Atlan supports the following authentication methods:
Basic authentication
Atlan initially comes with basic or username-password authentication. Admins can invite new users to log into Atlan. When a new user opens the invitation link, they will be able to set up their user profile, including username and password.
However, Atlan does not recommend using basic authentication. Instead, admins should configure and enforce SSO authentication.
SSO authentication
SSO using SAML 2.0
Atlan supports single sign-on (SSO), allowing admins to configure SSO authentication.
Atlan currently supports the following SSO providers:
SSO using SCIM
System for Cross-domain Identity Management (SCIM) provisioning works in combination with SSO. Atlan currently supports SCIM provisioning for the following SSO providers:
Authorization
Role-based access control (RBAC)
Atlan implements role-based access control (RBAC) to ensure that users have the minimum level of access required to perform their tasks. Access rights are assigned based on roles, and users are granted permissions according to their responsibilities. A system owner or an authorized party must approve any additional permissions.
Atlan adheres to the principle of least privilege, ensuring that users are only granted the level of access necessary to perform their job functions.
User access review (UAR)
Atlan recommends that admins perform access reviews of users, admins, and service accounts on a quarterly basis to ensure that appropriate access levels are maintained. Access reviews should also be documented.
Identity and access management
For centralized management of groups and users, Atlan uses granular access policies.
Admins can define policies to control both which actions a user can take and against which assets. These can be as broad as entire databases down to individual columns. Organizations can even build policies based on asset classification. This opens up the ability to restrict access to sensitive data like Personally Identifiable Information (PII) — an essential feature in the GDPR era.
Atlan denies access by default, and explicit denials override any grants. You can even deny admin users access to assets, if you want.
Roles
You must assign every user in Atlan a user role. These control basic levels of access.
Groups
You can also add users to groups. Groups provide a more maintainable mechanism for applying access controls.
Policies
You can define access policies for both users and groups.
Through these policies you can restrict which users can take which actions on which assets.
For example, you can set up tags such as PII and apply this to data assets like tables. You can also configure the tag to propagate downstream to any columns or tables created from them.
You can then define access controls based on these tags to restrict access to tagged assets. If Atlan propagates tags for you to derived assets, the access control is automatically applied to those derived assets as well.