User, group, and account definitions are required to grant users access to the Composer application.
Users can be authorized for access to specific accounts and product features. See Manage User Definitions.
Composer supports several approaches to authenticating users, including SAML, OAuth, and LDAP. Your organization must choose the best approach given your existing constraints and objectives. A complete list of authentication tools supported by Composer is provided in Supported Authentication Tools.
SAML and LDAP groups that are automatically created in Composer must be manually assigned group data source access and privileges.
After a user is authenticated for access to Composer, authorization to perform Composer functions and access Composer resources is controlled using groups.
The following definitions can be specified to provide product access and authorization in Composer.
Composer accounts can be used to separate Composer product resources, as necessary. Users can be assigned to multiple accounts. However, group definitions, data source configurations, data store connections, and dashboards and visuals are only available in the Composer accounts in which they are defined. See Manage Composer Account Definitions.
User definitions identify individual users of Composer. See Manage User Definitions. Users must be assigned to groups to use Composer data sources and product features. They may be assigned to more than one group.
Group definitions assign privileges to groups of users. Groups are most useful when a number of Composer users require the same access restrictions. Users can be assigned to multiple groups. See Manage Group Definitions.