Hold for launch: External insights

[mindymo]

Summary

• New product/admin/external-insights.mdx overview page explaining how external insights work, where risk scores surface in the UI (inventory, access reviews, access requests), and prerequisites
• Updated baton/crowdstrike.mdx with a capabilities note and new Enable risk score ingestion section

Both pages carry the standard early access callout. Two <Note> placeholders remain in the CrowdStrike section pending:

• Final CrowdStrike API scopes required for risk score ingestion
• ConductorOne UI steps for enabling the ingestion toggle

Test plan

• Verify external-insights.mdx renders correctly on the docs site
• Verify CrowdStrike page anchor #enable-risk-score-ingestion resolves correctly from the overview page card
• Confirm early access callout styling matches other early access pages
• Confirm placeholder <Note> blocks are visually clear to reviewers
• Fill in placeholder Notes before public launch

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • External Insights: ingest risk scores from CrowdStrike Falcon Identity Protection; scores surface in access reviews, task logs, and approvals.

• Navigation

  • Added an External Insights page in the Access Intelligence section.

• Documentation

  • Added setup and configuration guidance: prerequisites, role requirements, UI steps to enable risk score ingestion, early-access cautions, and where insights appear.
  • Added an “Additional functionality” note and duplicated enablement instructions for clarity.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a new External insights admin doc and updates the CrowdStrike integration doc to document Falcon Identity Protection risk score ingestion, including prerequisites, enablement steps, UI placement, and early‑access warnings.

Changes

Cohort / File(s)	Summary
CrowdStrike integration doc baton/crowdstrike.mdx	Added an "Additional functionality" note about Falcon Identity Protection external insights and inserted an "Enable risk score ingestion" section (early‑access cautions, prerequisites, placeholder API scope guidance, and UI/ingestion steps) in two locations.
External insights admin guide product/admin/external-insights.mdx	New admin documentation: overview, enable/disable flow, UI placement (access reviews, task logs, approvals), supported source (CrowdStrike Falcon Identity Protection), connector/license prerequisites, role requirements, and sync/ingestion behavior.
Docs navigation docs.json	Added product/admin/external-insights to the "Access intelligence" navigation group after product/admin/inventory.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Admin as Admin (UI)
participant UI as ConductorOne UI
participant Connector as Connector Service
participant CrowdStrike as CrowdStrike API
participant Ingest as Ingestion Pipeline
participant DB as ConductorOne DB

Admin->>UI: Enable External Insights & configure Falcon scopes
UI->>Connector: Save config & request connection
Connector->>CrowdStrike: Query risk scores (with configured scopes)
CrowdStrike-->>Connector: Return risk scores / insights
Connector->>Ingest: Push insights for normalization
Ingest->>DB: Store normalized risk scores
DB-->>UI: Surface scores in access reviews, task logs, approvals

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped through docs and tapped a shiny switch,
Falcon scores arrived in my neat little niche.
Admin clicks, connectors hum, insights take flight—
Panels glow with signals in the soft console light. 🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title 'Hold for launch: External insights' is vague and misleading. It references a deployment status rather than describing the actual changes being made (adding documentation for external insights feature with CrowdStrike integration).	Revise the title to clearly describe the main change, such as 'Add external insights documentation for CrowdStrike integration' or 'Document external insights feature and CrowdStrike risk score ingestion'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch docs/external-insights

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@baton/crowdstrike.mdx`:
- Around line 245-272: The "Add required API scopes" and "Enable ingestion in
ConductorOne" sections contain unresolved placeholders that prevent users
completing setup; replace the generic Note placeholders with concrete interim
guidance and clear TODO markers: under the "Add required API scopes" heading
list an example scope format and a placeholder bullet like
"<SCOPE_NAME_PLACEHOLDER>" plus an explicit "TODO: replace with final scope
names" line, and under "Enable ingestion in ConductorOne" add step-by-step UI
instructions the user should follow once labels are finalized (e.g., "Navigate
to Settings > Integrations > ConductorOne > Enable risk score ingestion, toggle
X, save"), include an instruction to update the page when final scope names and
exact UI labels are available, and add a short contact or issue reference (e.g.,
support or repo issue link) so readers can request the missing details; update
the headings' content accordingly.

In `@product/admin/external-insights.mdx`:
- Line 30: The phrase "informed certify or revoke decisions" is awkward; locate
the sentence containing "informed certify or revoke decisions" and reword it to
improve clarity, for example change it to "informed decisions to certify or
revoke" or "informed decisions to certify or revoke access" so the action reads
naturally and clearly in the review task description.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4f31e61 and 72518c9.

📒 Files selected for processing (2)

• baton/crowdstrike.mdx
• product/admin/external-insights.mdx

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Setup steps are currently incomplete for users.

Lines 257-272 leave critical setup details as placeholders (required API scopes and ConductorOne UI steps). In current form, readers cannot complete configuration end-to-end.

🛠️ Suggested interim fix (until final details are ready)

 ### Add required API scopes
 
 The CrowdStrike API client you created during connector setup needs additional scopes to access risk score data.
@@
   <Step>
   In the **API SCOPES** section, add the following scopes:
-
-  <Note>
-  The specific scopes required for risk score ingestion will be documented here once finalized.
-  </Note>
+  Contact ConductorOne Support for the current required scope list for your tenant and Falcon API version.
   </Step>
@@
 ### Enable ingestion in ConductorOne
 
-<Note>
-The ConductorOne configuration steps for enabling risk score ingestion will be documented here once the UI is finalized.
-</Note>
+Risk score ingestion is enabled through an early-access configuration path. Contact ConductorOne Support to enable the ingestion toggle for your connector.

If you want, I can draft the final step format now so you only need to fill in exact scope names and UI labels later.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	### Add required API scopes
	The CrowdStrike API client you created during connector setup needs additional scopes to access risk score data.
	<Steps>
	<Step>
	Sign into the Falcon console and navigate to **Support** > **API Clients and Keys**.
	</Step>
	<Step>
	Find the API client you created for the ConductorOne integration and click to edit it.
	</Step>
	<Step>
	In the **API SCOPES** section, add the following scopes:
	<Note>
	The specific scopes required for risk score ingestion will be documented here once finalized.
	</Note>
	</Step>
	<Step>
	Click **Save**.
	</Step>
	</Steps>
	### Enable ingestion in ConductorOne
	<Note>
	The ConductorOne configuration steps for enabling risk score ingestion will be documented here once the UI is finalized.
	</Note>
	### Add required API scopes
	The CrowdStrike API client you created during connector setup needs additional scopes to access risk score data.
	<Steps>
	<Step>
	Sign into the Falcon console and navigate to **Support** > **API Clients and Keys**.
	</Step>
	<Step>
	Find the API client you created for the ConductorOne integration and click to edit it.
	</Step>
	<Step>
	In the **API SCOPES** section, add the following scopes:
	Contact ConductorOne Support for the current required scope list for your tenant and Falcon API version.
	</Step>
	<Step>
	Click **Save**.
	</Step>
	</Steps>
	### Enable ingestion in ConductorOne
	Risk score ingestion is enabled through an early-access configuration path. Contact ConductorOne Support to enable the ingestion toggle for your connector.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@baton/crowdstrike.mdx` around lines 245 - 272, The "Add required API scopes"
and "Enable ingestion in ConductorOne" sections contain unresolved placeholders
that prevent users completing setup; replace the generic Note placeholders with
concrete interim guidance and clear TODO markers: under the "Add required API
scopes" heading list an example scope format and a placeholder bullet like
"<SCOPE_NAME_PLACEHOLDER>" plus an explicit "TODO: replace with final scope
names" line, and under "Enable ingestion in ConductorOne" add step-by-step UI
instructions the user should follow once labels are finalized (e.g., "Navigate
to Settings > Integrations > ConductorOne > Enable risk score ingestion, toggle
X, save"), include an instruction to update the page when final scope names and
exact UI labels are available, and add a short contact or issue reference (e.g.,
support or repo issue link) so readers can request the missing details; update
the headings' content accordingly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Tighten wording on the review action phrase.

Line 30 reads awkwardly (“informed certify or revoke decisions”). A small phrasing tweak will improve clarity.

✏️ Suggested copy edit

-Reviewers see an identity's risk score and severity on each review task, alongside entitlement data. The risk factors — the specific reasons CrowdStrike assigned that score — are available inline. Reviewers can use this context to prioritize high-risk identities and make more informed certify or revoke decisions.
+Reviewers see an identity's risk score and severity on each review task, alongside entitlement data. The risk factors — the specific reasons CrowdStrike assigned that score — are available inline. Reviewers can use this context to prioritize high-risk identities and make more informed certify-or-revoke decisions.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	Reviewers see an identity's risk score and severity on each review task, alongside entitlement data. The risk factors — the specific reasons CrowdStrike assigned that score — are available inline. Reviewers can use this context to prioritize high-risk identities and make more informed certify or revoke decisions.
	Reviewers see an identity's risk score and severity on each review task, alongside entitlement data. The risk factors — the specific reasons CrowdStrike assigned that score — are available inline. Reviewers can use this context to prioritize high-risk identities and make more informed certify-or-revoke decisions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@product/admin/external-insights.mdx` at line 30, The phrase "informed certify
or revoke decisions" is awkward; locate the sentence containing "informed
certify or revoke decisions" and reword it to improve clarity, for example
change it to "informed decisions to certify or revoke" or "informed decisions to
certify or revoke access" so the action reads naturally and clearly in the
review task description.

[coderabbitai]

♻️ Duplicate comments (1)

baton/crowdstrike.mdx (1)

246-267: ⚠️ Potential issue | 🟠 Major

Risk-ingestion setup is still incomplete for users.

Line 258 still has TBD, and there are no ConductorOne-side enablement steps before the “That’s it” statement on Line 266. Users still can’t complete this flow end-to-end from docs alone.

🛠️ Suggested doc fix

 ### Add required API scopes
@@
   <Step>
-  In the **API SCOPES** section, add the following scopes: TBD
+  In the **API SCOPES** section, add the scopes required for Falcon identity risk score ingestion.
+
+  <Note>
+  TODO: Replace with finalized CrowdStrike scope names.
+  Until finalized, contact ConductorOne Support for the exact scope list for your tenant and Falcon API version.
+  </Note>
 
   </Step>
@@
 </Steps>
 
-**That's it!** Your CrowdStrike connector will now sync risk score data into ConductorOne. See [External insights](/product/admin/external-insights) for details on where to see this data in the UI.
+### Enable ingestion in ConductorOne
+
+<Note>
+TODO: Replace with finalized ConductorOne UI navigation and control labels.
+Until finalized, contact ConductorOne Support to enable the risk score ingestion toggle for this connector.
+</Note>
+
+After both API scopes and the ConductorOne ingestion toggle are configured, your connector will sync risk score data into ConductorOne. See [External insights](/product/admin/external-insights) for where this data appears in the UI.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@baton/crowdstrike.mdx` around lines 246 - 267, The "Add required API scopes"
step currently leaves the scopes as `TBD` and skips ConductorOne-side
enablement; replace `TBD` with the exact CrowdStrike API scopes required for
risk ingestion (e.g., the specific Falcon API scope strings needed to read
host/user risk and detections) in the Steps block, and add a short sequence of
ConductorOne enablement steps before the "That's it!" line describing how to
enable risk ingestion in ConductorOne (navigate to External Insights or the
connector settings, enable risk scoring/external insights for the CrowdStrike
connector, map the risk fields if required, and save/apply the change) so the
doc provides a complete end-to-end flow.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@baton/crowdstrike.mdx`:
- Around line 246-267: The "Add required API scopes" step currently leaves the
scopes as `TBD` and skips ConductorOne-side enablement; replace `TBD` with the
exact CrowdStrike API scopes required for risk ingestion (e.g., the specific
Falcon API scope strings needed to read host/user risk and detections) in the
Steps block, and add a short sequence of ConductorOne enablement steps before
the "That's it!" line describing how to enable risk ingestion in ConductorOne
(navigate to External Insights or the connector settings, enable risk
scoring/external insights for the CrowdStrike connector, map the risk fields if
required, and save/apply the change) so the doc provides a complete end-to-end
flow.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c5a3c508-8054-47c7-bf12-29dcd2e59bd9

📥 Commits

Reviewing files that changed from the base of the PR and between 72518c9 and 98ebb4a.

📒 Files selected for processing (2)

• baton/crowdstrike.mdx
• product/admin/external-insights.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• product/admin/external-insights.mdx