Purpose

This request is to allow a select list of Unique employees to access specific organizations on the customer’s single tenant for a specified duration of the project. This access is designed to allow Unique to provide support in testing, configuration of assistant models and validation of product updates during the agreed timeframe. 

Why is this needed? 

With a single tenant setup, where the customer has requested Single-Sign-On (SSO) to be enabled, then by default users outside of that customer’s domain will not have access to the organizations. We also encourage this setup to minimize the risk of unauthorized access, misuse of data or data breaches. 

Setup 

Through the Identity and Access Management (IAM) tool, it is possible to setup a combination of SSO users and additional users that can login via username/password at organization level.  

Proposed setup: 

Production Org: this would have only SSO enabled guaranteeing that no user outside of the client’s domain has access to the production data.  

Test Org: would also have SSO enabled so a managed list of client users have access. Plus, there would be additional approved users from Unique created be able to login using a username/password authentication with Two-Factor Authentication (2FA) enforced. 

Authorization request and setup 

Unique employees requiring access to a customer’s organization must get written approval from the client which contains the access duration, tenant URL, organization ID and reason for access. This should be attached to a JIRA ticket before the IAM owner (Unique employee) can create the user. 

IAM owner 

If requested the customer can have representatives that will be onboarded to the IAM tool where they can manage these users, their access and permissions.  

Audit 

There are Application Audit Logs in place to give a history of which users accessed the data.