Understanding user identity and access management (IAM)

Overview

TerraTrue’s Identity and Access Management (IAM) is simple to administer yet flexible where it matters most. Our out-of-the-box defaults are sensible, meaning you won't need to provide additional access for the majority of your users. If you do need to make changes, this guide walks you through how IAM works on TerraTrue and how to assign access rights to individual users and groups.  Note: If your organization has set up SSO or SCIM group sync, membership updates are not allowed through TerraTrue and must be done directly through your Identity Provider.

How IAM Works

With IAM, you manage access control by defining which existing user or review team (identity) has what role (permission) to specified resources on TerraTrue. If you need to add new users go  Org Settings > Users and if you need to add new review teams go to Org Settings > Review Teams. Learn more about managing users here and review team configuration here. If you need to add new review teams go to Org Settings > Review Team. You can use Identity & Access Management to set org-wide permissions (just edit the permissions for “Everyone”) or specific permissions for individuals and review teams. 

To start using IAM, you must have the Admin permission.

 

Defining Identity

TerraTrue provides three ways for you to specify who should be granted a certain permission:

  • An individual user. When you initially provision a user on TerraTrue or at any time afterwards, you are able to grant (or revoke) a permission for that specific user. 
    • For example, you may grant user ‘Bob’ the permission of Admin so that Bob can configure TerraTrue for your organization and provision new users. 
  • Everyone. This is a special identifier that represents all the users in your organization. Permissions that you provide to Everyone will be granted to all your users.
    • Any permissions you grant to Everyone will apply to any non-Observers in your organization, even if the permissions for an individual user are more restrictive.
  • A review team. When you initially create a review team on TerraTrue or at any time afterwards, you are able to grant (or revoke) a permission for that specific review team. For instance, you may grant the ‘Privacy’ review team the permission to edit Privacy Worksheets. Any individual member of the ‘Privacy’ review team will then be able to edit Privacy Worksheets for as long as they remain members of that review team. 
    • For example, you might want to give everyone in your Privacy review team the Privacy Worksheet Editor permission. To do this, click the "Review Teams" tab and then assign that permission to the "Privacy" team.

 

Using IAM to define role based permissions

In order to use IAM to define role based permissions for your existing users and review teams , go to Org Settings > Identity & Access Management. Set IAM by User or Review Team by selecting in the tabs.

 

Add Unprovisioned Users and Review Teams

Here, you may add TerraTrue users (in the “User” tab) and review teams (in the “Reviewer” tab) who have been added but have not been provisioned with any permissions.

Edit Provisioned Users and Review Teams

You may also adjust users and review teams that already have permissions in TerraTrue.

 

Was this article helpful?
2 out of 2 found this helpful