Shine a light on shadow apps

ConductorOne Docs

Connect directory apps and create user accounts

Integrate your directory apps and designate them as the sources of truth for employee information.

What is a directory app?

The applications that hold key information about your organization’s employees are called directories in ConductorOne.

Directory apps can include:

  • Your human resources app
  • Your identity provider (IdP)
  • Other apps that contain employee data such as manager, employment status, department, or job title

Once directory apps are set, ConductorOne uses their information to create ConductorOne user accounts for everyone in your company.

Step 1: Integrate apps that hold employee data

This task requires the Super Administrator role in ConductorOne.

First, set up integrations with the apps that hold employee data, such as your HR system and your identity provider (IdP). Browse our integrations library and follow the instructions in the linked docs to integrate the apps where your employee data is found.

You can also create a custom app from a spreadsheet or CSV of key employee data, and set this as a directory.

Step 2: Set apps as directories

Next, tell ConductorOne that the apps you’ve integrated are your directories. You can (and probably will!) have multiple directories, as employee data is commonly stored across multiple apps.

  1. In the ConductorOne navigation panel, open Admin and click Settings.

  2. In the User data sources area of the page, click Edit.

  3. Some apps commonly used as directories are automatically added to this section when you integrate them:

    • Google Workspace
    • Okta
    • OneLogin
    • JumpCloud
    • BambooHR

    If your directory app was not automatically added, select an application in the dropdown and click Add.

  4. If needed, repeat this process for additional apps.

  5. Click Done.

Step 3: ConductorOne creates user accounts from your directory apps

When an app is set as a directory, ConductorOne automatically uses the info in the directory’s accounts (excluding service accounts) to create ConductorOne user accounts. The user’s email address is the key data point.

Accounts from various apps integrated with ConductorOne are all tied to the same human user because they all share an email address.

Here’s an example of how it works.

Kelly is an employee at your company. Her work email is kelly@acmeco.com. This email address is connected to Kelly’s accounts in the HR app the company uses (BambooHR), in the company’s IdP (Okta), and in several other apps (GitHub, DocuSign, and Slack).

You’re setting up ConductorOne for the company. You integrate BambooHR and Okta. When you set these two apps as directories, ConductorOne automatically creates ConductorOne user accounts for all the human users it finds in BambooHR and Okta (service accounts are ignored).

Since Kelly has an Okta account and a BambooHR account that use the same email address, ConductorOne creates just one account for her. Kelly will use her ConductorOne account to request new access and to complete access reviews.

Later on, when you integrate GitHub, DocuSign, and Slack, Kelly’s accounts on those apps, all of which use kelly@acmeco.com, will also be associated with her ConductorOne user account. ConductorOne understands that the access to all five apps belongs to the same person because they’re all linked by a common email address.

What’s next?

New user accounts created by ConductorOne are automatically granted the Basic User role. You can adjust individual users’ roles to reflect the work they’ll do in ConductorOne.

Now that your directory apps are set up, tell ConductorOne where to find key data about your employees by mapping key user attributes.