Skip to main content

Enterprise User Management in Rhythms

Learn about Rhythms’ Enterprise User Management, including SSO, SCIM, and RBAC.

Updated over 5 months ago

Rhythms' Enterprise User Management provides an enterprise-grade framework to ensure secure access, simplified administration, and streamlined user management for your team. It integrates tools like Single Sign-On (SSO), System for Cross-domain Identity Management (SCIM), and Role-Based Access Control (RBAC) to create a robust user management solution.

Whether you're an admin configuring the system or a user logging in, Rhythms delivers a seamless experience with enhanced security and efficiency. This guide introduces these capabilities and links to detailed setup instructions for each component to help you get started.

Key Components
Rhythms integrates three core identity management tools:

  • Single Sign-On (SSO): Log in with corporate credentials via your Identity Provider (IdP), like Okta or Entra ID. Once enabled, all users with your email domain authenticate through the IdP for consistent security and easy access.
    View the SSO Setup Guide →

  • System for Cross-domain Identity Management (SCIM): Automate user provisioning, lifecycle management, and the synchronization of user profile information. SCIM enables Rhythms to sync with your Identity Provider (IdP) to:

    • Create user accounts in Rhythms when individuals are assigned to the application in your IdP.

    • Automatically update user profiles in Rhythms with information managed in your IdP (e.g., name, email). This capability can extend to richer profile attributes (such as department, job title, manager, or other relevant information) if your IdP is configured to source this data from your organization's HRIS system. This helps ensure that user profiles within Rhythms are comprehensive, accurate, and current.

    • Instantly revoke user access to Rhythms when they are unassigned from the application in your IdP or their IdP account is deactivated. This continuous synchronization ensures that user data within Rhythms accurately reflects your organization's central identity records.

    • View the SCIM Setup Guide →

  • Role-Based Access Control (RBAC): Manage permissions with roles like Platform Administrator, OKR Administrator, Team Owner, and Member. RBAC ensures secure and efficient access control for your OKR program, with additional roles like Read-Only User and Delegate for flexibility.
    View the Roles and Permissions Guide →

Note: For enterprises where the IdP isn't connected to an HRIS for profile enhancement, or for additional HRIS data integration needs, Rhythms supports set up of a separate HRIS integration. Please consult Rhythms support via "Help" in the portal for specific capabilities or reach out to your customer success manager.

Benefits

  • Enhanced Security: Centralized authentication (SSO), automatic access revocation (SCIM), IdP-supported multi-factor authentication (MFA), and tailored access control through role assignments (RBAC).

  • Simplified Administration: Automated user management and real-time directory sync (SCIM), including the synchronization of extended user profile attributes that can be sourced by your IdP from systems like an HRIS. This reduces IT workload and ensures data consistency. Streamlined permission management with predefined roles (RBAC).

  • Seamless User Experience: One-click login (SSO), auto-updated and potentially enriched user profiles via SCIM automated synchronization from your IdP (which can include attributes sourced from an HRIS), and instant access for new team members.

Recommended Approach
For a smooth rollout:

  • Understand and Assign Roles (RBAC): Begin by understanding the predefined roles within Rhythms and then assign these roles to establish appropriate permission levels for different users and groups. This initial planning and assignment ensures that when users access Rhythms, they have the correct permissions based on their responsibilities.

  • Implement Single Sign-On (SSO): Next, configure SSO to secure authentication, allowing users to log in with their corporate credentials via your Identity Provider (IdP). This centralizes access control and enhances security.

  • Enable SCIM for User Lifecycle and Profile Management: Once SSO is in place, implement SCIM for automated user provisioning, de-provisioning, and the synchronization of user profile information from your IdP. This keeps user accounts and their profile details (which can be enhanced if your IdP sources data from an HRIS) current.

  • Further Enhance User Profiles (Optional HRIS Integration):

    • Via SCIM/IdP: If your Identity Provider (IdP) is configured to source richer profile attributes from your HRIS system (e.g., department, manager), ensure SCIM is set up to sync this information to Rhythms for more comprehensive user profiles.

    • Via Separate Rhythms Integration: If your IdP doesn't integrate with your HRIS for the desired level of profile detail, or for additional attributes, inquire with Rhythms support about potential options for a separate Rhythms HRIS integration to further enhance user profiles.

Tip: Contact Rhythms support via "Help" in the admin portal if you need setup assistance.

Prerequisites
Before you begin:

  • Administrator access to your Rhythms tenant.

  • Administrator access to your IdP (e.g., Okta, Microsoft Entra ID, Google Workspace).

  • A supported IdP—see the detailed guides for the full list.

Did this answer your question?