Get the Guide to Modern IGA

ConductorOne docs

Managing accounts

Accounts give you visibility into what users, service accounts, and principals exist within an applicaton.

What are accounts?

An application’s Accounts tab shows you a list of all the accounts inside the application, the status of each account, its type (user, service, system, etc), the account owner, and the date when the account was last logged into (if usage data is available for the app).

A screenshot of a Slack application's Accounts tab in ConductorOne.

Account owner mappings

When accounts are ingested into ConductorOne, we will automatically attempt to match them to your ConductorOne Users (the humans in your organization). These mappings are shown in the Account Owner column.

Auto-matching accounts

ConductorOne will use various identifiers to match accounts to users, including email and username. This is what is called Narrow mappings. If this mapping insufficientlly matches most accounts, you can also use Broad mappings. To change to Broad mappings:

  1. Navigate to the application
  2. In the upper right corner of the page, click the (more actions) menu and select Account mapping settings.
  3. Select the type of mapping you want to use:
    • Narrow: (Default) Accounts are mapped using email addresses.
    • Broad Accounts are first mapped using email addresses, but if these cannot be found or matched, accounts are then mapped using the user’s first and last name.
  4. Click Save

ConductorOne will immediately begin re-mapping the app’s accounts.

Managing account owners

If automatic matching can’t be performed, or if there is minor clean-up required, you can set the account owner manually:

  1. Navigate to the application
  2. On the application, click the Accounts tab
  3. Find the account that needs an account owner change
  4. Click the (more actions) menu
  5. Select Set account owner
  6. Choose the correct ConductorOne user from the dropdown and click Set account owner.

If you’ve manually changed the account owner and want to set it back to the matched value, you can reset the account owner mapping.

  1. Click the (more actions) menu
  2. Select Reset account owner
  3. Choose the correct ConductorOne user from the dropdown and click Set account owner.

If you want to remove the account owner completely:

  1. Click the (more actions) menu
  2. Select Clear account owner

Set account types

Accounts are set to User by default. Use the Account type control to designate service accounts and system accounts, which can then be included in or excluded from your access review campaigns as needed.

  1. Navigate to the application
  2. On the application, click the Accounts tab
  3. Find the account that wantt to change the type for
  4. Click the (more actions) menu
  5. Select Set account type.
  6. Choose Service account or System account and click Update account type.

The updated account type is now shown in the Account type column.

Account detail

Click any account name on the Accounts tab to view that account’s details page. On this page you’ll find a list of the entitlements in this application that this account has access to, as well as the account’s profile attributes, which are automatically ingested from the connector.

A screenshot of a Slack application account's details page in ConductorOne.