Shared Responsibility Model
Essential security practices and responsibilities for Glean tenant administrators
As a Glean administrator, you are responsible for implementing and maintaining specific security practices to ensure the safe and effective operation of your Glean tenant. This guide outlines your key responsibilities across different areas of tenant management.
Employee Access Controls
Proper access control management is critical for maintaining the security of your Glean environment. Administrators must actively manage user access and authentication policies.
SSO and Authentication
SSO Access Policy
Ensure your Single Sign-On (SSO) access policy aligns with organizational security protocols, including:
- Multi-Factor Authentication (MFA) implementation
- Trusted Location designation
- Regular policy review and updates
Access Restriction
Maintain strict control over user authentication by:
- Limiting SSO access to authorized Glean users only
- Implementing proper authentication gates
- Regularly auditing user access permissions
User Management
Terminated User Management
Implement processes for immediate removal of terminated employees and contractors from the SSO provider configured with Glean to prevent unauthorized access.
Role-Based Access Control (RBAC)
Establish and maintain clear policies for:
- Administrator role assignments
- Permission scope definition
- Access level restrictions based on job responsibilities
- Regular review of admin permissions
IP Access Control
If your users access Glean from specific IP ranges (e.g., through VPN):
- Configure appropriate IP Allowlists
- Maintain up-to-date IP address/range documentation
- Regularly review and update allowed IP ranges
Connector Integrations
Proper management of connector integrations is essential for maintaining secure and reliable data access within Glean.
Security Best Practices
Credential Management
Implement regular rotation schedules for:
- API keys
- Access tokens
- Integration secrets
- Other authentication credentials
Service Account Usage
Prioritize service accounts over individual credentials:
- Set up dedicated service accounts for integrations
- Maintain proper documentation of service account usage
- Regularly audit service account permissions
Cloud-prem Environments
Organizations hosting Glean within their own cloud infrastructure have additional security responsibilities.
Cloud-prem Security Guidelines
For organizations hosting Glean in their own GCP or AWS environment, please review the complete set of additional security considerations and responsibilities in our Cloud-prem documentation.
Was this page helpful?