Authentication
Atlan's authentication process runs on Keycloak. It uses open protocol standards like username-password or SAML 2.0–based login. Atlan can also integrate into organizations' existing SAML 2.0–based SSO authentication systems.
Identity and access management
For centralized management of groups and users, Atlan uses granular access policies.
Admins can define policies to control both which actions a user can take and against which assets. These can be as broad as entire databases down to individual columns. Organizations can even build policies based on asset classification. This opens up the ability to restrict access to sensitive data like Personally Identifiable Information — an essential feature in the GDPR era.
Atlan denies access by default, and explicit denials override any grants. You can even deny admin users access to assets, if you want.
Roles
You must assign every user in Atlan a user role. These control basic levels of access.
Groups
You can also add users to groups. Groups provide a more maintainable mechanism for applying access controls.
Policies
You can define access policies for both users and groups.
Through these policies you can restrict which users can take which actions on which assets.
For example, you can set up tags such as PII and apply this to data assets like tables. Atlan will propagate the tag downstream to any columns or tables created from them.
You can then define access controls based on these tags to restrict access to tagged assets. Since Atlan propagates tags for you to derived assets, the access control is automatically applied to those derived assets as well.
