C3 AI Documentation Home

Overview of the C3 Agentic AI Platform Security Guide

The C3 AI Security Guide provides an overview of security capabilities in the C3 Agentic AI Platform and implementation guidance for user management, configuration, authentication and authorization, including roles, permissions, and managing access.

Security within the C3 Agentic AI Platform uses the role-based access control (RBAC) authorization model to restrict access to resources. A major purpose of RBAC is to facilitate security administration and review. It can reduce cybersecurity risk, protect sensitive data, and ensure that users of the platform can only access information and perform actions they need access to, commonly known as the principle of least privilege.

The C3 Agentic AI Platform utilizes several standards like OpenID Connect (OIDC), Security Assertion Markup Language (SAML), and OAuth 2.0 to facilitate authentication and authorization. You need to understand these protocols well, especially how they work together in the context of the C3 Agentic AI Platform. Understanding OIDC, SAML, and OAuth 2.0 is vital because these protocols underpin the security and user experience of the applications and services you build. Understanding them will enable you to decide which protocol is the most suitable for your specific needs. If you are developing an application that needs to integrate with other services (such as Google or Microsoft, or enterprise systems), you will often need to use these protocols for secure integration.

Understanding these protocols can help you follow best security practices when designing and implementing your applications.

To get started, you should already have the following:

Key Features

The following topics guide you in creating secure applications on the C3 Agentic AI Platform.

User Management

Role-Based Access Control (RBAC) systems are pivotal in managing access rights within various digital platforms. A crucial aspect of these systems is the interaction between roles, users, and groups. In the RBAC paradigm, a user can be associated with multiple roles, while each role is uniquely mapped to a single group. This structure creates a complex yet efficient system of access control that is both flexible and secure. This section explores this relationship, providing examples and highlighting benefits.

Authentication

Authentication is the process of verifying and validating that the identity of a user or entity accessing a computing system is who they claim to be. Authentication does not determine what tasks a user can do or what resources the user can access.

The C3 Agentic AI Platform supports two authentication mechanisms: Single sign-on (SSO) using SAML 2.0 and SSO using OIDC.

Authorization

Authorization means granting or denying access to specific resources based on the requesting user's identity.

  • The C3 Agentic AI Platform implements the OAuth 2.0 protocol for authorization of a protected resource such as an application or dataset. Refer to the topic on OAuth 2.0 to learn more about OAuth 2.0 and the C3 Agentic AI Platform.

  • Security roles and permissions delineate what actions each user or user role can perform within an application. Refer to the topic on Roles and permissions to learn more about the C3 Agentic AI Platform roles.

  • Refer to the topic on Managing access to learn about how access control is applied to an authenticated user in an application or environment. By maintaining stringent control, you can ensure data privacy and guard against security breaches.

Managing Access

Access control means defining rules to grant different kinds of users different permissions. This determines which actions different users can take.

The specific way you create these rules, including what they’re based on, is what’s known as an access control system. Role-based access control is probably the most common system, but as we’ll see later, there are a few different options.

Was this page helpful?