The User Management system in the eTag Fuse platform enables administrators to create, manage, and configure user accounts with a high degree of flexibility and control. Whether managing local users or provisioning users from external identity providers, Fuse ensures secure and customizable management of user access and profiles.
¶ 1. Local and Provisioned Users
Fuse supports both local user accounts and the provisioning of users from external identity providers. This flexibility allows organizations to manage users regardless of how they authenticate.
- Capabilities: Administrators can create, deactivate, or modify local accounts, as well as manage users provisioned from integrated identity providers.
- Provisioning: External users can be provisioned through Just-in-Time (JIT) provisioning, ensuring that users are automatically added to the system upon successful authentication from an identity provider.
- Account Management: User accounts can be managed centrally, regardless of whether they are local or provisioned externally, providing a unified control point for all users in the organization.
¶ 2. User Roles and Permissions
Administrators can assign specific roles and permissions to users, ensuring that they only have access to the appropriate resources based on their role in the organization.
- Capabilities: Assign roles to users or groups, ensuring access control is aligned with organizational structure. Roles can be granularly defined to manage the permissions users need to perform their tasks.
- Role-Based Access Control (RBAC): By assigning roles, administrators can simplify the management of user permissions, providing secure and organized access to applications and resources.
Fuse includes a comprehensive password management system that allows administrators to enforce password policies and standards for users.
- Capabilities: Set password expiration policies, enforce password complexity requirements, and ensure users can securely reset their passwords when necessary.
- Password Policies: Enforce password history, complexity, and expiration to maintain high security standards. This ensures that users adhere to strong password practices and reduces the risk of compromised accounts.
- Integration with MFA: Password management is tightly integrated with Multi-Factor Authentication (MFA), adding an additional layer of security for user accounts.
Administrators can manage and extend user profiles with additional fields and attributes to capture important user information that can be used across the platform.
- Capabilities: Add custom profile fields, capture extended information, and map profile attributes from external identity providers. These attributes can also be used in claims mapping to integrate with external systems and applications.
¶ 5. User Discoverability and Collaboration
Fuse allows administrators to enable or restrict user discoverability, making it easier for users to find and collaborate with others within the platform.
- Capabilities: Administrators can configure settings that allow users to search for and interact with other users. This feature is particularly useful for large organizations or multi-team setups where collaboration is essential.
The Fuse platform allows administrators to configure personalized experiences for users, including notification settings, themes, and accessibility features.
- Capabilities: Users can be personalized by adjusting their notifications, themes, and accessibility options. These configurations enhance the user experience and ensure that individuals can tailor the platform to their specific needs.
- Themes and Accessibility: Administrators can apply themes to users or user groups, ensuring a consistent visual experience that aligns with organizational branding.
User management integrates seamlessly with external identity providers, allowing organizations to automatically provision and synchronize user attributes, roles, and group memberships from external systems.
- Capabilities: Integration with identity providers such as SAML, OIDC, OAuth, and others enables centralized user management while leveraging existing authentication systems.
- Just-in-Time Provisioning: External users are automatically created within Fuse when authenticated through an integrated identity provider, streamlining the onboarding process.
- Automatic Provisioning: Fuse automatically creates and configures user accounts during the authentication process from external identity providers, including roles and group assignments.
- Deprovisioning: Fuse ensures that users are properly deactivated when they no longer require access, whether by manual action or automated processes triggered by an external identity provider.
- Claim Mapping: User attributes from external identity providers are mapped to Fuse user profiles, allowing external attributes to be used within Fuse for authentication, authorization, and other processes.
-
Automatic Provisioning for New Hires: An organization integrates its HR system with Fuse. When a new employee is hired, the system automatically provisions the new user's account and assigns the appropriate roles and permissions.
-
Centralized User Management for Large Organizations: A company with multiple departments and teams uses Fuse to centralize user management. Administrators easily assign roles and permissions based on team functions, ensuring secure access to relevant resources for all users.
-
Supplier and Partner Account Management: A business integrates external identity providers from its partners and suppliers, allowing those users to be automatically provisioned with appropriate access, while maintaining full control over internal users and resources.
The User Management system in the eTag Fuse platform provides a flexible and secure way to manage user accounts, roles, and access. Whether working with local users or integrating with external identity providers, the system offers robust control to ensure secure and scalable user management across your organization.