User configuration and security models in Tiger Prism

User configuration and security models in Tiger Prism 

We hosted another session of our “Ask the Experts” webinar series, this time focusing on user configuration and security models within Tiger Prism.  

This session was once again led by Richard, our Head of Service Management, and Matt, our Technical Product Lead.

Read our blog for key insights shared by the team, or watch the recording of the webinar here.  

Security roles in Tiger Prism 

To begin with, the team looked at the various security roles available within Tiger Prism, including the System Administrator role, one that grants full access to the system, making it a powerful but often too broad a role for general users.  

To address privacy regulations, Tiger Prism offers a GDPR role, which allows for data anonymisation upon request. This role is crucial for ensuring compliance with privacy laws. Additionally, users can create custom roles tailored to specific needs. For example, a “View My Data” role can be configured to limit access to personal data, while a “My Directories” role can provide access to departmental records based on the organisational hierarchy. These custom roles offer flexibility and precision in managing user access. 

Building blocks of security 

Richard and Matt then discussed the fundamental building blocks of security within Tiger Prism. Permissions are a key component, defining what users can see on the interface, such as specific tiles and menu options. This ensures that users only have access to the information they need. Enterprise groups are used to control access to data, such as specific call detail records (CDR) for different departments.  

Another important aspect is employee exclusion, which restricts access to certain individuals’ data, such as union representatives or top executives. This helps maintain confidentiality and privacy. Network access is another layer of security, restricting data based on network sources or specific trunks. The Tiger Prism security model is highly customisable, offering granular control over user access. Richard and Matt emphasised the importance of managing security risks by limiting access, rather than assigning broad system administrator roles to everyone. 

External authentication 

The presenters highlighted the various external authentication methods supported by Tiger Prism. These include local logins, Single Sign-On (SSO), and, for on-premise systems, Windows Authentication. SSO is recommended as the most secure option, as it ensures that deactivating a user in an external directory, such as Active Directory, automatically removes their Tiger Prism access. This integration with external authentication systems enhances security and simplifies user management. 

Practical example 

To illustrate the concepts discussed, Richard and Matt provided a practical example. They demonstrated how to grant a sales manager access to their team’s data using permissions, department-level access, and exclusions. This example showed how to ensure that unnecessary data is not exposed, maintaining data security and relevance.  

Building modular roles for flexibility 

The flexibility of Tiger Prism’s security model was further highlighted through the concept of modular roles. Modular building blocks allow users to create reusable, customisable components, such as reports, dashboards, and data access permissions. These components can be combined to build tailored roles, ensuring that users have access to the right information without being overwhelmed with unnecessary privileges. For instance, roles can be configured to provide specific access to reports or dashboards relevant to different users, such as a sales manager having access to performance reports. Exclusions can also be applied to restrict access to certain sensitive data, ensuring that privacy and confidentiality are maintained. 

User management and permissions 

Richard and Matt discussed the efficiency of Tiger Prism’s user management system. Role assignment allows user roles to be updated to give access to new features without needing to manually adjust every user’s permissions. This modular role system reduces administrative tasks by applying role updates automatically to all relevant users. This streamlined approach ensures that users always have the appropriate level of access, enhancing both security and productivity. 

Technical questions and solutions 

There is always the option to submit questions via the chat which are answered during the webinar. 

One common question was about enabling SSO retrospectively. Richard and Matt explained that even if local accounts are in use, SSO can be activated, and local logins can be disabled on a case-by-case basis. They also discussed the use of custom data sources for assigning permissions, which can be useful if directories like Azure AD are inaccurate. Users can have multiple roles, giving them different levels of access across various departments. Additionally, guest accounts can be created for external users, functioning similarly to local accounts but distinct from internal employee accounts. 

Authentication and notification customisation 

Finally, the experts covered the customisation options for authentication and notifications. Windows Authentication is available for on-premises systems, while SSO is recommended for cloud or third-party hosted services. Custom email notifications can be configured to include business-specific details, such as IT support contacts, when user accounts are created. This ensures that users receive relevant information and support from the outset. 

Future Ask the Experts sessions 

We hope you found the content of this webinar useful and informative. If you have any topics you would be interested in having a webinar on, drop us an email at hello@tiger.io.

You can catch up on all the Ask the Experts sessions here.