Directory & Identity Foundation
Tenant structure, people, groups, role context, and authentication policy.
Audience: Platform and identity operatorsFocus: Directory model and access boundaryStatus: Public manual
What this area covers
Portal keeps tenant structure, people, groups, and role context consistent across the environment. Teams usually review this area first because every other operating motion depends on clear identity boundaries.
Operational areas in scope
| Area | What operators need from it | Why it matters |
|---|---|---|
| Tenant structure | Clear tenant ownership, administrative boundaries, and separation of contexts | Every downstream access, review, and audit workflow depends on the right tenant boundary |
| People and identities | A trustworthy representation of workforce, collaborator, and service identities | Access decisions become unreliable if identity records are incomplete or inconsistent |
| Groups and role context | Grouping and role patterns that reflect how the business actually operates | Access delivery, reviews, and birthright policy should follow operating reality rather than exception handling |
| Authentication posture | Sign-in assurance, factor expectations, and policy boundaries | Identity strength and usability need to support day-to-day work without creating uncontrolled bypasses |
| Audit visibility | A record of identity-relevant change that remains understandable later | Meridian, security, and platform teams all rely on identity change remaining reviewable |
What operators are actually managing
- Define the workforce directory model the company will live with as it grows.
- Decide how people, groups, and roles should be represented for internal teams, external collaborators, and controlled service access.
- Establish who can administer identity at the tenant level and where delegated administration begins and ends.
- Keep factor, sign-in, and identity hygiene policies consistent enough that later governance does not turn into cleanup work.
- Keep authentication policy and tenant ownership legible across the Cadres suite.
What this public manual area includes
- Directory administration and tenant-level identity ownership.
- User, group, and role context that supports real operational teams.
- Authentication policy and identity posture expectations.
- Audit and visibility expectations around identity-relevant change.
What healthy operation looks like
- Users land in the right tenant and the right context without manual cleanup.
- Group and role design matches real operating teams rather than one-off exceptions.
- Administrative ownership is clear enough that support, security, and platform teams are not competing for control.
- Access policy can be explained clearly to leadership, security, and operations.
What to pressure-test during evaluation
- Whether group design will support later approvals and lifecycle policy.
- Whether role boundaries are clear enough for Meridian evidence, Keystone business access, and RMM operational privileges.
- Whether tenant administration paths are explicit before more products are introduced.
- Whether the identity model will still make sense after acquisitions, partner access, or new internal teams are introduced.
Signs the model will create future friction
- Groups exist only as ad hoc exceptions rather than as durable operating constructs.
- Sensitive administrative power is spread across too many people or hidden behind informal workarounds.
- The identity record cannot answer simple questions about who belongs where and why.