Identity and access management


Atlan's authentication process runs on Keycloak. It uses open protocol standards like username-password or SAML 2.0–based login. Atlan can also integrate into organizations' existing SAML 2.0–based SSO authentication systems.

Identity and access management

For centralized management of groups and users, Atlan uses granular access policies.

Admins can define policies to control both which actions a user can take and against which assets. These can be as broad as entire databases down to individual columns. Organizations can even build policies based on asset classification. This opens up the ability to restrict access to sensitive data like Personally Identifiable Information — an essential feature in the GDPR era.

Atlan denies access by default, and explicit denials override any grants. You can even deny admin users access to assets, if you want.


You must assign every user in Atlan a user role. These control basic levels of access.


You can also add users to groups. Groups provide a more maintainable mechanism for applying access controls.


You can define access policies for both users and groups.

Through these policies you can restrict which users can take which actions on which assets.

For example, you can set up tags such as PII and apply this to data assets like tables. You can also configure the tag to propagate downstream to any columns or tables created from them.

You can then define access controls based on these tags to restrict access to tagged assets. If Atlan propagates tags for you to derived assets, the access control is automatically applied to those derived assets as well.

Related articles

Was this article helpful?
1 out of 1 found this helpful