Skip to main content
The following information applies only to dedicated instance and in-VPC deployments of Unstructured Enterprise.IdP integration is not available for Unstructured Starter or Team accounts.
An identity provider (IdP) is a service that manages and verifies the digital identities of users. It authenticates who a user is and provides that information to other systems (known as service providers) to control access. You can connect your organization’s IdP to Unstructured so you can manage who has access across all your connected systems from one place. Instead of having to manually create and manage user accounts and roles within your Unstructured account, Unstructured can use your organization’s IdP to determine things such as:
  • Who can sign in to your Unstructured account.
  • Which roles and permissions they should have within your Unstructured account.
  • Revoking access to your Unstructured account—for example, when someone leaves your organization.

Supported IdPs

Unstructured supports IdPs that use any of the following protocols:
  • Keycloak OpenID Connect
  • OpenID Connect v1.0
  • SAML 2.0

IdP groups

IdP groups are collections of users defined within your IdP—for example, an Engineering group, a Marketing group, or an Administrators group. Unstructured can use your IdP groups to automatically assign roles and permissions within your Unstructured account at the account level and for each of your account’s workspaces.

Roles

Roles are the sets of permissions that Unstructured can assign to your IdP groups—as well as to individual users separately within your Unstructed account, if needed— through a common security best-practice technique called role-based access control (RBAC). Unstructured has two kinds of roles:
  • Account roles: These roles include Super Administrator, Account Member, and Billing Administrator. They apply at the account level.
  • Workspace roles: These roles include Workspace Administrator, Developer, Operator, and Viewer. They apply to each of your account’s workspaces.
Learn more about these roles.

Getting started

To have Unstructured connect your organization’s IdP to your Unstructured account, contact your assigned Unstructured Account Executive (AE) or Customer Success Manager (CSM). If you do not know who your assigned AE or CSM is, email Unstructured Support at support@unstructured.io.

Next steps

After Unstructured has connected your organization’s IdP to your Unstructured account, you can manage access by your IdP groups and individual users to your Unstructured account and its workspaces. To do this, you can use your Unstructured account’s user interface (UI). For details, see IdP management with the Unstructured UI.
I