Inside DigitalOcean’s SOX Compliance Playbook

ConductorOne docs

Import application data from a file

Import data from any application using flat file uploads or by syncing from an external data source.

⏱️ Quick tips for success when uploading files to ConductorOne:

  • Use .xlsx, .csv, or .c1z file format.

  • Include a User ID column in your file, or map a data value in your source file to the User ID column.

  • Map your source file’s data values to ConductorOne’s expected data values.

What are file connectors?

File connectors sync application data from apps that do not have an automated connector available, such as non-API-enabled, legacy, or homegrown on-prem apps.

You can add file connectors to ConductorOne in two ways:

ConductorOne allows you to add more than one connector to an application. This is useful if entitlement, user, or permission data is extracted from the target application with multiple exports.

Supported file formats

Application data can be imported into ConductorOne using three different file formats:

  • Comma Separated Value (.csv) files (values can be either comma- or tab-separated)

  • Excel (.xlsx) files

  • ConductorOne Baton (.c1z) files: these files are generated using the Baton protocol

Other file formats will not upload successfully.

Creating Excel and CSV files

ConductorOne allows for custom configurations in your Excel or CSV file, as each file can be dynamically mapped into different data elements in ConductorOne, such as username, email, or manager.

You can use one of our templates as a starting point:

Identity-focused template

Use this template if your data is organized by accounts or users.

Entitlement-focused template

Use this template if your data is organized by entitlements or permissions.

Importing accounts, resources, and entitlements

When constructing your Excel or CSV file, include as much data on users, resources, entitlements, and grants as possible.

To successfully upload account information you must either include a “User ID” column in your file or map a data value in your source file to the User ID column.

If there is no native user ID for the application, we suggest using the email address or username associated with the account as the User ID.

Designate service and system accounts in your file

Follow this process to designate service accounts and system accounts in your file and associate these special accounts with the human user responsible for each one.

  1. Add a column titled User Type and a column titled Account Owner to your file.

    Make sure to use these exact column titles so ConductorOne understands how to process the data.

  2. In the User Type column, use Service and System to designate these special account types. Any account that is not specifically designated will be interpreted as a user account.

  3. In the Account Owner column, add the email address for the human user responsible for each service or system account.

These fields will map account types and account owners respectively, and this information will be reflected in the Accounts tab of the application.

Why is this process necessary? Options for mapping account type and account owner information to the column names of your choice have not yet been added to the Set mappings page. We’re planning to make this change soon. In the meantime, use the exact column headers User Type and Account Owner in your spreadsheet so ConductorOne can correctly understand and process the information.

Using .c1z files

Files in the ConductorOne Baton file format are supported natively for application data uploads in a non-lossy format. In other words, the .c1z file preserves all resource metadata, hierarchy, and grant structures that are discovered in an application. When uploading a .c1z file, there is no need to configure file mappings. ConductorOne understands and ingests the application data automatically.

Add a file connector to an app

To add file data to an application:

  1. Navigate to a ConductorOne application and find the Connectors area of the page.

  2. Click Import app data and choose your import method:

    • From file: Upload your Excel, CSV, or c1z file.

    • From data source: Select your external data source and enter the name of your file, then click Import.

ConductorOne will now begin ingesting the data into the ConductorOne application. To review the detected delta between files, click View logs on the connector.

You can upload data to any application, even if the application has another connector. This allows you to digest all entitlements for an app, even if an existing connector does not sync all of the needed account or resource data.

Map data values

When you upload a custom spreadsheet, the data values in your file might not automatically be matched with ConductorOne attributes. For example, a data file that includes a column titled “Last” for a user’s last name might not automatically be understood by ConductorOne, which expects the data in that column to be titled “Last Name.”

To ensure that the data in your spreadsheet maps accurately into ConductorOne’s system, map your spreadsheet’s values to those used by ConductorOne.

  1. From either the Connectors page or an app’s details page, locate the file connector.

  2. Click the (more actions) menu and select Set mappings.

  3. In the Set data value mappings drawer, choose the data values from your source file that align with the data values used by ConductorOne.

    Mapping a source file value to each ConductorOne value is not required. You can leave values that do not apply to your source file’s data unmapped. However, any values in the source file that are not mapped to a ConductorOne data value will not be imported.

  1. Once you’ve mapped the data values, click Set mappings to save them.

When you set the mappings, ConductorOne automatically reprocesses the data with the changed mappings. You can see the output of the changes by viewing the log.

Refresh or replace file data

Periodically, you may need to refresh data in your file connector, whether to prepare for upcoming access review campaigns or simply to refresh the source of truth of accounts and permissions in ConductorOne. Doing so it as simple as replacing the current uploaded file with a more current version.

Do I need to redo the data mappings each time I replace a file? No, your data mappings are preserved across uploads. You’ll only need to change data mappings after replacing a file if the file’s contents have changes the mapping pattern.

To refresh application data in a file connector:

  1. From the Applications page, navigate to the relevant application.

  2. Locate the Connectors section on the Setup tab.

  3. Find the previously uploaded file, which is listed as a file connector, and click Replace file.

  4. Upload the updated file. Check the log to see the output of the changes.

That’s it! The updated data is processed and loaded into the application.