Notifications
Clear all
Topic starter
07/06/2026 8:01 pm
TL;DR: RRCU used C1 Automations to move onboarding, offboarding, transfers, access reviews, notifications, and platform migrations from manual work to workflow-driven identity operations, cutting 20 to 30 minutes per user down to seconds according to ConductorOne. The larger lesson is that automation can remove friction, but governance still depends on accurate triggers, clean source data, and review logic that matches real change events.
NHIMG editorial — based on content published by ConductorOne: How RRCU Uses C1 Automations to Streamline Identity Operations
By the numbers:
- What used to take 20 to 30 minutes per user now happens in seconds.
Questions worth separating out
Q: What breaks when identity automation is built on bad source data?
A: Automations faithfully execute whatever the upstream system says, so bad source data becomes bad access at scale.
Q: Why do mover events matter more than periodic access reviews?
A: Mover events matter because role changes often create stale access long before the next review cycle arrives.
Q: How can security teams tell whether identity automation is working?
A: Look for shorter time-to-provision, fewer manual exceptions, and a smaller gap between business change and access correction.
Practitioner guidance
- Map each automated workflow to a specific lifecycle event Bind onboarding, offboarding, mover, and migration automations to authoritative sources such as HR, directory, or approved application state changes.
- Add reconciliation steps to every access automation Require workflows to compare expected versus actual entitlements after execution, then flag exceptions for review.
- Trigger access review on role change, not just on a timer When a person changes branch, title, team, or manager, initiate certification immediately so old access can be revoked before it becomes business-as-usual.
What's in the full article
ConductorOne's full blog covers the operational detail this post intentionally leaves for the source:
- Step-by-step workflow examples for onboarding, offboarding, transfers, and reviews across identity operations
- Practical implementation details for connecting HR, directory, and application signals into automation logic
- Examples of how the RRCU team used Automations Architect to refine existing workflows
- The platform migration workflow that preserved traceability between old and new security groups
👉 Read ConductorOne's blog on how RRCU uses C1 Automations to streamline identity operations →
Identity automations in IAM: what changes for reviews and offboarding?
Explore further
07/06/2026 9:47 pm
Automation does not erase governance debt, it changes where the debt sits. RRCU’s model shows that identity work can be accelerated dramatically, but the programme still depends on precise triggers, clean source attributes, and rules that reflect current business context. The operational win is real, yet the governance risk moves upstream into data quality and workflow design. Practitioners should treat automation as a control execution layer, not a substitute for identity governance.
A few things that frame the scale:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
A question worth separating out:
Q: How should organisations govern lifecycle changes for NHI and human identities together?
A: Use the same governance discipline, but map each actor to its own lifecycle event source. Human identities change through HR and management events, while NHIs change through deployment, ownership transfer, rotation, and retirement. The common requirement is authoritative triggering, documented reconciliation, and timely revocation when the actor is no longer needed.
👉 Read our full editorial: Automated identity operations still depend on human-paced governance
