Just-in-Time Access using Twingate + ConductorOne
by Shelby Ludtke

Just-in-Time Access using Twingate + ConductorOne

ConductorOne <> Twingate

One of the chief benefits of adopting a zero trust strategy is that users are not over-privileged - but as organizations scale, provisioning access to resources can turn into a deluge of IT tickets that cause a bottleneck. Twingate values frictionless, intuitive workflows, so we’ve partnered with ConductorOne to help our users achieve Just-in-Time, ephemeral access in a way that is efficient and secure.

With Twingate, you can already create granular access policies based on factors like user, device, and sensitivity of resources. Now, with the ConductorOne integration, admins can replace the world of centralized IT access control and keep their teams moving forward.

Why move at a snail’s pace?

Traditionally, a user realizes they need access to a resource and creates a ticket in a system like Jira or ServiceNow. The request sits in queue until a human can review and approve it, and then it’s provisioned. This can be a frustratingly slow process and leads to a loss of productivity. With ConductorOne, employees can self-serve requests from a customizable catalog in a web app or directly through common collaboration tools like Slack. The request is automatically routed to the correct reviewer and ConductorOne orchestrates all of the provisioning, freeing up valuable time for the IT team. A no-code review workflow builder helps admins customize the approver, chain of command, reassignment, and self-review options.

Ephemeral Access

The way we work today is fast-paced and often asynchronous - users can be located across the globe, meetings pop up and priorities constantly shift. When we are all multitasking, human error is an inevitability. A common concern among security leaders is that users might be granted access to a resource they only need for a period of time, but privileges could be lingering long after a project is complete. ConductorOne requests can be time-bound; users will automatically be deprovisioned at the expiration, minimizing risk to the organization and relieving cumbersome admin work.

Flexibility

Another huge benefit with ConductorOne is that access controls can be simplified and centralized. Out-of-the-box, a number of different slugs are available with attributes like compliance framework and risk level; they are also customizable and allow user attribute mappings. This translates to huge flexibility: the built-in logic allows admins to grant access for less-sensitive resources without sign off (ie: a user with an internal email account should logically be able to access Slack channels). On the flip side, for critical applications, two steps can be configured, and fallback approvals can be granted should a primary admin be out-of-pocket.

Visibility and Reporting

The ConductorOne + Twingate integration gives you visibility into all local and SSO users that have access to Twingate resources, all from one single pane of glass that makes it easy to scope and automate user access reviews. Similar to Twingate’s Network Events report, ConductorOne can generate a fully-fledged audit report that can be sent onwards to compliance auditors.

How it works

Twingate-Request-Access
  • Using ConductorOne, users request access to a particular resource in Twingate via Slack or web.
  • Customized approval workflows based on the chain of command, length of time, and more, are triggered.
  • Reviewers can approve or deny directly in Slack, and users are automatically provisioned.
  • ConductorOne automatically revokes access and deprovisions users after a set period of time.

Our goal at Twingate is to help companies adopt a zero trust framework in a logical, secure way without the pain of extra manual work. Now with ConductorOne, administering just-in-time, secure access to private resources can be made more efficient and seamless. You can find additional details on the integration here.

About Twingate

Twingate provides a secure access platform that replaces VPNs with a modern Zero Trust Network Access (ZTNA) solution that combines enterprise-grade security with a consumer-grade user experience. It can be set up in less than 15 minutes and integrates with all major cloud providers and identity providers. Twingate helps companies move towards a Zero Trust architecture by tying every network event to an identity—user, device, and service—giving businesses modern control and visibility over activity across their entire network. This year Twingate raised $42M in Series B financing led by BOND and existing investors at WndrCo, 8VC, and SignalFire. Read more about CEO Tony Huie’s vision for Twingate in this blog post: Solving the usability problem to unlock Zero Trust adoption.

Want to check out Twingate? Click here for a personalized demo.


Featured Articles