Skip to main content

Privacera Documentation

Connect users to PrivaceraCloud

PrivaceraCloud works with two different sets of users: data access users and portal users.

Data access users and portal users serve different purposes and are managed separately. However, these user sets can overlap. For example, portal users authentication can be bound to the same LDAP/AD directory service that is imported for data access.

Data access users, groups, and roles

Data access users: Rights to data are configured with the use of data access users, data access groups (groups of users), and data access roles (groups of users, groups, and other data access roles).

Data access users, groups, and roles can be created and managed individually. See Users, groups, and roles for more information.

Data access users and groups can also be provisioned using a pull from a Directory Service or Identity Provider, or a push to your PrivaceraCloud account once it is configured as a SCIM Server.

UserSync

Privacera UserSync synchronizes user data between external systems and PrivaceraCloud. The following are the general types of UserSync:

  • Synchronization by pulling user data from external systems into PrivaceraCloud.

  • Synchronization by pushing user data from PrivaceraCloud to external systems.

For pull-based user provisioning, UserSync works with the Lightweight Directory Access Protocol (LDAP) , LDAP-SSL, and System for Cross-domain Identity Management (SCIM) protocols and with applications built on those prototocols, such as Active Directory (AD), Azure Active Directory (AAD), and Okta. UserSync pulls an initial set of defined identities from these systems and keeps the set of identities updated with refresh queries, approximately once an hour.

For push user-provisioning, PrivaceraCloud account can be configured to act as an SCIM server so that SCIM-enabled clients can push user and group identities to your PrivaceraCloud account. For more information, see SCIM Server User-Provisioning on PrivaceraCloud.

Portal user LDAP/AD

Portal users are credentialed identities that can log onto and access your PrivaceraCloud account via the web portal and the API. Portal users are created and managed in Settings > User Management.

Portal users can also be imported from an LDAP, LDAP-SSL, or Active Directory service. For more information, see Connect LDAP/AD to PrivaceraCloud.

Portal access can also be enabled in Single Sign On (SSO) mode, with a SAML connection to a SAML Identity Provider server using an Okta SAML connection. For more information, see Okta setup for SAML-SSO on PrivaceraCloud.

SSO enabled users must still be assigned a portal user role. This role assignment is done in Settings > User Management, once the user is established.