Identity and Access
Identity and Access is the foundation for using FactVerse safely across web consoles, mobile clients, desktop tools, API integrations, and AI Agent workflows. It defines how users sign in, how they reach the right tenant, how enterprise identity providers connect to FactVerse, and how administrators grant the minimum access required for each operating role.
Use this section when a project needs to onboard users, connect enterprise SSO, prepare service identities for integrations, or troubleshoot access issues before work starts in Inspector, DFS, ECM, Designer, MCP, or FactVerse AI Agent.
Access model
What identity controls
| Area | Customer question | FactVerse control |
|---|---|---|
| Sign-in | Can the user reach the correct environment? | Account status, password or SSO, tenant selection, client compatibility |
| Tenant access | Can the user enter the right organization, project, or site? | Tenant membership, project membership, environment URL, package gates |
| Product access | Can the user open the product area needed for the task? | Role packages, navigation permissions, feature enablement |
| Data access | Can the user see the right asset, document, connector, or workflow? | Product permissions, folder rules, project scope, data classification |
| Integration access | Can a system or AI workflow call FactVerse safely? | API keys, service accounts, scopes, endpoint boundaries |
| Audit | Can the organization explain who accessed or changed something? | Login history, session events, API key ownership, workflow records |
Common identity paths
| Role | Start with | Confirm before handoff |
|---|---|---|
| End user | Sign in to FactVerse | User can open the correct tenant and see the expected product navigation. |
| Tenant administrator | Users, Roles, and Permissions | Role assignment, package gates, and project boundaries match the user's job. |
| IT administrator | Enterprise SSO | IdP metadata, callback URLs, user mapping, and test accounts are ready. |
| Integration owner | Service Accounts and API Keys | Keys are scoped, owned, rotated, and limited to the required endpoints. |
| Support owner | Authentication Troubleshooting | Error evidence, account status, SSO logs, tenant access, and browser/client details are collected. |
Deployment patterns
FactVerse can be used in cloud, private cloud, and on-premises deployments. The sign-in screen, domain, SSO provider, token lifetime, and network route may differ by deployment. Keep the customer-facing procedure tied to the environment the customer is actually using.
For enterprise SSO projects, confirm the identity provider and protocol before publishing instructions. A customer using Microsoft Entra ID, Okta, Ping Identity, Keycloak, or an internal IdP may have different field names, certificate rotation rules, and release approvals even when the overall flow is similar.
Relationship to product permissions
Authentication proves who is calling FactVerse. Authorization decides what that identity can do after sign-in.
Product permissions remain product-specific:
- DFS has connector, mapping, dataset, review, and BI access rules.
- ECM has tenant access, folder permissions, classification, workflow, and audit rules.
- MCP and AI Agent use scoped API keys or governed workflow identities.
- Product manuals may describe client-specific login steps for Studio, One, Importer, Designer, or Inspector.
This section explains the shared identity layer. Use product-specific pages when the user can sign in but cannot complete a product task.
Read next
| Page | Use |
|---|---|
| Sign in to FactVerse | Help users reach the right environment, tenant, and product entry point. |
| Enterprise SSO | Plan and validate SSO with an enterprise identity provider. |
| Users, Roles, and Permissions | Assign access without over-granting. |
| Service Accounts and API Keys | Prepare non-human identities for integrations, MCP, and AI workflows. |
| Authentication Troubleshooting | Diagnose sign-in, SSO, tenant, session, and API key failures. |