I currently create new users on my frontend through Auth0 who are then converted to users on Palantir using the connection between the two services.
I am having a few issues with this:
These users can go and access Foundry (which I suppose is somewhat expected), however, I’d ideally like them to never be able to access this.
When the users see the Palantir Foundry backend, they can see other organizations and other users within their group. This should not be allowed but I am unsure how to change this.
For point (1), in Control Panel, you can customize which users can access Foundry. Quoting from our docs here.
The most restrictive configuration is to remove Foundry platform access entirely. There are two options for restricting access to the Foundry Platform: an allowlist or a blocklist. Everyone except members of groups restricts access for users who are in at least one of the groups specified. Only members of groups restricts access for users who are not in any of the groups specified. Users with restricted access to the Foundry platform will only have access to consumer-facing applications built in Slate or Workshop to which they have explicitly been granted resource-level access. For these users the Foundry sidebar will be hidden and they will be prevented from navigating to any other parts of Foundry. Note that application access operates at the application level; these controls do not differentiate between read and write access.
For point (2), you can configure Organization Collaboration in Control Panel to restrict whether users of one Organization can see users and groups in a different Organization. Users of a single Organization are always able to discover other users within the same Organization.