PrivaceraCloud works with two different sets of users: data access users and portal users.
Data access users and portal users serve different purposes and are managed separately. However, these user sets can overlap. For example, portal users authentication can be bound to the same LDAP/AD directory service that is imported for data access.
Data Access Users, Groups, and Roles#
Data access users: Rights to data is configured with the use of data access users, data access groups (groups of users), and data access roles (groups of users, groups, and other data access roles).
Data access users, groups, and roles can be created and managed individually using Access Manager: Users/Groups/Roles.
Data access users and groups can also be provisioned using a pull from a Directory Service or Identity Provider, or a push to your PrivaceraCloud account once it is configured as a SCIM Server.
The term UserSync mean synchronizing the user-related data between external systems and PrivaceraCloud. The following are the general types of UserSync:
- Synchronization by pulling user data from external systems into PrivaceraCloud.
- Synchronization by pushing user data from PrivaceraCloud to external systems.
For pull-based user provisioning, UserSync works with the Lightweight Directory Access Protocol (LDAP) , LDAP-SSL, and System for Cross-domain Identity Management (SCIM) protocols and with applications built on those prototocols, such as Active Directory (AD), Azure Active Directory (AAD), and Okta. UserSync pulls an initial set of defined identities from these systems and keeps the set of identities updated with refresh queries, approximately once an hour.
For push user-provisioning, PrivaceraCloud account can be configured to act as an SCIM server so that SCIM-enabled clients can push user and group identities to your PrivaceraCloud account.
UserSync connection configurationa can be initiated in the Setup Wizard and in Settings: Datasource: USERSYNC using a UserSync connector.
Portal User LDAP/AD#
Portal users are credentialed identities that can log onto and access your PrivaceraCloud account via the web portal and the API. Portal users are created and managed in Settings: User Management.
Portal users can also be imported from an LDAP, LDAP-SSL, or Active Directory service. See Settings: Datasource: LDAP/AD for portal user configuration instruction.
Portal access can also be enabled in Single Sign On (SSO) mode, with a SAML connection to a SAML Identity Provider server using an Okta SAML connection. See Settings: Datasource: LDAP/AD for SSO user configuration instruction.
SSO enabled users must still be assigned a portal user role. This role assignment is done in Settings: User Management, once the user is established.