https://communities.sas.com/t5/SAS-Customer-Intelligence/Restricting-Users-from-Accessing-the-SAS-Customer-Intelligence/m-p/872749#M1910 <P>Customers often ask whether we can restrict users from accessing the SAS Customer Intelligence 360 application outside of the company firewall. They are also curious about whether we can restrict the access of user who is no longer working with our organization.</P> <P>&nbsp;</P> <P>To restrict access, configure the Tenant Access settings to limit the IP addresses from which users can access the application. This setting restricts use of the SAS Customer Intelligence 360 user interface and making API calls based on the configuration.</P> <P>See <A href="https://go.documentation.sas.com/doc/en/cintcdc/production.a/cintag/tenant-access.htm" target="_blank" rel="noopener">Tenant Access</A> for more information.</P> <P>&nbsp;</P> <P><STRONG>Important reminder</STRONG>: Be sure to include your external IP address in the range of allowed IP addresses for the user interface to ensure that you do not lose access to the user interface.</P> <P>&nbsp;</P> <P>Also note the following points:</P> <P>&nbsp;</P> <OL> <LI>For <A href="https://go.documentation.sas.com/doc/en/cintcdc/production.a/cintqsg/sso-authentication.htm" target="_blank" rel="noopener">Federated Single Sign-On</A> (SSO) implementation: Users will no longer be able to access SAS Customer Intelligence 360 if they are removed from the company’s authentication provider (AD or LDAP), even when they are still listed in SAS Customer Intelligence 360 as users. In this case, the user can no longer authenticate and thus will not have access.</LI> <LI>The <A href="https://go.documentation.sas.com/doc/en/cintcdc/production.a/cintapis/rest-scim-api.htm" target="_blank" rel="noopener">SCIM API</A> provides an ability to programmatically remove users as part of an employee's offboarding process.</LI> </OL> <P>&nbsp;</P> <P>For additional help, contact SAS Technical Support by creating a track with the&nbsp;<STRONG>Contact Support</STRONG>&nbsp;option in the SAS Customer Intelligence 360 user interface.</P> Fri, 28 Apr 2023 07:42:01 GMT SomSASTS 2023-04-28T07:42:01Z https://communities.sas.com/t5/SAS-Customer-Intelligence/Restricting-Users-from-Accessing-the-SAS-Customer-Intelligence/m-p/872749#M1910 <P>Customers often ask whether we can restrict users from accessing the SAS Customer Intelligence 360 application outside of the company firewall. They are also curious about whether we can restrict the access of user who is no longer working with our organization.</P> <P>&nbsp;</P> <P>To restrict access, configure the Tenant Access settings to limit the IP addresses from which users can access the application. This setting restricts use of the SAS Customer Intelligence 360 user interface and making API calls based on the configuration.</P> <P>See <A href="https://go.documentation.sas.com/doc/en/cintcdc/production.a/cintag/tenant-access.htm" target="_blank" rel="noopener">Tenant Access</A> for more information.</P> <P>&nbsp;</P> <P><STRONG>Important reminder</STRONG>: Be sure to include your external IP address in the range of allowed IP addresses for the user interface to ensure that you do not lose access to the user interface.</P> <P>&nbsp;</P> <P>Also note the following points:</P> <P>&nbsp;</P> <OL> <LI>For <A href="https://go.documentation.sas.com/doc/en/cintcdc/production.a/cintqsg/sso-authentication.htm" target="_blank" rel="noopener">Federated Single Sign-On</A> (SSO) implementation: Users will no longer be able to access SAS Customer Intelligence 360 if they are removed from the company’s authentication provider (AD or LDAP), even when they are still listed in SAS Customer Intelligence 360 as users. In this case, the user can no longer authenticate and thus will not have access.</LI> <LI>The <A href="https://go.documentation.sas.com/doc/en/cintcdc/production.a/cintapis/rest-scim-api.htm" target="_blank" rel="noopener">SCIM API</A> provides an ability to programmatically remove users as part of an employee's offboarding process.</LI> </OL> <P>&nbsp;</P> <P>For additional help, contact SAS Technical Support by creating a track with the&nbsp;<STRONG>Contact Support</STRONG>&nbsp;option in the SAS Customer Intelligence 360 user interface.</P> Fri, 28 Apr 2023 07:42:01 GMT https://communities.sas.com/t5/SAS-Customer-Intelligence/Restricting-Users-from-Accessing-the-SAS-Customer-Intelligence/m-p/872749#M1910 SomSASTS 2023-04-28T07:42:01Z https://communities.sas.com/t5/SAS-Customer-Intelligence/Restricting-Users-from-Accessing-the-SAS-Customer-Intelligence/m-p/872750#M1911 Are there any known impacts on objects created by or workflows involving the user removed using the SCIM API?<BR />Thanks?<BR /> Fri, 28 Apr 2023 08:35:00 GMT https://communities.sas.com/t5/SAS-Customer-Intelligence/Restricting-Users-from-Accessing-the-SAS-Customer-Intelligence/m-p/872750#M1911 LeonoraG 2023-04-28T08:35:00Z https://communities.sas.com/t5/SAS-Customer-Intelligence/Restricting-Users-from-Accessing-the-SAS-Customer-Intelligence/m-p/872783#M1912 <P>There are no restrictions on any objects. When you have defined IP access lists for the API gateway that also impacts the SCIM API. In that case it can only be called from machines with IP addresses in the defined range.</P> Fri, 28 Apr 2023 12:01:41 GMT https://communities.sas.com/t5/SAS-Customer-Intelligence/Restricting-Users-from-Accessing-the-SAS-Customer-Intelligence/m-p/872783#M1912 OlafKratzsch 2023-04-28T12:01:41Z