To be able to use groups and group permissions when using SAML and LDAP

Options
Jacky Lu
Jacky Lu Experian Employee
edited January 23 in Ideas board

What problem are you facing?

Administrators are currently having to add individual users. This is a pain when a customer has more than 10 users to add.

What impact does this problem have on you/your business?

Not user friendly and time consuming to add users.

Do you have any existing workarounds? If so, please describe those.

Add users one by one.

Do you have any suggestions to solve the problem? Feel free to add images if this helps.

Support groups when using LDAP/SSO

6
6 votes

Gathering interest · Last Updated

Comments

  • Josh Boxer
    Josh Boxer Administrator
    edited January 24

    There is an API to create Users https://docs.experianaperture.io/data-quality/aperture-data-studio-v2/extend-data-studio-functionality/use-the-rest-api/#administrative-audit-metrics-rest-api-key-role-user-user-group

    Also adding 10 users manually takes less than 3 minutes and is a one time job, so I wonder if there is a better reason this functionality would be useful??

  • Henry Simms
    Henry Simms Administrator

    As I understand it the simple process of user creation is a bit of red herring here, and the key ask is around being able to use group-based access control from a central identity store to manage Data Studio access.

    Supporting groups instead of managing individual user access directly offers several key advantages, especially in enterprise environments:

    🔐 1. Centralized Access Control

    • Changes to group memberships are made once in the central identity store (eg AD, Okta) and automatically reflected across all integrated applications.
    • Aperture already has Groups and Group-based permissions, but group memberships cannot be pulled from the identity store or used to define permissions.

    👥 2. Scalability

    • Managing access for large numbers of users individually is inefficient.
    • With groups, you assign membership once to the group, and all members inherit them—ideal for large teams or growing / changing organizations.

    🔄 3. Easier Onboarding and Offboarding

    • Onboarding: Add a new employee to the appropriate group in the central identity store, and they instantly get the right access.
    • Offboarding: Remove a user from a group, and their access is revoked everywhere—reducing security risks.

    🛡️ 4. Improved Security and Compliance

    • Group-based access ensures least privilege principles are easier to enforce.
    • Auditing and compliance reporting are simpler when access is tied to roles/groups rather than individuals.