Connectors overview
What’s ConductorOne’s IP address? ConductorOne has these associated IP addresses:
- 35.85.212.195
- 35.82.205.32
What are connectors?
Connectors allow the ConductorOne platform to connect to any SaaS, IaaS, on-prem, or infrastructure tool for the purposes of managing and automating access control. Connectors synchronize data for identities, resources, and access rights, and can orchestrate access changes (such as provisioning accounts) back to the system.
Connectors are also designed to integrate with any software stack. This includes software-as-a-service applications, infrastructure-as-a-service environments, on-premises apps and directories, cloud directories, and infrastructure such as databases.
How do connectors work?
Connectors are the connective tissue between a SaaS, IaaS, database, or other technology, and the ConductorOne access control plane. Connectors work by “talking” to a technology stack and extracting identity, resources, entitlements, and grants into a format that can be ingested into the ConductorOne platform. While extracting those different objects, a graph is built of the relationship between resources (parent-child relationship) and between identities and entitlements (grants). This provides a full picture of the current state of identity and access within the boundaries of an application or technology stack.
Frequently asked questions about connectors
What are my connector hosting options?
ConductorOne offers two hosting methods for connectors:
Cloud-hosted connectors are the built-in, no-code connectors hosted directly in the ConductorOne tenant and provided via our SaaS service. They are configured on the Connectors page of ConductorOne.
Self-hosted connectors are connectors that are hosted and run in your own environment. To learn more about your options for deploying self-hosted connectors, go to the Deploy self-hosted connectors page.
Each connector’s documentation shows which hosting methods are available.
How should I host my connectors?
Docker is recommended for ease of management, but the hosting environment doesn’t matter to ConductorOne. Use whatever best fits your existing setup (Windows/Linux, Docker hosting options, on-prem vs. cloud, etc.). Our Customer Success team is happy to talk through your options with you.
What are the resource recommendations for connectors?
CPU: Connectors don’t perform CPU-intensive tasks, so performance won’t improve with more CPU. One CPU (or even a fractional allocation) is sufficient.
Memory (RAM): Connectors typically use less than 100MB of RAM. We recommend allocating 250–500MB for large or critical connectors, although this is more conservative than necessary.
Can connectors run in different modes?
Connectors can be run in different modes depending on your goals and needs. All connectors can be run in read-only mode, which pulls identity, resource, and access rights data from the application. Some connectors can alternatively be run in read-write (provision) mode, which additionally allows ConductorOne to manage provisioning and deprovisioning for the connected technology.
All connectors support read-only mode, and certain connectors support read-write mode. Permissions needed to run the connector and connector-specific setup instructions are provided in the connector’s documentation.
How do connectors ingest data?
Data from the application or technology needs to be ingested into the ConductorOne platform. Connectors sync and store data in a custom data format: the .c1z file format. This file contains all of the identity graph data for a system.
When using cloud connectors, the .c1z file is an implementation detail and is never seen or touched by the end user. When using self-hosted connectors, the .c1z file must be transported to the ConductorOne service to be ingested.
How do I set up high availability (HA) for my connectors?
You can run multiple instances of the same connector without any additional configuration, aside from sharing the same client ID/secret. Connectors check in with ConductorOne roughly every 60 seconds to ask for work, and ConductorOne distributes tasks in a round-robin manner. This creates a worker-queue/load-balancer-like architecture. If one connector instance goes down, others will automatically handle all subsequent work requests from ConductorOne.
Where are sync state files stored?
The relevant file is sync.c1z. By default, the connector stores this in a temporary folder determined by the host operating system (the location varies). You can specify a custom location for the sync.c1z file using a command-line flag. For example, in a Docker setup, you can map a volume to the container and specify a path to store the file. The sync.c1z file will then be stored in that mapped location.
Note that the file is deleted after each sync, so it only exists while a sync is in progress (for connectors running in service mode).
Connectors library
Is there a connector you’d like to see added to the library? Let us know!
Collaboration apps
Infrastructure and DevOps apps
- AWS
- Bitbucket
- Bitbucket Data Center
- Buildkite
- Celigo
- Databricks
- Docker Hub
- Google BigQuery
- Google Cloud Platform
- GitHub
- GitHub Enterprise
- GitLab