Managing access at scale involves a lot more than just individual permissions. It requires grouping the right access together, making it easy to request, review, and automate, and ensuring access stays aligned with how your organization actually works.
That’s exactly what access profiles in ConductorOne are designed to do.
Access profiles let you define logical groups of entitlements and make them available to users through self-service, automation, or policy-based assignment. Instead of managing access one permission at a time, you can manage access the way teams actually operate.
What are access profiles?
An access profile is a collection of entitlements grouped together for a specific purpose or audience.
For example:
- A company-wide profile might include access to internal documentation, collaboration tools, and shared resources.
- An engineering profile might include source control, CI/CD tools, and infrastructure access.
- A design profile might include prototyping tools and design software.
Each profile defines which users can request the entitlements inside it, and the same entitlement can belong to multiple access profiles at the same time. That means you can model access flexibly without duplicating configuration or creating rigid role structures.
How access profiles work in practice
By default, access profiles allow eligible users to request individual entitlements within the profile. A user might request access to a single tool without needing everything else.
But in practice, many teams want something more powerful.
ConductorOne supports provisioning access to an entire profile at once by creating a dedicated entitlement that represents membership in the profile itself.
Behind the scenes, ConductorOne generates an entitlement for the profile as a whole. When a user is granted that entitlement, they become a member of the access profile and automatically receive all entitlements included in it.
This gives you the best of both worlds:
- Fine-grained access when users only need one thing
- One-click or automated provisioning when users need a complete access set
Why profile membership matters
Representing access profile membership as an entitlement unlocks deeper integration with the rest of the ConductorOne platform. Because profile membership is an entitlement, you can:
- Run access reviews that certify membership in a profile rather than dozens of individual permissions
- Reference profile membership in automations and policies
- Build delegated provisioning flows that grant or revoke entire access sets
- Track and audit access consistently across systems
Instead of reviewing access tool by tool, reviewers can answer a simpler, more meaningful question: should this user still be a member of this access profile?
Automating access with identity context
You can automatically grant profile membership based on user attributes like department, role, or team. For example:
- Users with a department of Engineering can be automatically added to the engineering access profile
- Designers can receive design tools on day one
- Access can be adjusted automatically as users change roles
This makes access profiles a powerful foundation for joiner, mover, and leaver workflows, as well as temporary access scenarios like on-call rotations or time-bound projects.
Plus, access profiles scale with your needs, from simple to advanced use cases. They can be used for:
- Simple self-service access requests
- Department-based access assignment
- Automated onboarding and role changes
- Time-bound access for on-call or project-based work
- Cleaner access reviews with fewer decisions and better context
No matter the use case, access profiles help reduce complexity while improving visibility and control.
Access that matches how teams work
Access profiles let you stop thinking in individual permissions and start thinking in access patterns that match your organization.
By grouping entitlements, representing membership as an entitlement, and tying everything into ConductorOne’s automation and review capabilities, access profiles make identity governance simpler, more scalable, and easier to manage over time.
Want to see it in action? Book a demo.
