In Metric Insights, content security is achieved through dividing of Users into Groups, each assigned distinct access levels. Administrators grant specific Privileges and Permissions to each Group, thereby controlling access to designated areas of content. Establishing this security model requires Administrators to complete a series of configuration steps.
Please follow this detailed playbook to configure your organization's security framework in the most efficient manner.
1. Bring Content
First, you'll need to build all necessary content within Metric Insights. There are two options available for this process:
- The first option is to build content manually. This requires you to:
- Create Categories. Categories help users organize their content into clearly defined, logically named sets. They're also used to group tiles on the Homepage.
- Create Elements (Metrics and Reports) assigned to their respective Categories.
- The second option is automated. Metric Insights offers a Content Synchronization feature that automatically generates both Elements and Categories based on a predefined template.
2. Sync Groups and Users
Bring users into Metric Insights. We recommend doing it via the special synchronization script. There are two options available:
- Use LDAP/AD via the mi-ldap-usersync script.
- Configure LDAP/AD authentication, and subsequently sync Users and Groups using the script.
- Use Okta SAML via the mi-okta-usersync script.
- Configure Metric Insights to work with a SAML-based IdP, and then sync Users and Groups using the script.
3. Assign Privileges to the Groups
Rather than assigning Privileges individually to each User, it's recommended to create a Privilege Set. By default, Metric Insights provides several pre-configured Privilege Sets for Regular and Power Users, which you may also utilize.
To understand the full range of Privileges available in Metric Insights, please refer to the Privileges List.
4. Give Access to the Content
To view and interact with Elements and Datasets, Users must be granted the corresponding Permissions. Open the Group Editor and assign all the necessary Permissions.
Afterward, give the Groups access to corresponding Categories.
5. Manage Access Requests for Content
If Users don't have access to a specific Element or Object, they may submit an Access Request.
All Access Request Processing options are outlined in the Access Request Overview article.