ConductorOne Launches Open Source Toolkit For Infrastructure Access Auditing


The Baton connectors allow developers and security engineers to extract, normalise, and interact with user account and access data in any on-premises, SaaS, or IaaS application.

In a project dubbed Baton, ConductorOne, Inc. announced the open sourcing of its identification connectors under the Apache 2.0 licence. In order to audit infrastructure access, begin automating user access reviews, and uphold the principle of least privilege, each connector enables developers to extract, standardise, and interact with workforce identification data such as user accounts, permissions, roles, groups, resources, and more.

It takes a lot of work to understand user permissions across internal applications and infrastructure; it necessitates downloading or taking screenshots of each app, writing improvised Python scripts, using inconsistent spreadsheets of unstructured data, and dealing with the never-ending cycle of data staleness. To safeguard infrastructure access, to review user access, and to look into security events, security engineers are responsible with obtaining this identification data. Any of those processes require a lot of human labour and time if identity data is not available in a normalised format.

The engineers at ConductorOne spent more than two years developing Baton with the idea that identity data should be accessible to everyone, intelligible to all, expandable, and usable.

The connectors offer an automated method to extract information from applications, such as user accounts, permissions, roles, and groups, in a single, standardised output file that can be applied to any identity security or governance project. Identify all of the resources and user permissions in your MySQL or Postgres database, perform user access reviews on all Github repositories without manually going through each one, compare production role changes over a predetermined amount of time in AWS, or receive alerts whenever a contractor is added to an Okta LDAP group.

Anyone can begin utilising Baton right now. In addition to connectors for Okta, AWS, GitHub, MySQL, and Postgres with many more to come, Baton offers an SDK for any application, including SaaS, IaaS, on-prem, homegrown, and back office. By deploying the connector as a docker image hosted on-premises or in the cloud and providing application credentials, you can get started with a specific application. Each connector offers the source code so that it can be forked to include unique sync, discovery, or provisioning logic. It also provides the ability to audit behaviour and data access for security reasons. Start creating a new connector using the SDK, which is available for Go or any other language that uses buffers.


Please enter your comment!
Please enter your name here