Aptible Comply

People and Teams

What are People and Groups?

People and Groups are two core "asset types" that reflect:

  • What individuals are in-scope of your policy manual?
  • What groups exist to help you operate your policy manual effectively?

Examples of people that could be in-scope of your policy manual:

  • Full-time employees
  • Part-time employees
  • Contractors

Examples of groups that you may wish to track in Comply:

  • Groups with an explicit policy manual responsibility (e.g., Security team, Privacy team)
  • Groups for which you administer access (i.e., access groups)
  • Teams that manage assets (e.g., Engineering Team)

📘

Groups vs. Teams

Aptible uses the terms "Groups" and "Teams" interchangeably to refer to membership in a group. (However, it's possible that a group could consist of only one member.)

How can I add a Person asset?

Adding members of your workforce is the first step into building out your assets in Comply.

We highly recommend using an integration that will automatically source your People and Groups for you, and keep the list up-to-date. We currently support:

You can also add People manually via the steps below.

  • Log in to comply-grc.aptible.com/
  • Click on the "Assets" tab
  • Select "Add Person" in the top right
  • Add in the Name, Email, and Group
  • If you wish to invite the user to Comply now for access to the system, please check the "Invite this person to be a Comply user" checkbox.

You can also add People assets in bulk by clicking the "Add in Bulk" option.

🚧

Add in bulk using email addresses

Make sure that when you are adding People assets in bulk that you provide a comma- or newline- separated list of email addresses, rather than a list of names.

Updating Person fields

After you have added a user to the system, please follow the steps below if you need to make any edits to their details or update their status to active.

  • Select the pencil icon to update the users name or status. You can also click their name and edit from within their user profile.
  • Status Legend
    • Active: person is being actively managed using Comply for functions like access control reviews, authorizations, etc.
    • Inactive: person is no longer a member of your team, no longer has access and/or is not being managed within Comply

📘

Changing email addresses

For security reasons, we require that you contact support ([email protected]) if you need to change the email address of any teammate.

How to archive a person

If you wish to archive a user (versus marking them 'inactive') you will want to click on the ellipsis by their name and select 'Archive Person'.

Note, if they are leaving your organization, you will want to make sure you mark them inactive so the appropriate offboarding procedure trigger. Archive is appropriate if they were added in error or by mistake and you wish to remove them.

How to add a Group

Groups (i.e., Teams) can be useful to:

  1. Define clear policy manual responsibilities
  2. Maintain your group-based access authorizations in Comply

As with Person assets, we recommend using an integration that will automatically source your People and Groups for you, and keep the list up-to-date. We currently support:

You can also add Groups manually via the steps below.

  1. Select the Groups tab on the left hand navigation
  2. Select Add Group in the top right
  3. Add in the Group Name and Status
  4. Select Add Group at the bottom

As with People, you can add Groups in bulk by providing a comma- or newline- separated list of your groups.

Updating Group fields

After you have added a group to the system, follow the steps below if you need to make any edits to the underlying details.

  1. Select the Groups tab on the left hand navigation
  2. Select the pencil icon to update the group name or status.
    Status Legend
    • Active: croup is active within Comply
    • Inactive: group is no longer active within Comply

You can also update group memberships to add individuals to groups:
- Select the group tab on the left hand navigation
- Click into the group Name
- Select Memberships on the left hand navigation
- Click on Add Membership in the top right hand corner
- Add the person who you wish to be a part of this group
- Select Add Membership at the bottom

How to archive a Group

If you wish to archive a group (versus marking it 'inactive' which is appropriate when a group is no longer being used) you will want to click on the ellipsis by the group name and select 'Archive Asset'.

Authorizations

Authorizations (also known as Entitlements) are basically your whitelist of "who should have access to what." They reflect the ideal state of how things should be. Customers who take advantage of Comply's Authorizations can then automatically compare against who actually has access to different systems using our Okta and JumpCloud integrations.

You can create an Authorization either for a Person or a Group.

❗️

Warning: Group-based access strongly encouraged

We strongly encourage that you manage your "authorizations" on the Group level, rather than the individual. This is a security best practice, as it makes clear why certain individuals need access (because they're a member of a particular group). It will also make it easier for your onboarding procedure - just add the new employee to a group, and everything they should have access to is inherited by their membership.

Follow these steps to create or edit authorizations:

  1. Select the Groups tab on the left hand navigation
  2. Click into the Group Name
  3. Select Authorization on the left hand navigation
  4. Click on Add Authorization in the top right hand corner
  5. Add the SaaS System(s) to which this group should have access
  6. Select Add Authorization at the bottom

Updated about a month ago


People and Teams


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.