IT Settings

General

You need IT administrator privileges to have access to the IT settings. Click on the gearwheel in the top right corner and select IT Settings.

The General tab, which you will see first, provides technical information, such as the activation of the 2-factor authentication (2FA), the password length requirement, time zone, and session times. Clicking on the Edit button lets you manage those settings.

Roles

While all registered users (who by default have the employee role) can access the dashboard and user settings and view the dashboard charts, other rights are restricted to specific roles. An additional distinction is made between read-only or read-and-write rights. Find a list of the rights for each role here. You can Create new roles. Name the role and assign permissions by selecting the appropriate checkboxes. Once done, Save your input.

If you want to give access (read or write) to a specific element (such as a ROPA, Vendor, etc.), you can do this via the Manage Access menu in each element on the upper right (the three ...). You can also create audiences for this. Learn more here.

Identity & Access Management

Local

Click Edit to enable or disable local user authentication. You can also activate Enforce 2FA and set Password Requirements here.

SAML2/OAuth2

This section allows you to switch between SAML2 and OAuth2 authentication methods.

Managing SAML2 Authentication for Different Identity Providers (IdPs):

Choose an Authentication Template. You can select from predefined templates (Microsoft, Google or Custom).
Based on your chosen template, specify the necessary Identity Provider details.
Choose Name ID Format to specify how the user’s identity will be formatted in the authentication process.
Activate the SCIM2 toggle to enable user provisioning and synchronization.
Activate the Group Claims toggle to enable dynamic group management for users.
After completing the configuration for the selected IdP, click Save to apply the changes.

OAuth2 Configuration:

Select the desired Configuration Template from the available options (e.g., Microsoft, Google, or Custom).
Type in the Allowed Domains for authentication.
Enter Client ID, Client Secret, and Tenant ID
Activate the Entra ID toggle to enable integration with Entra ID for identity management.
Activate the SCIM2 toggle to enable user provisioning and synchronization.
Activate the Group Claims toggle to enable dynamic group management for users.
Save configuration.

Entra ID

First, you must make the necessary configurations in your Microsoft Entra ID. Follow the corresponding guide to do so.

Entra ID will only be available once the Microsoft OAuth template has been configured and Entra ID has been enabled.

Click Activate to enable Entra ID integration. Once activated, Active Directory will synchronize users and groups with Entra ID. Click Edit to enter to the OAuth2 configuration.

SCIM2

Please contact hello@priverion.com to enable the SCIM2 service.

Role mapping

The manual groups and role mapping functionality work together with the "Group Claims" setting in the SAML2/OAuth2 configuration screen.

If group synchronization is not possible (e.g., when syncing directly from Google Workspace is not supported outside of SCIM2), users can manually create groups in the system using the unique identifiers of the groups from their identity provider (IdP).

When the "Group Claims" option is enabled in SAML2/OAuth2, the system will check whether a user belongs to a manually created group and assign roles accordingly.

When creating a new group, enter a Unique Identifier.
Assign the manual groups to the roles.

Tokens

Navigate to the Tokens tab and click Create to generate a new token.
Enter Token Details.
Save configuration.

Log

Check authentication logs within the Log tab, including Entra ID sync logging.

User Management

In the User Management tab, you will see a list of all users of your Priverion platform. You can edit their details by clicking on an individual user or create a new user login by clicking the Create button. When creating a user, you enter their name and email. If you want to notify the user of his new account and ask him to set a password, please select send invite per email. The telephone number is optional. Finally, you assign roles to this user.

Language

As an IT administrator, you can change the language settings on the Language tab by clicking the Edit button. You can customize the default language and enable any additional languages you wish to use on your Priverion platform.

You can enter information in those languages in all input fields of your Priverion platform. Our translation API will translate all the entered information into the activated languages. Please only select the languages necessary to make it easier for the user to input data.

Once a language is activated, users can select their preferred language by clicking the gearwheel on the right corner and entering the User settings.

External Integrations

Enable your external integrations under the corresponding tab. Currently, only the Product Fruits Help is available. Click on Edit and activate the feature. You can also decide whether to allow the usage of username and email. Click Save to confirm.

Activate AI

You can use the integrated artificial intelligence function to create some elements. Click Edit to activate or deactivate. After activating the AI function with the switch, you can choose the industry in which your company operates from the drop-down menu. Save your input.

International Standards

Under the International Standard tab, you will find a list of all standards available. Click Edit to activate or deactivate the standards you wish to use in your Priverion platform.