Create applications
๐ Your application-creation workflow
When setting up applications for your new ConductorOne instance, follow this order of operations:
Integrate your identity provider (IdP). This creates the IdP app in ConductorOne, and also automatically creates child apps for all the software that you use your IdP to manage or SSO into.
Add connectors or file uploads between the auto-created child apps and the software, so that the software’s usage data is pulled into the app.
Create new applications for any other software your company uses. These might use connectors, or might be custom applications that use a file upload or a data source to pull in usage data.
Application types
There are three types of applications (plus one special application) in ConductorOne:
Applications created via integration with an identity provider (IdP). When ConductorOne is integrated with an IdP such as Okta, which is in turn integrated with third-party tools, those integrations are passed through the IdP to ConductorOne, creating applications of this type.
See Add connectors to applications created by an IdP integration for more on setting up this type of application.
Applications created by individual connectors. These applications are created when ConductorOne is connected directly with another piece of software. You’ll also integrate your IdP this way.
See Create new applications with connectors for more on setting up this type of application.
Custom applications. These applications are built inside ConductorOne and used to manage the access and permissions for the tools that your company hosts or has built in-house, as well as tools that aren’t yet part of our growing list of connectors.
See Create a custom application for more on setting up this type of application.
The ConductorOne app. This is a special application that lets you see and manage ConductorOne access data within ConductorOne. You do not need to create this application, we’ve done it for you.
See The ConductorOne app for more on what you can do with this application.
Add connectors to applications created by an IdP integration
When you integrate with an identity provider (IdP) that your company uses to SSO into lots of other software, ConductorOne automatically creates applications for each one (these are your SCIMed apps). This is done so you have a full picture of which software your colleagues SSO into via the IdP.
However, it’s important to understand that in these auto-created apps, the only resource pulled in is the ability to SSO into the app.
To get the full picture of the usage data for that app, you need to set up an integration, adding the connector to the existing app when prompted, rather than creating a new one. If no connector for the software is available, you can upload the usage data or build a custom Baton connector.
Create new applications with connectors
ConductorOne connectors pull account and usage data from a software instance into ConductorOne. This lets you do things like review access, approve new access requests, and (in cases where the integration connector also supports provisioning) add and remove permissions.
Visit the Cloud connector library to see a list of all available connectors.
When you set up a new connector, ConductorOne asks if you want to create a new application, or to add the data stream you’re integrating to an existing application. This lets you design how you want to group and configure the access data you’re pulling in.
When to add multiple connectors to one application
In most cases, you’ll have one connector hooked up to one application. But it’s not uncommon to need or want to have multiple data sources feeding into one application in ConductorOne.
Here’s an example. Let’s say your company uses an expenses-tracking app called PayDough, and ConductorOne offers a PayDough cloud connector. The company uses one PayDough instance for the executive team, and a different PayDough instance for the sales team. But in ConductorOne you’ll want to run access reviews on all the PayDough access for both instances.
In this case, you’d set up your PayDough app in ConductorOne using two connectors, one pulling the exec team’s usage data, and the other pulling the sales team’ usage data. BOTH connectors will pull that data into a single PayDough application in ConductorOne, so you can review and manage all the PayDough usage in one place.
Create custom applications
You also have the option to create a new application without setting up an connector. This type of application is useful when you want to pull data into ConductorOne with a spreadsheet or CSV file, or through regular uploads from an S3 bucket.
Create custom applications to manage access and permissions for on-prem, home-grown, and other tools that aren’t directly integrated with ConductorOne.
In the navigation panel, open Apps and click Applications.
Click New application.
Enter a name and description for the new application.
In the Owners field, select one or more users who will be responsible for the application.
Click Continue.
To upload identity and entitlement data to the new application, see the instructions in Import app data from an S3 bucket.