Access Controls #
Login methods #
At this time, we support Single Sign-On authentication from the following providers:
- Google Sign-In (including Cloud Identity)
- Microsoft Single sign-on (including Azure AD).
JSON Web Tokens is open standard for authentication and is used for all uman services (internal and external). The backend generates a token that encrypts the user identity and sends it to the client. The client will use that token for every subsequent request to the API, that can read the token and verify the identity of the user.
Authorization happens on two levels within uman. The first level is role based, where a user is assigned a role in a workspace which determines what actions they can perform. This can be managed within uman.
The second level is based on the tenant uman is integrated with and is only applicable if the organization opted to have this enabled. Permissions from the source document management system can be mirrored, meaning only users that have been granted access to a file at the source will be able to read and perform actions on on that resource inside uman.
uman supports the following roles, on a per workspace basis, going from least to most privileges:
- Member: basic access to the content and features of the workspace
- Curator: on top of the member role, curators can curate content with labels
- Admin: on top of the curator role, admins can manage users and integrations
Typically, the curator or administrator role is granted by a uman employee during the set-up of the workspace.