ConductorOne docs

How to review access

Review tasks are assigned to you when your expertise is needed to review access to applications and specific resources as part of a user access review (UAR) campaign.

Complete your reviews

Your organization uses ConductorOne to run user access review (UAR) campaigns. You’ll be assigned reviews in ConductorOne to verify that current access is still appropriate and needed.

You might be asked to review:

Your own access
The access of people you manage
Your colleagues’ access to an application you own

Step 1: Receive a notification

ConductorOne sends notifications by email and in the Slack app (if enabled) when reviews are assigned to you.

Make sure that notification emails reach you: Add no-reply@conductorone.com to your email contacts list.

Go directly to your reviews by clicking the link in your email or Slack notification. Or log into ConductorOne and click Reviews.

Step 2: Select how to view your reviews

There are three options, and you can switch between them at any time:

By application: review access to each application in a separate review list.
By user: review each user’s access in a guided format.
Unstructured: all your assigned reviews together in one list.

Step 3: Review the access and provide your decision

Each line in the table is a task assigned to you. For each task:

Review the access
- Look at the account and the resource. Is this access needed for the user’s work and appropriate to the user’s role in the company?
Find more information and key insights
- Click the task number to find more information about the access to help you make your decision. The Insights section gives details such as how many other users in the organization have this access, the risk level of the access, and more.
Provide your decision
- Click Certify to indicate that this access is needed and appropriate.
- Click Remove to indicate that the access isn’t needed or isn’t appropriate, and that you’re recommending its removal.
I see there is more than one reviewer step. If I remove the access does it still go on to other reviewers? No, the review will stop at you, and the task will be closed.
Will the access be removed immediately? Maybe. Depending on the revocation policy governing the resource, the revocation might require a second review and approval before the access is removed.

Step 4: Repeat the process

Repeat these steps to review and take action on each review assigned to you.

To take the same action on multiple tasks at once, select your target tasks by clicking each task’s checkbox, then select the action from the menu at the bottom left. You’ll be prompted to add a comment about your action, which is posted on each impacted task.

Copilot’s review recommendations and insights

ConductorOne Access Copilot provides insights and recommendations to help you complete your reviews.

In the list view and on a task’s details page, you’ll see an Insights flag drawing your attention to important information about the access under review.

A list of campaign review tasks showing flags in the Insights column.

Copilot makes two kinds of recommendations about individual reviews:

Take a closer look
Remove this access

If Copilot suggests taking a closer look at the access, you’ll see an explanation of why a closer look is advised on the details page.

A review task's details screen showing a Copilot flag on an insight and a recommendation to take a closer look.

If Copilot recommends removing the access, you’ll see the Copilot logo on the Remove button, and an explanation of the recommendation on the details page.