New Solution Automates Access Provisioning and Deprovisioning for Joiners, Movers, and Leavers to Save Time and Improve Security
PORTLAND, Ore. – Sept. 23, 2024 – ConductorOne, the modern identity governance platform, today announced its new identity lifecycle management solution for joiners, movers, and leavers (JML). The solution automates the provisioning and deprovisioning of access for JML use cases, saving significant time for security and IT teams while also reducing the risk associated with unnecessary or standing access. Now, businesses can onboard hundreds of users or more in just a few clicks, reducing the time required to provision access for new joiners from days to minutes. Additionally, by ensuring that no unnecessary or standing access remains when a user leaves or changes roles, businesses can improve their security posture by adhering to the principle of least privilege.
“JML has historically been a time-consuming and tedious process, especially for larger enterprises that need to onboard dozens or even hundreds of new users in short periods of time. When employees leave, it can be difficult to track down non-offboarded accounts, which can leave significant security gaps,” said Alex Bovee, co-founder and CEO of ConductorOne. “Our unique approach centralizes all access, permission, and resource data from every system — IdPs, HR systems, SaaS apps, infrastructure, and more — so that businesses can easily manage the full lifecycle of access and reduce their identity attack surface.”
JML refers to employees who join, move within, or leave a company. In these situations, security and IT teams are responsible for provisioning access for new users based on their job, role, or function, as well as deprovisioning access when an employee leaves the company. Any given employee may require access to dozens of applications or resources, which can result in a time-intensive provisioning process for IT and security teams. Additionally, when an employee leaves the company or no longer needs access to certain applications due to job changes, their standing access can introduce security risks.
Joiners & Movers: Automatically Enforce Role-Based Access Controls
ConductorOne simplifies access provisioning by allowing customers to create bundles of permissions. New users can be automatically enrolled in these bundles based on attributes such as job, role, or function — commonly referred to as role-based access control (RBAC) and attribute-based access control (ABAC). Membership to a dynamic group within ConductorOne is based on conditions such as existing access or user attributes, for example an on-call engineer in South America. Each dynamic group is automatically synced and kept up to date in real time.
Leavers: Discover and Remediate Non-Offboarded Accounts
For leaver use cases, ConductorOne’s new identity lifecycle management solution includes the ability to detect and alert admins of any users or accounts that have not yet been offboarded, as well as to automate the removal of unused permissions from changes in roles. Admins can centrally view any accounts that require remediation, with options to remove accounts, downgrade access, or suspend a user account with a single click.
By automating the offboarding and access deprovisioning process, businesses can quickly shore up any access gaps within the organization — even for companies with contingent workforces, which can result in a tedious offboarding process for IT and security teams. By limiting the risk associated with stolen credentials, companies can reduce the overall blast radius of a potential breach. For example, if an attacker attempts to use a former employee’s credentials to infiltrate a company’s systems, their previous access and permissions cannot be exploited.
Identity lifecycle management for JML is now available as part of ConductorOne’s full-suite IGA offering. To learn more, read our blog post or book a demo.
About ConductorOne
ConductorOne is the modern identity governance platform that makes it possible to move beyond the limitations of legacy IGA and reduce the identity attack surface with confidence. Designed for flexibility, ConductorOne provides a broad range of direct connectors to integrate with cloud, infrastructure, on-prem, and homegrown tools. The platform’s Access Fabric brings together previously siloed access and permissions data from across a company’s environment. This provides real-time visibility and dynamic access controls that allow businesses to reduce identity risks, move to just-in-time access, automate access reviews, and manage the full identity lifecycle. The platform delivers intuitive user experiences that help teams get up and running faster, using powerful automation backed by AI to significantly improve productivity. ConductorOne is trusted by forward-thinking enterprises like DigitalOcean, Instacart, NFI, Ramp, and Zscaler. For more information, visit conductorone.com.
# # #
Media Contact:
Andrew Smith
Public Relations for ConductorOne
