Skip to content

Document access conflict scope type for campaigns #112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
c1-dev-bot wants to merge 3 commits into
base: main
Choose a base branch
from
+170 −261
Open

Document access conflict scope type for campaigns #112

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5b40d90
Document access conflict scope type for campaigns
Mar 2, 2026
20ba6a9
Address review feedback: restructure campaign creation flow
russellhaering Mar 5, 2026
c7e1dd9
fix: restore cannot-mix tip, mark filtering as optional, fix typos
mindymo Mar 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion product/admin/access-conflicts.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@
og:description: Set up conflict monitors to automatically track and alert on combinations of access that violate separation of duties policies or regulations such as SOX, FDA 21 CFR Part 11, and ISO 27001.
description: Set up conflict monitors to automatically track and alert on combinations of access that violate policies or regulations.
---
{/* Editor Refresh: 2026-01-07 */}
{/* Editor Refresh: 2026-03-02 */}

## What's an access conflict?

An access conflict is when two entitlements assigned to the same user violate a separation of duties (SoD) policy or other regulation. Ensuring SoD is enforced across your organization is an important part of adhering to standards such as SOX, FDA 21 CFR Part 11, and ISO 27001.

Set up an access conflict monitor by defining groups of mutually exclusive access. ConductorOne automatically identifies existing and new access conflicts so you can take action. Each conflict monitor also creates detailed audit logs and downloadable reports so you can prove your SoD compliance to auditors and certifiers.

Check warning on line 13 in product/admin/access-conflicts.mdx

View check run for this annotation

Mintlify / Mintlify Validation (conductorone) - vale-spellcheck

product/admin/access-conflicts.mdx#L13 

Did you really mean 'certifiers'?

## Create a new conflict monitor

Expand Down Expand Up @@ -120,6 +120,12 @@
<img src="/images/product/assets/access-conflicts-audit-log.png" alt="An audit log for a conflict monitor alert."/>
</Frame>

## Review access conflicts in a campaign

You can use your conflict monitors to scope an [access review campaign](/product/admin/campaigns). When you create a campaign and select the **Review access conflicts** scope type, ConductorOne generates review tasks for users who have active violations detected by your conflict monitors. This lets you systematically review and remediate separation of duties violations across your organization.

To set up an access conflict campaign, see [Create an access review campaign](/product/admin/campaigns#step-2-choose-what-to-review).

## Generate reports

Generate a report of the conflict monitor's alerts, their current state, and all audit log entries by clicking the **Generate CSV** icon. Your report will be prepared for you and posted in the downloads center at the top of the page when ready.
Expand Down
Loading