- How Atrium Does Sign On and Authentication
- How Deprovisioning Works in Atrium
- How Provisioning Works in Atrium
- Support for IGA Software (Okta, Ping, etc.)
How Atrium Does Sign On and Authentication
Atrium currently supports single sign on via the two major office productivity suites - Google Apps and Microsoft.
Users of Atrium do not have "Atrium Passwords" - they instead of use the OAuth functionality of their provisioned office productivity provider.
This is what this looks like in practice - the user is passed to the Google or Microsoft identity provider, authenticated, and then passed back to Atrium to be logged in.
Deprovisioning
A common question is how Atrium accounts are deprovisioned to ensure compliance around sensitive data access.
When an employee is offboarded from an organization, and their various accounts, including their office productivity account (Gmail or Office), is disabled in the identity governance and administration (IGA) system (e.g., Okta), Atrium will inherit that deprovisioning.
Separately, deactivating the tracking of a user (such that their performance data no longer shows up in a given team), is done via the org chart tool via Deactivating / Marketing "Former".
Provisioning
Provisioning of user accounts is currently administered via the Atrium Org Chart functionality. Users with "admin" privileges in Atrium are able to provision (and deprovision) users in Atrium. Atrium does not currently support automated provisioning via an IGA provider.
Okta / Ping Identity / Microsoft Entrata / Duo / Etc.
Atrium does not currently support direct provisioning and deprovisioning of user accounts via Identity Governance & Administration providers like Okta, Ping Identity, and so forth.
However, as noted above, Atrium does inherit the deprovisioning of business productivity accounts (Google Apps or Microsoft) that is conducted via IGA solutions, thereby ensuring compliant deprovisioning via IGA.