What Are User Populations And Why To Use Them
User populations serve as a powerful tool for organizations to logically separate identity sets, streamlining the identity and access management process. This method enables businesses to better organize and control their users, making it easier to manage permissions and access to resources.
Typically, organizations manage a variety of user populations, such as:
Consumers, suppliers, and merchants
Employees, gig-workers, and contractors
Customers, partner 1 customers, partner 2 customers, and more.
Each of these distinct populations requires access to specific applications or features provided by the organization. Moreover, they often have unique sign-in requirements to ensure secure access to resources. For example, employees may need to authenticate through a single sign-on (SSO) service, while customers may use social media accounts to access the organization’s services.
Managing user populations can become a complex task, as organizations must cater to the needs of each group while maintaining security and compliance. To facilitate this process, there is often a need to delegate user management tasks to designated population users. These delegated administrators or user managers can be responsible for various aspects of user management, such as onboarding, offboarding, and granting access to specific resources within their designated population.
By implementing user populations, organizations can create a more organized and efficient identity and access management system. This approach not only enhances security but also enables businesses to better understand and cater to the needs of their diverse user groups. Furthermore, user populations can help organizations maintain compliance with various regulations and privacy laws by ensuring that each population’s data is managed appropriately.
When Use Cases Exceed User Population Capabilities
If a population is a separate organization and require broader delegation of administration exceeding regular user management then it should be created as suborganization instead. Such suborganization has its own administrator with broad self-service options that include:
configuration of its own authentication provider (AD, Google, …)
own administrators and user managers,
create own identity pools
What Capabilities Does User Population Provide Me With
Each user population has separate:
user population manager/delegated administrator,
application and data access rights
Users from all of an organization’s populations access a unified, organization-wide sign-in screen. When users arrive at the login page, they can either choose their specific population or be automatically redirected to the appropriate sign-in page based on their population.
Once on their designated sign-in page, users are presented with authentication methods specifically configured for their population. This allows each user population to utilize different identity providers tailored to the organization’s requirements, ensuring a secure and efficient authentication process for all users.
Distinct User Identifiers
Identifiers within the population are unique across the population. Same identifier (e.g. email@example.com) may be present in two user populations.
Distinct User Attribute Sets
Users within each population can possess distinct sets of attributes tailored to their specific needs. In Cloudentity, every Identity Pool allows for the assignment of a unique or shared Identity Schema that accurately represents the required user entity attributes.
This flexibility in attribute management enables organizations to customize user data according to the unique characteristics and requirements of each population. By doing so, they can better cater to the diverse needs of their user base, streamline processes, and improve overall user experiences.
Each user population has a different password policy. For example, you may want merchants to have different password length than suppliers.
User Population Manager/Delegated Administrator
In each user population, user management responsibilities can be delegated to a designated individual. One of the users within a population can be assigned the role of user manager. Equipped with this role, the user manager can access the B2B portal to oversee and manage users within their specific population. This delegated administration works in conjunction with the organization manager and organization users manager, allowing for a more efficient and streamlined user management process.
By empowering a user manager within each population, organizations can better distribute administrative tasks and ensure that each population receives focused attention and support. This approach not only enhances the overall management efficiency but also helps maintain a higher level of security and compliance within the organization.
Application and data access rights
Organizations typically have one or more applications, with each application containing multiple features. To manage access control effectively, it is crucial to control access at the population level. For instance, consider an organization that has distinct applications for suppliers and merchants. In this scenario, each population should have access exclusively to their respective apps.
This level of access control can be achieved by the organization or tenant administrator through the use of policies. By implementing appropriate policies, administrators can ensure that users from specific populations can only access the features and applications relevant to their roles. This not only enhances security but also streamlines the user experience by granting access solely to necessary resources.