ConductorOne Docs

ConductorOne release notes

Here are the latest new features, enhancements, and resolved issues for ConductorOne.

November 17, 2023

Conditional policies. Conditional policies allow you to define a single policy that applies different instructions based on the user’s role, department, job type, or other relevant criteria. This granular control streamlines access management by automating routine tasks and directing complex decisions to the appropriate individuals. Check out the policy documentation to learn more. This new feature is in early access while we gather feedback and fine-tune its details. If you’re ready to try it out, let us know!

Usability improvements

  • The PagerDuty integration now syncs schedules and roles.

  • We no longer display pagination controls for single-page lists.

  • Your eyes do not deceive you: to improve legibility we’ve updated the nav panel to a cool indigo.

Fixed!

  • We fixed an error that was causing a failure when the AWS integration attempted to sync users.

  • Entitlement bindings are no longer accidentally removed when you edit request catalogs on an app’s Access requests tab.

  • The OpsGenie integration no longer adds every active OpsGenie account to every team.

November 10, 2023

Bindings automatically created or removed when configuring delegated provisioning. When you configure delegated provisioning for an individual entitlement on that entitlement’s details page, we now automatically create the binding between the two entitlements for you. You’ll see the proposed change to the entitlement’s bindings whenever you make a change to delegated provisioning, both when the change is automatically creating a new binding for you, and when a binding will be removed if you change the provisioning strategy from delegated to manual or connector-based.

Usability improvements

  • We’ve improved the readability of many error messages, making them more useful for troubleshooting.

Fixed!

  • Spaces are no longer missing between the catalog names in the list of request catalogs on the entitlement details page.

November 3, 2023

Usability improvements

  • We’ve added an expiring access section to the ConductorOne Slack app. You can now see how long is left on your access grants that have a limited duration, and request an extension if one is needed.

  • We’ve also improved how the Slack app reports the time remaining in campaigns. Instead of rounding down to the nearest week, Slack now shows the number of remaining weeks and days.

  • To provide visibility and support troubleshooting, we’ve clarified the provisioning error messages included in task audit logs.

Fixed!

  • When you click a Slack notification to complete your campaign tasks, you’re now directed to your reviews homepage instead of an unstructured list of campaign tasks.

October 27, 2023

Usability improvements

  • The Approvals column in access review campaign reports now shows the reviewer’s name and the date and time of the review decision for denials as well as approvals.

Fixed!

  • Previously, when users were removed from an entitlement bound to an app access entitlement, the impacted users were shown as deleted on the Grants tab of the access entitlement. This has been fixed, and in this situation users are now automatically removed from the Grants tab of the access entitlement.

  • The sandbox.lightning.force.com domain is now accepted when setting up a Salesforce connector.

  • When editing the Application Owners field on an app, the dropdown no longer overflows into neighboring fields.

  • You no longer get a mail: no address error when you try to assign a user delegate.

  • The Slack workspace integration has been updated to support Slack’s API rate limits.

October 20, 2023

Usability improvements

  • When you delete an application from ConductorOne, that app’s entitlements now display a Deleted badge and a zero grants count in any catalog that they are included in.

  • We’ve added entitlement slugs to entitlements pulled in by the AWS integration.

Fixed!

  • On access review campaigns using the By app view, the summary page now shows accurate task completion counts, and the progress bars reflect correct task completion percentages.

October 13, 2023

Usability improvements

  • Custom user attributes associated with a user account are now shown on the user’s details page.

  • We adjusted the spacing on the modal used to start an access review campaign to reduce the risk of accidentally enabling or disabling campaign notifications.

  • The results of cone search queries are now delivered more quickly.

Fixed!

  • We’ve fixed a validation timeout issue in the Bitbucket integration that was causing a context deadline exceeded error.

  • The ConductorOne Slack application no longer loads indefinitely if a user cannot be found.

October 6, 2023

Configure how an application’s entitlements are requested and provisioned. We’ve introduced a new Access controls tab on each application’s details page. This tab makes the process of configuring access requests more efficient while increasing your visibility into the app’s current access control configuration. Use the Access controls tab to make changes to how individual entitlements are requested and provisioned, and refer to the tab for a summary of the configuration of all entitlements on the app. Check out Configure access requests to learn more.

Usability improvements

  • The ConductorOne Slack app now includes an Approval Reason field on access request notifications. If the request policy in effect requires a reason but one is not provided, Slack asks the reviewer to enter a reason and resubmit their decision. If a reason is not required by the policy, the Approval Reason field is optional.

  • To make better use of the available space, we’ve removed the Due column from the table of access reviews organized by application. The campaign due date is still shown at the top of the page.

Fixed!

  • We repaired an issue with how the Coupa integration syncs users, which had resulted in some users being incorrectly shown as deleted during access reviews.

  • A user can now successfully request an entitlement that is provisioned by a JumpCloud group even when the user is already a member of the group.

September 29, 2023

Usability improvements

  • When requesting access through the Slack app, the list of entitlement names now includes more information to help you find the entitlement you need.

  • The JumpCloud integration now creates a JumpCloud Administration application in ConductorOne, and assigns all JumpCloud administrators in your organization to that app.

  • When requesting access on the Request access page or in the Slack app for a ConductorOne user who has multiple accounts in the selected application, you are now asked to select which account needs access.

  • If access is granted indefinitely, the email notification of new access no longer includes information about the length of the grant’s duration.

Fixed!

  • When access is granted for a limited time, the amount of time remaining for the grant is now shown correctly in email and Slack notifications.

September 22, 2023

Usability improvements

  • When requesting access on the Browse access page for a ConductorOne user who has multiple accounts in the selected application, you are now asked to select which account needs access.

  • A new SSO configuration section is now shown on the Settings page. When SSO is enabled for your ConductorOne tenant, the SSO provider in use is shown here.

  • Because Salesforce users can include a company’s customers, the Salesforce integration no longer syncs several non-employee user types.

Fixed!

  • You can now successfully send the assigned user a reminder to complete an open revocation task.

  • An error message is no longer displayed while a request catalog is loading.

  • Only the user for whom new access is requested, or that user’s manager, can escalate an open access request task to emergency access.

  • The counts of open tasks shown in the My work section of the navigation panel are now more accurate.

September 15, 2023

New integration. Splunk is the newest addition to our integrations library. Check out the documentation to learn more about this special integration.

Usability improvements

  • Whenever reassignment of a task is allowed by the task’s governing policy, a Reassign button is now shown on both the task’s summary in the table of tasks assigned to you, and on the task’s details page.

  • If an uploaded file does not contain any data, it is not accepted by the connector, and a single error is printed to the connector log.

Fixed!

  • CrowdStrike app accounts now display the correct account status.

September 8, 2023

New integrations. Joining the integrations library this week are Broadcom SAC and Cortex XSOAR. These new integrations are in early access while we gather feedback and fine-tune their details. If you’re keen to try them out, let us know!

Reset campaign policies. If during the process of building an access review campaign you’ve made changes to the policies to be applied to entitlements in the campaign, you can now use the Reset policies control on the campaign scoping tab to reset the policies to their defaults. Resetting recreates all campaign selections so that each uses the policy inherited from (in order of precedence) the entitlement’s configuration, the application’s configuration, or the campaign’s configuration.

A campaign in draft mode, with the more actions menu next to the edit resource selections button open to show the reset policies option.

Usability improvements

  • The campaign reports page now has clearer status labels and click-to-copy file hashes.

  • We’ve added a select-all checkbox control to the Edit campaign entries modal.

Fixed!

  • We fixed a bug that was preventing the generation of some campaign reports.

  • Requests for new access made on behalf of another user now correctly show the user’s name in request notification emails instead of the requester’s name.

  • When you search for an application by name on the Browse access page, rerequestable entitlements that do not match your search string are no longer hidden from view.

September 1, 2023

New integrations. This week we’re welcoming LDAP, ServiceNow, and CrowdStrike to our integrations library. If you’re ready to get started with one or more of these integrations, let us know. We’ll be happy to help get you set up!

Access request user roles. To support teams administering access requests in ConductorOne, we’ve launched Access Request Helpdesk and Access Request Administrator user roles. Any user assigned one of these roles can create an access request ticket on behalf of any other user. Access Request Administrators can also create and manage request catalogs. Go to Assign user roles to learn more.

Usability improvements

  • You are no longer required to retype the name of a user whose access is being fully revoked.

  • We’ve added loading animations and more helpful messaging to the Browse access page.

Fixed!

  • Previously, the list of entitlements shown in a dropdown or search result in the web app was limited to 100 entries. We’ve removed that limit, and you’ll now see the full list of available or matching entitlements.

  • The Last Modified date and time for a file uploaded from a datasource is now shown correctly.

August 25, 2023

Updated integrations. We’re pleased to announce the general availability of our Jamf, Bitbucket, Box, PagerDuty, Zoom, and Tableau integrations. Check out each integration’s documentation to get started.

Usability improvements

  • Previously, we applied initial casing to all resource names. In response to user feedback, each resource name is now displayed exactly as it appears in its source application.

  • You can now sort your list of campaigns by name, description, or target completion date.

  • Users with the Super Admin role in ConductorOne can now revoke any account’s access to an entitlement.

Fixed!

  • Google Workspace accounts with an Archived status are now assigned Disabled status in ConductorOne.

August 18, 2023

Docs site refresh. As you’ve probably noticed, we gave the docs site a little aesthetic upgrade this week by consolidating fonts, dialing back our use of color, and lightening font weights. We think the result feels cleaner and lighter, and we hope you like it too!

Fixed!

  • The Request Emergency Access button on applicable task details pages has been returned to its proper location.

  • We’ve added the links to documentation for the six new integrations announced last week.

  • We fixed a bug that was allowing deleted application accounts to be erroneously included in campaigns.

August 11, 2023

New integrations. We’re pleased to introduce Jamf, Bitbucket, Box, PagerDuty, Zoom, and Tableau to our integrations library. These new integrations are in early access while we gather feedback and fine-tune their details. If you’re eager to get started with one or more of these integrations, let us know!

Updated browse access experience. For our Access Requests customers, we’re proud to introduce the redesigned Browse access page. Use this page to see all the apps and resources available for you to request, understand your current access, and track your open access requests. Managers can also request new access for their team members from this page. To learn more and get started, check out Browse current and available access.

Usability improvements

  • If you create a request for emergency access when you already have an open request for non-emergency access to the same app or resource, you’ll now see a duplicate ticket error with a link to the original request. This makes it easier to escalate the original request to emergency access rather than creating a duplicate request.

  • ConductorOne now pulls in more key account data from OneLogin, including manager, title, company, and department.

August 4, 2023

Usability improvements

  • When you set an entitlement’s provisioning strategy to manual provisioning, you have the option to include instructions for the provisioner. These instructions are now shown in the task details view and in the provisioning assignment Slack message.

  • We’ve added an explanatory message to the email digest for open campaigns that do not have any open tasks.

Fixed!

  • We’ve greatly reduced the load time in Slack for the list of rerequestable entitlements from a large request catalog.

  • If the same entitlement is included in more than one of your available request catalogs, Slack no longer lists the entitlement multiple times.

July 28, 2023

Emergency access requests. We’ve added emergency access requests to ConductorOne in order to support IT and security teams’ need to quickly gain access to key resources in order to respond to emergencies such as production outages. You can now choose which entitlements can be requested during an emergency and build dedicated emergency access policies to use during the expedited approval process. Go to Enable emergency access requests for more on setting up emergency access requests for your team.

Cone, the ConductorOne command line interface (CLI). If the command line is your happy place, we’ve got you covered. Use cone commands to manage the full access request workflow: view available entitlements, request access, drop access when it’s no longer needed, review access requests, and much more. Check out the Cone docs to learn more and get started.

Usability improvements

  • When searching for a resource name, such as when building a catalog or campaign, the search now returns all of the resource’s associated entitlements.

  • You can now sort a table of tasks by task number by using the caret in the column header.

  • Searches for policies and applications are no longer case-sensitive.

Fixed!

  • If you’ve set your digest emails to be delivered on a weekly cadence, they’ll now arrive labeled “Weekly Digest” instead of “Daily Digest”.

July 21, 2023

Usability improvements

  • By default, lists of tasks are now sorted by task ID, with the most recently created task at the top.

  • The App ID is now shown on each application’s details page.

  • The Entitlement ID is now show on each application’s details page.

July 14, 2023

Updated integrations. We’re happy to announce that nine integrations are now generally available: JumpCloud, CloudAMQP, Panther, UKG, Expensify, Slack, Asana, Duo, and Linear. Check out the documentation to get started with these integrations, and let us know what else you’d like to see added to the integration library!

July 7, 2023

New integration. We’re excited to add 1Password to our library of integrations. The 1Password integration uses our open-source Baton connector to pull usage data from your 1Password instance. Check out the docs to learn more and get started using 1Password with ConductorOne.

Usability improvements

  • The task details page now displays all known attributes for the app account whose access is being reviewed or changed. Use the arrow control to open or close the account attributes panel.
A task details page with the account attributes panel open.

  • A Reassignments column is now included on all newly generated campaign reports, showing whether each access review task was reassigned and to whom.

  • If no request policy is set on either an entitlement or its application, the Auto-Generated App Owner Approval Policy is now used on requests for that entitlement.

  • If no revoke policy is set on either an entitlement or its application, the Default Revoke Policy is now used when revoking that entitlement.

Fixed!

June 30, 2023

Usability improvements

  • When submitting an access request, justification is now required.

  • We made some improvements to the specificity of error messages.

June 23, 2023

Usability improvements

  • You can now only revoke an account’s access to an entitlement if you are the account owner’s direct manager, the application’s owner, or the entitlement’s owner. Anyone who attempts to revoke a grant without one of these relationships will see an error: User does not have permission to request access on behalf of another user.

Fixed!

  • We’ve fixed some issues with digest emails that were causing them to arrive in some cases without their title or footer info.

June 16, 2023

Fixed!

  • You can now successfully request access to an entitlement for an “indefinite” amount of time.

  • The Panther integration now pulls and maps SAML external roles correctly.

  • We’ve fixed an error that was causing some time-limited access grants to not be automatically revoked on expiration.

June 9, 2023

Email digest of your open tasks. We all know that notification emails can quickly go from a help to a burden. That’s why we’re delighted to introduce a new digest format that summarizes all your open ConductorOne tasks in one quick email. Digest emails can be sent to all ConductorOne users at your organization who currently have open tasks either every weekday or once per week, so you can set the cadence that’s best for you and your colleagues. Go to Email digest notifications to learn more and get set up.

New integrations. This week we welcome UKG, Panther, and CloudAMQP to our integrations library. These new integrations are in early access while we gather feedback and fine-tune their details. If you’d like to use one or more of these integrations, let us know! We’d be delighted to get you set up.

Usability improvements

  • We’ve improved the design and clarified the messages shown on a task’s details page summarizing the planned action and outcome of reviews, provisioning steps, and deprovisioning steps.

  • Error messages in provisioning and deprovisioning steps now link to the audit log.

  • When requesting access to a specific resource on an app, the general app access resource is no longer shown in the list of options.

Fixed!

  • We’ve fixed an issue that was causing account types that were manually set on application accounts to be reset by the system.

June 2, 2023

Usability improvements

  • You can now designate application accounts as system accounts on the application’s Accounts page.

  • ConductorOne now supports two new columns in uploaded spreadsheets and CSV files:

    • User type to designate whether each account is a user account, service account, or system account
    • Account owner to automatically map the account owner to the correct ConductorOne user by matching email addresses

Fixed!

  • We resolved an issue that created a request context cancelled error when building a campaign.

  • Email links to your access review tasks now direct you a page where you can select how you want to view your reviews, rather than to an old version of the unstructured view.

May 26, 2023

Usability improvements

  • We’ve made it easier to publish and unpublish request catalogs, and added a confirmation screen with additional details when you take one of these actions.

  • Each request catalog’s current publication status (Published or Draft) is now shown on the Catalogs page.

  • We gave all the modals a little visual refresh, and we think they’re looking quite spiffy in their new blue header banners.

May 19, 2023

Campaign creation upgrades. Our revamped user access review campaign creation flow is now generally available. We redesigned the way you sort, find, and choose the resources and entitlements included in your campaigns, streamlining the process for busy UAR admins. Many thanks to everyone who provided feedback and helped us to refine this experience!

The campaign resource selection screen showing four Asana resources selected for the campaign.

Usability improvements

  • If you have more than one DocuSign account, you can now specify the DocuSign API Account ID when setting up an integration so that the correct account’s data is pulled into ConductorOne.

Fixed!

  • You can now successfully set a time limit for an entitlement even if the entitlement is not included in any request catalogs.

  • ConductorOne now reads the Okta attribute managersEmail as a source for the Manager user attribute.

  • When you searched for a user’s name in a dropdown field (such as when adding an owner to an app), your search input remained in the field even after you found and selected the right user from the list. We’ve fixed this.

  • Slack notifications of overdue campaign tasks no longer show negative time remaining before the due date.

May 12, 2023

Directories and user attribute mapping. We’re pleased to announce that these two features are now generally available, and send our thanks to all our users who provided feedback and helped us refine them. Setting your directory apps as the sources of truth for employee data is a key step in setting up ConductorOne. User attribute mapping helps you to ensure that key employee data is pulled into ConductorOne correctly so it can be used to add context or narrow scope as needed.

Request access. The + Request access page in the navigation panel is now generally available for our Access Requests customers. Use this simplified form to request new access for yourself or the folks you manage with a few clicks. Check out Request access to apps and resources to learn more.

Request catalogs. Also for Access Requests customers, we’ve updated the request catalog creation screen. You can now publish and unpublish saved catalogs, as well as update who can request the items in the catalog, all from the catalog’s page.

A catalog's page showing that it is published and available to the Customer Success group.

Navigation panel. We spruced up the navigation panel this week, including collapsing the lower sections by default to streamline navigation, refreshing the icons, and getting rid of the all-caps section headers. THOSE ALWAYS SEEMED A BIT SHOUTY.

Usability improvements

  • You can now upload files of up to 256MB to ConductorOne.

  • Your choices when setting campaign parameters now include key user attributes such as Manager, Department, and Job Title.

May 5, 2023

Usability improvements

  • We’ve added a resource type column and the ability to filter by resource type to the application Groups and Roles tabs.

  • The JumpCloud integration now supports nested group app assignments.

April 28, 2023

Usability improvements

  • When setting up a Salesforce integration, you now have the option of telling ConductorOne to use Salesforce usernames (which are formed as unique email addresses) as email addresses, rather than the contents of the Salesforce email field. This setting helps ConductorOne to properly sync Salesforce service accounts, which often all use noreply@salesforce.com as their email address.

Fixed!

  • Entitlements from apps sourced via an IdP are now correctly provisioned or deprovisioned by the connector.

  • Users with the Campaign Owner role can now add entitlements to campaigns.

April 21, 2023

New integrations. This week’s new arrivals to the integration library are Duo and NetSuite. These integrations are both in early access as they settle in and we gather feedback. If you’d like to give one or both a try, let us know!

Revoke granted entitlements. Navigate to an entitlement and click the Grants tab to view all users who currently have the entitlement, and to revoke these grants if necessary. Clicking Revoke on a grant and filling out the revocation form creates a revocation request that will use the relevant app- or entitlement-level revoke policy. The task will be sent to any required approvers, and then the access will be either automatically or manually deprovisioned.

Fixed!

  • Clicking a Groups, Roles, or Resources breadcrumb now returns you to the correct tab on the application’s main page.

  • We fixed an issue with rate limiting that prevented DocuSign users from syncing correctly.

  • We resolved an error that kept AWS S3 buckets in the us-east-1 region from integrating successfully.

  • Some connectors displayed a Connected status badge once they were set up but before any integration credentials were added, which was especially confusing for integration owners. We’ve fixed this, and connectors now show a Not connected badge until credentials are successfully added and a sync is complete.

April 14, 2023

A new organization of your application and resource information. Your application pages now have a new design, organized so that your application, resource, and entitlement data are more intuitively nested. On each application’s main page you can view (and in many cases, edit) application details such as the application’s owners, governing policies, cost per seat, and data sources. You’ll also find new tabs that break out the groups, roles, and other resources present in the application. (If you prefer to see everything together in a single list, use the Entitlements tab.) Click into any resource on the Groups, Roles, or Resources tabs to see and edit the resource’s details and the specific entitlements that can be granted to users. Click an entitlement to reach the final layer, where you can edit the entitlement’s details and associated attributes, set entitlement-level policies, and more.

Delegate a user’s tasks. If you want to avoid sending ConductorOne tasks or notifications to a certain user, such as an executive or a colleague who is out on leave, you can now set a delegate to whom that user’s tasks will be automatically reassigned. Check out Delegate a user’s tasks to get started with this new feature.

New and updated integrations. We’re pleased to announce that the Cloudflare Zero Trust and Sentry integrations are now generally available. Check out the documentation to get up and running with these integrations. We’ve also added Asana, Expensify, Linear, and Slack integrations, which are all in early access while we gather more feedback. Let us know if you’d like to add any (or all!) of these new integrations to your Integrations page.

Fixed!

  • The correct count of resources is now shown on the Resources tab for Google Cloud Platform.

  • Empty resource and entitlement names are no longer allowed, which prevents mysterious disappearances.

  • The test.salesforce.com domain is now accepted when setting up a Salesforce connector.

April 7, 2023

Sign up for ConductorOne using JumpCloud for SSO. You can now configure an OpenID Connect (OIDC) app in JumpCloud that will enable single-sign-on access to ConductorOne for your users. To get started, go to Sign up using JumpCloud.

Usability improvements

  • You can now delete connectors. On the connector’s details page, click the more actions (…) menu and select Delete.
The location of the delete control on a connector's details page.

March 31, 2023

JumpCloud integration. The latest addition to our integration library is JumpCloud. This new integration is currently in early access, so contact us if you’d like to add it to your Integrations page.

Usability improvements

  • Your Reviews page now displays a progress bar for your assigned tasks in each campaign, and the campaigns are sorted by due date.

  • Any resource description that has been updated from its default state is now displayed in the resource selector when requesting access.

  • Clearer error messages are now shown in Slack if something happens to an access request between the time when it is assigned to you and when you take action.

Fixed!

  • Once an import from a data source successfully starts or errors, the import modal closes automatically.

  • When filtering by multiple roles on the Users page, any user with multiple selected roles is only shown once.

March 17, 2023

Fixed!

  • The user profile attributes job_title, department, and status are now pulled from Google Workspace.

  • The user profile attribute employmentStatus is now pulled from BambooHR.

  • Attributes used in your directories are now shown correctly as options when mapping user attributes.

March 10, 2023

Assign review and access tasks to a group. You can now assign review and approval tasks to any group in any app integrated with ConductorOne. All members of the group will receive notification that a task needs their attention, and any member can complete the task. Get started with group approvals by adding a step to any policy and selecting Group as the reviewer.

Google Identity Platform integration. Good news, Google Identity Platform users: we now have an integration that pulls and syncs Google Identity Platform user data with ConductorOne. This new integration is currently in early access, so contact us if you’d like to add it to your Integrations page.

Fixed!

  • The comment modal now opens correctly when a reason is required for approval of a user’s access and the reviewer clicks Certify.

  • When setting up a Snowflake connector, the User role field now accepts input correctly on the first try.

March 3, 2023

Fixed!

  • Users assigned the integration owner role can now only see and edit the integration details for their assigned connectors. Super administrators can still see and edit all connectors.

  • The GitHub connector no longer shows a sync_users: failed fetching external users error if you do not have SAML enabled.

  • You can now successfully set up the Snowflake connector without getting a failed to parse 'Account ID / Locator' error.

  • Options in the more items (…) menu on My work area task pages are no longer unresponsive. The modals for each menu option now open properly.

February 24, 2023

Usability improvements

  • Who approves the approvers? If you request access to an app or resource that you are an approver for, your request is now automatically approved. However, if the request policy governing the app or resource doesn’t allow self-approval, you’ll still need another user to manually approve your request.

  • If an automated step in a task (such as automated connector provisioning or deprovisioning) isn’t completed because of a system error, the error is now shown on the relevant step in the task’s details view.

  • When setting up a Slack channel for a campaign, ConductorOne now checks to see if the channel name you’ve entered already exists in your Slack instance. If the channel exists, ConductorOne will invite reviewers and send campaign notifications in that the Slack channel instead of creating a new one.

Fixed!

  • You can successfully sort a task view by account while the list of tasks is filtered by a resource type.
  • The number of grants in Zendesk groups is shown correctly.

February 17, 2023

Delegate integration setup to an integration owner. When you’re working on integrating a new application with ConductorOne, you can now tap your company’s resident expert in that app to create and enter all the relevant credentials.

The new delegated integration owner workflow starts with an admin setting up the integration and naming an integration owner to finish the process. ConductorOne notifies the integration owner by email that their help is needed to complete the integration setup, and directs them to the relevant page. Check out the docs for any integration to learn more about how the process works.

Setting up a new Sentry integration and designating an integration owner.

Usability improvements

  • The messages that pop up at the top of your screen to confirm an action or let you know there’s a problem are now more specific to the work you’re doing.

  • New columns displaying the application name and the resource type are now included in all task tables.

  • We added a message explaining the situation if there are no applications available to request.

  • In the Tasks table, we replaced the due date column with a column showing the current state of each task.

  • If access to an application or resource is asked for or granted for a limited time, the length of access is now shown in the relevant Slack messages.

Fixed!

  • Sometimes a list of options in a dropdown showed more than one choice with the same name. We’ve added more context to those choices so you’ll be able to tell the difference and select the one you need.

  • Info drawers are now correctly shown in front of modals when both are open at the same time.

  • If an application name was created using double spaces, the app name was displayed with only a single space. If you tried to delete the application and typed in the name as displayed–with single spaces–you received an error because despite what it showed you, ConductorOne expected the name of the app to contain double spaces. Phew. This is now fixed.

February 10, 2023

Google Cloud Platform connector no longer syncs empty roles. The Google Cloud Platform (GCP) connector no longer syncs roles that do not have any grants. This change is necessary because by default, each GCP project contains roughly 1,000 roles. Removing empty roles from the sync significantly improves the performance of the connector and the usability of the entitlement data it pulls into ConductorOne. If you want to include an empty GCP role in your access review, assign a service account to the role before creating the campaign.

Fixed!

  • When reassigning a task to another user, the user selection dropdown now correctly displays user names.

  • Users with the Basic User user role can now successfully request access to new tools and resources.

  • File mapping settings are now preserved and implemented correctly when you upload a new version of a file.

February 3, 2023

Data value mappings for imported data. When you import application data using a CSV file or an Excel spreadsheet, ConductorOne attempts to match the data values in your file to the data values the system expects. We’re pleased to introduce a new mapping interface that’s designed to make it easier to reconcile the data output by your application and the data model used by ConductorOne. Check out the new mapping interface by uploading a file to a new or existing application and then clicking Set Mappings.

The data mappings drawer open with mapping data entered.

Usability improvements

  • We’ve improved the search autocomplete experience across ConductorOne, making it easier for you to find what you’re looking for.

  • The progress bar on your list of access review tasks now shows the number of tasks competed, rather than the percentage.

  • On pages in the My work area where every entry in the task type or current state column was always the same, we removed the redundant columns.

  • A user’s job title and department is now displayed in list views, if that information is available to ConductorOne. If not, the user’s email address is shown instead.

  • You can now include account profile attributes in your file imports to pull in more data about your application accounts to ConductorOne.

  • Tasks that you’ve acted on but that are assigned to you for a subsequent step are now shown in your tasks list. Only tasks on which no further action is currently required from you are shown as completed tasks.

Fixed!

  • If a task uses a policy that requires an entitlement owner’s approval, but no entitlement owner is assigned, the task now shows a No assigned user message instead of getting stuck in a pending state.

  • You can now successfully add an entitlement that does not have a display name to a request catalog.

  • The option to bulk approve open tasks is now hidden when viewing only completed tasks.

January 27, 2023

Application and entitlement details pages. We’ve redesigned the details pages for applications and entitlements so you have more visibility and edit control from a single screen. See all of an application’s data sources in a single pane, manage application and entitlement owners, update default policies, record per-seat application costs, set entitlement provisioning behavior, and much more.

Usability improvements

  • The Sentry connector now pulls and syncs your Sentry user roles.

  • The purpose of the bulk Complete reviews button wasn’t immediately clear, so we rewrote the button label. It now shows the number of reviews that are left to be completed in the current list, which we hope will make the bulk action control a bit clearer.

  • We standardized our policy type terminology across the application, removing certify and approve in favor of review and request.

  • Users with the Basic User role can no longer cancel their assigned tasks unless the subject of the task’s account has been deleted.

January 13, 2023

Campaign summary. A new campaign summary design gives campaign owners a quick overview of the current state of their campaigns in a more compact format.

The header of a campaign titled SOXQ4 showing 54 of 69 reviews complete.

Coupa connector improvements. We’ve made several updates and fixes to the Coupa connector, including showing the status of Coupa users on the application’s Accounts tab and elsewhere; adding a license entitlement; and improving the connector’s performance.

Usability improvements

  • We’ve spruced up our welcome mats: the sign up and log in pages have a refreshed design.

  • The Documentation link in the left navigation panel now opens in a new browser tab.

  • When a task is closed (either completed or canceled), the assignee is automatically removed.

  • Policy and task types (Review, Request, and Revoke) are now used consistently with their accompanying icons.

  • The error message that appears if you forget to include a reason when submitting a bulk action now highlights the comment field.

Fixed!

  • The resource filter on the campaign tasks page now correctly shows all other available resources when one resource is selected.

  • Coupa roles now sync correctly.

  • You can now successfully remove an application’s default policies.

  • There’s no longer a long delay before edits to the list of entitlement owners are displayed on the page.

January 6, 2023

Happy New Year! Here’s to a secure and confident 2023!

Usability improvements

  • The GitHub connector log now shows a record of SAML data sync actions.

  • You can now filter a campaign’s tasks by Revoke, Request, or Review task type.

  • Searches for campaign tasks now return results far more quickly.

  • In other speedy news, data uploads via spreadsheet or CSV are also processed more rapidly.

December 22, 2022

Sync an integration on demand. Integrations pull info from the source application once an hour by default, but there are times when you might want to start a sync immediately, or stop an in-progress sync and restart the process. We’ve added a new Sync now control to each connector, giving you the power to sync the latest app info on demand.

Removed: Read-only user role. To streamline our user role model, we’ve removed the Read-Only User role. Any user who was assigned only this role has been automatically assigned the Basic User role instead.

Usability improvements

  • Task ID numbers are now searchable.

  • When reviewing resources on the Access explorer page, you can now click any resource name to see its full details.

Fixed!

  • The develop.lightning.force.com domain is now accepted when setting up a Salesforce connector.

December 16, 2022

Task ID numbers. To support audits, improve the specificity of notifications, and help you manage your approval and review workload, every task in your instance now has a unique ID number, which is shown in table views and on the task’s details screen.

Usability improvements

  • We’ve upgraded tables throughout ConductorOne to include loading indicators, sticky headers, infinite scroll, and other improvements to help you browse and get your work done more efficiently.

  • If automatic app provisioning or deprovisioning for a user fails, the task is now automatically reassigned to the application’s owner.

  • Deleted tasks now show a banner on the details page and a deletion entry in the audit log.

  • We smoothed out some approval process logic to prevent repeatedly and unnecessarily notifying people on certain multi-step approval tasks with several possible approvers.

  • When you create a campaign Slack channel, we now automatically adapt the name you choose (if necessary) to fit Slack’s rules for channel names. This means we’ll lowercase the name, replace any periods or spaces with underscores, and cut it off at the 80-character mark.

Fixed!

  • The sandbox.my.salesforce.com domain is now accepted when setting up a Salesforce connector.

  • Pagination on the list of grants for OneLogin now works correctly.

  • The date a campaign was actually closed is now shown as its completion date, rather than the target completion date set when the campaign was created.

December 9, 2022

OneLogin connector is now generally available. Check out the OneLogin integration instructions to connect your OneLogin instance with ConductorOne.

Policy details on demand. Click a policy’s name in a task or a campaign overview to learn more about the policy and see the full list of its steps, all without leaving the current page.

Usability improvements

  • We streamlined the info that appears on each entitlement and removed some redundancy.

  • You can now complete provisioning and (more importantly) deprovisioning updates on tasks for users who have been deleted from an app.

  • If a delegated provisioning task errors and is not completed, you can now restart the task to force the provisioning app to give it another try.

Fixed!

  • The remaining list of your assigned access review tasks by user is now shown correctly when the first page of tasks has been completed.

  • When setting up a Coupa connector, both coupahost and coupacloud domains are now accepted.

  • The Request field in email notifications now shows the correct user’s name.

November 28, 2022

Five new generally available connectors. We’re delighted to announce that connectors for Docusign, BambooHR, Google Cloud Platform, OpsGenie, and Twingate are now generally available.

Comment indicator on task lists. To make it easier to tell at a glance whether there are comments on a task, we’ve added a new comment indicator. You’ll now see a count of the number of comments in the thread in the Status column of the task list.

There are two comments on this revoke task.

Usability improvements

  • The account owner is now shown in the certification tasks list.

  • We’ve made improvements and fixes to messaging in the Slack app

Fixed!

  • Status indicators on the task details page are once again the correct size and shape.

  • In emails with details about the user’s access request, the correct user’s name is shown.

  • Task links now show up correctly for new access requests.