The founders of ConductorOne, an identity and access control startup, both came from Okta, which itself is a single sign-on provider based on the zero-trust model. In fact, they were responsible for zero-trust and authentication products, and saw first-hand how companies struggled to control permissions and access in a complex environment that often included not just cloud applications, but also mixed on-site elements.
They decided to move on and start a company to help solve this particular set of problems with the goal of automating much of the access control activity that until now was done manually, or worse, no way.
Today, the company announced a $15 million Series A.
CTO and co-founder Paul Querna said he was well aware of the issues companies were facing over these issues. “Managing permissions and access is always a big pain for end users, and IT teams or the engineering team that handles all of this,” he told TechCrunch. Indeed, with a faulty permissions system, you can under-provision, make people wait to use the tools they need to do their job, or over-provision, such as maintaining permissions for users who are not more there. “I think a lot of us have seen these kinds of experiences first hand,” Querna said.
Its co-founder and CEO Alex Bovee adds that they wanted to make it easier for companies to control these access management tasks and introduce the principle of least privilege into the solution. “We launched ConductorOne to really automate as much as possible from an identity security perspective how people access, retain access, and revoke access to help businesses achieve more level access control. of lesser privilege,” Bovee told me.
Former Okta employees see their company solving a distinctly different problem than their former employer when it comes to securing identity. “They do a great job of centralizing some of your corporate users into a central repository. I think when you think about identity from a security perspective, it’s fundamentally about understanding all of the identities of your environment, whether or not they are connected to your SSO solutions,” he said.
He adds: “It’s also about understanding the permissions, the roles, the data that these different identities can access. We therefore adopt a vision much more centered on orchestration. Frankly, it’s just a different architecture, plus an orchestration view and an early visibility view into your environment to be able to give that to you as a security and GRC (governance, risk, compliance) team and then build the workflow on top of that to run it”,
It works in part through out-of-the-box integrations with popular services like Okta, GitHub, Slack, Datadog, Jira, and more to understand what’s going on in the business and what actions might impact someone. ‘a. permission to access a program. It should be noted, however, that they can work with any enterprise directory solution beyond Okta.
Today, the startup has 17 employees and plans to double by the end of the year. Bovee says building a diverse workforce is written into the company’s original values documents. “We displayed our corporate values very early on. This is one of our first blog posts, and I think one of the mechanisms for attracting this talent, especially early in the sourcing funnel, is to be public and transparent about how you want to run the business, and to emphasize that you believe in diversity and you want it to be part of your company culture,” he said.
Today’s $15 million Series A investment was led by Accel with participation from existing investors Fuel Capital, Fathom Capital and Active Capital as well as several prominent industry angels. The company raised a $5 million seed round last year, also led by Accel.
The new funding should help them expand the current solution to help them begin to complete their long-term vision for the business. “Our long-term vision and strategy for the product is to automate this entire lifecycle through access control. So not just the onboarding process, but possibly the onboarding process, and managing things like time-based access control, so that’s not even an issue in the first place because you’re granting access for a while and then delete it,” Bovee explained.