Adding applications
There are three types of applications in ConductorOne:
Managed apps: Apps for which ConductorOne can provide visibility, governance, and automation.
Unmanaged apps: Apps that have been discovered in federation providers such as Microsoft Entra or Okta. ConductorOne can move these apps to the Managed state to begin enforcing access controls.
Shadow apps: Apps that have been discovered in your environment but are likely not sanctioned for use by your organization’s corporate IT. Learn more about shadow apps.
Creating a managed app
Managed apps are the starting point for enforcing access controls and governance. There are several ways to create a managed app in ConductorOne:
- Authorizing a shadow app: on the shadow application, you can Authorize it. This moves it to managed.
- Managing an unmanaged app: on an unmanaged app, you can click Manage. This will move the app to managed.
- Adding a connector and creating a new app: when adding a connector, if you do not attach it to an existing managed or unmanaged app, it will create an application by default.
- Creating a custom app: on the Applications page, click New application and create a custom app.
All newly created tenants start with a single managed app: the ConductorOne app.
Custom apps
Custom apps are a great starting point if you want to:
- Ingest flat files into an app for UARs
- Create an app that provisions access using webhooks or helpdesk tickets
To create a custom app:
Navigate to Applications
Click New Application
Enter the title, description, and select the app owner
Click Continue
Unmanaged apps explained
When you add a connector for an app that is an identity provider (IdP), SSO, or federation provider, the connector with discover the apps that are inside of it. These apps are added to the Unmanaged app list on the Applications page.
Unmanaged apps are a great starting point for enforcing access controls. To setup access controls on an unmanaged app:
Navigate to Applications > Unmanaged apps tab
Find the app you want to manage
Click Manage
Select the application owners and click Manage
This will migrate the unmanaged app to a managed state.
On the app page, you can now enforce access controls, get visibility into who has access to the app, run UARs, and more.
How connectors relate to apps
Connectors provide data ingestion and orchestration functionality for a managed application. Connectors are added from the connector library or by integrating an on-prem hosted connector.
When adding a connectors, you can:
Add a connector to an existing managed app
This option adds a connector to an existing managed app. This may be useful if you’ve created a custom app, and want to add a connector after the fact.
Add a connector to an unmanaged app
This option adds a connector to an unmanaged app and in doing so, promotes the app to the managed state. This is very useful when adding connectors for applications that live in your IdP or SSO provider.
For example: You’ve connected Okta to ConductorOne. We discovered Salesforce and put it into the unmanaged state. You want to add a Salesforce connector to the app so that it can automate data ingestion for UARs and automation provisioning. In this scenario, you would:
- Navigate to Connectors
- Find Salesforce and click Add
- Choose Add to unmanaged app and select Salesforce from the dropdown
- Click Continue
By completing these steps, you will now have a managed Salesforce app, that has a connector that gives full visibility into accounts, permission sets, and roles and can automate provisioning and access control.
Create a new app
Use this option if you want the connector to create a new application instead of tying it to an existing managed or unmanaged app.
Data files as connectors
ConductorOne treats flat files such as CSV uploads as connectors as well (since they are data sources). You can learn more about file connectors here.
When should an app have multiple connectors?
In most cases, you’ll only have a single connector for an application. However, it’s not uncommon to need or want to have multiple data sources feeding into one application in ConductorOne.
For example: There is a complex app that requires multiple flat file uploads to fully represent the user and application data. In this case, you would add multiple file connectors to the application - one for each of the files.
Important notes about managing applications
Delete applications with great caution!
If you delete an IdP, federation, or SSO provider application form ConductorOne, all of the applications that have been discovered within it, both those that are unmanaged and those you’ve moved to managed and added connectors to, will also be deleted. You’ll have to manually recreate these apps and re-add connectors to them to continue managing them with ConductorOne.