An automation needs at least one step, and can have as many steps as you need. You can reorder steps using the arrow controls.
Send email
Send an email notification to specified recipients. Use this step to alert stakeholders about important events, such as notifying IT admins when a new employee joins or when access needs to be reviewed.
Required fields: Recipient, Email title, Email subject, Email message
Example: Send an email to three IT admins
Send Slack message
Post a message to a designated Slack channel. Use this step to send real-time notifications to teams and keep relevant channels informed about workflow events, new access grants, or other important updates.
Required fields: Slack channel name, Message
Example: Send a Slack message to the “new-employees” channel
Wait for duration
Pause the automation workflow for a specified period before continuing to the next step. Use this to give users time to respond to notifications or allow time for manual review before automated actions are taken.
Required fields: Time to wait before proceeding
Example: Wait 30 minutes
Create campaign
Automatically create a new access review campaign based on a template. Use this step to ensure timely access reviews when significant events occur, such as when an employee departs or changes roles.
Required fields: Access review template, User whose access will be reviewed
Example: Create a new UAR campaign to review a departed user’s access
Revoke entitlements
Create revoke tasks to remove specified entitlements from a user’s account. You can selectively revoke access while excluding certain entitlements that should be preserved. Use this step for offboarding workflows and managing access changes.
Required fields: Target user, Entitlements to revoke, Entitlements to exclude
Example: Create revoke tasks for all AWS entitlements except app access
Grant entitlements
Automatically grant specified entitlements to a user. Use this step during onboarding and role changes to ensure users receive the appropriate access permissions without manual intervention.
Required fields: Target user, Entitlements to grant
Example: Grant access to the “Engineering team” role in Jira
Modify delegate
Update or remove delegation settings for a user. Use this step when managing temporary access delegation or when a user’s responsibilities change and their delegated tasks need to be reassigned.
Required fields: Target user
Example: Remove this user as a delegate
Remove access profiles
Unenroll a user from specified access profiles. Use this step during offboarding or role transitions to ensure users no longer receive automatic access grants associated with profiles they should no longer be part of.
Required fields: Target user, Access profiles to unenroll from (or check the box to unenroll from all)
Example: Unenroll the user from three key access profiles
Modify user status
Change a user’s status in ConductorOne (e.g., to Active, Disabled, or Inactive). Use this step to maintain accurate user records, such as disabling accounts when employees leave or take extended leave.
Required fields: Target user, New user status
Example: Change a user’s status to Disabled in ConductorOne
Run automation
Trigger another automation to run. Use this step to create modular workflows and chain automations together, letting you build complex multi-step processes while keeping individual automations focused and maintainable.
Required fields: Automation name
Optional fields: Context in JSON format
Example: Trigger a run of the “Secondary Offboarding Tasks” automation
Take action on existing tasks, such as reassigning, completing, or canceling them. Use this step to manage task workflows when users change roles or leave, ensuring that pending tasks are properly handled.
Required fields: Whose tasks to take action on, Task type, Action to take
Example: Assign all a user’s open review tasks to the head of Security
Run webhook
Execute a configured webhook to integrate with external systems. Use this step to trigger actions in other platforms and integrate ConductorOne with your broader technology ecosystem.
Required fields: Webhook name, Payload
Example: Trigger a webhook that creates a ticket to deprovision Figma access
Execute custom capabilities configured on a connector. Connector actions extend automation functionality with app-specific operations that may not be available through standard steps. Contact Customer Success to learn more about setting up connector actions.
Required fields: Connector name, Action name, Additional fields as determined by the connector action’s format
Example: Lock an Active Directory account
Create account
Create a new account in a connected application. You can choose between two creation methods: Custom (which uses connector-specific schema as described in the automatic account provisioning documentation) or From ConductorOne user (which uses existing user information from ConductorOne to populate the new account). Use this step to automate account provisioning during onboarding.
Required fields: Connector name, Creation method, Additional values depending on method
Example: Create a new Greenhouse account
Call function
Early access. This feature is in early access, which means it’s undergoing ongoing testing and development while we gather feedback, validate functionality, and improve outputs. Contact the ConductorOne Support team if you’d like to try it out or share feedback.
