Shine a light on shadow apps

ConductorOne Docs

ConductorOne release notes

Here are the latest new features, enhancements, and resolved issues for ConductorOne.

March 22, 2024

Shadow apps. Our newest feature helps IT and security teams to see, understand, and manage shadow applications. On the new Shadow apps page, you can see the apps that employees have logged into using their corporate email addresses, bring key shadow apps under management with ConductorOne, and ignore the shadow apps that aren’t of concern. Go to Detect and manage shadow apps to learn more and get started.

Linked entitlements. To make it easier to manage, request, and review SCIMed access, we’re pleased to introduce the Linked entitlements tab on each application’s page. On this tab you’ll find a list of the entitlements currently linked from the IdP. You can link these to existing entitlements in the SCIMed application, or create new roles in the SCIMed app that represent the IdP permissions.

New integrations. This week we added Torq, Celigo, and Verkada to our integrations library. These integrations are currently in early access as we fine-tune their details and gather feedback. Let us know if you’re keen to get started with one or all of these new integrations and we’ll get you set up!

✨ Copilot insights and recommendations are generally available. We’re pleased to announce that Copilot insights are now generally available. Our thanks to everyone who provided their feedback and input as we developed this new feature.

Usability improvements

  • When you’re asked to leave a reason for your action on a request or review task, you’ll now find a curated selection of pre-written reasons that you can select, edit as needed, and submit.

    The confirmation modal on a revocation task showing multiple pre-written comments, with one selected and lightly edited.
  • You can now choose whether to map app accounts to account owners by using emails alone, or by using both emails and first and last names if emails aren’t available or sufficient. To learn more, go to Set which data to use for account mappings.

Fixed!

  • The Google Workspace v2 integration now properly sets user status.

  • The Pagerduty integration now correctly syncs teams.

  • The reviews actions menu now correctly offers Remove as an action, rather than Revoke.

  • Entitlement names pulled from v2 and other recently introduced integrations can now be edited.

March 15, 2024

Take action on multiple tasks at once. We’re pleased to introduce the ability to select and act on multiple tasks at once. You’ll find this feature on the Tasks page, a campaign’s Tasks tab, and on your Assignments pages. You can now select multiple tasks, then choose an action to take on the selected tasks from the menu. You’ll be prompted to add a comment, which will be added to the record of each selected task.

A list of open access request tasks, with all the tasks selected and the actions menu open to show the available options, including Approve and Deny.

New integration. We’ve released Google Workspace v2, a new version of the Google Workspace integration. This new integrations is in early access, so get in touch if you’re excited to use it.

Usability improvements

  • Long entitlement slugs are now truncated, with the full value shown when you hover over the slug.

  • When an entitlement that is part of an entitlement binding is deleted, it now shows a Deleted label on the bindings page.

  • The GitHub integration now supports provisioning for nested teams.

Fixed!

  • We’ve ensured that entitlements, resources, and apps with deactivated users are counted correctly in the digest email.

  • Applications with deleted owners are now included on the list of applications on the Applications page.

  • We repaired an issue impacting the file upload process.

March 8, 2024

New integration. Good news, Slack Enterprise Grid users! We’ve added a Slack Enterprise Grid integration to our library. Check out the docs to get started with this integration.

Usability improvements

  • The entitlement’s slug is now included as part of the entitlement name in the ConductorOne Slack app, both on the request access form and in the notifications about an access request.

    An entitlement showing its slug, and the same slug shown printed at the end of the entitlement name in the request access from in the C1 Slack app.
  • When requesting new access through the ConductorOne Slack app, you can now enter a custom timeframe.

  • The status of deleted and disabled Confluence accounts is now shown in ConductorOne.

Fixed!

  • We fixed a bug that was causing a conditional policy to sometimes process identical tickets differently in different campaigns.

  • A Jira integration bug related to listing groups is now fixed.

March 1, 2024

Updated navigation panel. We’re welcoming March by freshening ConductorOne’s navigation panel with a new color treatment and a top navigation bar.

Usability improvements

  • When selecting how long new access is needed for on the Request access or Browse access pages, you now have the option to enter a custom timeframe. If the timeframe you enter is longer than the max grant duration allowed, ConductorOne shows information about the limit to help you choose an approved timeframe.

  • On each user’s details page, you’ll now find an Accounts tab with a list of all the application accounts associated with the user.

  • You can now filter the list of entitlements in a request catalog by application.

  • Information about an application’s sources of access data is now shown on the Data sources tab on the application’s details page.

  • The colors assigned to user status indicators are now used consistently across ConductorOne: active is always green, deleted is always red.

  • You can now pass a SCIM endpoint and access token to the AWS integration to enable pulling user statuses from AWS.

  • Bitbucket users now have the option to integrate individual Bitbucket workspaces with ConductorOne.

Fixed!

  • We’ve repaired an issue that was causing some users to receive digest emails with blank sections.

February 23, 2024

Updated integrations. Five integrations are now generally available: New Relic, Xero, Hubspot, Segment, and SentinelOne. Check out the documentation to get started with these integrations, and let us know what else you’d like to see added to the integration library!

Usability improvements

  • We’ve added a new Age filter to the Tasks page, which lets you quickly view tasks that are more than seven, 14, or 30 days old.

  • A new Deactivated user issues section in the digest email alerts ConductorOne admins to any apps, resources, or entitlements currently owned by deactivated users.

  • A query for resources with a deactivated owner is now available on the Access explorer page.

  • If an error occurs on a task, you’ll now see an indicator on the task’s Audit log tab, a red highlight drawing your attention to the error, and more context about the error itself. Note that this change only applies to newly created tasks.

    A task's audit log tab showing the new error icon on the tab, the red error indicator next to the log entry, and the expanded log entry.
  • The My work section of the navigation panel is now named Assignments. And the My access section is now named App directory.

Fixed!

  • We’ve fixed a bug in the Snipe-IT integration that was causing 500 errors.

February 16, 2024

Usability improvements

  • The AWS v2 integration now supports provisioning IAM users to IAM groups.

  • To save time on each sync, the Okta integration no longer syncs role assignments for deprovisioned and suspended Okta accounts.

  • The name of the ConductorOne page you’re viewing is now shown in the browser tab.

  • To prevent accidentally losing in-progress configuration work, we now ask you to confirm that you want to exit without saving your changes.

Fixed!

  • Inactive Bitbucket users are no longer incorrectly reported as active.

  • When you make multiple access requests on behalf of someone else by clicking Make another request, each request for access is made for the selected user, not for you.

  • We’ve repaired an issue impacting how conditional review policies treated app accounts without an associated ConductorOne user.

  • If a reassigned task is not assigned to any active user, ConductorOne now falls back to assigning it to the system owner or system owners on record.

February 9, 2024

New features now generally available. We’re happy to announce that access explorer and the security dashboard are now generally available! Users with the Super Admin role in ConductorOne will see a new Security tab on their dashboard. Get started with access explorer by clicking Explore in the navigation panel.

Usability improvements

  • The campaign creation loading screens that previously asked you to “Hang tight!” now show the count of the reviews being created and an estimate of the time remaining. You’re still welcome to hang tight while your campaign is being created, or you can safely click away from the page to complete other work.

  • In the Slack app, the name of the requested entitlement is now shown in the summary of an access request.

  • The user’s employment status is now included in the Copilot insights shown on task summary screens.

Fixed!

  • Clicking View all on a security dashboard card now correctly directs you to the corresponding query on the Access explorer page.

February 2, 2024

Access graph. We’re delighted to introduce a new visualization tool that helps you explore current access paths and patterns for your users, applications, and resources. This new feature is in early access while we gather feedback and fine-tune its details. Let us know if you’re eager to give it a try!

Access explorer. Get answers to complex identity and access-related questions with just a few clicks. Choose from a list of powerful queries and quickly zoom in on the apps, users, and accounts that matter most. Go to Query access data to gain insight to see a full list of available queries, and let us know what else you’d like to see in this early access feature!

Security dashboard. The new Security tab on the ConductorOne dashboard provides a quick overview of key access risks such as orphaned accounts, inactive accounts, high-risk role grants, and standing privileges. Click any item or card displayed on the security dashboard to learn more. The security dashboard is also in early access, so let us know if you’re ready to take it for a spin.

Updated integrations. Three integrations are now generally available: Snipe-IT, Fastly, and GitHub Enterprise. Check out the documentation to get started with these integrations today.

Usability improvements

  • Updated search and filter options are now shown at the top of the Accounts tab on each application’s page.

  • Timestamps have been added to the dates shown on each task’s details page.

  • The Mark errored option on provisioning and deprovisioning tasks has been renamed Won’t provision/deprovision or Won’t do to better reflect common workflows.

  • The ConductorOne Slack app now displays an error if you already have an open request for the access that you’re currently trying to request.

  • When you click an entitlement’s name on a task’s details page, you’ll now find links to the entitlement, resource, and application details pages.

  • The Cloudflare Zero Trust integration now accepts two authentication methods. These options are explained in greater detail in the Cloudflare Zero Trust integration documentation, and on the corresponding fields on the integration setup page.

Fixed!

  • We’ve fixed a bug in the Broadcom SAC integration that was preventing identity providers from being listed correctly, and a bug in the Snipe-IT integration related to mapping.

  • The status filter on the Users page has been updated to reflect the current user status options.

  • The Reload button that appears if the content of an access review campaign changes during the campaign-building process now reloads the page as expected.

  • When creating a new policy, the Create button is now disabled after it is clicked once, removing the possibility of accidentally creating duplicate policies.

January 26, 2024

Usability improvements

  • The Cloudflare Zero Trust integration has been updated, and now supports automatic provisioning of users to groups.

  • The resource and entitlement counts shown on the tabs on an application’s page now update automatically after a new sync, removing the need to manually refresh the page.

  • When requesting an extension of expiring access through the Slack app, you’ll now see a dropdown and a prompt to select the length of the new access.

  • An App owner column now appears on the Applications page.

Fixed!

  • A Slack notification stating (incorrectly) that access has been granted is no longer sent if the assigned provisioner selects the Mark errored option on the provisioning task.

January 19, 2024

Usability improvements

  • Each audit log entry now shows a timestamp in addition to the date.

  • We polished up the Set data value mappings drawer, adding updated icons and generally improving the visual appearance.

Fixed!

  • The information on the Open and Completed tabs on the Open requests page now loads correctly when the page is refreshed.

January 12, 2024

Customize your session length. By default, ConductorOne sessions time out after 20 hours. You can now customize the session length to suit your organization’s needs and security policies. Go to Configure session length to learn more.

New integration. This week Xero joined our integrations library. This integration is currently in early access as we fine-tune its details and gather feedback. Let us know if you’re eager to get started with Xero and we’ll get you set up!

Usability improvements

  • The user’s employment status and any applicable compliance frameworks are now included in the list of Copilot insights.

Fixed!

  • We’ve fixed the mismatch sometimes seen between the task summary count in the navigation panel and the actual number of open tasks.

January 5, 2024

New integration. We’ve added Snipe-IT to the integrations library. This integration is currently in early access as we fine-tune its details and gather feedback. If you’re ready to set up your Snipe-IT integration, let us know!

Usability improvements

  • The GitHub Enterprise integration has been updated, and now supports automatic provisioning of repo permissions.

  • Clicking your username at the bottom of the navigation panel now opens the user menu. Use the user menu to log out of ConductorOne, navigate to your personal API keys page, or jump to your own user details page.

  • Previously, if a user’s username or manager was not known, the Username or Manager fields on the user details page were omitted entirely. These fields are now shown with a “None found” message.

  • The list of Copilot insights on task details pages are now sorted by severity.

Fixed!

  • Entitlement slugs are now shown even on entitlement names that are long enough to require truncation.

  • When a user requests access for a limited time, the time limit is now shown correctly on the request task.

December 22, 2023

✨ Copilot insights and recommendations on access requests. To help approvers make faster and better-informed decisions about granting new access, ConductorOne Access Copilot now flags key insights about access being requested and makes recommendations on how to proceed. This new feature is in early access while we gather feedback and fine-tune its details. Let us know if you’re eager to give it a try!

Conditional policies. We’re pleased to announce that conditional policies are now generally available. Conditional policies allow you to define a single policy that applies different instructions based on the user’s role, department, job type, or other relevant criteria. Check out the policy documentation to learn more. Many thanks to everyone who provided their feedback and input as we developed this new feature!

Usability improvements

  • Managers can now request new access for the members of their team through the ConductorOne Slack app.

  • When an error occurs during provisioning, more context about the error is now shown in the task’s audit log.

  • When creating a policy, an error state is now shown on the User field if a user is not selected.

  • You can now see a summary of the insights flagged by Copilot by hovering over the insights indicator in the campaign task list view.

December 15, 2023

New dashboard. We’ve spruced up the ConductorOne dashboard, making it more helpful and comprehensive. Your dashboard now summarizes and links out to all your reviews, requests, approvals, and campaigns.

The updated user dashboard showing open campaigns, review tasks, and request tasks.

New integrations. Microsoft 365 and New Relic joined our integrations library this week. These new integrations are in early access while we fine-tune their details and gather feedback. Let us know if you’re eager to add one or both to your Integrations page.

Updated integrations. We’re happy to announce four integrations are now generally available: Broadcom SAC, CrowdStrike, ServiceNow, and Cortex XSOAR. Check out the documentation to get started with these integrations, and let us know what else you’d like to see added to the integration library!

Usability improvements

  • We revised and streamlined the sections of the navigation panel used by ConductorOne users with admin-level user roles.

  • Entitlement descriptions that have been edited in ConductorOne are now shown when requesting or approving access in the Slack app. If an entitlement’s description has not been edited but its resource description has been, the resource description is shown.

Fixed!

  • The audit log no longer records multiple redundant messages while waiting for an integration sync to complete and confirm that a new user account has been provisioned.

  • Once an access request is submitted, the application selection field now resets correctly so you can start another request.

December 8, 2023

✨ Copilot insights and recommendations. ConductorOne Access Copilot is here to help you and your team make faster, better-informed decisions when completing access reviews. Copilot flags key insights about the access under review and makes recommendations on how to proceed.

A review task's details screen showing a Copilot flag on an insight and a recommendation to remove the access.

This new feature is in early access while we gather feedback and fine-tune its details. If you’re ready to try it out, let us know!

New integrations. This week we’re welcoming Hubspot, SentinelOne, and Segment to the integrations library. We’ve also released AWS v2, a new version of the AWS integration that includes provisioning support. These new integrations are in early access, so get in touch if you’re ready to take one or more for a spin!

Usability improvements

  • The Bitbucket integration has been updated to support group provisioning, and to use an app password rather than an OAuth consumer for integration configuration.

  • We’ve streamlined the process of signing up for ConductorOne with Okta by adding a direct link to the ConductorOne Okta application on the signup screen.

  • When an automatic action is triggered by a match on a conditional policy rule, the matching rule and the automatic action are now shown on the task’s details page and in its audit log.

Fixed!

  • You can now successfully search for an entitlement when setting up delegated provisioning on an app’s Access controls tab.

  • Due to a difference in how accounts and grants were counted, you might have seen a phrase like “9 out of 7 accounts have this access” on a task details page. We’ve fixed this by bringing the counting methods into alignment.

December 1, 2023

Spotlight search. At the top of the nav bar you’ll now find a platform-wide search tool. Use spotlight search to quickly locate a specific user, entitlement, application, or campaign. Jump to frequently accessed pages and forms using the quick actions. Your recent searches are saved for future reference.

New integrations. Fastly and GitHub Enterprise are the newest members of our integrations library. These new integrations are in early access while we gather feedback and fine-tune their details. If you’re ready to get started with Fastly or GitHub Enterprise, let us know!

Usability improvements

  • Applications that are set as user directories in ConductorOne are now designated with a directory chip in the list of applications. To help you quickly find these special apps, we’ve also added a Show only directories filter to the Applications page.

  • If a max grant duration isn’t set for an entitlement, the grant duration selection prompt and dropdown are not shown when requesting access to the entitlement.

  • Custom entitlement descriptions are now shown on the Browse access page.

  • We’ve standardized on a Month, day year date format throughout ConductorOne.

  • The Slack connector now syncs each user’s status_text and status_emoji attributes. You can set these as custom user attributes and use this data when writing conditional policy rules.

Fixed!

  • Entitlement bindings are no longer accidentally removed when you click Save without making changes to the delegated provisioning setting.

  • On the Campaigns page, campaign progress bars are now shown on in-progress campaigns, rather than completed campaigns.

  • You can now successfully search for and select an entitlement when setting up a manual binding.

November 17, 2023

Conditional policies. Conditional policies allow you to define a single policy that applies different instructions based on the user’s role, department, job type, or other relevant criteria. This granular control streamlines access management by automating routine tasks and directing complex decisions to the appropriate individuals. Check out the policy documentation to learn more. This new feature is in early access while we gather feedback and fine-tune its details. If you’re ready to try it out, let us know!

Usability improvements

  • The PagerDuty integration now syncs schedules and roles.

  • We no longer display pagination controls for single-page lists.

  • Your eyes do not deceive you: to improve legibility we’ve updated the nav panel to a cool indigo.

Fixed!

  • We fixed an error that was causing a failure when the AWS integration attempted to sync users.

  • Entitlement bindings are no longer accidentally removed when you edit request catalogs on an app’s Access requests tab.

  • The OpsGenie integration no longer adds every active OpsGenie account to every team.

November 10, 2023

Bindings automatically created or removed when configuring delegated provisioning. When you configure delegated provisioning for an individual entitlement on that entitlement’s details page, we now automatically create the binding between the two entitlements for you. You’ll see the proposed change to the entitlement’s bindings whenever you make a change to delegated provisioning, both when the change is automatically creating a new binding for you, and when a binding will be removed if you change the provisioning strategy from delegated to manual or connector-based.

Usability improvements

  • We’ve improved the readability of many error messages, making them more useful for troubleshooting.

Fixed!

  • Spaces are no longer missing between the catalog names in the list of request catalogs on the entitlement details page.

November 3, 2023

Usability improvements

  • We’ve added an expiring access section to the ConductorOne Slack app. You can now see how long is left on your access grants that have a limited duration, and request an extension if one is needed.

  • We’ve also improved how the Slack app reports the time remaining in campaigns. Instead of rounding down to the nearest week, Slack now shows the number of remaining weeks and days.

  • To provide visibility and support troubleshooting, we’ve clarified the provisioning error messages included in task audit logs.

Fixed!

  • When you click a Slack notification to complete your campaign tasks, you’re now directed to your reviews homepage instead of an unstructured list of campaign tasks.

October 27, 2023

Usability improvements

  • The Approvals column in access review campaign reports now shows the reviewer’s name and the date and time of the review decision for denials as well as approvals.

Fixed!

  • Previously, when users were removed from an entitlement bound to an app access entitlement, the impacted users were shown as deleted on the Grants tab of the access entitlement. This has been fixed, and in this situation users are now automatically removed from the Grants tab of the access entitlement.

  • The sandbox.lightning.force.com domain is now accepted when setting up a Salesforce connector.

  • When editing the Application Owners field on an app, the dropdown no longer overflows into neighboring fields.

  • You no longer get a mail: no address error when you try to assign a user delegate.

  • The Slack workspace integration has been updated to support Slack’s API rate limits.

October 20, 2023

Usability improvements

  • When you delete an application from ConductorOne, that app’s entitlements now display a Deleted badge and a zero grants count in any catalog that they are included in.

  • We’ve added entitlement slugs to entitlements pulled in by the AWS integration.

Fixed!

  • On access review campaigns using the By app view, the summary page now shows accurate task completion counts, and the progress bars reflect correct task completion percentages.

October 13, 2023

Usability improvements

  • Custom user attributes associated with a user account are now shown on the user’s details page.

  • We adjusted the spacing on the modal used to start an access review campaign to reduce the risk of accidentally enabling or disabling campaign notifications.

  • The results of cone search queries are now delivered more quickly.

Fixed!

  • We’ve fixed a validation timeout issue in the Bitbucket integration that was causing a context deadline exceeded error.

  • The ConductorOne Slack application no longer loads indefinitely if a user cannot be found.

October 6, 2023

Configure how an application’s entitlements are requested and provisioned. We’ve introduced a new Access controls tab on each application’s details page. This tab makes the process of configuring access requests more efficient while increasing your visibility into the app’s current access control configuration. Use the Access controls tab to make changes to how individual entitlements are requested and provisioned, and refer to the tab for a summary of the configuration of all entitlements on the app. Check out Configure access requests to learn more.

Usability improvements

  • The ConductorOne Slack app now includes an Approval Reason field on access request notifications. If the request policy in effect requires a reason but one is not provided, Slack asks the reviewer to enter a reason and resubmit their decision. If a reason is not required by the policy, the Approval Reason field is optional.

  • To make better use of the available space, we’ve removed the Due column from the table of access reviews organized by application. The campaign due date is still shown at the top of the page.

Fixed!

  • We repaired an issue with how the Coupa integration syncs users, which had resulted in some users being incorrectly shown as deleted during access reviews.

  • A user can now successfully request an entitlement that is provisioned by a JumpCloud group even when the user is already a member of the group.

September 29, 2023

Usability improvements

  • When requesting access through the Slack app, the list of entitlement names now includes more information to help you find the entitlement you need.

  • The JumpCloud integration now creates a JumpCloud Administration application in ConductorOne, and assigns all JumpCloud administrators in your organization to that app.

  • When requesting access on the Request access page or in the Slack app for a ConductorOne user who has multiple accounts in the selected application, you are now asked to select which account needs access.

  • If access is granted indefinitely, the email notification of new access no longer includes information about the length of the grant’s duration.

Fixed!

  • When access is granted for a limited time, the amount of time remaining for the grant is now shown correctly in email and Slack notifications.

September 22, 2023

Usability improvements

  • When requesting access on the Browse access page for a ConductorOne user who has multiple accounts in the selected application, you are now asked to select which account needs access.

  • A new SSO configuration section is now shown on the Settings page. When SSO is enabled for your ConductorOne tenant, the SSO provider in use is shown here.

  • Because Salesforce users can include a company’s customers, the Salesforce integration no longer syncs several non-employee user types.

Fixed!

  • You can now successfully send the assigned user a reminder to complete an open revocation task.

  • An error message is no longer displayed while a request catalog is loading.

  • Only the user for whom new access is requested, or that user’s manager, can escalate an open access request task to emergency access.

  • The counts of open tasks shown in the My work section of the navigation panel are now more accurate.

September 15, 2023

New integration. Splunk is the newest addition to our integrations library. Check out the documentation to learn more about this special integration.

Usability improvements

  • Whenever reassignment of a task is allowed by the task’s governing policy, a Reassign button is now shown on both the task’s summary in the table of tasks assigned to you, and on the task’s details page.

  • If an uploaded file does not contain any data, it is not accepted by the connector, and a single error is printed to the connector log.

Fixed!

  • CrowdStrike app accounts now display the correct account status.

September 8, 2023

New integrations. Joining the integrations library this week are Broadcom SAC and Cortex XSOAR. These new integrations are in early access while we gather feedback and fine-tune their details. If you’re keen to try them out, let us know!

Reset campaign policies. If during the process of building an access review campaign you’ve made changes to the policies to be applied to entitlements in the campaign, you can now use the Reset policies control on the campaign scoping tab to reset the policies to their defaults. Resetting recreates all campaign selections so that each uses the policy inherited from (in order of precedence) the entitlement’s configuration, the application’s configuration, or the campaign’s configuration.

A campaign in draft mode, with the more actions menu next to the edit resource selections button open to show the reset policies option.

Usability improvements

  • The campaign reports page now has clearer status labels and click-to-copy file hashes.

  • We’ve added a select-all checkbox control to the Edit campaign entries modal.

Fixed!

  • We fixed a bug that was preventing the generation of some campaign reports.

  • Requests for new access made on behalf of another user now correctly show the user’s name in request notification emails instead of the requester’s name.

  • When you search for an application by name on the Browse access page, rerequestable entitlements that do not match your search string are no longer hidden from view.

September 1, 2023

New integrations. This week we’re welcoming LDAP, ServiceNow, and CrowdStrike to our integrations library. If you’re ready to get started with one or more of these integrations, let us know. We’ll be happy to help get you set up!

Access request user roles. To support teams administering access requests in ConductorOne, we’ve launched Access Request Helpdesk and Access Request Administrator user roles. Any user assigned one of these roles can create an access request ticket on behalf of any other user. Access Request Administrators can also create and manage request catalogs. Go to Assign user roles to learn more.

Usability improvements

  • You are no longer required to retype the name of a user whose access is being fully revoked.

  • We’ve added loading animations and more helpful messaging to the Browse access page.

Fixed!

  • Previously, the list of entitlements shown in a dropdown or search result in the web app was limited to 100 entries. We’ve removed that limit, and you’ll now see the full list of available or matching entitlements.

  • The Last Modified date and time for a file uploaded from a datasource is now shown correctly.

August 25, 2023

Updated integrations. We’re pleased to announce the general availability of our Jamf, Bitbucket, Box, PagerDuty, Zoom, and Tableau integrations. Check out each integration’s documentation to get started.

Usability improvements

  • Previously, we applied initial casing to all resource names. In response to user feedback, each resource name is now displayed exactly as it appears in its source application.

  • You can now sort your list of campaigns by name, description, or target completion date.

  • Users with the Super Admin role in ConductorOne can now revoke any account’s access to an entitlement.

Fixed!

  • Google Workspace accounts with an Archived status are now assigned Disabled status in ConductorOne.

August 18, 2023

Docs site refresh. As you’ve probably noticed, we gave the docs site a little aesthetic upgrade this week by consolidating fonts, dialing back our use of color, and lightening font weights. We think the result feels cleaner and lighter, and we hope you like it too!

Fixed!

  • The Request Emergency Access button on applicable task details pages has been returned to its proper location.

  • We’ve added the links to documentation for the six new integrations announced last week.

  • We fixed a bug that was allowing deleted application accounts to be erroneously included in campaigns.

August 11, 2023

New integrations. We’re pleased to introduce Jamf, Bitbucket, Box, PagerDuty, Zoom, and Tableau to our integrations library. These new integrations are in early access while we gather feedback and fine-tune their details. If you’re eager to get started with one or more of these integrations, let us know!

Updated browse access experience. For our Access Requests customers, we’re proud to introduce the redesigned Browse access page. Use this page to see all the apps and resources available for you to request, understand your current access, and view your open access requests. Managers can also request new access for their team members from this page. To learn more and get started, check out Browse current and available access.

Usability improvements

  • If you create a request for emergency access when you already have an open request for non-emergency access to the same app or resource, you’ll now see a duplicate ticket error with a link to the original request. This makes it easier to escalate the original request to emergency access rather than creating a duplicate request.

  • ConductorOne now pulls in more key account data from OneLogin, including manager, title, company, and department.

August 4, 2023

Usability improvements

  • When you set an entitlement’s provisioning strategy to manual provisioning, you have the option to include instructions for the provisioner. These instructions are now shown in the task details view and in the provisioning assignment Slack message.

  • We’ve added an explanatory message to the email digest for open campaigns that do not have any open tasks.

Fixed!

  • We’ve greatly reduced the load time in Slack for the list of rerequestable entitlements from a large request catalog.

  • If the same entitlement is included in more than one of your available request catalogs, Slack no longer lists the entitlement multiple times.

July 28, 2023

Emergency access requests. We’ve added emergency access requests to ConductorOne in order to support IT and security teams’ need to quickly gain access to key resources in order to respond to emergencies such as production outages. You can now choose which entitlements can be requested during an emergency and build dedicated emergency access policies to use during the expedited approval process. Go to Enable emergency access requests for more on setting up emergency access requests for your team.

Cone, the ConductorOne command line interface (CLI). If the command line is your happy place, we’ve got you covered. Use cone commands to manage the full access request workflow: view available entitlements, request access, drop access when it’s no longer needed, review access requests, and much more. Check out the Cone docs to learn more and get started.

Usability improvements

  • When searching for a resource name, such as when building a catalog or campaign, the search now returns all of the resource’s associated entitlements.

  • You can now sort a table of tasks by task number by using the caret in the column header.

  • Searches for policies and applications are no longer case-sensitive.

Fixed!

  • If you’ve set your digest emails to be delivered on a weekly cadence, they’ll now arrive labeled “Weekly Digest” instead of “Daily Digest”.

July 21, 2023

Usability improvements

  • By default, lists of tasks are now sorted by task ID, with the most recently created task at the top.

  • The App ID is now shown on each application’s details page.

  • The Entitlement ID is now show on each application’s details page.

July 14, 2023

Updated integrations. We’re happy to announce that nine integrations are now generally available: JumpCloud, CloudAMQP, Panther, UKG, Expensify, Slack, Asana, Duo, and Linear. Check out the documentation to get started with these integrations, and let us know what else you’d like to see added to the integration library!

July 7, 2023

New integration. We’re excited to add 1Password to our library of integrations. The 1Password integration uses our open-source Baton connector to pull usage data from your 1Password instance. Check out the docs to learn more and get started using 1Password with ConductorOne.

Usability improvements

  • The task details page now displays all known attributes for the app account whose access is being reviewed or changed. Use the arrow control to open or close the account attributes panel.
A task details page with the account attributes panel open.
  • A Reassignments column is now included on all newly generated campaign reports, showing whether each access review task was reassigned and to whom.

  • If no request policy is set on either an entitlement or its application, the Auto-Generated App Owner Approval Policy is now used on requests for that entitlement.

  • If no revoke policy is set on either an entitlement or its application, the Default Revoke Policy is now used when revoking that entitlement.

Fixed!

June 30, 2023

Usability improvements

  • When submitting an access request, justification is now required.

  • We made some improvements to the specificity of error messages.

June 23, 2023

Usability improvements

  • You can now only revoke an account’s access to an entitlement if you are the account owner’s direct manager, the application’s owner, or the entitlement’s owner. Anyone who attempts to revoke a grant without one of these relationships will see an error: User does not have permission to request access on behalf of another user.

Fixed!

  • We’ve fixed some issues with digest emails that were causing them to arrive in some cases without their title or footer info.

June 16, 2023

Fixed!

  • You can now successfully request access to an entitlement for an “indefinite” amount of time.

  • The Panther integration now pulls and maps SAML external roles correctly.

  • We’ve fixed an error that was causing some time-limited access grants to not be automatically revoked on expiration.

June 9, 2023

Email digest of your open tasks. We all know that notification emails can quickly go from a help to a burden. That’s why we’re delighted to introduce a new digest format that summarizes all your open ConductorOne tasks in one quick email. Digest emails can be sent to all ConductorOne users at your organization who currently have open tasks either every weekday or once per week, so you can set the cadence that’s best for you and your colleagues. Go to Email digest notifications to learn more and get set up.

New integrations. This week we welcome UKG, Panther, and CloudAMQP to our integrations library. These new integrations are in early access while we gather feedback and fine-tune their details. If you’d like to use one or more of these integrations, let us know! We’d be delighted to get you set up.

Usability improvements

  • We’ve improved the design and clarified the messages shown on a task’s details page summarizing the planned action and outcome of reviews, provisioning steps, and deprovisioning steps.

  • Error messages in provisioning and deprovisioning steps now link to the audit log.

  • When requesting access to a specific resource on an app, the general app access resource is no longer shown in the list of options.

Fixed!

  • We’ve fixed an issue that was causing account types that were manually set on application accounts to be reset by the system.

June 2, 2023

Usability improvements

  • You can now designate application accounts as system accounts on the application’s Accounts page.

  • ConductorOne now supports two new columns in uploaded spreadsheets and CSV files:

    • User type to designate whether each account is a user account, service account, or system account
    • Account owner to automatically map the account owner to the correct ConductorOne user by matching email addresses

Fixed!

  • We resolved an issue that created a request context cancelled error when building a campaign.

  • Email links to your access review tasks now direct you a page where you can select how you want to view your reviews, rather than to an old version of the unstructured view.

May 26, 2023

Usability improvements

  • We’ve made it easier to publish and unpublish request catalogs, and added a confirmation screen with additional details when you take one of these actions.

  • Each request catalog’s current publication status (Published or Draft) is now shown on the Catalogs page.

  • We gave all the modals a little visual refresh, and we think they’re looking quite spiffy in their new blue header banners.

May 19, 2023

Campaign creation upgrades. Our revamped user access review campaign creation flow is now generally available. We redesigned the way you sort, find, and choose the resources and entitlements included in your campaigns, streamlining the process for busy UAR admins. Many thanks to everyone who provided feedback and helped us to refine this experience!

The campaign resource selection screen showing four Asana resources selected for the campaign.

Usability improvements

  • If you have more than one DocuSign account, you can now specify the DocuSign API Account ID when setting up an integration so that the correct account’s data is pulled into ConductorOne.

Fixed!

  • You can now successfully set a time limit for an entitlement even if the entitlement is not included in any request catalogs.

  • ConductorOne now reads the Okta attribute managersEmail as a source for the Manager user attribute.

  • When you searched for a user’s name in a dropdown field (such as when adding an owner to an app), your search input remained in the field even after you found and selected the right user from the list. We’ve fixed this.

  • Slack notifications of overdue campaign tasks no longer show negative time remaining before the due date.

May 12, 2023

Directories and user attribute mapping. We’re pleased to announce that these two features are now generally available, and send our thanks to all our users who provided feedback and helped us refine them. Setting your directory apps as the sources of truth for employee data is a key step in setting up ConductorOne. User attribute mapping helps you to ensure that key employee data is pulled into ConductorOne correctly so it can be used to add context or narrow scope as needed.

Request access. The + Request access page in the navigation panel is now generally available for our Access Requests customers. Use this simplified form to request new access for yourself or the folks you manage with a few clicks. Check out Request access to apps and resources to learn more.

Request catalogs. Also for Access Requests customers, we’ve updated the request catalog creation screen. You can now publish and unpublish saved catalogs, as well as update who can request the items in the catalog, all from the catalog’s page.

A catalog's page showing that it is published and available to the Customer Success group.

Navigation panel. We spruced up the navigation panel this week, including collapsing the lower sections by default to streamline navigation, refreshing the icons, and getting rid of the all-caps section headers. THOSE ALWAYS SEEMED A BIT SHOUTY.

Usability improvements

  • You can now upload files of up to 256MB to ConductorOne.

  • Your choices when setting campaign parameters now include key user attributes such as Manager, Department, and Job Title.

May 5, 2023

Usability improvements

  • We’ve added a resource type column and the ability to filter by resource type to the application Groups and Roles tabs.

  • The JumpCloud integration now supports nested group app assignments.

April 28, 2023

Usability improvements

  • When setting up a Salesforce integration, you now have the option of telling ConductorOne to use Salesforce usernames (which are formed as unique email addresses) as email addresses, rather than the contents of the Salesforce email field. This setting helps ConductorOne to properly sync Salesforce service accounts, which often all use noreply@salesforce.com as their email address.

Fixed!

  • Entitlements from apps sourced via an IdP are now correctly provisioned or deprovisioned by the connector.

  • Users with the Campaign Owner role can now add entitlements to campaigns.

April 21, 2023

New integrations. This week’s new arrivals to the integration library are Duo and NetSuite. These integrations are both in early access as they settle in and we gather feedback. If you’d like to give one or both a try, let us know!

Revoke granted entitlements. Navigate to an entitlement and click the Grants tab to view all users who currently have the entitlement, and to revoke these grants if necessary. Clicking Revoke on a grant and filling out the revocation form creates a revocation request that will use the relevant app- or entitlement-level revoke policy. The task will be sent to any required approvers, and then the access will be either automatically or manually deprovisioned.

Fixed!

  • Clicking a Groups, Roles, or Resources breadcrumb now returns you to the correct tab on the application’s main page.

  • We fixed an issue with rate limiting that prevented DocuSign users from syncing correctly.

  • We resolved an error that kept AWS S3 buckets in the us-east-1 region from integrating successfully.

  • Some connectors displayed a Connected status badge once they were set up but before any integration credentials were added, which was especially confusing for integration owners. We’ve fixed this, and connectors now show a Not connected badge until credentials are successfully added and a sync is complete.

April 14, 2023

A new organization of your application and resource information. Your application pages now have a new design, organized so that your application, resource, and entitlement data are more intuitively nested. On each application’s main page you can view (and in many cases, edit) application details such as the application’s owners, governing policies, cost per seat, and data sources. You’ll also find new tabs that break out the groups, roles, and other resources present in the application. (If you prefer to see everything together in a single list, use the Entitlements tab.) Click into any resource on the Groups, Roles, or Resources tabs to see and edit the resource’s details and the specific entitlements that can be granted to users. Click an entitlement to reach the final layer, where you can edit the entitlement’s details and associated attributes, set entitlement-level policies, and more.

Delegate a user’s tasks. If you want to avoid sending ConductorOne tasks or notifications to a certain user, such as an executive or a colleague who is out on leave, you can now set a delegate to whom that user’s tasks will be automatically reassigned. Check out Delegate a user’s tasks to get started with this new feature.

New and updated integrations. We’re pleased to announce that the Cloudflare Zero Trust and Sentry integrations are now generally available. Check out the documentation to get up and running with these integrations. We’ve also added Asana, Expensify, Linear, and Slack integrations, which are all in early access while we gather more feedback. Let us know if you’d like to add any (or all!) of these new integrations to your Integrations page.

Fixed!

  • The correct count of resources is now shown on the Resources tab for Google Cloud Platform.

  • Empty resource and entitlement names are no longer allowed, which prevents mysterious disappearances.

  • The test.salesforce.com domain is now accepted when setting up a Salesforce connector.

April 7, 2023

Sign up for ConductorOne using JumpCloud for SSO. You can now configure an OpenID Connect (OIDC) app in JumpCloud that will enable single-sign-on access to ConductorOne for your users. To get started, go to Sign up using JumpCloud.

Usability improvements

  • You can now delete connectors. On the connector’s details page, click the more actions (…) menu and select Delete.
The location of the delete control on a connector's details page.

March 31, 2023

JumpCloud integration. The latest addition to our integration library is JumpCloud. This new integration is currently in early access, so contact us if you’d like to add it to your Integrations page.

Usability improvements

  • Your Reviews page now displays a progress bar for your assigned tasks in each campaign, and the campaigns are sorted by due date.

  • Any resource description that has been updated from its default state is now displayed in the resource selector when requesting access.

  • Clearer error messages are now shown in Slack if something happens to an access request between the time when it is assigned to you and when you take action.

Fixed!

  • Once an import from a data source successfully starts or errors, the import modal closes automatically.

  • When filtering by multiple roles on the Users page, any user with multiple selected roles is only shown once.

March 17, 2023

Fixed!

  • The user profile attributes job_title, department, and status are now pulled from Google Workspace.

  • The user profile attribute employmentStatus is now pulled from BambooHR.

  • Attributes used in your directories are now shown correctly as options when mapping user attributes.

March 10, 2023

Assign review and access tasks to a group. You can now assign review and approval tasks to any group in any app integrated with ConductorOne. All members of the group will receive notification that a task needs their attention, and any member can complete the task. Get started with group approvals by adding a step to any policy and selecting Group as the reviewer.

Google Identity Platform integration. Good news, Google Identity Platform users: we now have an integration that pulls and syncs Google Identity Platform user data with ConductorOne. This new integration is currently in early access, so contact us if you’d like to add it to your Integrations page.

Fixed!

  • The comment modal now opens correctly when a reason is required for approval of a user’s access and the reviewer clicks Certify.

  • When setting up a Snowflake connector, the User role field now accepts input correctly on the first try.

March 3, 2023

Fixed!

  • Users assigned the integration owner role can now only see and edit the integration details for their assigned connectors. Super administrators can still see and edit all connectors.

  • The GitHub connector no longer shows a sync_users: failed fetching external users error if you do not have SAML enabled.

  • You can now successfully set up the Snowflake connector without getting a failed to parse 'Account ID / Locator' error.

  • Options in the more items (…) menu on My work area task pages are no longer unresponsive. The modals for each menu option now open properly.

February 24, 2023

Usability improvements

  • Who approves the approvers? If you request access to an app or resource that you are an approver for, your request is now automatically approved. However, if the request policy governing the app or resource doesn’t allow self-approval, you’ll still need another user to manually approve your request.

  • If an automated step in a task (such as automated connector provisioning or deprovisioning) isn’t completed because of a system error, the error is now shown on the relevant step in the task’s details view.

  • When setting up a Slack channel for a campaign, ConductorOne now checks to see if the channel name you’ve entered already exists in your Slack instance. If the channel exists, ConductorOne will invite reviewers and send campaign notifications in that the Slack channel instead of creating a new one.

Fixed!

  • You can successfully sort a task view by account while the list of tasks is filtered by a resource type.
  • The number of grants in Zendesk groups is shown correctly.

February 17, 2023

Delegate integration setup to an integration owner. When you’re working on integrating a new application with ConductorOne, you can now tap your company’s resident expert in that app to create and enter all the relevant credentials.

The new delegated integration owner workflow starts with an admin setting up the integration and naming an integration owner to finish the process. ConductorOne notifies the integration owner by email that their help is needed to complete the integration setup, and directs them to the relevant page. Check out the docs for any integration to learn more about how the process works.

Setting up a new Sentry integration and designating an integration owner.

Usability improvements

  • The messages that pop up at the top of your screen to confirm an action or let you know there’s a problem are now more specific to the work you’re doing.

  • New columns displaying the application name and the resource type are now included in all task tables.

  • We added a message explaining the situation if there are no applications available to request.

  • In the Tasks table, we replaced the due date column with a column showing the current state of each task.

  • If access to an application or resource is asked for or granted for a limited time, the length of access is now shown in the relevant Slack messages.

Fixed!

  • Sometimes a list of options in a dropdown showed more than one choice with the same name. We’ve added more context to those choices so you’ll be able to tell the difference and select the one you need.

  • Info drawers are now correctly shown in front of modals when both are open at the same time.

  • If an application name was created using double spaces, the app name was displayed with only a single space. If you tried to delete the application and typed in the name as displayed–with single spaces–you received an error because despite what it showed you, ConductorOne expected the name of the app to contain double spaces. Phew. This is now fixed.

February 10, 2023

Google Cloud Platform connector no longer syncs empty roles. The Google Cloud Platform (GCP) connector no longer syncs roles that do not have any grants. This change is necessary because by default, each GCP project contains roughly 1,000 roles. Removing empty roles from the sync significantly improves the performance of the connector and the usability of the entitlement data it pulls into ConductorOne. If you want to include an empty GCP role in your access review, assign a service account to the role before creating the campaign.

Fixed!

  • When reassigning a task to another user, the user selection dropdown now correctly displays user names.

  • Users with the Basic User user role can now successfully request access to new tools and resources.

  • File mapping settings are now preserved and implemented correctly when you upload a new version of a file.

February 3, 2023

Data value mappings for imported data. When you import application data using a CSV file or an Excel spreadsheet, ConductorOne attempts to match the data values in your file to the data values the system expects. We’re pleased to introduce a new mapping interface that’s designed to make it easier to reconcile the data output by your application and the data model used by ConductorOne. Check out the new mapping interface by uploading a file to a new or existing application and then clicking Set Mappings.

The data mappings drawer open with mapping data entered.

Usability improvements

  • We’ve improved the search autocomplete experience across ConductorOne, making it easier for you to find what you’re looking for.

  • The progress bar on your list of access review tasks now shows the number of tasks competed, rather than the percentage.

  • On pages in the My work area where every entry in the task type or current state column was always the same, we removed the redundant columns.

  • A user’s job title and department is now displayed in list views, if that information is available to ConductorOne. If not, the user’s email address is shown instead.

  • You can now include account profile attributes in your file imports to pull in more data about your application accounts to ConductorOne.

  • Tasks that you’ve acted on but that are assigned to you for a subsequent step are now shown in your tasks list. Only tasks on which no further action is currently required from you are shown as completed tasks.

Fixed!

  • If a task uses a policy that requires an entitlement owner’s approval, but no entitlement owner is assigned, the task now shows a No assigned user message instead of getting stuck in a pending state.

  • You can now successfully add an entitlement that does not have a display name to a request catalog.

  • The option to bulk approve open tasks is now hidden when viewing only completed tasks.

January 27, 2023

Application and entitlement details pages. We’ve redesigned the details pages for applications and entitlements so you have more visibility and edit control from a single screen. See all of an application’s data sources in a single pane, manage application and entitlement owners, update default policies, record per-seat application costs, set entitlement provisioning behavior, and much more.

Usability improvements

  • The Sentry connector now pulls and syncs your Sentry user roles.

  • The purpose of the bulk Complete reviews button wasn’t immediately clear, so we rewrote the button label. It now shows the number of reviews that are left to be completed in the current list, which we hope will make the bulk action control a bit clearer.

  • We standardized our policy type terminology across the application, removing certify and approve in favor of review and request.

  • Users with the Basic User role can no longer cancel their assigned tasks unless the subject of the task’s account has been deleted.

January 13, 2023

Campaign summary. A new campaign summary design gives campaign owners a quick overview of the current state of their campaigns in a more compact format.

The header of a campaign titled SOXQ4 showing 54 of 69 reviews complete.

Coupa connector improvements. We’ve made several updates and fixes to the Coupa connector, including showing the status of Coupa users on the application’s Accounts tab and elsewhere; adding a license entitlement; and improving the connector’s performance.

Usability improvements

  • We’ve spruced up our welcome mats: the sign up and log in pages have a refreshed design.

  • The Documentation link in the left navigation panel now opens in a new browser tab.

  • When a task is closed (either completed or canceled), the assignee is automatically removed.

  • Policy and task types (Review, Request, and Revoke) are now used consistently with their accompanying icons.

  • The error message that appears if you forget to include a reason when submitting a bulk action now highlights the comment field.

Fixed!

  • The resource filter on the campaign tasks page now correctly shows all other available resources when one resource is selected.

  • Coupa roles now sync correctly.

  • You can now successfully remove an application’s default policies.

  • There’s no longer a long delay before edits to the list of entitlement owners are displayed on the page.

January 6, 2023

Happy New Year! Here’s to a secure and confident 2023!

Usability improvements

  • The GitHub connector log now shows a record of SAML data sync actions.

  • You can now filter a campaign’s tasks by Revoke, Request, or Review task type.

  • Searches for campaign tasks now return results far more quickly.

  • In other speedy news, data uploads via spreadsheet or CSV are also processed more rapidly.

December 22, 2022

Sync an integration on demand. Integrations pull info from the source application once an hour by default, but there are times when you might want to start a sync immediately, or stop an in-progress sync and restart the process. We’ve added a new Sync now control to each connector, giving you the power to sync the latest app info on demand.

Removed: Read-only user role. To streamline our user role model, we’ve removed the Read-Only User role. Any user who was assigned only this role has been automatically assigned the Basic User role instead.

Usability improvements

  • Task ID numbers are now searchable.

  • When reviewing resources on the Access explorer page, you can now click any resource name to see its full details.

Fixed!

  • The develop.lightning.force.com domain is now accepted when setting up a Salesforce connector.

December 16, 2022

Task ID numbers. To support audits, improve the specificity of notifications, and help you manage your approval and review workload, every task in your instance now has a unique ID number, which is shown in table views and on the task’s details screen.

Usability improvements

  • We’ve upgraded tables throughout ConductorOne to include loading indicators, sticky headers, infinite scroll, and other improvements to help you browse and get your work done more efficiently.

  • If automatic app provisioning or deprovisioning for a user fails, the task is now automatically reassigned to the application’s owner.

  • Deleted tasks now show a banner on the details page and a deletion entry in the audit log.

  • We smoothed out some approval process logic to prevent repeatedly and unnecessarily notifying people on certain multi-step approval tasks with several possible approvers.

  • When you create a campaign Slack channel, we now automatically adapt the name you choose (if necessary) to fit Slack’s rules for channel names. This means we’ll lowercase the name, replace any periods or spaces with underscores, and cut it off at the 80-character mark.

Fixed!

  • The sandbox.my.salesforce.com domain is now accepted when setting up a Salesforce connector.

  • Pagination on the list of grants for OneLogin now works correctly.

  • The date a campaign was actually closed is now shown as its completion date, rather than the target completion date set when the campaign was created.

December 9, 2022

OneLogin connector is now generally available. Check out the OneLogin integration instructions to connect your OneLogin instance with ConductorOne.

Policy details on demand. Click a policy’s name in a task or a campaign overview to learn more about the policy and see the full list of its steps, all without leaving the current page.

Usability improvements

  • We streamlined the info that appears on each entitlement and removed some redundancy.

  • You can now complete provisioning and (more importantly) deprovisioning updates on tasks for users who have been deleted from an app.

  • If a delegated provisioning task errors and is not completed, you can now restart the task to force the provisioning app to give it another try.

Fixed!

  • The remaining list of your assigned access review tasks by user is now shown correctly when the first page of tasks has been completed.

  • When setting up a Coupa connector, both coupahost and coupacloud domains are now accepted.

  • The Request field in email notifications now shows the correct user’s name.

November 28, 2022

Five new generally available connectors. We’re delighted to announce that connectors for Docusign, BambooHR, Google Cloud Platform, OpsGenie, and Twingate are now generally available.

Comment indicator on task lists. To make it easier to tell at a glance whether there are comments on a task, we’ve added a new comment indicator. You’ll now see a count of the number of comments in the thread in the Status column of the task list.

There are two comments on this revoke task.

Usability improvements

  • The account owner is now shown in the certification tasks list.

  • We’ve made improvements and fixes to messaging in the Slack app

Fixed!

  • Status indicators on the task details page are once again the correct size and shape.

  • In emails with details about the user’s access request, the correct user’s name is shown.

  • Task links now show up correctly for new access requests.