Authorize Symphony Access

This applies to: Visual Data Discovery

User, group, and account definitions are required to grant users access to the Symphony application.

Users can be authorized for access to specific accounts and product features.

Symphony supports several approaches to authenticating users, including SAML and LDAP. Your organization must choose the best approach given your existing constraints and objectives. A complete list of authentication tools supported by Symphony is provided in Symphony Supported Authentication Tools.

SAML and LDAP groups that are automatically created in Symphony must be manually assigned group data source access and privileges.

After a user is authenticated for access to Symphony, authorization to perform Symphony functions and access Symphony resources is controlled using groups.

The following definitions can be specified to provide product access and authorization in Symphony.

• Symphony accounts can be used to separate Symphony product resources, as necessary. Users can be assigned to multiple accounts. However, group definitions, data source configurations, data store connections, and dashboards and visuals are only available in the Symphony accounts in which they are defined. See Manage Symphony Account Definitions.

• User definitions identify individual users of Symphony. See Manage User Definitions. Users must be assigned to groups to use Symphony data sources and product features. They may be assigned to more than one group.

• Group definitions assign privileges to groups of users. Groups are most useful when a number of Symphony users require the same access restrictions. Users can be assigned to multiple groups. See Manage Group Definitions.