Get the Guide to Modern IGA

ConductorOne docs

Global settings

Configure global settings such as attribute values, the length of ConductorOne sessions, and digest notifications.

These tasks all require the Super Administrator role in ConductorOne.

Set attribute values

Create custom risk level and compliance framework tags (called attribute values), and apply these values to entitlements. You can then sort and select entitlements for access reviews and request catalogs by compliance framework or risk level.

Step 1: Set your attribute values

  1. In the navigation panel, open Admin and click Settings.

  2. On the Attribute values tab, click Edit.

  3. In either the Compliance framework or Risk level field, type the name of the value you wish to add and press Enter.

  4. Repeat the process, adding additional attribute values as needed. Click the x next to any value to delete it from the list.

    If you delete a value that is currently in use in ConductorOne, that value will not be removed from any entitlements it is assigned to.

  5. When you’re finished, click Save and confirm your action.

Step 2: Add attributes to entitlements

  1. In the navigation panel, click Applications.

  2. On the Managed apps tab, select an application and click Entitlements.

  3. Select an entitlement. On the Details tab, in the Attributes area of the page, click Edit.

  4. Select the correct risk level for the entitlement, or select None.

  5. If applicable, select any compliance frameworks that apply to the entitlement.

  6. Click Save.

  7. Repeat this process on each applicable entitlement.

That’s it! You can now filter entitlements by attribute when creating an access review campaign or request catalog.

Configure session length

By default, ConductorOne sessions are set to 20 hours. Customize your organization’s session length to adhere to your internal security policies and best practices.

  1. In the navigation panel, open Admin and click Settings.

  2. In the Session configuration area of the page, click Edit.

  3. Select the new maximum session length from the dropdown. Options range from 45 minutes to 20 hours.

  4. Click Save.

That’s it! Your session length has been updated. ConductorOne will require all users in your organization to start new sessions every time the maximum length you selected elapses.

Send digest emails

Enable email digest notifications to automatically send users a daily or weekly summary of their open tasks.

  1. In the ConductorOne navigation panel, open Admin and click Settings.

  2. In the Notifications area of the page click Edit.

  3. Set the Email digest toggle to Yes, send email digest.

  4. Choose the email digest frequency. You can send email digests every weekday, or weekly on Tuesdays. In either case, emails are sent between 9AM and 10AM Pacific time.

  5. Click Save.

That’s it! Any user who has at least one open task will now receive a digest at the email address associated with their ConductorOne user.

Delegate a user’s tasks

Set a delegate for a user who should not or cannot be assigned ConductorOne tasks. Tasks will be automatically reassigned to the delegated user unless the task’s policy doesn’t allow delegation.

When should I set a delegate?

In some cases, you might not want to assign ConductorOne tasks or send the corresponding notifications to certain users. For example, if a policy assigns access review or access request tasks to an executive, you might want to automatically redirect those tasks to a lower-level employee. If an employee is on extended leave, you might want to delegate their tasks to a colleague or manager until they return. In cases like these, you can set a delegate for the user.

Set a delegate for a user

  1. In the navigation panel, open Admin and click Users.

  2. Locate and click the name of the user you want to set up a delegate for.

  3. In the Delegation area of the page, click Edit.

  4. Locate and select the user to whom you want to delegate tasks. Only one delegate per user is allowed.

  5. Click Save.

New tasks will now be automatically reassigned to the user’s delegate, except when prevented by policy rules. Each task’s audit log will contain an entry showing the delegation reassignment. All email and Slack notifications for the task will also be sent to the delegate, and not to the original user.

Delegation in policy rules

Policies allow delegation by default, but this setting can be changed. If a user with a delegate is assigned a task that was created using a policy that does not allow delegation, then the user, not their delegate, will be assigned the task and will receive notifications about it.

To review or update a policy’s delegation rules:

  1. In the navigation panel, open Admin and click Policies.

  2. Click the name of the policy you want to review.

  3. In the Details area of the page, find the Delegation entry, which shows whether delegation is allowed by this policy.

  4. To change the delegation rules, click Edit on the Details area and check or uncheck the Automatically reassign tasks to delegates option, then click Save.