Access Controls #
Login methods #
At this time, we support Single Sign-On authentication from the following providers:
- Google Sign-In (including Cloud Identity)
- Microsoft Single Sign-On (including Microsoft Entra ID).
Authentication #
JSON Web Tokens is open standard for authentication and is used for all uman services (internal and external). The backend generates a token that encrypts the user identity and sends it to the client. The client will use that token for every subsequent request to the API, that can read the token and verify the identity of the user.
Authorization #
Authorization happens on two levels within uman. The first level is role based, where a user is assigned a role in a workspace which determines what actions they can perform. This can be managed within uman.
The second level is based on the tenant uman is integrated with and is only applicable if the organization opted to have this enabled. Permissions from the source document management system can be mirrored, meaning only users that have been granted access to a file at the source will be able to read and perform actions on on that resource inside uman.
Roles #
uman supports the following roles on a per workspace basis:
- User Manager: can invite, edit and remove members from the workspace
- IT Manager: can manage the integrations within the workspace
- Search User (legacy): provides access to the search interface
- Labeler (legacy): enables the creation, management and assignment of labels on content
- Portfolio User: provides read-only access to the portfolio
- Portfolio Template Manager: enables the creation and management of portfolio templates
- Portfolio Manager: has full read and write access to all items in the portfolio
- Sales Assistant User: provides access to the AI Sales Assistant & portfolio features
- Sales Assistant Manager: the same as the Sales Assistant User and can manage pitch templates