Access Management

Access Management controls who can log in to the Aurva console and what they can see and do. Aurva uses role-based access control (RBAC) with SSO integration for enterprise environments.

Built-in Roles

Role	Permissions
Admin	Full platform access -- user management, settings, policies, integrations, all data
Security Analyst	View and manage findings, policies, and alerts. Cannot modify users or system settings
Viewer	Read-only access to dashboards, findings, and reports
Auditor	Read-only access to audit trails, compliance reports, and system logs

Role Configuration

Navigate to Settings -> Access Management -> Roles to:

View the permissions matrix for each built-in role
Create custom roles by cloning an existing role and adjusting permissions
Assign data scope restrictions (e.g. limit a role to specific environments or data asset groups)

Permission Categories

Category	Examples
Data Assets	View assets, run scans, modify classification
Policies	Create, edit, delete, enable/disable policies
Findings	View, resolve, suppress, export findings
DAM	View queries, configure monitoring, access audit trail
Administration	Manage users, roles, integrations, system settings

SSO Integration

Aurva supports SAML 2.0 and OIDC for single sign-on with your identity provider.

Supported Identity Providers

Okta
Azure AD / Microsoft Entra ID
Google Workspace
JumpCloud
OneLogin

Setup

1
Configure your IdP
Create a SAML or OIDC application in your identity provider. Use the Aurva ACS URL and Entity ID shown in Settings -> Access Management -> SSO.
2
Provide metadata to Aurva
Upload the IdP metadata XML (SAML) or enter the issuer URL, client ID, and client secret (OIDC).
3
Map groups to roles
Map IdP groups to Aurva roles so that group membership automatically determines access level.
4
Enable SSO
Toggle SSO on. Optionally enforce SSO-only login to disable password-based access.