ConductorOne provides identity governance and security posture visibility for Wiz. Integrate your Wiz instance with ConductorOne to sync security insights related to user and service accounts, enabling identity-aware cloud security posture visibility.
To configure the Wiz Insights connector, you need API access in Wiz with permission to read issues. You also need to know the GraphQL API URL and OAuth2 token endpoint for your Wiz region.
1
Log in to Wiz and navigate to Settings > Service Accounts.
2
Create a new service account with OAuth2 credentials:
Click Add Service Account
Enter a name: ConductorOne
Select the following scope:
read:issues - Allows syncing security issues as insights
Click Create
Copy and save the Client ID and Client Secret securely
3
Determine your Wiz API endpoints:
GraphQL API URL: The regional API endpoint for your Wiz tenant (e.g., https://api.us17.app.wiz.io/graphql)
Auth Endpoint: The OAuth2 token endpoint (e.g., https://auth.app.wiz.io/oauth/token)
You can find these in the Wiz documentation or your Wiz tenant settings.
Follow these instructions to use a built-in, no-code connector hosted by ConductorOne.
1
In ConductorOne, navigate to Integrations > Connectors and click Add connector.
2
Search for Wiz Insights and click Add.
3
Choose how to set up the new Wiz Insights connector:
Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that are not yet managed with ConductorOne)
Add the connector to a managed app (select from the list of existing managed apps)
Create a new managed app
4
Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of ConductorOne users. Setting multiple owners is allowed.If you choose someone else, ConductorOne will notify the new connector owner by email that their help is needed to complete the setup process.
5
Click Next.
6
Find the Settings area of the page and click Edit.
7
Enter the required configuration:
Wiz API URL (required): The Wiz GraphQL API endpoint for your region
Client ID (required): OAuth2 client ID from your Wiz service account
Client Secret (required): OAuth2 client secret from your Wiz service account
Auth Endpoint (required): OAuth2 token endpoint for authentication
8
Click Save.
9
The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.
That’s it! Your Wiz Insights connector is now pulling security insights into ConductorOne.
Follow these instructions to use the Wiz Insights connector, hosted and run in your own environment.When running in service mode on Kubernetes, a self-hosted connector maintains an ongoing connection with ConductorOne, automatically syncing and uploading data at regular intervals. This data is immediately available in the ConductorOne UI for access reviews and access requests.
In ConductorOne, navigate to Integrations > Connectors > Add connector.
2
Search for Baton and click Add.
3
Choose how to set up the new Wiz Insights connector:
Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that are not yet managed with ConductorOne)
Add the connector to a managed app (select from the list of existing managed apps)
Create a new managed app
4
Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of ConductorOne users. Setting multiple owners is allowed.If you choose someone else, ConductorOne will notify the new connector owner by email that their help is needed to complete the setup process.
5
Click Next.
6
In the Settings area of the page, click Edit.
7
Click Rotate to generate a new Client ID and Secret.Carefully copy and save these credentials. They are used in Step 2.
Create a namespace in which to run ConductorOne connectors (if desired), then apply the secret config and deployment config files.
2
Check that the connector data uploaded correctly. In ConductorOne, click Applications. On the Managed apps tab, locate and click the name of the application you added the Wiz Insights connector to. Wiz security insights should be found on the application page.
That’s it! Your Wiz Insights connector is now pulling security insights into ConductorOne.
