IT Administrator FAQs
For detailed instructions and information for each question, click on the links provided to redirect to the corresponding section in our Documentation.
Immuta can run on a single Linux server or on a cluster of such servers. Cluster management is built into Immuta, and administering an Immuta cluster is more like managing a virtual appliance than a distributed system. Additionally, the standard cluster installation is preconfigured with high availability, scalability, and resource scheduling. For full technical details on the standard installation and other installation types, click on the link above.
Immuta can leverage metadata tools, such as Collibra, Atlas, or Waterline, to pull in external catalog tags and drive global policies. For example, instead of building a local policy that masks a specific column in a specific table, Data Governors can build a global policy that is broader, such as "Mask anywhere there's PII data." In this scenario, Immuta uses the external catalog tags to determine where that PII data exists to then enforce the policy in corresponding data sources.
Any number of Identity Managers can be configured and enabled for an instance of Immuta. Each Identity Manager has a specific set of configurations that enable it to communicate with the IAM and map the users, permissions, groups, and attributes into Immuta. Available Identity Manager protocols include Active Directory/LDAP, OpenID, and SAML 2.0. This allows Immuta to configure with many external IAMs, including (but not limited to) Active Directory, Azure Active Directory, OAuth2, Okta, and OneLogin.
Typically management is delegated to your organization's existing IAM system through Immuta's pluggable interface. However, if your organization opts to use the default Immuta Identity Manager, this IAM is managed in the
Adminsection of the Immuta UI.
Immuta has an advanced logging and auditing system that allows you to easily analyze your system's logs with the most popular log analysis tools.
Immuta provides a detailed audit record of all user activity in the Immuta UI and query activity through Immuta's data access patterns. A basic UI is available for Audit Log analysis. However, most customers forward audit records to an enterprise system for monitoring, analysis, and visualization.
Calls to the HTTP API require authentication. All requests must include a valid token in the
AuthorizationHTTP header in order to be considered an authenticated request. In order to obtain a bearer token, you must first authenticate with Immuta using an enabled authentication method. This token should be used for multiple requests until it expires. Once a token has expired, you must authenticate again to get a new token. For authentication request examples, parameters, and endpoints, click the link above.
A custom policy handler allows you to create complex data access rights that aren’t supported through the Immuta UI policy builder. Click on the link above for a description of how to create policy handlers.