Nailing the Security Audit with RRCU

ConductorOne docs

How to request new access

Whenever you need access to a certain application, or access to a resource on like a group, repo, or role within an app, make a request through ConductorOne.

Where can I request new access?

You’ve got some choices!

  1. Do you want to explore all the access available to you? Use the Manage access page.

  2. Do you know what you need and want to request it quickly? Use the Request access form.

  3. Do you want to make a request without leaving your Slack workspace? Use Slack.

  4. Do you prefer to request access from the command line? Use the ConductorOne CLI.

Why don’t I see all the apps my company uses?

For both simplicity and security, the list of apps and permissions you can request is limited. If you’re in the Accounting department, you probably don’t need access to the tools the Product Design team uses, or vice versa.

The ConductorOne admins at your company set up groups of apps and permissions called access profiles. Some access profiles are visible to everyone, but others are just for certain departments or job types. The access profiles you have access to determine which apps you can see and ask for.

The admins also have the option to let you ask for all the apps in an access profile in a single request. If these are available to you, you’ll find them on the Profiles tab.

Can I request access for others?

Most users can only request their own access, but there are a few exceptions:

  • Managers can request access for the members of their team.

  • ConductorOne users with the Access Request Helpdesk, Access Request Admin, or Super Administrator roles can request access for anyone.

If you’re a manager or have one of these user roles, you’ll see an option to request new access for others when creating an access request.

Request from the manage access page

The Manage access page is a personalized app catalog containing all the apps and resources currently assigned to you and available for you to request.

  1. In ConductorOne, navigate to Manage access and click Browse.

    The Browse access page showing 13 available apps.

    A green checkmark on an app’s tile indicates that you have access to that app. When you click on an app, a green checkmark on a resource indicates that you have access to that resource.

  2. To request a single app or permission, on the Apps tab:

    1. Navigate to the resource or app you need and click Request.

      A detail from the Browse access page showing Request buttons next to Jira Cloud in the header of the page (click here to request access to the app itself) and next to the Member entitlement on the Administrators group (click here to request this specific entitlement).
    2. Set how long you need the access for. Some sensitive or expensive resources can only be requested for a limited time. Choose from one of the pre-set options, or enter a custom timeframe by selecting Custom.

    3. Tell the reviewer why you’re requesting this access. This helps them make their decision, so be specific.

    4. If the emergency access toggle is present: The access you’re requesting is available for emergency access requests. If you’re requesting this access to address an emergency (as defined by your company’s critical incident or emergency procedures), enable the Emergency access toggle.

    5. Click Submit request. The Request button changes to a View request link. Click the link to see the request task’s progress.

  3. To request an entire access profile’s worth of permissions, on the Profiles tab:

    1. Select the profile you want to request.

      The Bundles tab showing two available bundles.
    2. Click Request all at the top of the page.

    3. Tell the reviewer why you’re requesting this profile. This helps them make their decision, so be specific.

    4. Click Request all.

That’s it! The request is created and added to your Open requests list.

While a request for a specific resource is pending, an hourglass is shown. Click on the resource to access the View request link, which takes you to the request task. You can view the status of the request there and see who the assigned reviewers are. You can leave a comment on any request, and even cancel it if needed.

A detail from the Browse access page showing an hourglass icon next to the GitHub DataEng team resource and a View request link next to the Member entitlement for this resource.

ConductorOne will send you an email when your request is approved or rejected, and another when the new access is granted.

Request using the request access form

If you already know what access you need, use the Request access form to quickly submit a request.

Request a profile

  1. In ConductorOne, at the top of the page, click + Request access and select the Profiles tab.

  2. Select the profile you want to request.

  3. Tell the reviewer why you’re requesting this profile. This helps them make their decision, so be specific.

  4. Click Request profile.

That’s it! ConductorOne will automatically create individual requests for everything in the access profile that you don’t already have access to. You can view the status of the requests on your Open requests page. You can leave a comment on any request, and even cancel it if needed.

ConductorOne will send you an email when your requests are approved or rejected, and another when new access is granted.

Request an app or permission

  1. In ConductorOne, at the top of the page, click + Request access and select the Apps tab.

  2. Select an application from the Which app? dropdown, which shows all the apps that are available for you to request.

  3. Select the specific access you need. Based on the type of access available to you (and what you already have), you might be asked if you need:

    • Basic app access: Choose this option if you’re looking for a new account on an app you’re using for the first time.

    • A specific role, group, or resource: Choose this option if you have an account on the app but need access to something more specialized. You can select more than one resource from the same application.

      Wait, my request form looks different. Don’t worry. If your request form has fewer options, it means that because of your current access grants or the available resources on the app you’ve chosen, we can streamline the form for you and get you on your way.

  1. Set how long you need the access for. Some sensitive or expensive resources can only be requested for a limited time. Choose from one of the pre-set options, or enter a custom timeframe by selecting Custom.

  2. Tell the reviewer why you’re requesting this access. This helps them make their decision, so be specific.

  3. If the emergency access toggle is present: The access you’re requesting is available for emergency access requests. If you’re requesting this access to address an emergency (as defined by your company’s critical incident or emergency procedures), enable the Emergency access toggle.

    Emergency access requests bypass the normal review procedure and use a special expedited process to grant requests to critical access in emergency situations. Your company’s IT procedures will define when it’s appropriate to request emergency access.

    Can I escalate an open access request to emergency access? You can! If you requested standard non-emergency access, but realize you need emergency access while the request is still open, go to the request and click Escalate to emergency access.

  1. Click Submit request.

That’s it! The request is created and added to your Open requests list. You can view the status of the request, leave a comment on any request, and even cancel it if needed.

ConductorOne will send you an email when your request is approved or rejected, and another when the new access is granted.

Request using the Slack app

If your company uses Slack and an admin has set up the ConductorOne Slack app, you can request new access and receive notifications directly from the platform.

Add the ConductorOne Slack app to your account

Before you begin: A Slack administrator at your company must install the ConductorOne app in your Slack workspace.

  1. In Slack, navigate to the Apps section of the navigation bar.

  2. Click Add apps and search for ConductorOne.

  3. Click the ConductorOne app and follow the prompts to add it to your Slack account.

That’s it! You can now interact with ConductorOne directly from Slack.

Create an access request

  1. In any Slack channel, type /c1 request.

    Alternatively, navigate to the ConductorOne Slack app and click Home > Request Access.

    The Submit a Request form opens.

  2. Select an application from the Which app do you need? dropdown, which shows all the apps that are available for you to request.

  3. Select the specific entitlement (permission) you need. If you’re looking for a new account on an app you’re using for the first time, choose Access.

  4. If asked, specify how long you need the access for. Some sensitive or expensive resources have limited duration requirements, others can be requested indefinitely (if you’re requesting one of these, you won’t be asked about a duration).

  5. Tell the reviewer why you’re requesting this access. This helps them make their decision, and becomes a note in the audit log of all the access granted to all the company’s employees.

  6. Click Submit.

That’s it! You’ll immediately get a new access request notification on the Messages tab of the Slack app.

This is also where you’ll be notified when your new access is granted. Comments or updates on your request will be added to it in a thread. You can also type new comments in the thread, and they will be automatically copied to the request’s details page in the ConductorOne web app and sent to the request’s assigned approvers is Slack.

If you want to see the access request task with all its details, click the blue Grant [your name] [your requested access] link in the notification to go to the request’s details page in the ConductorOne web app.