The applications that hold key information about your company’s employees are called directories in ConductorOne. Directory apps might include your company’s human resources (HR) app, your identity provider (IdP), or any other apps where data on your company’s employees (such as managers, employment status, department, or job title) is kept.
A user with the Super Administrator role in ConductorOne must perform this task.
Step 1: Integrate the apps that hold employee data
The first step is to set up integrations with the app or apps that hold employee data. These might include your HR system, your identity provider (IdP), or other apps. Browse our integrations library and follow the instructions in the linked docs to integrate the app (or apps) where your employee data is found.
You can also create a custom app from a spreadsheet or CSV of key employee data, and set this as a directory.
Is there an integration you’d like to see added to the library? Let us know!
Step 2: Set apps as directories
Next, tell ConductorOne that the apps you’ve integrated are your directories. You can (and probably will!) have multiple directories, as employee data is commonly stored across multiple apps.
In the ConductorOne navigation panel, open Administer and click Settings.
In the User data sources area of the page, click Edit.
Some apps that are commonly used as directories are automatically added to this section when you integrate them:
- Google Workspace
If your directory app was not automatically added, select an application in the dropdown and click Add.
If needed, repeat this process for additional apps.
Step 3: ConductorOne creates user accounts from your directory apps
When an app is set as a directory, ConductorOne automatically uses the info in the directory’s accounts (excluding service accounts) to create ConductorOne user accounts. The user’s email address is the key data point for ConductorOne. Accounts from various apps integrated with ConductorOne are all tied to the same human user because they all share an email address.
That’s a little complicated. Let’s walk through an example.
Kelly is an employee at your company. Her work email is
firstname.lastname@example.org. This email address is connected to Kelly’s accounts in the HR app the company uses (BambooHR), in the company’s IdP (Okta), and in several other apps (GitHub, DocuSign, and Slack).
You’re setting up ConductorOne for the company. You integrate BambooHR and Okta. When you set these two apps as directories, ConductorOne automatically creates ConductorOne user accounts for all the human users it finds in BambooHR and Okta (service accounts are ignored). Since Kelly has an Okta account and a BambooHR account that use the same email address, ConductorOne creates just one account for her. Kelly will use her ConductorOne account to request new access and to complete access reviews.
Later on, when you integrate GitHub, DocuSign, and Slack, Kelly’s accounts on those apps, all of which use
email@example.com, will also be associated with her ConductorOne user account. ConductorOne understands that the access to all five apps belongs to the same person because they’re all linked by a common email address.
New user accounts created by ConductorOne are automatically granted the Basic User role. You can adjust individual users’ roles to reflect the work they’ll do in ConductorOne.
Now that your directory apps are set up, tell ConductorOne where to find key data about your employees by mapping key user attributes.