コンテンツにスキップ

Customer Responsibilities for Managing Glean

As a Glean customer and administrator for your company, you are responsible for the following security best practices when managing your Glean tenant.

Employee Access Controls

1. SSO Access Policy: It is crucial to ensure that the Single Sign-On (SSO) access policy you have established for Glean is in line with your organization's security protocols. This includes the adoption of additional security measures such as Multi-Factor Authentication (MFA) and/or the designation of Trusted Locations.

2. Restrict Access to Intended Users: You should ensure that only the intended users for Glean are able to authenticate to it via SSO.

3. Prompt Removal of Terminated Users: You must ensure that terminated employees or contractors are promptly removed from the SSO provider that is configured with Glean.

4. Process for Role Based Access Control (RBAC): You should have a clear policy for who can be assigned an administrator role within your Glean environment, and should utilize Glean's Role-Based Access Controls (RBAC) to ensure that different admins have permissions only for the parts of the Glean workspace setup they need to access and manage.

5. IP Allowlist Requirements: If your Glean users are intended to be coming from specific IP ranges (e.g. you are using a VPN), then you must ensure that an IP Allowlist is configured within Glean. It is your responsibility to ensure that this list of IP addresses/IP ranges is kept up-to-date.

Connector Integrations

1. Credential Rotation for Datasources: You are responsible for regularly updating and rotating the API keys, secrets, and tokens used by Glean to crawl your datasources.

2. Utilize Service Accounts for Integrations: When integrating Glean with other applications, you must endeavor to use service accounts instead of individual employee credentials. This ensures that the integrations remain functional and secure, even if an employee departs from the company. Service accounts are designed for automated processes and provide a more stable and controlled method of access.

Cloud-prem Considerations

If you are hosting your Glean tenant within your own GCP or AWS environment, then there are additional security considerations and responsibilities to be aware of.

More information: Customer Responsibilities for Cloud-Prem.