Nailing the Security Audit with RRCU

ConductorOne docs

Get started with self service requests

Follow our step-by-step guide to setting up self-service access requests with ConductorOne.

In this guide we’ll set up self-service access requests for the Connector Administrator role in ConductorOne. Once setup is complete, users can request this role, either permanently or temporarily through JIT (just-in-time) access.

Before you begin

To complete this guide, you’ll need:

  • ConductorOne Super Administrator role

Estimated time: 5 minutes

Step 1: Navigate to the ConductorOne app

First, we need to find the ConductorOne application:

  1. Navigate to the Applications page.

  2. Select the ConductorOne application on the Managed apps tab.

Step 2: Publish the role for request

Next, make the Connector Administrator role requestable:

  1. Click Entitlements.

  2. Click the Role filter to show only roles in ConductorOne.

  3. Locate the Connector Administrator > assignment entitlement.

    We’re going to configure this entitlement for self-service access requests using ConductorOne access controls.

  4. Click Set controls in the Access controls column for the entitlement. The access controls configuration drawer opens.

  5. In the Access profiles drop down, select Everyone. No need to set the other controls in the drawer right now.

  6. Click Save

We have now published the Connector Administrator role to the Everyone access profile in ConductorOne. Now any ConductorOne user can request it.

Step 3: Test it out

Let’s walk through the experience of a ConductorOne end user requesting the Connector Administrator role. We’ll pretend that the requesting user (that’s you!) temporarily needs the Connector Administrator role in order to create a new connector.

  1. At the top of the page, click + Request access.

  2. In the Who needs this access? field, your name is pre-populated. Leave this as-is.

    Managers and users with the Super Administrator role have the option to request access for other users.

  3. In the Which app? field, select ConductorOne.

  4. In the Which resource? field, select Connector Admin > assignment.

  5. In the How long is access needed for? field, select 1 hour.

  6. Enter the reason why you’re requesting the access, such as “Getting started guide test”.

  7. Click Submit request.

Your request is submitted and a summary is shown. Click View request to see the request task automatically created by ConductorOne.

Success!

Because of the default settings for this tenant, the access request will be automatically approved and provisioned. You have been granted the Connector Administrator role for one hour.

Of course, this is a very simple example to illustrate the power of the ConductorOne platform. From here, we can add additional applications, enforce access controls on other entitlements and resources, update the approval policies, and much, much, more!