Enterprise-Ready on Day 1
Announcing audit logs and improvements to platform access controls
John Tan
Mitch Friedman
Nick Stefan
November 15, 2022
5 minutes
Today, we’re excited to announce the general availability of audit logs, along with several enhancements to other existing enterprise governance features, including single sign-on (SSO) and role-based access control (RBAC). Hightouch admins have long-requested the ability to monitor what their teams are doing inside the app. With audit logs, they can now track, trace, and search through user activity, such as updates to sync configurations. Now, users can have the peace of mind of knowing what actions are being taken, by whom, and when.
Track, trace, and search user activity with audit logs
Enterprise-readiness on Day 1
Today’s releases reflect the continuing demands from our enterprise customers. Hightouch powers mission critical processes for some of the largest brands in the world, including the NBA, Warner Music Group, GameStop, AXS, and Spotify. In such high-stakes environments, proper governance is critical, and system admins reasonably expect flexible tooling for access control, change management, and incident response.
Platform governance in Hightouch
With Hightouch serving as a bridge between the entire data stack and complex business end systems, we’ve built our platform to be enterprise-ready on day one. Read on for a summary of the recent updates we’ve made to our enterprise offerings.
Single Sign-On (SSO)
We’ve supported SAML SSO for quite some time, but today are announcing improvements to more seamlessly integrate with Okta and other leading identity providers:
- Groups: Admins can now map groups in their identity provider to specific workspaces and roles in Hightouch. For example, a user in the
Marketing
team in Okta can now be mapped to theAudience Editor
role in Hightouch. - SCIM: Beyond just-in-time provisioning, Hightouch will soon support syncing with your identity provider whenever changes to a user’s profile occur. This can be useful for automated deprovisioning.
- Self-service: Hightouch now provides an in-app interface for admins to turn on SSO for their organizations.
Enabling SSO in-app
Read our SSO docs here.
Role-based Access Controls (RBAC)
When thinking about access control, we want to be flexible enough to fit the requirements of both your data teams and your business teams. Earlier this year, we introduced several advanced roles outside of the standard Admin
, Workspace Editor
, and Workspace Viewer
roles to provide more granular out-of-the-box options.
Today we’re also releasing a user-friendly interface to create custom roles. With custom roles, admins can specify which access grants a user should get for each of the major resource types in Hightouch.
UI role builder
Read our RBAC docs here.
Team Management (via Labels)
Our largest customers run thousands of syncs through Hightouch. They often want to organize their workspace by team, campaign, system owner, and more. To facilitate this, we currently offer a JSON-based interface to control access for labels that have been assigned to resources. Over the next few quarters, we’ll be working on intuitive interfaces that make label-based access controls even easier to use and more collaborative.
Manage resources with labels
Read our LBAC docs here.
Audit Logs
☝️ Decidedly NOT a stupid question and now we have a great answer for you 💖
With today’s release of audit logs, users can now browse, filter, and search through a historical log of in-app activity for troubleshooting and auditing purposes. All changes to your account’s resources—syncs, models, audiences, sources, destinations—along with user sessions, query previews, and other key actions are now available for inspection.
Previously, if a user changed a sync that resulted in sending erroneous data to a downstream tool, the sync owner would spend hours tracking down who made what change to cause the breakage. Now, the owner can simply search the audit logs for the impacted tool and review the recent changes made to the sync. The admin can respond quickly and deter similar incidents from happening again.
Audit logs UI
Read our audit logs docs here.
Change Management
At an enterprise scale, the impact radius of a bad sync can be serious, negatively affecting internal teams, customers, and brand equity. Last month, we released approval flows, which requires specific users to receive in-app approval before any syncs can go into production. In the near-term, we’re working on additional channels like Slack that can be used by workspace admins to approve changes.
Requesting approval for sync changes
Read our approval flows docs here.
Looking Ahead
That’s a wrap…for now! We’re excited to be able to support our enterprise customers as they use Hightouch to power millions of dollars of ad spend, marketing automation, internal workflows, alerting, and product experiences, among many other use cases. On top of today’s releases, we have even more new features on our roadmap, including platform improvements that make it easier to work across environments, manage resources, and troubleshoot errors. Stay tuned.
In the meantime, the features highlighted today are accessible to all Business Tier customers. Please reach out to our sales team if you’re interested in learning more, or check out our docs for more information.