Instacart Combines ConductorOne’s Centralized Identity and Access Data and Robust Policy Engine to Automate 95% of JIT Requests
PORTLAND, Ore. – Jan. 15, 2025 – ConductorOne, the modern identity governance platform, today announced how Instacart, the leading grocery technology company in North America, is using the ConductorOne platform to deliver an innovative just-in-time (JIT) access solution. After implementing ConductorOne, Instacart was able to automate 95% of JIT access requests to significantly improve security, productivity, and employee experiences.
“It’s been an absolute pleasure to collaborate with Instacart over the past year,” said Alex Bovee, co-founder and CEO of ConductorOne. “Instacart’s use case is exactly why we built ConductorOne the way we did—with flexibility that allows our customers to use the platform to achieve their own unique goals. Instacart has been able to take our conditional policies and run with them to significantly lower standing privileges.”
Matthew Sullivan, infrastructure security team leader at Instacart, shared, “ConductorOne is extremely customizable, very powerful, and doesn’t make assumptions about how your organization works. I’ve had experience with legacy vendors in this space and it’s a night and day difference—in the way you can use the product, in the onboarding time, in the time to value, and how you’re treated as a customer. There’s something so powerful about having a partner who really understands the space and listens.”
Breaking Free of Legacy IGA Constraints
When Sullivan joined Instacart in 2022, he quickly saw an opportunity to reimagine the company’s approach to infrastructure security. His vision was to move all of Instacart’s privileged entitlements to JIT access, ensuring that access is granted only for the time needed to perform specific tasks. This would allow the company to eliminate standing privileges and reduce its overall identity attack surface.
At the time, Instacart was mid-contract with a legacy identity governance and administration (IGA) platform that had yet to be successfully implemented. Having been already familiar with the platform and knowing it did not have the flexibility or developer tooling he needed, Sullivan abandoned the contract and began looking for a more nimble solution that he could get started with quickly.
Selecting ConductorOne: Centralized Visibility and Access Control
Sullivan set out to find a tool that would allow him to automate as much of the JIT request and provisioning process as possible. The right solution would provide centralized visibility and access control across Instacart’s infrastructure. Instacart also needed a solution that would not slow down productivity for its cross-functional teams, which are continuously delivering new technology products and features.
“Other vendors didn’t seem to get the nuance of what we wanted to do,” said Sullivan. “ConductorOne stood out because of the depth and experience of the leadership and team. It’s built by security engineers who understand that identity security problems are fundamentally engineering problems.”
Unlike the legacy platform that Instacart had initially pursued, which after months had still not implemented a single use case, Sullivan was able to set up automated access requests in ConductorOne for key applications in a matter of minutes. He shared, “I clicked through the user interface to get it set up, and in about ten minutes, I was done. I kind of couldn’t believe it.”
Automating JIT Access With ConductorOne’s Conditional Policies
Using ConductorOne’s highly flexible conditional policies, Instacart was able to move 95% of its privileged permissions to automated JIT access. This was achieved by configuring access policies as code using ConductorOne’s Terraform provider, which automates the creation and modification of comprehensive access rules that govern the JIT auto-approval process. These policies can be applied in a fraction of the time required for manual configuration, and with a far smaller chance of error.
“With the power of ConductorOne’s conditional policies, we can auto-approve almost all of our JIT requests,” said Dominic Zanardi, senior software security engineer II at Instacart. “People now get the access they need right away, without the risk of human error providing inappropriate access. This has a tangible impact on our security posture, as it eliminates the risk of rubber-stamping, which could potentially open the door to an attacker.”
Gadjit: Using AI to Achieve 100% JIT Access Automation
Instacart was able to use conditional policies in ConductorOne to automate the vast majority of access requests. For the last few highly sensitive entitlements that required manual manager approval, Sullivan and his team developed Gadjit, an open-source LLM-powered security bot framework that integrates directly with ConductorOne’s API. Gadjit reads and interprets the large volumes of access data in ConductorOne to assist in the decision-making for complex JIT requests.
Sullivan continued, “When it comes to any AI project, the quality and accuracy of your end result is all based on the data you put into it. In the case of Gadjit, we’re consistently testing at nearly 100% accuracy, which is thanks to the incredibly rich and accurate access data provided by the ConductorOne platform. Now, we can be confident that the right people are getting access at just the right time, which has made a meaningful impact for our business.”
Visit the ConductorOne website to read the customer story and watch the video interview with Instacart’s Matthew Sullivan and Dominic Zanardi.
About ConductorOne
ConductorOne is the modern identity governance platform that makes it possible to move beyond the limitations of legacy IGA and reduce the identity attack surface with confidence. Designed for flexibility, ConductorOne provides a broad range of direct connectors to integrate with cloud, infrastructure, on-prem, and homegrown tools. The platform’s Unified Identity Graph brings together previously siloed access and permissions data from across a company’s environment. This provides real-time visibility and dynamic access controls that allow businesses to reduce identity risks, move to just-in-time access, automate access reviews, and manage the full identity lifecycle. The platform delivers intuitive user experiences that help teams get up and running faster, using powerful automation backed by AI to significantly improve productivity. ConductorOne is trusted by forward-thinking enterprises like DigitalOcean, Instacart, Ramp, and Zscaler. For more information, visit conductorone.com.
# # #
Media Contact:
Andrew Smith
Public Relations for ConductorOne
