How to complete access change tasks
Complete a request task
Request tasks are assigned to you when a colleague asks for new access and your review of the request is needed. Reviewers are assigned based on the request policy governing the requested app or resource.
Step 1: Receive a notification and go to the task
ConductorOne sends you notifications by email and Slack (if enabled) whenever a task is assigned to you. Make sure that notification emails can reach your inbox by adding no-reply@conductorone.com to your email contacts list.
Go to Interact with ConductorOne via Slack for instructions on setting up our Slack app.
Log into ConductorOne by clicking the link in your email or Slack notification.
If the link in your notification does not direct you to the task list automatically, locate it by clicking on Requests in the Assignments section of the navigation panel.
Step 2: Review the task and take action
Each line in the table is a task assigned to you. For each task, complete the appropriate steps:
Review the request
- Look at the account and the resource. Is this access needed for the user’s work and appropriate to the user’s role in the company?
Learn more about the request
If you need more information about the request, click the task number to open the details view, where you’ll find additional information to help you make your decision.
If you’re a reviewer for emergency access requests: Go to Enable emergency access requests to learn more about how and when these special requests are created and how they’re designated in the ConductorOne app.
View insights from ConductorOne Access Copilot to help make your decision.
Provide your decision
If you agree that the access should be granted, click Approve.
If you don’t think this access should be granted, click Deny.
I see there is more than one review step. If I deny the request does it still go to other reviewers? No, the review will stop at you, and the request will be closed.
Step 3: Repeat the process
Repeat these steps to review and take action on each request task assigned to you.
To take the same action on multiple tasks at once, select each task by clicking its checkbox, then select the action from the menu at the bottom left. You’ll be prompted to add a comment about your action, which is posted on each impacted task.
Click Completed tasks to see everything you’ve finished so far.
Complete a provisioning task
A request to grant new access has already been reviewed and approved. A provisioning task is now assigned to you because manual provisioning of the new access is required and you are a designated provisioner for the app.
Step 1: Receive a notification and go to the task
ConductorOne sends you notifications by email and Slack (if enabled) whenever a provisioning task is assigned to you. Make sure that notification emails can reach your inbox by adding no-reply@conductorone.com to your email contacts list.
Go to Interact with ConductorOne via Slack for instructions on setting up our Slack app.
Log into ConductorOne by clicking the link in your email or Slack notification.
If the link in your notification does not automatically direct you to the task, locate it by clicking on Requests in the Assignments section of the navigation panel.
Step 2: Review the task and take action
Go to the Awaiting provisioning tab on the Requests page. Each line in the table is a provisioning task assigned to you.
Complete the provisioning process in the requested app, then click Provisioned. Click the more actions (…) menu for additional options, such as marking the task as Won’t provision.
If you need additional guidance or context, click the task number to open the task’s details page. Here you’ll find additional information:
If the ConductorOne admins at your company have provided any notes or instructions for how to complete the provisioning assignment, these are shown on the details page.
The Comments section shows any notes other members of your organization have made about this task. (Comments posted in Slack about this task are also displayed here.)
The Task details section shows the task’s workflow, highlighting the role you play and the policy being applied to this task. In this section you’ll also find controls to reassign the task, if reassignment is allowed.
Step 3: Repeat the process
Repeat these steps to complete each provisioning task assigned to you. Click Completed tasks to see everything you’ve finished so far.
Complete a revocation task
Revocation tasks are generated when someone (such as a manager or app owner) decides that some access is no longer used, needed, or appropriate, and recommends its removal.
ConductorOne creates a revocation task and assigns it to the appropriate reviewer (you’re likely reading this because that’s you!). Reviewers are assigned based on the applicable revocation policy.
Step 1: Receive a notification and go to the task
ConductorOne sends you notifications by email and Slack (if enabled) whenever a revocation task is assigned to you. Make sure that notification emails can reach your inbox by adding no-reply@conductorone.com to your email contacts list.
Go to Interact with ConductorOne via Slack for instructions on setting up our Slack app.
Log into ConductorOne by clicking the link in your email or Slack notification.
If the link in your notification does not direct you to the task list automatically, locate it by clicking on Revocations in the Assignments section of the navigation panel.
Step 2: Review the task and take action
Each line in the table is a task assigned to you. For each task, complete the appropriate steps:
Review the proposal
- Look at the account and the resource. Is this access no longer needed for the user’s work, or no longer appropriate to the user’s role in the company?
(Optional) Find more information about the proposal
If you need more information, click the task number to open the details view, where you’ll find additional information to help you make your decision:
Click the arrow next to the account name to open the Account attributes panel. Here you’ll see all attributes associated with the application account.
The Comments section shows any notes other members of your organization have made about this task. (Comments posted in Slack about this revocation proposal are also shown here.)
The Task details section shows the task’s workflow, highlighting the role you play, and the policy being applied to this task. In this section you’ll also find controls to reassign the task, if reassignment is allowed.
Provide your decision
If you agree that the access should be revoked, click Confirm.
If you don’t think this access should be revoked, click Deny. This means you believe the access is still needed and appropriate. Clicking Deny will halt the revocation process and close the task.
Step 3: Repeat the process
Repeat these steps to review and take action on each task assigned to you.
To take the same action on multiple tasks at once, select each task by clicking its checkbox, then select the action from the menu at the bottom left. You’ll be prompted to add a comment about your action, which is posted on each impacted task.
Click Completed tasks to see everything you’ve finished so far.
Complete a deprovisioning task
A revocation proposal (see above) has already been reviewed and approved. A deprovisioning task is now assigned to you because manual deprovisioning of the revoked access is required and you are a designated manual deprovisioner for the app.
Step 1: Receive a notification and go to the task
ConductorOne sends you notifications by email and Slack (if enabled) whenever a deprovisioning task is assigned to you. Make sure that notification emails can reach your inbox by adding no-reply@conductorone.com to your email contacts list.
Go to Interact with ConductorOne via Slack for instructions on setting up our Slack app.
Log into ConductorOne by clicking the link in your email or Slack notification.
If the link in your notification does not automatically direct you to the task, locate it by clicking on Revocations in the Assignments section of the navigation panel. The badges next to each of these menu items show the number of tasks of each type currently awaiting your attention.
Step 2: Review the task and take action
Go to the Awaiting deprovisioning tab on the Revocations page. Each line in the table is a deprovisioning task assigned to you.
Complete the deprovisioning process in the requested app, then click Deprovisioned. Click the more actions (…) menu for additional options, such as marking the task as Won’t deprovision.
If you need additional guidance or context, click the task number to open the task details page. Here you’ll find additional information to help you:
If the ConductorOne admins at your company have provided any notes or instructions for how to complete the deprovisioning assignment, these are shown on the details page.
The Comments section shows any notes other members of your organization have made about this task. (Comments posted in Slack about this task are also displayed here.)
The Task details section shows the task’s workflow, highlighting the role you play, and the policy being applied to this task. In this section you’ll also find controls to reassign the task, if reassignment is allowed.
Step 3: Repeat the process
Repeat these steps to complete each deprovisioning task assigned to you.
Click Completed tasks to see everything you’ve finished so far.
Reassign a task
If you need to reassign a task:
In the task list, click Reassign. Alternatively, from a task’s details view, click Reassign in the Assigned to area.
Select the new assignee and provide a reason for the reassignment.
The newly assigned reviewer will receive email and Slack (if enabled) notifications about their new task assignment.