The ultimate goal of the Knowledge Portal is to provide the right people access to the right information at the right time. This blog focuses on the first part of that statement—“the right people.” This securing of information assets is called entitlements. As our COO Joe Hilger eloquently points out, entitlements are vital in “enabling consistent and correct privileges across every system and asset type in the organization.” The trick is to ensure that an organization’s security model is maintained when aggregating this disparate information into a single view so that users only see what they are supposed to.

The Knowledge Portal Security Challenge

The Knowledge Portal’s core value lies in its ability to aggregate information from multiple source systems into a single application. However, any access permissions established outside of the portal—whether in the source systems or an organization-wide security model—need to be respected. There are many considerations to take into account when doing this. For example, how does the portal know:

• Who am I?
• Am I the same person specified in the various source systems?
• Which information should I be able to see?
• How will my access be removed if my role changes?

Once a user has logged in, the portal needs to know that the user has Role A in the content management system, Role B in our HR system, and Role C in our financial system. Since the portal aggregates information from the aforementioned systems, it uses this information to ensure what I see in the portal is reflective of what I would see in any of the individual systems. 

The Tenets of Unified Entitlements in a Knowledge Portal

At EK, we have a common set of principles that guide us when implementing entitlements for a Knowledge Portal. They include:

• Leveraging a single identity via an Identity Provider (IdP).
• Creating a universal set of groups for access control.
• Respecting access permissions set in source systems when available.
• Developing a security model for systems without access permissions.

Leverage an Identity Provider (IdP)

When I first started working in search over 20 years ago, most source systems had their own user stores—the feature that allows a user to log into a system and uniquely identifies them within the system. One of the biggest challenges for implementing security was correctly mapping a user’s identity in the search application to their various identities in the source systems sending content to the search engine.

Thankfully, enterprise-wide Identity Providers (IdP)  like Okta, Microsoft Entra ID (formerly Azure Active Directory), and Google Cloud Identity are ubiquitous these days.  An Identity Provider (IdP) is like a digital doorkeeper for your organization. It identifies who you are and shares that information with your organization’s applications and systems.

By leveraging an IdP, I can present myself to all my applications with a single identifier such as “cmarino@enterprise-knowledge.com.” For the sake of simplicity in mapping my identity within the Knowledge Portal, I’m not “cmarino” in the content management system, “marinoc” in the HR system, and “christophermarino” in the financial system.

Instead, all of those systems recognize me as “cmarino@enterprise-knowledge.com” including the Knowledge Portal. And the subsequent decision by the portal to provide or deny access to information is greatly simplified. The portal needs to know who I am in all systems to make these determinations.

Create Universal Groups for Access Control

Working hand in hand with an IdP, the establishment of a set of universally used groups for access control is a critical step to enabling Unified Entitlements. These groups are typically created within your IdP and should reflect the common groupings needed to enforce your organization’s security model. For instance,  you might choose to create groups based on a department or a project or a business unit. Most systems provide great flexibility in how these groups are created and managed.

These groups are used for a variety of tasks, such as:

• Associating relevant users to groups so that security decisions are based on a smaller, manageable number of groups rather than on every user in your organization.
• Enabling access to content by mapping appropriate groups to the content.
• Serving as the unifying factor for security decisions when developing an organization’s security model.

As an example, we developed a Knowledge Portal for a large global investment firm which used Microsoft Entra ID as their IdP. Within Entra ID, we created a set of groups based on structures like business units, departments, and organizational roles. Access permissions were applied to content via these groups whether done in the source system or an external security model that we developed. When a user logged in to the portal, we identified them and their group membership and used that in combination with the permissions of the content. Best of all, once they moved off a project or into a different department or role, a simple change to their group membership in the IdP cascaded down to their access permissions in the Knowledge Portal.

Respect Permissions from Source Systems

The first two principles have focused on identifying a user and their roles. However, the second key piece to the entitlements puzzle rests with the content. Most source systems natively provide the functionality to control access to content by setting access permissions. Examples are SharePoint for your organization’s sensitive documents, ServiceNow for tickets only available to a certain group, or Confluence pages only viewable by a specific project team. 

When a security model already exists within a source system, the goal of integrating that content within the Knowledge Portal is simple: respect the permissions established in the source. The key here is syncing your source systems with your IdP and then leveraging the groups managed there. When specifying access to content in the source, use the universal groups. 

Thus, when the Knowledge Portal collects information from the source system, it pulls not only the content and its applicable metadata but also the content’s security information. The permissions are stored alongside the content in the portal’s backend and used to determine whether a specific user can view specific content within the portal. The permissions become just another piece of metadata by which the content can be filtered.

Develop Security Model for Unsupported Systems

Occasionally, there will be source systems where access permissions have not or can not be supported. In this case, you will have to leverage your own internal security model by developing one or using an entitlements tool. Instead of entitlements stored within the source system, the entitlements will be managed through this internal model. 

The steps to accomplish this include:

• Identify the tools needed to support unified entitlements;
• Build the models for applying the security rules; and
• Develop the integrations needed to automate security with other systems. 

The process to implement this within the Knowledge Portal would remain the same: store the access permissions with the content (mapped using groups) and use these as filters to ensure that users see only the information they should.

Conclusion

Getting unified entitlements correct for your organization plays a large part in a successful Knowledge Portal implementation. If you need proven expertise to help guide managing access to your organization’s valuable information, contact us! 

The “right people” in your organization will thank you.

The post Incorporating Unified Entitlements in a Knowledge Portal appeared first on Enterprise Knowledge.

In this presentation, Majumder and Nozari explored the crucial role of AI in enhancing data governance through Role-Based Access Control (RBAC), and discussed how the Adaptable Rule Foundation (ARF) system uses metadata and labels to classify and manage data effectively across three levels: Core, Common, and Unique. This system allows domain experts to participate actively in the AI-driven governance processes without needing deep technical expertise, promoting a secure and collaborative development environment.

Check out the presentation below to learn how to:

• Implement AI to streamline RBAC processes, enhancing data security and operational efficiency.
• Understand the impact of real-time data control on organizational dynamics.
• Enable domain experts to contribute securely and effectively to the AI development process.
• Leverage the ARF system to adapt security measures tailored to the specific needs of various organizational units.

The post Beyond Content Management for Real Knowledge Sharing appeared first on Enterprise Knowledge.

In this presentation, Hilger and Thompson explored the evolving challenges of securing data in an era of exponential growth, cloud adoption, and increasing cyber threats, starting with the limitations of traditional perimeter-based security approaches and the need for scalable, automated solutions. They introduced key modern security strategies – including zero trust architecture, data-centric security, and AI/ML-driven threat detection – to help organizations enhance their data protection. The session also covered shadow/dark data discovery and data classification techniques to mitigate risks and improve security posture.

By the end of the session, attendees gained insight into:

• The limitations of traditional perimeter-based security and why modernization is necessary
• Zero trust architecture and how it strengthens security through strict identity verification
• Data-centric security strategies to protect data throughout its lifecycle
• The role of AI/ML in detecting threats and automating security decisions
• Techniques for discovering and classifying shadow/dark data to close security gaps
• Actionable strategies for implementing scalable, future-proof data security frameworks

The post Modern Methods for Managing Data Security appeared first on Enterprise Knowledge.

Joe Hilger, EK’s COO and co-founder, and Lulit Tesfaye, Partner and VP for Knowledge & Data Services, will jointly present “Top Graph Use Cases and Applications for Enterprise Data Management” on Wednesday afternoon. This presentation describes real world case studies across a wide range of industries for enterprise graph implementations and lessons learned from our work on over 50 data solutions and graph delivery projects.

Joe Hilger and Ian Thompson, Solutions Architect and Data Engineer, will jointly present “Modern Methods for Data Security” on Wednesday afternoon. In this presentation, they will explore the latest methods to automate and scale data security for the enterprise and will explain how these new methods are implemented in the environments they work best.

Urmi Majumder, Principal Solutions Architect, and Maryam Nozari, Senior Data Scientist, will jointly present “Preventing Accidental Data Leaks Using LLMs” on Tuesday afternoon. In this talk, they will present a solution architecture that integrates AI-driven data classification, robust access controls, and compliance mechanisms. This approach enhances data security, ensures AI compliance, and streamlines sensitive data management while boosting operational efficiency and risk mitigation.

Additionally, EK will be a sponsor of the event with an exhibit booth, where you can meet the EK speakers, EK Partner Manager Benoit Gaussin, and Senior Consultant Thomas Mitrevski.

CDOIQ is the longest running data leadership conference. Its purpose is to advance knowledge and accelerate the adoption of the Chief Data Officer (CDO) role in all industries and geographical countries. The event will explore delivering mature data and analytics capabilities for ROI.

See the full program here and register today. If you cannot be there in-person, the conference will also be live-streamed for half the price of onsite registration.

The post EK’s Hilger, Tesfaye, Thompson, Majumder, and Nozari to Speak at the CDOIQ Symposium appeared first on Enterprise Knowledge.

In this engaging session, Maryam and Urmi will explore the challenges and opportunities presented by the rapid evolution of Large Language Models (LLMs) and the exponential growth of unstructured data within enterprises. They will address the critical intersection of technology and data governance necessary for managing AI responsibly in an era dominated by data breaches and privacy concerns. Attendees will learn about a comprehensive framework to define and identify dark data, understand its risks, and utilize innovative AI solutions to secure data effectively. The session will provide actionable insights to help organizations enhance data privacy and achieve regulatory compliance within the AI-driven data ecosystem. 

About The Data Governance & Information Quality Conference 

DGIQ is the world’s most comprehensive event dedicated entirely to Data Governance and Information Quality. Whether you are a newcomer or an experienced data professional, DGIQ offers a compelling agenda full of informative sessions and tutorials for all levels of experience. As an attendee, you can choose from 14 tutorials and workshops, several one- and two-day seminars, and many general conference sessions and case studies addressing important topics in Data Governance. 

The post Maryam Nozari and Urmi Majumder Speaking at the Data Governance & Information Quality Conference (DGIQ) appeared first on Enterprise Knowledge.