Masters in Cymmetri

Masters are key-value pairs that can be defined for the entire tenant. The key in this context refers to the label to be shown on the Cymmetri User Interface, and the value is the backend identifier used to reference this field in various processes, rules, and policies defined in the Cymmetri Identity platform deployment.

Cymmetri Identity platform allows for configuring a number of masters in the system, the major classification among which is Global masters (which allow for creating master key-value pairs that may be used for various situations, such as creating a new department, designation, and other custom attributes for users in the system) and Zone masters (which are network configurations that may be used to whitelist or blacklist user access onto the platform as well as act as a source for adaptive Multi-factor authentication).

Global masters

These are system-wide key value pairs primarily used to setup key value pairs referring to various masters as given below -

Types of Global masters

Country

Country key-value pairs are stored in the system, and are available as drop-downs wherever needed in the system - User attributes, Policies and other mappings.

UserType

UserType is used as one of the conditions while defining authentication policies and as an input in the rule engine.

Department

Department is used as one of the conditions while defining authentication policies and as an input in the rule engine, and also as a user attribute.

Designation

Designation is used as one of the conditions while defining authentication policies and as an input in the rule engine, and also as a user attribute.

GroupType

GroupType is used as one of the conditions while defining authentication policies and as an input in the rule engine, and also as a group attribute.

AccountStatus

AccountStatus is used as one of the conditions while defining authentication policies and as an input in the rule engine, and also as a user attribute.

RBAC

RBAC (System Roles) is used as one of the conditions while defining authentication policies and as an input in the rule engine, and also as a user attribute.

CustomAttribute

Custom Attributes are the custom attributes that are key-value pairs that can be directly accessed by various backend engines by referring to them as attributes of the user object.

ApplicationCOSO

Refers to the various COSO mapped to application roles for the purpose of Segregation of Duties. Typical values for these are “Admin”, “Maker”, “Checker” and “Readonly”.

Zone Masters

Zone masters indicate the network zones that may be used for blacklisting or whitelisting access to the Cymmetri Identity platform deployment. It may also be used for detecting users from certain zone and assign relevant multi-factor authentication policies.

Zone Name - Used to refer to a zone in other configurations on the Cymmetri Identity platform.

Inactive/Active - Toggle button to check whether the zone is active (configurable as a condition for other rules on the Cymmetri Identity platform.)

Gateway IP - Refers to the Gateway IP address for the network zone.

Proxy IPs - Proxy Server IP addresses that may be used to be directed to this network or the IP addresses outside of the zone that would indicate a connection from this zone.

CIDR - Refers to the CIDR notation of the subnet of the network that this zone refers to. CIDR Notation.

Fill all the mandatory configurations, click on the enable toggle button and finally click a “Save” button.

Last updated

Cymmetri.com