The use case I am building out requires very specific user access controls based on:
If a user has admin privileges or not
What department a user sits in: complete filtering of the application to this department
I am presuming that state saving is a good way to manage point 2 above but I was wandering if this user control would be possible via the control panel or if it is more suitable to build out a user object type. (Note that there requires to be an easy ability for user details to be updated if they change department, role or require admin privileges)
Finally, if the most suitable approach is creating a user object type, do you have any guidance for how I can pull userId and details from the Foundry tenant into this object?
To add to the above question, we want to be able to input a users registered email address and then pull in their first name, last name and role from their Foundry public profile - how can we access this data?
All users logging in to Foundry need to use an external identity provider (IdP). One can add security controls to change a user’s experience mainly using user attributes (stored on the user object in foundry) or group memberships. The attributes have to come from the IdP and you need to configure mapping the IdP attributes to foundry attributes https://www.palantir.com/docs/foundry/authentication/saml-getting-started. Additionally, it’s possible to triage users into groups based on their attributes at login.
Does your IdP provide all the information you need for a user, including their department or are you able to update it so that it reflects the department for all users?
I believe our IdP will capture the required user information.
I am looking to build out a simple user access control page within the application where an object will be created when a user is added to the app. The reason for this is to provide easy workflows to:
Flag admin users that should have full access
Automatically group users by their department and thus auto filter the application based on a user’s department
Identify if there is a department that is missing a “leader” (role type that will be read in)
What would you recommend as the best approach for doing this?