t possible, you can set account owners manually, or map them with the aid of a spreadsheet or CSV upload.
The Accounts tab
An application’s Accounts tab shows you a list of all the accounts inside the application, the status of each account, its type (user or service account), the account owner, and the date when the account was last logged into (if usage data is available for the app).
Set which data to use for account mappings
ConductorOne attempts to automatically pair an app account with the account owner by matching key data. By default, ConductorOne uses the user’s email address as the key data point, but you can set the app to also read first and last names if email addresses aren’t available or sufficient in a certain app.
In the navigation panel, open Apps and click Applications.
Click an application’s name, then click its Accounts tab.
In the upper right corner of the page, click the … (more actions) menu and select Account mapping settings.
Select the type of mapping you want to use:
Narrow: (Default) Accounts are mapped using email addresses.
Broad Accounts are first mapped using email addresses, but if these cannot be found or matched, accounts are then mapped using the user’s first and last name.
Click Save. ConductorOne will immediately begin re-mapping the app’s accounts.
Manually set an account owner
If automatic matching can’t be performed, or if an account owner is set incorrectly, you can manually update it.
In the navigation panel, open Apps and click Applications.
Click an application’s name, then click its Accounts tab.
Find the account that needs an account owner in the list and click its … (more actions) menu.
Select Set account owner.
Choose the correct ConductoOne user from the dropdown and click Set account owner.
The account owner is now set. If you realize you made an error, choose Reset account owner from the … (more actions) menu to return the account owner to ConductorOne’s automatic pairing. If you want to remove an account owner from an account entirely, choose Clear account owner.
Designate service and system accounts
Accounts are set to User by default. Use the Account type control to designate service accounts and system accounts, which can then be included in or excluded from your access review campaigns as needed.
In the navigation panel, open Apps and click Applications.
Click an application’s name, then click its Accounts tab.
Find the account that you want to designate as a service account or system account in the list and click its … (more actions) menu.
Select Set account type.
Choose Service account or System account and click Update account type.
The updated account type is now shown in the Account type column.
The account details page
Click any account name on the Accounts tab to view that account’s details page. On this page you’ll find a list of the entitlements in this application that this account has access to, as well as the account’s user profile attributes and user details.
