Inside DigitalOcean’s SOX Compliance Playbook

ConductorOne docs

ConductorOne release notes

Here are the latest new features, enhancements, and resolved issues for ConductorOne.

December 20, 2024

Connectors

  • New this week: Freshservice.

  • The Temporal Cloud connector now syncs (but cannot grant or revoke) the Account Owner and Finance Manager roles.

  • We made updates and fixes to these connectors:

    • Auth0 (fixed a pagination issue)
    • Snowflake v2 (fixed an issue that was not allowing names that include special characters to sync correctly)
    • Okta v2 (fixed an issue that was resulting in sync fails)
    • Google Cloud Platform (fixed a issue with how requests for existing access are processed)

Usability improvements

  • The Reviews page has an updated design, making it easier to see the access reviews work assigned to you.

  • Files in .csv format uploaded to ConductorOne can now contain either tab- or comma-separated values.

December 13, 2024

Data accuracy reporting

The sources of access data that will be reviewed in a campaign are shown on the new campaign Accuracy tab.

We’ll alert you if any of your selections are sourced from connectors or file uploads that have not been updated recently, so you can fix these issues before moving forward. These accuracy checks ensure campaign data is up to date, and provide you with documentation of the campaign’s data sources and most recent syncs, which you can pass on to auditors.

Connectors

  • When setting up the Okta v2 connector, you can now choose to skip syncing secondary emails.

Usability improvements

  • A new Approval type filter has been added to each campaign’s Tasks tab. Use this filter to sort campaign tasks by reviewer category (such as manager, app owner, self, or expression), as assigned by the relevant policy.

December 6, 2024

Bulk actions

Set the account type (user, system, or service account) for multiple accounts on an app’s Accounts tab.

Screenshot showing a bulk change of account type on two app users.

Connectors

  • Setting the domain when configuring Google Workspace v2 is now optional. If you don’t specify a domain, ConductorOne will sync all available Google Workspace domains.

  • We made updates and fixes to these connectors:

    • Okta v2 (fixed a grant expansion error)
    • Snowflake v2 (fixed the source of an invalid syntax error)
    • Entra ID (fixed a grant expansion error)
    • Auth0 (repaired a null pointer deference)
    • Google Cloud Platform (fixed a bug when granting access)
    • Jamf
    • Google BigQuery (fixed an API permissions error)
    • ServiceNow (fixed the cause of errors in ServiceNow tickets created by ConductorOne)

Usability improvements

  • When configuring provisioning for an app’s access entitlement, you can now select whether to proactively create new app accounts for any user who has requested another entitlement on the app but doesn’t yet have an app account.

  • Any instructions provided for the provisioner are now included in the Slack and email messages about a new provisioning assignment.

  • When creating an access review campaign, you can now choose to review only those grants added between two dates.

Fixed!

  • We fixed an issue that was preventing the successful creation of revocation tickets for any remaining open access reviews when this option was selected at the end of an access review campaign.

November 22, 2024

Condition expressions

We’ve expanded the ConductorOne CEL expression language with user, task, task analysis, IP, and IP CIDR objects to support more sophisticated policy and group condition expressions.

Check out our docs on condition expressions to learn more and to see sample expressions for use cases such as “route a request based on how it was created”, “check whether a request will cause an access conflict”, and “route a request based on whether the access is requested permanently or temporarily”.

Bulk actions

Two new bulk actions are here to help you work more efficiently in ConductorOne:

  • Revoke multiple users’ access to an entitlement by navigating to the Entitlements tab and clicking the Grants count.

  • Set the owner or owners of multiple entitlements in an app on the Entitlements tab.

Connectors

  • We improved our support for Slack Enterprise installations with multiple workspaces.

  • A new configuration option on the Confluence v2 connector lets you skip syncing personal Confluence spaces and their permissions.

  • We fixed an issue in the Databricks connector, which now better handles switching between authentication methods.

Usability improvements

  • You can now set an owner or owners on a file connector.

  • If public Slack channels aren’t allowed by your organization, ConductorOne will automatically create a private access review campaign Slack channel instead.

  • To support an upcoming feature, we’ve added a pre-built Auto approval request policy, which cannot be edited or deleted.

Fixed!

  • When setting up delegated provisioning, searching for the relevant entitlement by name now returns the correct results.

  • We repaired an issue with webhook callback URLs, and they’re now working properly.

  • Information on linked entitlements is now shown correctly in application reports.

  • We fixed an error that arose if you tried to add a resource with a large number of entitlements to a campaign.

November 15, 2024

Bulk actions

Set or update the provisioning settings for multiple entitlements at once on an app’s Entitlements tab.

Screenshot showing a bulk change of provisioning settings on three entitlements.

Connectors

  • Added to the library this week: Auth0.

  • The Okta v2 connector now correctly syncs custom roles.

Fixed!

  • When a resource with more than 100 entitlements is added to a campaign, the campaign will now include all of the resource’s entitlements, not just the first 100.

November 8, 2024

Connectors

Usability improvements

  • A reason is no longer required when bulk-certifying access reviews. If any of the reviews in a selected batch require a reason by policy, bulk certification on those reviews will fail so you can add reasons as required.

Developer tools

  • We’ve released a new version (0.4.18) of our Terraform provider, which adds resources for 32 recently published connectors.

Fixed!

  • We repaired a bug that duplicated the columns on the Access profiles page each time the page was refreshed.

November 1, 2024

Bulk actions

To help you get more done with fewer clicks, we’ve added two new bulk action capabilities to ConductorOne:

  • Update the ownership of multiple apps at once on the Applications page.

  • Set or update the access controls on multiple entitlements in an app at once on an app’s Entitlements tab.

Screenshot showing a bulk change of access controls on three entitlements.

Usability improvements

  • You can search the list of a group’s enrolled users.

  • Grant reports now include details about the account owner.

October 25, 2024

Global IP allow lists

To enhance security and ensure that ConductorOne is only accessed over trusted networks, you can now set up global IP allow lists on the Settings page. Check out Configure global IP allow lists to learn more.

Connectors

  • New connector: Okta AWS Federation.

  • A new configuration option on the Okta v2 connector lets you opt into syncing custom roles.

  • The status of terminated NetSuite users is now correctly shown in ConductorOne.

Usability improvements

  • Insight summaries are shown on the Tasks page.

  • Downloaded reports from the Tasks page include the user each task is assigned to, the user each task was created by, and the account owner associated with each task.

  • Baton and file connectors that are not correctly or fully set up now display Not connected status on the Connectors page.

Developer tools

Fixed!

  • Expired grants that were re-granted are now displayed correctly.

October 18, 2024

Connectors

Usability improvements

  • On the newly streamlined and consolidated Assignments page, you’ll find all your request, revocation, provisioning, and deprovisioning tasks. Click Requests and Revocations at the top of the page to see all of your assignments.

  • When using the Access request form, you can now request multiple resources from an application in a single request.

  • See all the grants of an entitlement without leaving the page by clicking the grant count on the Entitlements tab.

  • Deleted review tasks are no longer shown in the list of a campaign’s access reviews.

  • Campaign reports now include all comments left on each review task.

  • Application and resource type columns are shown on the entitlements summary table in an access profile.

  • Click the log icon on a webhook, system, access conflict, or connector table row to view the current log for that item.

Fixed!

  • We repaired an issue that was preventing all users who have been granted an entitlement from being shown on the entitlement’s Grants tab.

  • Copilot insights about the number of users in your organization who have been granted a certain entitlement now show these counts accurately.

  • We fixed a bug that deleted an entitlement’s binding if the provisioning configuration was saved without any changes.

October 11, 2024

Connectors

  • New this week: Workday and Avalara.

  • You can now specify which Percipio and Litmos courses to sync when configuring these connectors.

Usability improvements

  • To enhance clarity and consistency, we’ve replaced the terms “catalogs” and “bundles” with the new term “access profiles.” You’ll find all your existing catalogs, now called “access profiles,” on the renamed Access profiles page.

  • The updated Access profiles page shows a count of how many users are enrolled in each profile.

  • You can now set or update application owners on multiple apps at once. On the Managed apps tab, select the impacted apps, then click Set owners at the bottom of the page.

  • Use the new Grant parameters options when building a campaign to focus on specific grant types, such as temporary grants, permanent grants, grants added recently, or grants that have gone unused for a selected timeframe.

Fixed!

  • You can now fully delete secret values, such as passwords or client secrets, from connector setup pages.

  • The Manage access page correctly displays long access profile descriptions.

  • You can submit multiple access extension requests in a row without refreshing the page.

  • Pressing Enter when adding multiple resources to a campaign no longer submits the form.

October 4, 2024

Access grant change feed

Click the log icon on any application, entitlement, user, or account page to open the new Grant feed. This running audit history of access changes for the application, entitlement, user, or account lets you quickly see how access has changed over time, with links to related ConductorOne tasks.

Screenshots showing the log icon on an entitlement details page and the grant feed with one user's account selected.

Connectors

  • New this week: Percipio.

  • The Okta v2 connector is now automatically recognized as a directory app.

  • The Entra ID connector now supports syncing licenses.

  • The Confluence connector now syncs information on which groups have access to Confluence spaces.

  • We repaired an issue that was causing Jamf Pro connector syncs to fail.

Usability improvements

  • On the updated Manage access page you can browse available apps and bundles, request new access, review your open access requests, and request an extension for access that’s expiring soon.

  • Filter tasks on the Tasks tab and download a custom report of your selections.

  • You’ll now find Sync now and Refresh data controls on the Connectors page, making it easier to ensure your connector data is up to date.

  • You can now download the information shown on an entitlement’s Grants and Past grants tabs.

  • When setting up a new connector, users with the Integration Administrator user role can see and work with the list of unmanaged apps.

  • When you select a group of tasks and perform a bulk action, your selection is cleared once the action is complete.

  • A link to the connected application is shown at the top of each connector’s setup page.

  • System accounts are now properly identified in campaign reports.

  • We’ve added search to the Bundles tab on the Manage access page.

Fixed!

  • Users with the Access Request Administrator user role can successfully request access for other users using the Request access form.

  • You can successfully restart or hard reset a closed review task from the Actions menu on a task’s details page.

  • After a small battle with time zones, scheduled campaigns are now consistently created on the scheduled date.

September 27, 2024

Automated onboarding access requests

To make it easier to onboard new users who are joining an organization, department, or team, you can now automatically create bundle access requests for users who match an enrollment rule. Go to Automate onboarding requests to learn more.

Usability improvements

  • Search the contents of the Connectors page by display name, connector, and application.

  • If a task uses a policy that includes a wait step, click Process now in the Actions menu of the task’s details page to check whether the wait step has been met and move the task forward if so.

Fixed!

  • Only the entitlements added to a catalog, and not the other entitlements in the resource, are visible and requestable in the catalog bundle.

September 20, 2024

Campaigns: More power, less hassle

We’ve overhauled the campaign-building experience, introducing a scoping flow that helps you more easily focus your campaign on exactly the users, apps, resources, and accounts you need to review. Got a campaign pattern you use repeatedly? Create a reusable campaign template and set a schedule for automated campaign creation. Check out Create a campaign to get started.

Connectors

Usability improvements

  • Wait steps are now available in policies. When a wait step is in place, a policy will not proceed until the condition you specify, such as completion of a training course, has been met.

  • Webhooks are now an option when setting up a reviewer workflow on a policy step.

  • You can now configure entitlements to use multi-step provisioning workflows.

  • A new API keys tab on the Settings page allows users with the Super Administrator user role to see all personal API keys created by the tenant’s users, and to delete API keys if needed.

  • Download a list of all OCSF events from the ConductorOne system logs, published in YAML and JSON with Sigma Detection Format. Go to System logs for instructions on how to access the files.

September 13, 2024

Unmanaged apps

A new Unmanaged apps tab on the Applications page shows all the applications that ConductorOne discovered in your SSO, identity, or federation provider. You can leave an unmanaged app as-is, or click Manage to start tracking the app’s access data and enforcing access controls with ConductorOne. Learn more about working with unmanaged apps.

Connectors

  • New this week: OneLogin v2, which features modernized architecture and improved role management, and Salesforce v2, which supports provisioning of groups, roles, permission sets, and profiles.

Usability improvements

  • User task reports now include each task’s type and a link to the task in ConductorOne.

  • Edit group and catalog names, as well as group descriptions and catalog owners, in the header of the group or catalog.

  • Tasks shown in tables now display a button that combines the task’s number and its task type icon. Click the button to view the task’s details.

  • When you’re asked to type the name of an object to confirm that you want to delete it, the object’s name is no longer case-sensitive, and hitting the Enter key submits the request. Huzzah!

Fixed!

  • Role assignments are now shown correctly in the Roles column on each user’s Accounts tab.

  • We repaired the cause of an INVALID_ARGUMENT error that occurred when you attempted to hard reset a task.

September 6, 2024

Connectors

  • New this week: JD Edwards.

  • We fixed an issue with the Cloudflare connector’s configuration fields.

Usability improvements

  • We’ve spruced up the navigation panel, grouping the the most-used features for quick access and simplifying the categorization of other admin-focused nav items.

  • The c1_okta_raw_user_status attribute is now included in applicable Okta users’ profile attributes.

  • A new Roles column on a user’s Accounts tab shows which roles are assigned to the user in each app.

  • You can now edit a policy’s name and description in the policy’s header.

  • Download a CSV file of all the tasks associated with a user on the user’s Tasks tab.

  • We made some adjustments to the layout and labeling of the application details page.

Fixed!

  • You’ll get Slack notifications about new access conflicts.

  • We repaired some application icons that weren’t displayed correctly.

  • If you’ve removed all the owners of a campaign, you can now successfully add new owners.

  • We fixed a bug that was preventing the enablement of new conflict monitors.

August 23, 2024

Connectors

Usability improvements

  • The Applications page now shows all your apps in one place, both Shadow apps (relocated from their standalone page) and Managed apps.

  • We’ve added a new query to Access explorer: “Active users with an unspecified employment status”.

  • You can now set a resource owner as the reviewer in a policy step.

  • Request catalogs have a new Allow self-service control, which replaces the concept of publishing and unpublishing catalogs.

  • A new Sync now button on ConductorOne groups lets you update group membership on demand, rather than waiting for the next scheduled hourly sync.

  • You can now expand and collapse the JSON records associated with a log entry.

Fixed!

  • The Download file button on a file’s summary downloads the uploaded file as expected.

  • The policy you select when creating a duplicate campaign is correctly applied to the new campaign.

  • We fixed some fonts that were looking a little funky when ConductorOne was viewed using Safari.

August 16, 2024

Entitlement summary refresh. Entitlement summaries across ConductorOne have a new look! We’ve reorganized the information in these summaries to make them easier to locate, read, and work with.

The old (left) and new (right)  entitlement summary designs.

Connectors

  • Connector logs are now reformatted and paginated.

  • We repaired an issue with the GitHub connector, which in certain circumstances provisioned a different entitlement than the one requested.

  • The AWS connector no longer errors when asked to add a member to a group that they already belong to.

  • We fixed a syncing error in the Snyk connector.

Usability improvements

  • When creating a ConductorOne group, you now can specify a list of users who will be excluded from the group, even if they match the membership rule. We’ve also improved the performance of the group preview on the membership rule configuration pane.

  • Users with the Super Admin user role now have a Hard reset option on a task’s details page. Hard resetting a task undoes any review progress made to date, recalculates and reapplies the task’s policy, and reassigns reviewers.

  • System logs now include entries about the performance of the log exporter.

Fixed!

  • When filtering by application, you’ll no longer see numerous duplicates of application names.

  • The Grants tab on an application account page now correctly shows the entitlements granted to the account, rather than all the entitlements present in the application.

  • The list of entitlements is now shown as expected when selecting an entitlement for delegated provisioning.

  • Clicking Clear to remove filters on the Tasks page now has the expected effect.

August 9, 2024

Export system logs. You can now automatically export ConductorOne system logs to an S3 bucket. The logs contain a record of every action taken by the ConductorOne API, presented in OCSF format. Go to Export system logs to learn more and get started.

Connectors

Usability improvements

  • Entitlement descriptions are now shown on the Browse access and Request access screens.

  • Digest emails sent to admins and connector owners now contain information about connector failures.

  • You can now bulk reassign review tasks when viewing your campaign tasks by app or by user.

  • Your personal API keys can now be generated with full permissions, full read-only permissions, or system log read-only permissions.

Fixed!

  • We’ve made some fixes to application reports: groups and roles are shown correctly, and column headers are no longer accidentally overwritten.

August 2, 2024

Application details page revamp. We’re welcoming August with a redesigned and streamlined application details page. On the new Setup tab you’ll find controls to manage how entitlements and application accounts are requested, reviewed, and provisioned. We’ve also pulled connector info onto each app’s main page, saving you clicks while keeping vital data front and center.

Connectors

  • New this week: Snowflake v2, which adds support for syncing databases, and Privx.

  • The Elastic connector now supports syncing role mappings.

  • We fixed syncing issues in the UKG and Snyk connectors.

Usability improvements

  • We’ve added search to the Catalogs page.

  • The Last used column on access review tasks is now hidden if usage data is not available.

Fixed!

  • The Assigned to filter on active campaigns has been repaired.

  • When you click Edit on an existing policy rule, the rule’s CEL expression is displayed correctly in the editing panel.

July 26, 2024

ConductorOne groups. You can now create custom groups that dynamically adjust their membership based on adherence to a membership rule. These special groups can be used to manage who can access a catalog, to assign reviews in a policy step, and more. Check out Groups in the ConductorOne app for more info.

Connectors

Usability improvements

  • When building a policy rule, you can now use the Basic condition builder to construct a rule from a combination of entitlements and profile attributes, plus and and or operators.

  • Deleted entitlements now display a Deleted badge in the task details view.

  • You can now search for and filter the entries on a resource’s Grants tab.

  • When creating access requests from Jira Service management tickets, Copilot now checks if you have the permission to request on behalf of others, and fills in the access request or shows an error accordingly.

  • Connectors for applications that you have deleted from ConductorOne are no longer shown on the Connectors page.

Fixed!

  • Copilot now correctly processes the ticket if a user requests access to multiple entitlements in the same Jira Service Management ticket.

  • The Slack summary of an access request of indefinite duration no longer states that the access is requested for “0 seconds”.

  • All users can now successfully search for application owners.

July 19, 2024

Helpdesk automation. We’re delighted to announce that our Copilot-powered helpdesk automation for Jira Service Management is now generally available. Copilot automatically transforms a request for access made in Jira into a ConductorOne task, and updates the Jira ticket throughout the approval and provisioning process. To learn more about this feature, go to Generate access requests via a service desk.

Connectors

  • New this week: Datadog v2, which supports provisioning of roles and teams.

  • We fixed bugs in the AWS and Snyk connectors.

Fixed!

  • Entitlement search now returns results as expected, even in apps that have a very large number of entitlements.

July 12, 2024

The ConductorOne app. The new ConductorOne app lets you view and manage ConductorOne access within ConductorOne. This means you can now include ConductorOne user roles in your access review campaigns, and allow users to request new ConductorOne user roles. To learn more, go to Work with the ConductorOne app.

Connectors

  • New this week: Snyk.

  • The Entra connector no longer fails when asked to provision extensions of time-limited access.

  • Bitbucket data now syncs more rapidly.

  • We fixed a bug that was causing the MongoDB connector to get stuck in an infinite loop.

Usability improvements

  • We’re redesigning the policy-building experience: adding or updating a policy rule now takes place in an editing pane, where it’s easier to see and fine-tune your changes. More new policy-building features are coming soon!

Fixed!

  • Users with the Super Admin role in ConductorOne can request access for any other user.

  • When completing access reviews using the By application view, you no longer need to reload the page when switching between applications.

June 28, 2024

Connectors

  • You can now set up the Databricks connector using your choice of OAuth, a personal access token, or a username and password.

  • Accounts in DocuSign that have a Pending status are now shown as Disabled in ConductorOne.

Usability improvements

  • If you attempt to create a duplicate revocation request, you’ll see a link to the existing revocation task in the error message.

  • We’ve streamlined the way dates and timestamps are shown in ConductorOne, and set the timezone to UTC.

  • When you select multiple tasks in a table, you’ll now find a Clear selection control next to the menu of bulk action options.

Fixed!

  • Task numbers have returned to the Unstructured view for access reviews. Click any task’s number to see more details about the task.

  • Only users with the Super Admin role will see the Security tab on their dashboard.

June 21, 2024

Connectors page revamp. We’ve redesigned and renamed the Integrations page. On the new Connectors page, you’ll find a list of all your active connectors with their owner, status, and last sync date. Click Add connector to see the list of all available connectors and to add a new one to your ConductorOne instance.

Access request configuration rules. This powerful new method of setting configuration details for access requests lets you set app-wide defaults and override them as needed with entitlement-specific settings. To get started creating your own rules, go to Configure access requests.

Bundles. Admins now have the option to allow users to request everything in a request catalog as a bundle. View and request your available bundles on the Browse access page and the Request access form. (Bundles are not yet available in the ConductorOne Slack app.) Check out Create request catalogs and bundles to learn more.

Connectors

  • The GitHub and GitHub Enterprise connectors now support org provisioning.

  • We fixed an issue that was preventing Linear role grant counts from displaying correctly.

Usability improvements

  • If you’ve been granted time-limited access that you no longer need, click Remove on either the Browse access or Expiring page to start the revocation process.

  • The Integration Admin user role is now called the Connector Admin.

June 14, 2024

Integrations

Usability improvements

  • The Insights section on review and request tasks now includes information about relevant conflict monitors. If existing access previously triggered an alert, this is shown on review tasks. If the requested access would trigger an alert if granted, this is shown on request tasks.

  • Need to set up an AWS S3 bucket to use as a data source for an application in ConductorOne? We’ve relocated these settings to the External data sources tab on the Settings page.

  • If an integration can be set up in more than one way, you’ll now see the option to select your preferred authentication method on the integration page.

  • We’ve improved the process used to automatically select and display the relevant logo when a new application is created.

June 7, 2024

Usability improvements

  • Send notifications of new alerts generated by a conflict monitor to the Slack channel of your choice. Go to Set up notifications in the conflict monitor docs to learn more.

  • ConductorOne Slack app notification pop-ups now contain a preview of the new message.

  • You can now cancel your own open access requests on the Open requests page.

  • We’ve increased the maximum character limit on webhooks from 100 to a roomy 2040.

May 31, 2024

Integrations

  • New this week: GitHub v2.

  • There are now two options when integrating Entra ID: use OAuth, or create an Entra app and assign it API permissions.

  • Usernames synced from the Duo integration are now displayed correctly.

Usability improvements

  • Need to set up the ConductorOne Slack app for your organization? We’ve relocated those controls to the Notifications tab on the Settings page.

  • You can filter your conflict monitor’s alerts by account owner and status.

  • When setting up a new application, your username is now auto-populated in the app owner field, which you can change or add to as needed.

  • Email aliases using a yourname+alias@company.tld pattern are automatically mapped to the corresponding yourname@company.tld account in ConductorOne.

  • You can now use Manager ID as a spreadsheet column header or data value mapping.

  • Mark your assigned provisioning and deprovisioning tasks complete using the action buttons on the Requests, Revocations, and Tasks pages.

Fixed!

  • Comments you type in Slack that are pulled onto a task’s comments field in ConductorOne are now tagged with your ConductorOne user name rather than your alphanumeric Slack ID.

  • Access requests for app access entitlements that use delegated provisioning are now successfully processed.

  • If you are assigned to approve your own access request and self-approval is not allowed by the governing policy, Approve and Deny buttons are no longer shown on the task in Slack.

May 17, 2024

Access conflicts. Create custom access conflict monitors that alert you whenever a user is granted a combination of access that violates your organization’s separation-of-duties policy or best practice. Go to Get alerts about conflicting access to learn more and get started.

ConductorOne Slack app

  • Summon the Request access form in any Slack channel by typing /c1 request.

  • Slack messages about open requests and assigned tasks are automatically updated with the task’s current status.

  • Comments made on a task in Slack are automatically copied to the task’s comments section in ConductorOne. And comments posted in ConductorOne are automatically added to the task’s thread in Slack.

    You must reinstall Slack to start using these new features. On the Settings page, click Notifications. Open the menu in the Slack section of the page and select Reinstall, then follow the prompts.

Integrations

  • The Xero integration is temporarily unavailable while we work out an authentication flow issue. We’ll add Xero back to the integrations library as soon as we can.

Usability improvements

  • You can now filter tasks on the Tasks page by account type.

Fixed!

  • When access is granted for a limited time, the expiration date and time is shown correctly on the Expiring page.

  • Clicking Reload on the Tasks page now reloads the page. Amazing but true!

  • We fixed a pagination bug in the Jira integration that was causing infinite loops.

May 10, 2024

Integrations

  • New this week: Formal

  • You can now point your GitLab integration at a custom URL, such as a self-managed GitLab instance.

Usability improvements

  • To prevent tasks from getting stuck in an unassigned state, if the policy-specified reviewer for a task cannot be identified and no fallback user is set, the task is automatically reassigned to the Super Admins.

  • Resource names are now included in search results when you search for an entitlement.

Fixed!

  • The Slack integration now correctly grants and revokes workspace role assignments.

May 3, 2024

Integrations

  • When configuring your GitHub Enterprise integration, you can now specify which organizations to sync.

Usability improvements

  • You can now remove a Slack channel from an access review campaign and, if needed, set up a new one.

  • We’ve improved the messages shown in Slack when you’re assigned a deprovisioning task.

Fixed!

  • We fixed how Jira projects are synced and shown.

  • Snipe-IT grants are now shown on all pages, not just the last one.

  • We fixed a bug in Google Cloud Platform that was causing issues with provisioning.

  • We’ve repaired an issue with how Google Workspace lists group grants.

April 26, 2024

Webhooks. We’re excited to introduce webhooks to ConductorOne, which can be used today in your access provisioning workflows. Learn more about working with webhooks and stay tuned: we’ll be adding more ways to use webhooks soon.

Usability improvements

  • When choosing entitlements for an access review campaign, you can now filter by compliance framework.

  • We’ve added clearer log messages about how alternate reviewers are selected when an entitlement owner review is required by policy but an entitlement has no owner.

  • We improved the quality of the results returned when you search for an entitlement’s name.

Fixed!

  • A policy’s name and description now revert to their saved values if you edit one or both but then cancel without saving your changes.

  • We fixed an issue that was causing some Copilot insights to pull the wrong data from AWS.

  • The Opsgenie integration no longer fails when it attempts to sync the “escalation” participant type.

  • We fixed an Entra permissions issue that was preventing successful provisioning of users to groups.

April 19, 2024

Downloads center. You can now generate a CSV file of the results of a query on the Access explorer page or the contents of an app’s Accounts tab. Click the Generate CSV button to create a file, then collect it from your downloads center at the top of the page.

A query on the access explorer page with the generate CSV and download center buttons highlighted.

Integrations

  • A new option on the Okta integration configuration page lets you choose whether to sync deprovisioned users.

  • The Google Cloud Platform integration now syncs service accounts as well as information on last login, user status, and creation date.

Usability improvements

  • Users with the Super Admin role in ConductorOne can request access for any other user.

  • A Slack notification will be sent whenever a user has a new deprovisioning task.

  • We’ve added labels to notification emails to make it clearer when a notification is coming from a sandbox environment.

  • You can edit the description of an app’s credential entitlement.

Fixed!

  • We resolved an issue that was causing blank rows to appear in application reports.

  • The Create custom entitlement button no longer appears by mistake on application account details pages.

  • All the items in large catalogs are shown as expected on a user’s Browse access page.

  • You can view all the pages in your list of catalogs, not just the first page.

April 12, 2024

Integrations

Usability improvements

  • Orange indicator dots in the sidebar are now shown whenever you have open assignments or requests. Dismiss the indicator by opening the corresponding page. Indicators will reappear whenever new assignments or requests are added.

  • All campaign progress bars are now blue when in progress, green when complete, and orange when overdue.

  • We’ve added Additional Username as a key user attribute, which you can use to map ID or display name information from your apps.

  • The new Tasks tab on the My account and user details pages shows all open and completed tasks related to the user’s access.

Removed

  • We’ve removed the ability to edit the app credential entitlement slug because duplicate credential entitlements are created if this slug is not “access”. You can still edit all other entitlement slugs.

Fixed!

  • The Slack app provides a field to enter a request denial explanation when one is required.

  • We repaired the sources of ValidationException errors recently reported in Cone.

  • The Snipe-IT integration syncs as expected and rate limit issues have been fixed.

  • The Okta integration syncs deactivated users.

  • We fixed a pagination bug in the Opsgenie integration.

April 5, 2024

Integrations

Usability improvements

  • The Grants tab of an entitlement’s details page shows when each time-limited grant expires.

  • When leaving a reason for reassigning a task, you’ll find a selection of pre-written reasons to choose from and edit as needed.

  • Policies can include a requirement to explain why a request was denied.

  • An app’s icon no longer changes if you edit the app’s name. Previously, the icon updated to match the new name, but this was more confusing than helpful.

Fixed!

  • When you set an emergency access policy, emergency access is no longer automatically shown as enabled.

  • The contents of a catalog and the results of the Accounts without owners query are now both paginated correctly.

March 29, 2024

New integrations. We’re closing out March by adding four more integrations to our growing library: Elastic, MongoDB Atlas, Miro, and Docker Hub. These integrations are currently in early access as we fine-tune their details and gather feedback. If you’re ready to set up any of our new integrations, let us know!

Create custom entitlements. On an application’s Entitlements tab, you’ll now find the option to create a custom entitlement in that application. A custom entitlement exists only in ConductorOne, and can be bound to other entitlements. Custom entitlements are ideal for creating clear and easily understood targets for user access requests while preserving the underlying complexity of your SCIMed apps’ configuration.

Usability improvements

  • If you have multiple ConductorOne environments, we can now help you tell them apart at a glance. Let us know if you’d like us to add a Sandbox tag to the top of your development environment.

  • You’ll no longer receive email or Slack notifications when a revocation task is completed.

  • We gave the task icons a refresh this week, updating them to show a green key for Request tasks and a red crossed-out key for Revoke tasks.

  • When building a conditional policy rule that includes auto-approval or auto-denial, you can now set a comment that will be posted to the impacted task whenever the automatic action occurs.

Fixed!

  • The Verkada connector now completes its sync if a user is deleted while the sync is running.

  • Bitbucket workspaces are now saved correctly without requiring you to press Enter after adding each one.

  • We fixed a pagination bug that occurred if your application count was exactly 50, 100, 150, and so on.

March 22, 2024

Shadow apps. Our newest feature helps IT and security teams to see, understand, and manage shadow applications. On the new Shadow apps page, you can see the apps that employees have logged into using their corporate email addresses, bring key shadow apps under management with ConductorOne, and ignore the shadow apps that aren’t of concern. Go to Detect and manage shadow apps to learn more and get started.

Linked entitlements. To make it easier to manage, request, and review SCIMed access, we’re pleased to introduce the Linked entitlements tab on each application’s page. On this tab you’ll find a list of the entitlements currently linked from the IdP. You can link these to existing entitlements in the SCIMed application, or create new roles in the SCIMed app that represent the IdP permissions.

New integrations. This week we added Torq, Celigo, and Verkada to our integrations library. These integrations are currently in early access as we fine-tune their details and gather feedback. Let us know if you’re keen to get started with one or all of these new integrations and we’ll get you set up!

✨ Copilot insights and recommendations are generally available. We’re pleased to announce that Copilot insights are now generally available. Our thanks to everyone who provided their feedback and input as we developed this new feature.

Usability improvements

  • When you’re asked to leave a reason for your action on a request or review task, you’ll now find a curated selection of pre-written reasons that you can select, edit as needed, and submit.

    The confirmation modal on a revocation task showing multiple pre-written comments, with one selected and lightly edited.
  • You can now choose whether to map app accounts to account owners by using emails alone, or by using both emails and first and last names if emails aren’t available or sufficient. To learn more, go to Set which data to use for account mappings.

Fixed!

  • The Google Workspace v2 integration now properly sets user status.

  • The Pagerduty integration now correctly syncs teams.

  • The reviews actions menu now correctly offers Remove as an action, rather than Revoke.

  • Entitlement names pulled from v2 and other recently introduced integrations can now be edited.

March 15, 2024

Take action on multiple tasks at once. We’re pleased to introduce the ability to select and act on multiple tasks at once. You’ll find this feature on the Tasks page, a campaign’s Tasks tab, and on your Assignments pages. You can now select multiple tasks, then choose an action to take on the selected tasks from the menu. You’ll be prompted to add a comment, which will be added to the record of each selected task.

A list of open access request tasks, with all the tasks selected and the actions menu open to show the available options, including Approve and Deny.

New integration. We’ve released Google Workspace v2, a new version of the Google Workspace integration. This new integrations is in early access, so get in touch if you’re excited to use it.

Usability improvements

  • Long entitlement slugs are now truncated, with the full value shown when you hover over the slug.

  • When an entitlement that is part of an entitlement binding is deleted, it now shows a Deleted label on the bindings page.

  • The GitHub integration now supports provisioning for nested teams.

Fixed!

  • We’ve ensured that entitlements, resources, and apps with deactivated users are counted correctly in the digest email.

  • Applications with deleted owners are now included on the list of applications on the Applications page.

  • We repaired an issue impacting the file upload process.

March 8, 2024

New integration. Good news, Slack Enterprise Grid users! We’ve added a Slack Enterprise Grid integration to our library. Check out the docs to get started with this integration.

Usability improvements

  • The entitlement’s slug is now included as part of the entitlement name in the ConductorOne Slack app, both on the request access form and in the notifications about an access request.

    An entitlement showing its slug, and the same slug shown printed at the end of the entitlement name in the request access from in the C1 Slack app.
  • When requesting new access through the ConductorOne Slack app, you can now enter a custom timeframe.

  • The status of deleted and disabled Confluence accounts is now shown in ConductorOne.

Fixed!

  • We fixed a bug that was causing a conditional policy to sometimes process identical tickets differently in different campaigns.

  • A Jira integration bug related to listing groups is now fixed.

March 1, 2024

Updated navigation panel. We’re welcoming March by freshening ConductorOne’s navigation panel with a new color treatment and a top navigation bar.

Usability improvements

  • When selecting how long new access is needed for on the Request access or Browse access pages, you now have the option to enter a custom timeframe. If the timeframe you enter is longer than the max grant duration allowed, ConductorOne shows information about the limit to help you choose an approved timeframe.

  • On each user’s details page, you’ll now find an Accounts tab with a list of all the application accounts associated with the user.

  • You can now filter the list of entitlements in a request catalog by application.

  • Information about an application’s sources of access data is now shown on the Data sources tab on the application’s details page.

  • The colors assigned to user status indicators are now used consistently across ConductorOne: active is always green, deleted is always red.

  • You can now pass a SCIM endpoint and access token to the AWS integration to enable pulling user statuses from AWS.

  • Bitbucket users now have the option to integrate individual Bitbucket workspaces with ConductorOne.

Fixed!

  • We’ve repaired an issue that was causing some users to receive digest emails with blank sections.

February 23, 2024

Updated integrations. Five integrations are now generally available: New Relic, Xero, Hubspot, Segment, and SentinelOne. Check out the documentation to get started with these integrations, and let us know what else you’d like to see added to the integration library!

Usability improvements

  • We’ve added a new Age filter to the Tasks page, which lets you quickly view tasks that are more than seven, 14, or 30 days old.

  • A new Deactivated user issues section in the digest email alerts ConductorOne admins to any apps, resources, or entitlements currently owned by deactivated users.

  • A query for resources with a deactivated owner is now available on the Access explorer page.

  • If an error occurs on a task, you’ll now see an indicator on the task’s Audit log tab, a red highlight drawing your attention to the error, and more context about the error itself. Note that this change only applies to newly created tasks.

    A task's audit log tab showing the new error icon on the tab, the red error indicator next to the log entry, and the expanded log entry.
  • The My work section of the navigation panel is now named Assignments. And the My access section is now named App directory.

Fixed!

  • We’ve fixed a bug in the Snipe-IT integration that was causing 500 errors.

February 16, 2024

Usability improvements

  • The AWS v2 integration now supports provisioning IAM users to IAM groups.

  • To save time on each sync, the Okta integration no longer syncs role assignments for deprovisioned and suspended Okta accounts.

  • The name of the ConductorOne page you’re viewing is now shown in the browser tab.

  • To prevent accidentally losing in-progress configuration work, we now ask you to confirm that you want to exit without saving your changes.

Fixed!

  • Inactive Bitbucket users are no longer incorrectly reported as active.

  • When you make multiple access requests on behalf of someone else by clicking Make another request, each request for access is made for the selected user, not for you.

  • We’ve repaired an issue impacting how conditional review policies treated app accounts without an associated ConductorOne user.

  • If a reassigned task is not assigned to any active user, ConductorOne now falls back to assigning it to the system owner or system owners on record.

February 9, 2024

New features now generally available. We’re happy to announce that access explorer and the security dashboard are now generally available! Users with the Super Admin role in ConductorOne will see a new Security tab on their dashboard. Get started with access explorer by clicking Explore in the navigation panel.

Usability improvements

  • The campaign creation loading screens that previously asked you to “Hang tight!” now show the count of the reviews being created and an estimate of the time remaining. You’re still welcome to hang tight while your campaign is being created, or you can safely click away from the page to complete other work.

  • In the Slack app, the name of the requested entitlement is now shown in the summary of an access request.

  • The user’s employment status is now included in the Copilot insights shown on task summary screens.

Fixed!

  • Clicking View all on a security dashboard card now correctly directs you to the corresponding query on the Access explorer page.

February 2, 2024

Access graph. We’re delighted to introduce a new visualization tool that helps you explore current access paths and patterns for your users, applications, and resources. This new feature is in early access while we gather feedback and fine-tune its details. Let us know if you’re eager to give it a try!

Access explorer. Get answers to complex identity and access-related questions with just a few clicks. Choose from a list of powerful queries and quickly zoom in on the apps, users, and accounts that matter most. Go to Query access data to gain insight to see a full list of available queries, and let us know what else you’d like to see in this early access feature!

Security dashboard. The new Security tab on the ConductorOne dashboard provides a quick overview of key access risks such as orphaned accounts, inactive accounts, high-risk role grants, and standing privileges. Click any item or card displayed on the security dashboard to learn more. The security dashboard is also in early access, so let us know if you’re ready to take it for a spin.

Updated integrations. Three integrations are now generally available: Snipe-IT, Fastly, and GitHub Enterprise. Check out the documentation to get started with these integrations today.

Usability improvements

  • Updated search and filter options are now shown at the top of the Accounts tab on each application’s page.

  • Timestamps have been added to the dates shown on each task’s details page.

  • The Mark errored option on provisioning and deprovisioning tasks has been renamed Won’t provision/deprovision or Won’t do to better reflect common workflows.

  • The ConductorOne Slack app now displays an error if you already have an open request for the access that you’re currently trying to request.

  • When you click an entitlement’s name on a task’s details page, you’ll now find links to the entitlement, resource, and application details pages.

  • The Cloudflare Zero Trust integration now accepts two authentication methods. These options are explained in greater detail in the Cloudflare Zero Trust integration documentation, and on the corresponding fields on the integration setup page.

Fixed!

  • We’ve fixed a bug in the Broadcom SAC integration that was preventing identity providers from being listed correctly, and a bug in the Snipe-IT integration related to mapping.

  • The status filter on the Users page has been updated to reflect the current user status options.

  • The Reload button that appears if the content of an access review campaign changes during the campaign-building process now reloads the page as expected.

  • When creating a new policy, the Create button is now disabled after it is clicked once, removing the possibility of accidentally creating duplicate policies.

January 26, 2024

Usability improvements

  • The Cloudflare Zero Trust integration has been updated, and now supports automatic provisioning of users to groups.

  • The resource and entitlement counts shown on the tabs on an application’s page now update automatically after a new sync, removing the need to manually refresh the page.

  • When requesting an extension of expiring access through the Slack app, you’ll now see a dropdown and a prompt to select the length of the new access.

  • An App owner column now appears on the Applications page.

Fixed!

  • A Slack notification stating (incorrectly) that access has been granted is no longer sent if the assigned provisioner selects the Mark errored option on the provisioning task.

January 19, 2024

Usability improvements

  • Each audit log entry now shows a timestamp in addition to the date.

  • We polished up the Set data value mappings drawer, adding updated icons and generally improving the visual appearance.

Fixed!

  • The information on the Open and Completed tabs on the Open requests page now loads correctly when the page is refreshed.

January 12, 2024

Customize your session length. By default, ConductorOne sessions time out after 20 hours. You can now customize the session length to suit your organization’s needs and security policies. Go to Configure session length to learn more.

New integration. This week Xero joined our integrations library. This integration is currently in early access as we fine-tune its details and gather feedback. Let us know if you’re eager to get started with Xero and we’ll get you set up!

Usability improvements

  • The user’s employment status and any applicable compliance frameworks are now included in the list of Copilot insights.

Fixed!

  • We’ve fixed the mismatch sometimes seen between the task summary count in the navigation panel and the actual number of open tasks.

January 5, 2024

New integration. We’ve added Snipe-IT to the integrations library. This integration is currently in early access as we fine-tune its details and gather feedback. If you’re ready to set up your Snipe-IT integration, let us know!

Usability improvements

  • The GitHub Enterprise integration has been updated, and now supports automatic provisioning of repo permissions.

  • Clicking your username at the bottom of the navigation panel now opens the user menu. Use the user menu to log out of ConductorOne, navigate to your personal API keys page, or jump to your own user details page.

  • Previously, if a user’s username or manager was not known, the Username or Manager fields on the user details page were omitted entirely. These fields are now shown with a “None found” message.

  • The list of Copilot insights on task details pages are now sorted by severity.

Fixed!

  • Entitlement slugs are now shown even on entitlement names that are long enough to require truncation.

  • When a user requests access for a limited time, the time limit is now shown correctly on the request task.

December 22, 2023

✨ Copilot insights and recommendations on access requests. To help approvers make faster and better-informed decisions about granting new access, ConductorOne Access Copilot now flags key insights about access being requested and makes recommendations on how to proceed. This new feature is in early access while we gather feedback and fine-tune its details. Let us know if you’re eager to give it a try!

Conditional policies. We’re pleased to announce that conditional policies are now generally available. Conditional policies allow you to define a single policy that applies different instructions based on the user’s role, department, job type, or other relevant criteria. Check out the policy documentation to learn more. Many thanks to everyone who provided their feedback and input as we developed this new feature!

Usability improvements

  • Managers can now request new access for the members of their team through the ConductorOne Slack app.

  • When an error occurs during provisioning, more context about the error is now shown in the task’s audit log.

  • When creating a policy, an error state is now shown on the User field if a user is not selected.

  • You can now see a summary of the insights flagged by Copilot by hovering over the insights indicator in the campaign task list view.

December 15, 2023

New dashboard. We’ve spruced up the ConductorOne dashboard, making it more helpful and comprehensive. Your dashboard now summarizes and links out to all your reviews, requests, approvals, and campaigns.

The updated user dashboard showing open campaigns, review tasks, and request tasks.

New integrations. Microsoft 365 and New Relic joined our integrations library this week. These new integrations are in early access while we fine-tune their details and gather feedback. Let us know if you’re eager to add one or both to your Integrations page.

Updated integrations. We’re happy to announce four integrations are now generally available: Broadcom SAC, CrowdStrike, ServiceNow, and Cortex XSOAR. Check out the documentation to get started with these integrations, and let us know what else you’d like to see added to the integration library!

Usability improvements

  • We revised and streamlined the sections of the navigation panel used by ConductorOne users with admin-level user roles.

  • Entitlement descriptions that have been edited in ConductorOne are now shown when requesting or approving access in the Slack app. If an entitlement’s description has not been edited but its resource description has been, the resource description is shown.

Fixed!

  • The audit log no longer records multiple redundant messages while waiting for an integration sync to complete and confirm that a new user account has been provisioned.

  • Once an access request is submitted, the application selection field now resets correctly so you can start another request.

December 8, 2023

✨ Copilot insights and recommendations. ConductorOne Access Copilot is here to help you and your team make faster, better-informed decisions when completing access reviews. Copilot flags key insights about the access under review and makes recommendations on how to proceed.

A review task's details screen showing a Copilot flag on an insight and a recommendation to remove the access.

This new feature is in early access while we gather feedback and fine-tune its details. If you’re ready to try it out, let us know!

New integrations. This week we’re welcoming Hubspot, SentinelOne, and Segment to the integrations library. We’ve also released AWS v2, a new version of the AWS integration that includes provisioning support. These new integrations are in early access, so get in touch if you’re ready to take one or more for a spin!

Usability improvements

  • The Bitbucket integration has been updated to support group provisioning, and to use an app password rather than an OAuth consumer for integration configuration.

  • We’ve streamlined the process of signing up for ConductorOne with Okta by adding a direct link to the ConductorOne Okta application on the signup screen.

  • When an automatic action is triggered by a match on a conditional policy rule, the matching rule and the automatic action are now shown on the task’s details page and in its audit log.

Fixed!

  • You can now successfully search for an entitlement when setting up delegated provisioning on an app’s Access controls tab.

  • Due to a difference in how accounts and grants were counted, you might have seen a phrase like “9 out of 7 accounts have this access” on a task details page. We’ve fixed this by bringing the counting methods into alignment.

December 1, 2023

Spotlight search. At the top of the nav bar you’ll now find a platform-wide search tool. Use spotlight search to quickly locate a specific user, entitlement, application, or campaign. Jump to frequently accessed pages and forms using the quick actions. Your recent searches are saved for future reference.

New integrations. Fastly and GitHub Enterprise are the newest members of our integrations library. These new integrations are in early access while we gather feedback and fine-tune their details. If you’re ready to get started with Fastly or GitHub Enterprise, let us know!

Usability improvements

  • Applications that are set as user directories in ConductorOne are now designated with a directory chip in the list of applications. To help you quickly find these special apps, we’ve also added a Show only directories filter to the Applications page.

  • If a max grant duration isn’t set for an entitlement, the grant duration selection prompt and dropdown are not shown when requesting access to the entitlement.

  • Custom entitlement descriptions are now shown on the Browse access page.

  • We’ve standardized on a Month, day year date format throughout ConductorOne.

  • The Slack connector now syncs each user’s status_text and status_emoji attributes. You can set these as custom user attributes and use this data when writing conditional policy rules.

Fixed!

  • Entitlement bindings are no longer accidentally removed when you click Save without making changes to the delegated provisioning setting.

  • On the Campaigns page, campaign progress bars are now shown on in-progress campaigns, rather than completed campaigns.

  • You can now successfully search for and select an entitlement when setting up a manual binding.

November 17, 2023

Conditional policies. Conditional policies allow you to define a single policy that applies different instructions based on the user’s role, department, job type, or other relevant criteria. This granular control streamlines access management by automating routine tasks and directing complex decisions to the appropriate individuals. Check out the policy documentation to learn more. This new feature is in early access while we gather feedback and fine-tune its details. If you’re ready to try it out, let us know!

Usability improvements

  • The PagerDuty integration now syncs schedules and roles.

  • We no longer display pagination controls for single-page lists.

  • Your eyes do not deceive you: to improve legibility we’ve updated the nav panel to a cool indigo.

Fixed!

  • We fixed an error that was causing a failure when the AWS integration attempted to sync users.

  • Entitlement bindings are no longer accidentally removed when you edit request catalogs on an app’s Access requests tab.

  • The OpsGenie integration no longer adds every active OpsGenie account to every team.

November 10, 2023

Bindings automatically created or removed when configuring delegated provisioning. When you configure delegated provisioning for an individual entitlement on that entitlement’s details page, we now automatically create the binding between the two entitlements for you. You’ll see the proposed change to the entitlement’s bindings whenever you make a change to delegated provisioning, both when the change is automatically creating a new binding for you, and when a binding will be removed if you change the provisioning strategy from delegated to manual or connector-based.

Usability improvements

  • We’ve improved the readability of many error messages, making them more useful for troubleshooting.

Fixed!

  • Spaces are no longer missing between the catalog names in the list of request catalogs on the entitlement details page.

November 3, 2023

Usability improvements

  • We’ve added an expiring access section to the ConductorOne Slack app. You can now see how long is left on your access grants that have a limited duration, and request an extension if one is needed.

  • We’ve also improved how the Slack app reports the time remaining in campaigns. Instead of rounding down to the nearest week, Slack now shows the number of remaining weeks and days.

  • To provide visibility and support troubleshooting, we’ve clarified the provisioning error messages included in task audit logs.

Fixed!

  • When you click a Slack notification to complete your campaign tasks, you’re now directed to your reviews homepage instead of an unstructured list of campaign tasks.

October 27, 2023

Usability improvements

  • The Approvals column in access review campaign reports now shows the reviewer’s name and the date and time of the review decision for denials as well as approvals.

Fixed!

  • Previously, when users were removed from an entitlement bound to an app access entitlement, the impacted users were shown as deleted on the Grants tab of the access entitlement. This has been fixed, and in this situation users are now automatically removed from the Grants tab of the access entitlement.

  • The sandbox.lightning.force.com domain is now accepted when setting up a Salesforce connector.

  • When editing the Application Owners field on an app, the dropdown no longer overflows into neighboring fields.

  • You no longer get a mail: no address error when you try to assign a user delegate.

  • The Slack workspace integration has been updated to support Slack’s API rate limits.

October 20, 2023

Usability improvements

  • When you delete an application from ConductorOne, that app’s entitlements now display a Deleted badge and a zero grants count in any catalog that they are included in.

  • We’ve added entitlement slugs to entitlements pulled in by the AWS integration.

Fixed!

  • On access review campaigns using the By app view, the summary page now shows accurate task completion counts, and the progress bars reflect correct task completion percentages.

October 13, 2023

Usability improvements

  • Custom user attributes associated with a user account are now shown on the user’s details page.

  • We adjusted the spacing on the modal used to start an access review campaign to reduce the risk of accidentally enabling or disabling campaign notifications.

  • The results of cone search queries are now delivered more quickly.

Fixed!

  • We’ve fixed a validation timeout issue in the Bitbucket integration that was causing a context deadline exceeded error.

  • The ConductorOne Slack application no longer loads indefinitely if a user cannot be found.

October 6, 2023

Configure how an application’s entitlements are requested and provisioned. We’ve introduced a new Access controls tab on each application’s details page. This tab makes the process of configuring access requests more efficient while increasing your visibility into the app’s current access control configuration. Use the Access controls tab to make changes to how individual entitlements are requested and provisioned, and refer to the tab for a summary of the configuration of all entitlements on the app. Check out Configure access requests to learn more.

Usability improvements

  • The ConductorOne Slack app now includes an Approval Reason field on access request notifications. If the request policy in effect requires a reason but one is not provided, Slack asks the reviewer to enter a reason and resubmit their decision. If a reason is not required by the policy, the Approval Reason field is optional.

  • To make better use of the available space, we’ve removed the Due column from the table of access reviews organized by application. The campaign due date is still shown at the top of the page.

Fixed!

  • We repaired an issue with how the Coupa integration syncs users, which had resulted in some users being incorrectly shown as deleted during access reviews.

  • A user can now successfully request an entitlement that is provisioned by a JumpCloud group even when the user is already a member of the group.

September 29, 2023

Usability improvements

  • When requesting access through the Slack app, the list of entitlement names now includes more information to help you find the entitlement you need.

  • The JumpCloud integration now creates a JumpCloud Administration application in ConductorOne, and assigns all JumpCloud administrators in your organization to that app.

  • When requesting access on the Request access page or in the Slack app for a ConductorOne user who has multiple accounts in the selected application, you are now asked to select which account needs access.

  • If access is granted indefinitely, the email notification of new access no longer includes information about the length of the grant’s duration.

Fixed!

  • When access is granted for a limited time, the amount of time remaining for the grant is now shown correctly in email and Slack notifications.

September 22, 2023

Usability improvements

  • When requesting access on the Browse access page for a ConductorOne user who has multiple accounts in the selected application, you are now asked to select which account needs access.

  • A new SSO configuration section is now shown on the Settings page. When SSO is enabled for your ConductorOne tenant, the SSO provider in use is shown here.

  • Because Salesforce users can include a company’s customers, the Salesforce integration no longer syncs several non-employee user types.

Fixed!

  • You can now successfully send the assigned user a reminder to complete an open revocation task.

  • An error message is no longer displayed while a request catalog is loading.

  • Only the user for whom new access is requested, or that user’s manager, can escalate an open access request task to emergency access.

  • The counts of open tasks shown in the My work section of the navigation panel are now more accurate.

September 15, 2023

New integration. Splunk is the newest addition to our integrations library. Check out the documentation to learn more about this special integration.

Usability improvements

  • Whenever reassignment of a task is allowed by the task’s governing policy, a Reassign button is now shown on both the task’s summary in the table of tasks assigned to you, and on the task’s details page.

  • If an uploaded file does not contain any data, it is not accepted by the connector, and a single error is printed to the connector log.

Fixed!

  • CrowdStrike app accounts now display the correct account status.

September 8, 2023

New integrations. Joining the integrations library this week are Broadcom SAC and Cortex XSOAR. These new integrations are in early access while we gather feedback and fine-tune their details. If you’re keen to try them out, let us know!

Reset campaign policies. If during the process of building an access review campaign you’ve made changes to the policies to be applied to entitlements in the campaign, you can now use the Reset policies control on the campaign scoping tab to reset the policies to their defaults. Resetting recreates all campaign selections so that each uses the policy inherited from (in order of precedence) the entitlement’s configuration, the application’s configuration, or the campaign’s configuration.

A campaign in draft mode, with the more actions menu next to the edit resource selections button open to show the reset policies option.

Usability improvements

  • The campaign reports page now has clearer status labels and click-to-copy file hashes.

  • We’ve added a select-all checkbox control to the Edit campaign entries modal.

Fixed!

  • We fixed a bug that was preventing the generation of some campaign reports.

  • Requests for new access made on behalf of another user now correctly show the user’s name in request notification emails instead of the requester’s name.

  • When you search for an application by name on the Browse access page, rerequestable entitlements that do not match your search string are no longer hidden from view.

September 1, 2023

New integrations. This week we’re welcoming LDAP, ServiceNow, and CrowdStrike to our integrations library. If you’re ready to get started with one or more of these integrations, let us know. We’ll be happy to help get you set up!

Access request user roles. To support teams administering access requests in ConductorOne, we’ve launched Access Request Helpdesk and Access Request Administrator user roles. Any user assigned one of these roles can create an access request ticket on behalf of any other user. Access Request Administrators can also create and manage request catalogs. Go to Assign user roles to learn more.

Usability improvements

  • You are no longer required to retype the name of a user whose access is being fully revoked.

  • We’ve added loading animations and more helpful messaging to the Browse access page.

Fixed!

  • Previously, the list of entitlements shown in a dropdown or search result in the web app was limited to 100 entries. We’ve removed that limit, and you’ll now see the full list of available or matching entitlements.

  • The Last Modified date and time for a file uploaded from a datasource is now shown correctly.

August 25, 2023

Updated integrations. We’re pleased to announce the general availability of our Jamf, Bitbucket, Box, PagerDuty, Zoom, and Tableau integrations. Check out each integration’s documentation to get started.

Usability improvements

  • Previously, we applied initial casing to all resource names. In response to user feedback, each resource name is now displayed exactly as it appears in its source application.

  • You can now sort your list of campaigns by name, description, or target completion date.

  • Users with the Super Admin role in ConductorOne can now revoke any account’s access to an entitlement.

Fixed!

  • Google Workspace accounts with an Archived status are now assigned Disabled status in ConductorOne.

August 18, 2023

Docs site refresh. As you’ve probably noticed, we gave the docs site a little aesthetic upgrade this week by consolidating fonts, dialing back our use of color, and lightening font weights. We think the result feels cleaner and lighter, and we hope you like it too!

Fixed!

  • The Request Emergency Access button on applicable task details pages has been returned to its proper location.

  • We’ve added the links to documentation for the six new integrations announced last week.

  • We fixed a bug that was allowing deleted application accounts to be erroneously included in campaigns.

August 11, 2023

New integrations. We’re pleased to introduce Jamf, Bitbucket, Box, PagerDuty, Zoom, and Tableau to our integrations library. These new integrations are in early access while we gather feedback and fine-tune their details. If you’re eager to get started with one or more of these integrations, let us know!

Updated browse access experience. For our Access Requests customers, we’re proud to introduce the redesigned Browse access page. Use this page to see all the apps and resources available for you to request, understand your current access, and view your open access requests. Managers can also request new access for their team members from this page. To learn more and get started, check out Browse current and available access.

Usability improvements

  • If you create a request for emergency access when you already have an open request for non-emergency access to the same app or resource, you’ll now see a duplicate ticket error with a link to the original request. This makes it easier to escalate the original request to emergency access rather than creating a duplicate request.

  • ConductorOne now pulls in more key account data from OneLogin, including manager, title, company, and department.

August 4, 2023

Usability improvements

  • When you set an entitlement’s provisioning strategy to manual provisioning, you have the option to include instructions for the provisioner. These instructions are now shown in the task details view and in the provisioning assignment Slack message.

  • We’ve added an explanatory message to the email digest for open campaigns that do not have any open tasks.

Fixed!

  • We’ve greatly reduced the load time in Slack for the list of rerequestable entitlements from a large request catalog.

  • If the same entitlement is included in more than one of your available request catalogs, Slack no longer lists the entitlement multiple times.

July 28, 2023

Emergency access requests. We’ve added emergency access requests to ConductorOne in order to support IT and security teams’ need to quickly gain access to key resources in order to respond to emergencies such as production outages. You can now choose which entitlements can be requested during an emergency and build dedicated emergency access policies to use during the expedited approval process. Go to Enable emergency access requests for more on setting up emergency access requests for your team.

Cone, the ConductorOne command line interface (CLI). If the command line is your happy place, we’ve got you covered. Use cone commands to manage the full access request workflow: view available entitlements, request access, drop access when it’s no longer needed, review access requests, and much more. Check out the Cone docs to learn more and get started.

Usability improvements

  • When searching for a resource name, such as when building a catalog or campaign, the search now returns all of the resource’s associated entitlements.

  • You can now sort a table of tasks by task number by using the caret in the column header.

  • Searches for policies and applications are no longer case-sensitive.

Fixed!

  • If you’ve set your digest emails to be delivered on a weekly cadence, they’ll now arrive labeled “Weekly Digest” instead of “Daily Digest”.

July 21, 2023

Usability improvements

  • By default, lists of tasks are now sorted by task ID, with the most recently created task at the top.

  • The App ID is now shown on each application’s details page.

  • The Entitlement ID is now show on each application’s details page.

July 14, 2023

Updated integrations. We’re happy to announce that nine integrations are now generally available: JumpCloud, CloudAMQP, Panther, UKG, Expensify, Slack, Asana, Duo, and Linear. Check out the documentation to get started with these integrations, and let us know what else you’d like to see added to the integration library!

July 7, 2023

New integration. We’re excited to add 1Password to our library of integrations. The 1Password integration uses our Baton connector to pull usage data from your 1Password instance. Check out the docs to learn more and get started using 1Password with ConductorOne.

Usability improvements

  • The task details page now displays all known attributes for the app account whose access is being reviewed or changed. Use the arrow control to open or close the account attributes panel.
A task details page with the account attributes panel open.
  • A Reassignments column is now included on all newly generated campaign reports, showing whether each access review task was reassigned and to whom.

  • If no request policy is set on either an entitlement or its application, the Auto-Generated App Owner Approval Policy is now used on requests for that entitlement.

  • If no revocation policy is set on either an entitlement or its application, the Default revocation policy is now used when revoking that entitlement.

Fixed!

June 30, 2023

Usability improvements

  • When submitting an access request, justification is now required.

  • We made some improvements to the specificity of error messages.

June 23, 2023

Usability improvements

  • You can now only revoke an account’s access to an entitlement if you are the account owner’s direct manager, the application’s owner, or the entitlement’s owner. Anyone who attempts to revoke a grant without one of these relationships will see an error: User does not have permission to request access on behalf of another user.

Fixed!

  • We’ve fixed some issues with digest emails that were causing them to arrive in some cases without their title or footer info.

June 16, 2023

Fixed!

  • You can now successfully request access to an entitlement for an “indefinite” amount of time.

  • The Panther integration now pulls and maps SAML external roles correctly.

  • We’ve fixed an error that was causing some time-limited access grants to not be automatically revoked on expiration.

June 9, 2023

Email digest of your open tasks. We all know that notification emails can quickly go from a help to a burden. That’s why we’re delighted to introduce a new digest format that summarizes all your open ConductorOne tasks in one quick email. Digest emails can be sent to all ConductorOne users at your organization who currently have open tasks either every weekday or once per week, so you can set the cadence that’s best for you and your colleagues. Go to Email digest notifications to learn more and get set up.

New integrations. This week we welcome UKG, Panther, and CloudAMQP to our integrations library. These new integrations are in early access while we gather feedback and fine-tune their details. If you’d like to use one or more of these integrations, let us know! We’d be delighted to get you set up.

Usability improvements

  • We’ve improved the design and clarified the messages shown on a task’s details page summarizing the planned action and outcome of reviews, provisioning steps, and deprovisioning steps.

  • Error messages in provisioning and deprovisioning steps now link to the audit log.

  • When requesting access to a specific resource on an app, the general app access resource is no longer shown in the list of options.

Fixed!

  • We’ve fixed an issue that was causing account types that were manually set on application accounts to be reset by the system.

June 2, 2023

Usability improvements

  • You can now designate application accounts as system accounts on the application’s Accounts page.

  • ConductorOne now supports two new columns in uploaded spreadsheets and CSV files:

    • User type to designate whether each account is a user account, service account, or system account
    • Account owner to automatically map the account owner to the correct ConductorOne user by matching email addresses

Fixed!

  • We resolved an issue that created a request context cancelled error when building a campaign.

  • Email links to your access review tasks now direct you a page where you can select how you want to view your reviews, rather than to an old version of the unstructured view.

May 26, 2023

Usability improvements

  • We’ve made it easier to publish and unpublish request catalogs, and added a confirmation screen with additional details when you take one of these actions.

  • Each request catalog’s current publication status (Published or Draft) is now shown on the Catalogs page.

  • We gave all the modals a little visual refresh, and we think they’re looking quite spiffy in their new blue header banners.

May 19, 2023

Campaign creation upgrades. Our revamped user access review campaign creation flow is now generally available. We redesigned the way you sort, find, and choose the resources and entitlements included in your campaigns, streamlining the process for busy UAR admins. Many thanks to everyone who provided feedback and helped us to refine this experience!

The campaign resource selection screen showing four Asana resources selected for the campaign.

Usability improvements

  • If you have more than one DocuSign account, you can now specify the DocuSign API Account ID when setting up an integration so that the correct account’s data is pulled into ConductorOne.

Fixed!

  • You can now successfully set a time limit for an entitlement even if the entitlement is not included in any request catalogs.

  • ConductorOne now reads the Okta attribute managersEmail as a source for the Manager user attribute.

  • When you searched for a user’s name in a dropdown field (such as when adding an owner to an app), your search input remained in the field even after you found and selected the right user from the list. We’ve fixed this.

  • Slack notifications of overdue campaign tasks no longer show negative time remaining before the due date.

May 12, 2023

Directories and user attribute mapping. We’re pleased to announce that these two features are now generally available, and send our thanks to all our users who provided feedback and helped us refine them. Setting your directory apps as the sources of truth for employee data is a key step in setting up ConductorOne. User attribute mapping helps you to ensure that key employee data is pulled into ConductorOne correctly so it can be used to add context or narrow scope as needed.

Request access. The + Request access page in the navigation panel is now generally available for our Access Requests customers. Use this simplified form to request new access for yourself or the folks you manage with a few clicks. Check out Request access to apps and resources to learn more.

Request catalogs. Also for Access Requests customers, we’ve updated the request catalog creation screen. You can now publish and unpublish saved catalogs, as well as update who can request the items in the catalog, all from the catalog’s page.

A catalog's page showing that it is published and available to the Customer Success group.

Navigation panel. We spruced up the navigation panel this week, including collapsing the lower sections by default to streamline navigation, refreshing the icons, and getting rid of the all-caps section headers. THOSE ALWAYS SEEMED A BIT SHOUTY.

Usability improvements

  • You can now upload files of up to 256MB to ConductorOne.

  • Your choices when setting campaign parameters now include key user attributes such as Manager, Department, and Job Title.

May 5, 2023

Usability improvements

  • We’ve added a resource type column and the ability to filter by resource type to the application Groups and Roles tabs.

  • The JumpCloud integration now supports nested group app assignments.

April 28, 2023

Usability improvements

  • When setting up a Salesforce integration, you now have the option of telling ConductorOne to use Salesforce usernames (which are formed as unique email addresses) as email addresses, rather than the contents of the Salesforce email field. This setting helps ConductorOne to properly sync Salesforce service accounts, which often all use noreply@salesforce.com as their email address.

Fixed!

  • Entitlements from apps sourced via an IdP are now correctly provisioned or deprovisioned by the connector.

  • Users with the Campaign Owner role can now add entitlements to campaigns.

April 21, 2023

New integrations. This week’s new arrivals to the integration library are Duo and NetSuite. These integrations are both in early access as they settle in and we gather feedback. If you’d like to give one or both a try, let us know!

Revoke granted entitlements. Navigate to an entitlement and click the Grants tab to view all users who currently have the entitlement, and to revoke these grants if necessary. Clicking Revoke on a grant and filling out the revocation form creates a revocation request that will use the relevant app- or entitlement-level revocation policy. The task will be sent to any required approvers, and then the access will be either automatically or manually deprovisioned.

Fixed!

  • Clicking a Groups, Roles, or Resources breadcrumb now returns you to the correct tab on the application’s main page.

  • We fixed an issue with rate limiting that prevented DocuSign users from syncing correctly.

  • We resolved an error that kept AWS S3 buckets in the us-east-1 region from integrating successfully.

  • Some connectors displayed a Connected status badge once they were set up but before any integration credentials were added, which was especially confusing for integration owners. We’ve fixed this, and connectors now show a Not connected badge until credentials are successfully added and a sync is complete.

April 14, 2023

A new organization of your application and resource information. Your application pages now have a new design, organized so that your application, resource, and entitlement data are more intuitively nested. On each application’s main page you can view (and in many cases, edit) application details such as the application’s owners, governing policies, cost per seat, and data sources. You’ll also find new tabs that break out the groups, roles, and other resources present in the application. (If you prefer to see everything together in a single list, use the Entitlements tab.) Click into any resource on the Groups, Roles, or Resources tabs to see and edit the resource’s details and the specific entitlements that can be granted to users. Click an entitlement to reach the final layer, where you can edit the entitlement’s details and associated attributes, set entitlement-level policies, and more.

Delegate a user’s tasks. If you want to avoid sending ConductorOne tasks or notifications to a certain user, such as an executive or a colleague who is out on leave, you can now set a delegate to whom that user’s tasks will be automatically reassigned. Check out Delegate a user’s tasks to get started with this new feature.

New and updated integrations. We’re pleased to announce that the Cloudflare Zero Trust and Sentry integrations are now generally available. Check out the documentation to get up and running with these integrations. We’ve also added Asana, Expensify, Linear, and Slack integrations, which are all in early access while we gather more feedback. Let us know if you’d like to add any (or all!) of these new integrations to your Integrations page.

Fixed!

  • The correct count of resources is now shown on the Resources tab for Google Cloud Platform.

  • Empty resource and entitlement names are no longer allowed, which prevents mysterious disappearances.

  • The test.salesforce.com domain is now accepted when setting up a Salesforce connector.

April 7, 2023

Sign up for ConductorOne using JumpCloud for SSO. You can now configure an OpenID Connect (OIDC) app in JumpCloud that will enable single-sign-on access to ConductorOne for your users. To get started, go to Sign up using JumpCloud.

Usability improvements

  • You can now delete connectors. On the connector’s details page, click the more actions () menu and select Delete.
The location of the delete control on a connector's details page.

March 31, 2023

JumpCloud integration. The latest addition to our integration library is JumpCloud. This new integration is currently in early access, so contact us if you’d like to add it to your Integrations page.

Usability improvements

  • Your Reviews page now displays a progress bar for your assigned tasks in each campaign, and the campaigns are sorted by due date.

  • Any resource description that has been updated from its default state is now displayed in the resource selector when requesting access.

  • Clearer error messages are now shown in Slack if something happens to an access request between the time when it is assigned to you and when you take action.

Fixed!

  • Once an import from a data source successfully starts or errors, the import modal closes automatically.

  • When filtering by multiple roles on the Users page, any user with multiple selected roles is only shown once.

March 17, 2023

Fixed!

  • The user profile attributes job_title, department, and status are now pulled from Google Workspace.

  • The user profile attribute employmentStatus is now pulled from BambooHR.

  • Attributes used in your directories are now shown correctly as options when mapping user attributes.

March 10, 2023

Assign review and access tasks to a group. You can now assign review and approval tasks to any group in any app integrated with ConductorOne. All members of the group will receive notification that a task needs their attention, and any member can complete the task. Get started with group approvals by adding a step to any policy and selecting Group as the reviewer.

Google Identity Platform integration. Good news, Google Identity Platform users: we now have an integration that pulls and syncs Google Identity Platform user data with ConductorOne. This new integration is currently in early access, so contact us if you’d like to add it to your Integrations page.

Fixed!

  • The comment modal now opens correctly when a reason is required for approval of a user’s access and the reviewer clicks Certify.

  • When setting up a Snowflake connector, the User role field now accepts input correctly on the first try.

March 3, 2023

Fixed!

  • Users assigned the integration owner role can now only see and edit the integration details for their assigned connectors. Super administrators can still see and edit all connectors.

  • The GitHub connector no longer shows a sync_users: failed fetching external users error if you do not have SAML enabled.

  • You can now successfully set up the Snowflake connector without getting a failed to parse 'Account ID / Locator' error.

  • Options in the more actions () menu on My work area task pages are no longer unresponsive. The modals for each menu option now open properly.

February 24, 2023

Usability improvements

  • Who approves the approvers? If you request access to an app or resource that you are an approver for, your request is now automatically approved. However, if the request policy governing the app or resource doesn’t allow self-approval, you’ll still need another user to manually approve your request.

  • If an automated step in a task (such as automated connector provisioning or deprovisioning) isn’t completed because of a system error, the error is now shown on the relevant step in the task’s details view.

  • When setting up a Slack channel for a campaign, ConductorOne now checks to see if the channel name you’ve entered already exists in your Slack instance. If the channel exists, ConductorOne will invite reviewers and send campaign notifications in that the Slack channel instead of creating a new one.

Fixed!

  • You can successfully sort a task view by account while the list of tasks is filtered by a resource type.
  • The number of grants in Zendesk groups is shown correctly.

February 17, 2023

Delegate integration setup to an integration owner. When you’re working on integrating a new application with ConductorOne, you can now tap your company’s resident expert in that app to create and enter all the relevant credentials.

The new delegated integration owner workflow starts with an admin setting up the integration and naming an integration owner to finish the process. ConductorOne notifies the integration owner by email that their help is needed to complete the integration setup, and directs them to the relevant page. Check out the docs for any integration to learn more about how the process works.

Setting up a new Sentry integration and designating an integration owner.

Usability improvements

  • The messages that pop up at the top of your screen to confirm an action or let you know there’s a problem are now more specific to the work you’re doing.

  • New columns displaying the application name and the resource type are now included in all task tables.

  • We added a message explaining the situation if there are no applications available to request.

  • In the Tasks table, we replaced the due date column with a column showing the current state of each task.

  • If access to an application or resource is asked for or granted for a limited time, the length of access is now shown in the relevant Slack messages.

Fixed!

  • Sometimes a list of options in a dropdown showed more than one choice with the same name. We’ve added more context to those choices so you’ll be able to tell the difference and select the one you need.

  • Info drawers are now correctly shown in front of modals when both are open at the same time.

  • If an application name was created using double spaces, the app name was displayed with only a single space. If you tried to delete the application and typed in the name as displayed–with single spaces–you received an error because despite what it showed you, ConductorOne expected the name of the app to contain double spaces. Phew. This is now fixed.

February 10, 2023

Google Cloud Platform connector no longer syncs empty roles. The Google Cloud Platform (GCP) connector no longer syncs roles that do not have any grants. This change is necessary because by default, each GCP project contains roughly 1,000 roles. Removing empty roles from the sync significantly improves the performance of the connector and the usability of the entitlement data it pulls into ConductorOne. If you want to include an empty GCP role in your access review, assign a service account to the role before creating the campaign.

Fixed!

  • When reassigning a task to another user, the user selection dropdown now correctly displays user names.

  • Users with the Basic User user role can now successfully request access to new tools and resources.

  • File mapping settings are now preserved and implemented correctly when you upload a new version of a file.

February 3, 2023

Data value mappings for imported data. When you import application data using a CSV file or an Excel spreadsheet, ConductorOne attempts to match the data values in your file to the data values the system expects. We’re pleased to introduce a new mapping interface that’s designed to make it easier to reconcile the data output by your application and the data model used by ConductorOne. Check out the new mapping interface by uploading a file to a new or existing application and then clicking Set Mappings.

The data mappings drawer open with mapping data entered.

Usability improvements

  • We’ve improved the search autocomplete experience across ConductorOne, making it easier for you to find what you’re looking for.

  • The progress bar on your list of access review tasks now shows the number of tasks competed, rather than the percentage.

  • On pages in the My work area where every entry in the task type or current state column was always the same, we removed the redundant columns.

  • A user’s job title and department is now displayed in list views, if that information is available to ConductorOne. If not, the user’s email address is shown instead.

  • You can now include account profile attributes in your file imports to pull in more data about your application accounts to ConductorOne.

  • Tasks that you’ve acted on but that are assigned to you for a subsequent step are now shown in your tasks list. Only tasks on which no further action is currently required from you are shown as completed tasks.

Fixed!

  • If a task uses a policy that requires an entitlement owner’s approval, but no entitlement owner is assigned, the task now shows a No assigned user message instead of getting stuck in a pending state.

  • You can now successfully add an entitlement that does not have a display name to a request catalog.

  • The option to bulk approve open tasks is now hidden when viewing only completed tasks.

January 27, 2023

Application and entitlement details pages. We’ve redesigned the details pages for applications and entitlements so you have more visibility and edit control from a single screen. See all of an application’s data sources in a single pane, manage application and entitlement owners, update default policies, record per-seat application costs, set entitlement provisioning behavior, and much more.

Usability improvements

  • The Sentry connector now pulls and syncs your Sentry user roles.

  • The purpose of the bulk Complete reviews button wasn’t immediately clear, so we rewrote the button label. It now shows the number of reviews that are left to be completed in the current list, which we hope will make the bulk action control a bit clearer.

  • We standardized our policy type terminology across the application, removing certify and approve in favor of review and request.

  • Users with the Basic User role can no longer cancel their assigned tasks unless the subject of the task’s account has been deleted.

January 13, 2023

Campaign summary. A new campaign summary design gives campaign owners a quick overview of the current state of their campaigns in a more compact format.

The header of a campaign titled SOXQ4 showing 54 of 69 reviews complete.

Coupa connector improvements. We’ve made several updates and fixes to the Coupa connector, including showing the status of Coupa users on the application’s Accounts tab and elsewhere; adding a license entitlement; and improving the connector’s performance.

Usability improvements

  • We’ve spruced up our welcome mats: the sign up and log in pages have a refreshed design.

  • The Documentation link in the left navigation panel now opens in a new browser tab.

  • When a task is closed (either completed or canceled), the assignee is automatically removed.

  • Policy and task types (Review, Request, and Revoke) are now used consistently with their accompanying icons.

  • The error message that appears if you forget to include a reason when submitting a bulk action now highlights the comment field.

Fixed!

  • The resource filter on the campaign tasks page now correctly shows all other available resources when one resource is selected.

  • Coupa roles now sync correctly.

  • You can now successfully remove an application’s default policies.

  • There’s no longer a long delay before edits to the list of entitlement owners are displayed on the page.

January 6, 2023

Happy New Year! Here’s to a secure and confident 2023!

Usability improvements

  • The GitHub connector log now shows a record of SAML data sync actions.

  • You can now filter a campaign’s tasks by Revoke, Request, or Review task type.

  • Searches for campaign tasks now return results far more quickly.

  • In other speedy news, data uploads via spreadsheet or CSV are also processed more rapidly.

December 22, 2022

Sync an integration on demand. Integrations pull info from the source application once an hour by default, but there are times when you might want to start a sync immediately, or stop an in-progress sync and restart the process. We’ve added a new Sync now control to each connector, giving you the power to sync the latest app info on demand.

Removed: Read-only user role. To streamline our user role model, we’ve removed the Read-Only User role. Any user who was assigned only this role has been automatically assigned the Basic User role instead.

Usability improvements

  • Task ID numbers are now searchable.

  • When reviewing resources on the Access explorer page, you can now click any resource name to see its full details.

Fixed!

  • The develop.lightning.force.com domain is now accepted when setting up a Salesforce connector.

December 16, 2022

Task ID numbers. To support audits, improve the specificity of notifications, and help you manage your approval and review workload, every task in your instance now has a unique ID number, which is shown in table views and on the task’s details screen.

Usability improvements

  • We’ve upgraded tables throughout ConductorOne to include loading indicators, sticky headers, infinite scroll, and other improvements to help you browse and get your work done more efficiently.

  • If automatic app provisioning or deprovisioning for a user fails, the task is now automatically reassigned to the application’s owner.

  • Deleted tasks now show a banner on the details page and a deletion entry in the audit log.

  • We smoothed out some approval process logic to prevent repeatedly and unnecessarily notifying people on certain multi-step approval tasks with several possible approvers.

  • When you create a campaign Slack channel, we now automatically adapt the name you choose (if necessary) to fit Slack’s rules for channel names. This means we’ll lowercase the name, replace any periods or spaces with underscores, and cut it off at the 80-character mark.

Fixed!

  • The sandbox.my.salesforce.com domain is now accepted when setting up a Salesforce connector.

  • Pagination on the list of grants for OneLogin now works correctly.

  • The date a campaign was actually closed is now shown as its completion date, rather than the target completion date set when the campaign was created.

December 9, 2022

OneLogin connector is now generally available. Check out the OneLogin integration instructions to connect your OneLogin instance with ConductorOne.

Policy details on demand. Click a policy’s name in a task or a campaign overview to learn more about the policy and see the full list of its steps, all without leaving the current page.

Usability improvements

  • We streamlined the info that appears on each entitlement and removed some redundancy.

  • You can now complete provisioning and (more importantly) deprovisioning updates on tasks for users who have been deleted from an app.

  • If a delegated provisioning task errors and is not completed, you can now restart the task to force the provisioning app to give it another try.

Fixed!

  • The remaining list of your assigned access review tasks by user is now shown correctly when the first page of tasks has been completed.

  • When setting up a Coupa connector, both coupahost and coupacloud domains are now accepted.

  • The Request field in email notifications now shows the correct user’s name.

November 28, 2022

Five new generally available connectors. We’re delighted to announce that connectors for Docusign, BambooHR, Google Cloud Platform, OpsGenie, and Twingate are now generally available.

Comment indicator on task lists. To make it easier to tell at a glance whether there are comments on a task, we’ve added a new comment indicator. You’ll now see a count of the number of comments in the thread in the Status column of the task list.

There are two comments on this revoke task.

Usability improvements

  • The account owner is now shown in the certification tasks list.

  • We’ve made improvements and fixes to messaging in the Slack app

Fixed!

  • Status indicators on the task details page are once again the correct size and shape.

  • In emails with details about the user’s access request, the correct user’s name is shown.

  • Task links now show up correctly for new access requests.