Managing User Accounts with Single Sign-On

With single sign-on (SSO) enabled, new users are auto-provisioned when they sign into Tamr Cloud for the first time, as follows:

  • User synchronization between Tamr Cloud and the Identity Provider (IdP) is "lazy", meaning that a user's account is added from the IdP to Tamr Cloud only when that user first logs in. Tamr Cloud automatically creates the user account based on the email address used to log in.
  • New users are assigned to the default role of author.
  • Tamr Cloud sends the user an email confirmation, which the user must accept before being able to log in.

With SSO enabled, you cannot create new users or change their passwords from Tamr Cloud Admin > Users.

Changing a User's Role

By default, new users are assigned the author role. You can change a user’s role from Admin > Users.

To update a user’s role:

  1. In Admin > Users, select the user.
    Tip: Use the Search option above the Users table to find a specific user.
  2. In the row for the user, select Edit and then select the appropriate role for the user. (See User Roles and Permissions.)
  3. Select OK to confirm the change.

Disabling and Deleting User Accounts

By default, new users are enabled to log in to Tamr Cloud. You can remove user access by either disabling or deleting their accounts in Admin > Users.

Users whose accounts have been disabled or deleted cannot log in or use any Tamr Cloud services, including API keys. Other users cannot share Tamr Cloud resources with these users.

All resources owned by a user whose account has been disabled or deleted remain accessible in the system, including data products, connections, sources, and so on; admin users can fully manage any resources owned by these users.

important Important: As a best practice, if you remove a user’s permissions in your IdP, also disable their access in Tamr Cloud or delete their account to immediately log them out. Otherwise, if the user is logged into Tamr Cloud when their permission is removed in the IdP, they will remain logged into Tamr Cloud until their session times out. They will then not be able to log back in.

To disable or delete user access:

  1. In Admin > Users, select one or more users..
    Tip: Use the Search option above the Users table to find the user to update.
  2. Select Disable or Delete.
  3. Confirm your choice.